Technical overviews

About WireGuard and 2FA/MFA login

Learn how Tailscale builds on WireGuard to offer multi-factor authentication (MFA) and other capabilities.

How Tailscale assigns IP addresses

Learn how Tailscale assigns stable IP addresses based on the device and authorization credentials.

Smaller binaries for embedded devices

Learn how to build an extra-small Tailscale binary for deployment in disk space constrained environments.

Kernel vs. netstack subnet routing & exit nodes

Learn about the kernel and userspace modes and how they are used by subnet routers and exit nodes.

Userspace networking mode (for containers)

Find out about userspace networking mode and when it is useful.

Machine certificates

Learn how Tailscale uses machine certificates as the mechanism for which machines can join a domain.

Protect your SSH servers using Tailscale

Learn how Tailscale works well with SSH clients and SSH servers, improving security and offering a better user experience.

Tailnet lock white paper

Learn details about tailnet lock.

DERP Servers

Learn how DERP relay servers link your nodes peer-to-peer as a side channel during NAT traversal, and as a fallback if NAT traversal fails.

"Zero Trust Networking" definition

Find out what Zero Trust Networking means.

IPv4 vs. IPv6 FAQ

Answers to common questions around IPv6.

Last updated