Technical overviews

About WireGuard

Learn how Tailscale builds on WireGuard to offer single sign-on (SSO) and other capabilities.

How Tailscale assigns IP addresses

Learn how Tailscale assigns stable IP addresses based on the device and authorization credentials.

Smaller binaries for embedded devices

Learn how to build an extra-small Tailscale binary for deployment in disk space constrained environments.

Kernel vs. netstack subnet routing & exit nodes

Learn about the kernel and userspace modes and how they are used by subnet routers and exit nodes.

Userspace networking mode (for containers)

Find out about userspace networking mode and when it is useful.

Node keys

Learn how Tailscale uses node keys as the mechanism for which machines can join a domain.

Protect your SSH servers using Tailscale

Learn how Tailscale works well with SSH clients and SSH servers, improving security and offering a better user experience.

Tailnet lock white paper

Learn details about tailnet lock.

DERP Servers

Learn how DERP relay servers link your nodes peer-to-peer as a side channel during NAT traversal, and as a fallback if NAT traversal fails.

"Zero Trust Networking" definition

Find out what Zero Trust Networking means.

IPv4 vs. IPv6 FAQ

Answers to common questions around IPv6.