Technical overviews

About WireGuard and 2FA/MFA login

WireGuard® is a modern and fast encrypted networking protocol that offers a number of performance benefits over traditional VPNs and TLS. Among …

How Tailscale assigns IP addresses

Tailscale makes it easy to connect to your network by providing you with a stable IP address for each node (a device or a server). These …

Smaller binaries for embedded devices

Learn how to build an extra-small Tailscale binary for deployment in disk space constrained environments.

Kernel vs. netstack subnet routing & exit nodes

Tailscale can act as a subnet router or exit node in one of two different modes: kernel mode (root on Linux) userspace mode (all non-Linux …

Userspace networking mode (for containers)

Userspace Networking mode allows running Tailscale where you don’t have access to create a VPN tunnel device. This often happens in …

Machine certificates

The mechanism by which nodes can join a domain is enforced by machine certificates. When a new device tries to join the Tailscale network, we …

Protect your SSH servers using Tailscale

What is Secure Shell (SSH)? The secure shell protocol, or SSH, has been around now for over 25 years. It was designed to securely connect to a …

Tailnet lock white paper

This white paper on tailnet lock is a draft. It is shared to solicit feedback on the design and implementation of tailnet lock. Abstract …

DERP Servers

Learn how DERP relay servers link your nodes peer-to-peer as a side channel during NAT traversal, and as a fallback if NAT traversal fails.

"Zero Trust Networking" definition

Zero Trust Networking (ZTN) is an architecture descended from Google’s BeyondCorp design. Although many products now advertise “zero …

Last updated