Convert Figma logo to code with AI

tailscale logotailscale

The easiest, most secure way to use WireGuard and 2FA.

18,532
1,425
18,532
2,516

Top Related Projects

Cloudflare Tunnel client (formerly Argo Tunnel)

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

14,290

A scalable overlay networking tool with a focus on performance, simplicity and security

Mirror only. Official repository is at https://git.zx2c4.com/wireguard-go

10,618

OpenVPN is an open source VPN daemon

4,404

Enterprise VPN server

Quick Overview

Tailscale is a secure network connectivity tool that creates a mesh VPN using the WireGuard protocol. It simplifies the process of setting up and managing private networks, allowing devices to communicate securely across different locations and networks.

Pros

  • Easy setup and configuration, with minimal networking knowledge required
  • Seamless integration across multiple platforms (Windows, macOS, Linux, iOS, Android)
  • Built-in security features, including end-to-end encryption and access controls
  • Automatic NAT traversal, eliminating the need for port forwarding

Cons

  • Requires a Tailscale account and relies on their coordination server
  • Free tier has limitations on the number of devices and users
  • May not be suitable for high-throughput applications or large enterprise networks
  • Potential privacy concerns due to reliance on a third-party service

Getting Started

To get started with Tailscale:

  1. Sign up for a Tailscale account at https://tailscale.com/

  2. Install Tailscale on your devices:

    # For Ubuntu/Debian
    curl -fsSL https://tailscale.com/install.sh | sh
    
    # For macOS (using Homebrew)
    brew install tailscale
    
    # For Windows (using PowerShell)
    winget install tailscale
    
  3. Authenticate your devices:

    sudo tailscale up
    
  4. Follow the provided URL to log in and authorize the device.

  5. Repeat the process on other devices you want to connect to your Tailscale network.

Once set up, devices on your Tailscale network can communicate securely using their Tailscale IP addresses. You can manage your network, add users, and configure access controls through the Tailscale admin console.

Competitor Comparisons

Cloudflare Tunnel client (formerly Argo Tunnel)

Pros of Cloudflared

  • Integrated with Cloudflare's global network, providing better performance and DDoS protection
  • Supports a wider range of protocols, including TCP, UDP, and HTTP/HTTPS
  • Offers zero-trust access control with Cloudflare Access integration

Cons of Cloudflared

  • Requires a Cloudflare account and domain
  • Less focus on mesh networking capabilities
  • More complex setup process for some use cases

Code Comparison

Tailscale configuration example:

tsnet.Server{
    Hostname:  "myserver",
    AuthKey:   "tskey-auth-key123",
    Ephemeral: true,
}

Cloudflared configuration example:

tunnel: my-tunnel
credentials-file: /path/to/credentials.json
ingress:
  - hostname: example.com
    service: http://localhost:8000

Both projects aim to provide secure access to resources, but they take different approaches. Tailscale focuses on creating a secure, private network overlay, while Cloudflared is designed to work with Cloudflare's infrastructure to provide secure access to web applications and services. The choice between them depends on specific use cases and infrastructure requirements.

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

Pros of Netmaker

  • Open-source and self-hosted, offering full control over infrastructure
  • Supports a wider range of protocols, including WireGuard, OpenVPN, and IPsec
  • More flexible networking options, including mesh and hub-and-spoke topologies

Cons of Netmaker

  • Requires more technical expertise to set up and maintain
  • Less user-friendly interface compared to Tailscale's polished UI
  • Smaller community and ecosystem, potentially leading to fewer resources and integrations

Code Comparison

Netmaker (Go):

func (network *Network) CreatePeers() error {
    for i := range network.Nodes {
        for j := range network.Nodes {
            if i != j {
                network.Nodes[i].Peers = append(network.Nodes[i].Peers, network.Nodes[j])
            }
        }
    }
    return nil
}

Tailscale (Go):

func (c *Conn) SetNetworkMap(nm *NetworkMap) {
    c.mu.Lock()
    defer c.mu.Unlock()
    c.netMap = nm
    if nm != nil {
        c.everHadNetMap = true
    }
}

Both projects use Go for their core functionality, but Netmaker's code focuses on creating peer connections in a mesh network, while Tailscale's code manages network map updates for its centralized control plane approach.

