Aperture beta is now available. Start building with AI safely in minutes.READ MORE ->

Technical overviews

Last validated:

This section contains in-depth topics about networking and security in a Tailscale network (known as a tailnet).

Networking and device connectivity

Tailscale modernizes your network through underlying technology to securely connect users, services, and devices.


VPN from the couch to the office and HQ

Tailscale's encryption, low latency, easy configuration, and robust access controls like SSO and MFA make it an ideal modern office VPN solution for remote and distributed workforces.

Corporate VPN, explained

Secure your corporate VPN with direct device-to-device encryption, seamless identity provider integration, and flexible access controls.

Deprecate complex physical network (wired and Wi-Fi) security schemes

Use Tailscale to move off of complex physical networks.

Transparently interconnect microservices between data centers and pods

Use Tailscale to transparently interconnect microservices between data centers and pods.

Deploy internal apps anywhere, without changing firewall settings

Deploying servers without modifying firewall settings using Tailscale.

Connect to your corporate laptop no matter where you left it

Connect to your corporate laptop no matter where it is.

Connect to colleagues' local servers from anywhere

Discover how Tailscale helps you to securely connect to colleagues and servers.

How Tailscale assigns IP addresses

Understand how Tailscale assigns stable IP addresses based on the device and authorization credentials.

Device connectivity

Understand connectivity between Tailscale devices.

DERP servers

Tailscale uses Designated Encrypted Relay for Packets (DERP) servers for secure, low-latency connections in your tailnet. Customization options let you optimize device communication and NAT traversal.

IPv4 vs. IPv6 FAQ

Answers to common questions around IPv6.

Add multifactor authentication to any legacy service

Explore how Tailscale integrates with SSO providers for authentication, including for 2FA/MFA.

Replace site-to-site VPNs with Tailscale and WireGuard

Use Tailscale for site-to-site VPN to forward network traffic between local networks.

WireGuard VPN with a dynamic IP address

How WireGuard VPN works with dynamic IP addresses.

Security, authentication, and encryption

Tailscale enforces secure authorization and encryption for tailnet traffic based on identity.


Protect your SSH servers using Tailscale

Understand how Tailscale works well with SSH clients and SSH servers, improving security and offering a better user experience.

Node keys

How Tailscale uses node keys as the mechanism for which machines can join a tailnet.

Tailscale encryption

Review how Tailscale uses encryption.

Tailscale identity

Understand how identity is established and used in Tailscale.