Technical overviews

About WireGuard and 2FA/MFA login

WireGuard® is a modern and fast encrypted networking protocol that offers a number of performance benefits over traditional VPNs and TLS. Among …

How Tailscale assigns IP addresses

Tailscale makes it easy to connect to your network by providing you with a stable IP address for each node (a device or a server). These …

Smaller binaries for embedded devices

Learn how to build an extra-small Tailscale binary for deployment in disk space constrained environments.

Kernel vs. netstack subnet routing & exit nodes

Tailscale can act as a subnet router or exit node in one of two different modes: kernel mode (root on Linux) userspace mode (all non-Linux …

Userspace networking mode (for containers)

Userspace Networking mode allows running Tailscale where you don’t have access to create a VPN tunnel device. This often happens in …

Logging, auditing, and streaming

Each Tailscale agent in your distributed network streams its logs to a central log server (at log.tailscale.io). This includes real-time events …

Machine certificates

The mechanism by which nodes can join a domain is enforced by machine certificates. When a new device tries to join the Tailscale network, we …

Protect your SSH servers using Tailscale

What is Secure Shell (SSH)? The secure shell protocol, or SSH, has been around now for over 25 years. It was designed to securely connect to a …

"Zero Trust Networking" definition

Zero Trust Networking (ZTN) is an architecture descended from Google’s BeyondCorp design. Although many products now advertise “zero …

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2022 Tailscale Inc.

Privacy & Terms