Technical overviews
About WireGuard and 2FA/MFA login
Learn how Tailscale builds on WireGuard to offer multi-factor authentication (MFA) and other capabilities.
How Tailscale assigns IP addresses
Learn how Tailscale assigns stable IP addresses based on the device and authorization credentials.
Smaller binaries for embedded devices
Learn how to build an extra-small Tailscale binary for deployment in disk space constrained environments.
Kernel vs. netstack subnet routing & exit nodes
Learn about the kernel and userspace modes and how they are used by subnet routers and exit nodes.
Userspace networking mode (for containers)
Find out about userspace networking mode and when it is useful.
Machine certificates
Learn how Tailscale uses machine certificates as the mechanism for which machines can join a domain.
Protect your SSH servers using Tailscale
Learn how Tailscale works well with SSH clients and SSH servers, improving security and offering a better user experience.
Tailnet lock white paper
Learn details about tailnet lock.
DERP Servers
Learn how DERP relay servers link your nodes peer-to-peer as a side channel during NAT traversal, and as a fallback if NAT traversal fails.
"Zero Trust Networking" definition
Find out what Zero Trust Networking means.
IPv4 vs. IPv6 FAQ
Answers to common questions around IPv6.