14,290

A scalable overlay networking tool with a focus on performance, simplicity and security

Pros of Nebula

  • Fully open-source and self-hosted, offering complete control over the network infrastructure
  • Supports more flexible network topologies, including mesh networking
  • Provides advanced security features like certificate-based authentication

Cons of Nebula

  • Requires more technical expertise to set up and manage
  • Less user-friendly for non-technical users
  • Limited official support and documentation compared to Tailscale

Code Comparison

Nebula configuration example:

pki:
  ca: /etc/nebula/ca.crt
  cert: /etc/nebula/host.crt
  key: /etc/nebula/host.key
static_host_map:
  "10.0.0.1": ["203.0.113.1:4242"]
lighthouse:
  am_lighthouse: false
  interval: 60

Tailscale configuration example:

tailscale up --hostname=mydevice --authkey=tskey-auth-abcdefghijklm-123

Nebula requires more detailed configuration, while Tailscale offers a simpler setup process. Nebula's configuration allows for more granular control over network settings, but Tailscale's approach is more user-friendly and requires less manual configuration.

Mirror only. Official repository is at https://git.zx2c4.com/wireguard-go

Pros of wireguard-go

  • Lightweight and focused solely on VPN functionality
  • Simpler setup for basic point-to-point connections
  • More suitable for embedded systems or resource-constrained environments

Cons of wireguard-go

  • Lacks built-in NAT traversal and coordination features
  • Requires manual configuration and key management
  • Limited support for complex network topologies out of the box

Code Comparison

wireguard-go:

device := NewDevice(tun, conn, logger)
device.IpcSet(`private_key=...
public_key=...
endpoint=...
allowed_ip=...`)
device.Up()

Tailscale:

c := &tailscale.Config{
    AuthKey: "tskey-...",
    Hostname: "example-host",
}
ts, err := tailscale.NewClient(c)
if err != nil {
    log.Fatal(err)
}

The wireguard-go code focuses on low-level device configuration, while Tailscale abstracts much of the complexity, providing a higher-level interface for network setup and management. Tailscale builds upon WireGuard's core technology, adding features like automatic key rotation, NAT traversal, and access controls, making it more suitable for larger, distributed networks.

10,618

OpenVPN is an open source VPN daemon

Pros of OpenVPN

  • Mature and widely adopted open-source VPN solution
  • Highly configurable and flexible for various network setups
  • Supports a wide range of encryption protocols and authentication methods

Cons of OpenVPN

  • Complex setup and configuration process
  • Requires manual port forwarding and firewall configuration
  • Can be challenging to maintain and troubleshoot for non-technical users

Code Comparison

OpenVPN configuration example:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

Tailscale configuration example:

# No explicit configuration required for basic setup
# Tailscale uses sensible defaults and auto-configuration

Tailscale offers a more streamlined setup process with minimal configuration required, while OpenVPN provides greater flexibility at the cost of increased complexity. Tailscale uses WireGuard as its underlying protocol, which is generally faster and more efficient than OpenVPN's older protocols. However, OpenVPN's long-standing presence in the market and extensive documentation make it a reliable choice for organizations with specific networking requirements.

4,404

Enterprise VPN server

Pros of Pritunl

  • Open-source and self-hosted, offering more control over infrastructure
  • Supports multiple VPN protocols (OpenVPN, WireGuard, IPSec)
  • Provides a user-friendly web interface for management

Cons of Pritunl

  • Requires more setup and maintenance compared to Tailscale
  • Less seamless integration across different devices and platforms
  • May have a steeper learning curve for non-technical users

Code Comparison

Pritunl (Python):

def start_threads():
    thread = threading.Thread(target=journal_thread)
    thread.daemon = True
    thread.start()

Tailscale (Go):

func (e *userspaceEngine) Start(opts Options) error {
    e.wgLock.Lock()
    defer e.wgLock.Unlock()
    e.closing = make(chan struct{})
    return nil
}

Both projects use different programming languages, with Pritunl primarily using Python and Tailscale using Go. This affects performance characteristics and ecosystem compatibility. Tailscale's code tends to be more concise due to Go's nature, while Pritunl's Python code may be more readable for some developers. The code snippets show basic threading and locking mechanisms, highlighting the different approaches to concurrency in each project.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains the majority of Tailscale's open source code. Notably, it includes the tailscaled daemon and the tailscale CLI tool. The tailscaled daemon runs on Linux, Windows, macOS, and to varying degrees on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.

Other Tailscale repos of note:

For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.

Using

We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.

Building

We always require the latest Go release, currently Go 1.23. (While we build releases with our Go fork, its use is not required.)

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

See git log for our commit message style. It's basically the same as Go's style.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

Legal

WireGuard is a registered trademark of Jason A. Donenfeld.