Top Related Projects
Cloudflare Tunnel client (formerly Argo Tunnel)
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
A scalable overlay networking tool with a focus on performance, simplicity and security
Mirror only. Official repository is at https://git.zx2c4.com/wireguard-go
OpenVPN is an open source VPN daemon
Enterprise VPN server
Quick Overview
Tailscale is a secure network connectivity tool that creates a mesh VPN using the WireGuard protocol. It simplifies the process of setting up and managing private networks, allowing devices to communicate securely across different locations and networks.
Pros
- Easy setup and configuration, with minimal networking knowledge required
- Seamless integration across multiple platforms (Windows, macOS, Linux, iOS, Android)
- Built-in security features, including end-to-end encryption and access controls
- Automatic NAT traversal, eliminating the need for port forwarding
Cons
- Requires a Tailscale account and relies on their coordination server
- Free tier has limitations on the number of devices and users
- May not be suitable for high-throughput applications or large enterprise networks
- Potential privacy concerns due to reliance on a third-party service
Getting Started
To get started with Tailscale:
-
Sign up for a Tailscale account at https://tailscale.com/
-
Install Tailscale on your devices:
# For Ubuntu/Debian curl -fsSL https://tailscale.com/install.sh | sh # For macOS (using Homebrew) brew install tailscale # For Windows (using PowerShell) winget install tailscale
-
Authenticate your devices:
sudo tailscale up
-
Follow the provided URL to log in and authorize the device.
-
Repeat the process on other devices you want to connect to your Tailscale network.
Once set up, devices on your Tailscale network can communicate securely using their Tailscale IP addresses. You can manage your network, add users, and configure access controls through the Tailscale admin console.
Competitor Comparisons
Cloudflare Tunnel client (formerly Argo Tunnel)
Pros of Cloudflared
- Integrated with Cloudflare's global network, providing better performance and DDoS protection
- Supports a wider range of protocols, including TCP, UDP, and HTTP/HTTPS
- Offers zero-trust access control with Cloudflare Access integration
Cons of Cloudflared
- Requires a Cloudflare account and domain
- Less focus on mesh networking capabilities
- More complex setup process for some use cases
Code Comparison
Tailscale configuration example:
tsnet.Server{
Hostname: "myserver",
AuthKey: "tskey-auth-key123",
Ephemeral: true,
}
Cloudflared configuration example:
tunnel: my-tunnel
credentials-file: /path/to/credentials.json
ingress:
- hostname: example.com
service: http://localhost:8000
Both projects aim to provide secure access to resources, but they take different approaches. Tailscale focuses on creating a secure, private network overlay, while Cloudflared is designed to work with Cloudflare's infrastructure to provide secure access to web applications and services. The choice between them depends on specific use cases and infrastructure requirements.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Pros of Netmaker
- Open-source and self-hosted, offering full control over infrastructure
- Supports a wider range of protocols, including WireGuard, OpenVPN, and IPsec
- More flexible networking options, including mesh and hub-and-spoke topologies
Cons of Netmaker
- Requires more technical expertise to set up and maintain
- Less user-friendly interface compared to Tailscale's polished UI
- Smaller community and ecosystem, potentially leading to fewer resources and integrations
Code Comparison
Netmaker (Go):
func (network *Network) CreatePeers() error {
for i := range network.Nodes {
for j := range network.Nodes {
if i != j {
network.Nodes[i].Peers = append(network.Nodes[i].Peers, network.Nodes[j])
}
}
}
return nil
}
Tailscale (Go):
func (c *Conn) SetNetworkMap(nm *NetworkMap) {
c.mu.Lock()
defer c.mu.Unlock()
c.netMap = nm
if nm != nil {
c.everHadNetMap = true
}
}
Both projects use Go for their core functionality, but Netmaker's code focuses on creating peer connections in a mesh network, while Tailscale's code manages network map updates for its centralized control plane approach.
A scalable overlay networking tool with a focus on performance, simplicity and security
Pros of Nebula
- Fully open-source and self-hosted, offering complete control over the network infrastructure
- Supports more flexible network topologies, including mesh networking
- Provides advanced security features like certificate-based authentication
Cons of Nebula
- Requires more technical expertise to set up and manage
- Less user-friendly for non-technical users
- Limited official support and documentation compared to Tailscale
Code Comparison
Nebula configuration example:
pki:
ca: /etc/nebula/ca.crt
cert: /etc/nebula/host.crt
key: /etc/nebula/host.key
static_host_map:
"10.0.0.1": ["203.0.113.1:4242"]
lighthouse:
am_lighthouse: false
interval: 60
Tailscale configuration example:
tailscale up --hostname=mydevice --authkey=tskey-auth-abcdefghijklm-123
Nebula requires more detailed configuration, while Tailscale offers a simpler setup process. Nebula's configuration allows for more granular control over network settings, but Tailscale's approach is more user-friendly and requires less manual configuration.
Mirror only. Official repository is at https://git.zx2c4.com/wireguard-go
Pros of wireguard-go
- Lightweight and focused solely on VPN functionality
- Simpler setup for basic point-to-point connections
- More suitable for embedded systems or resource-constrained environments
Cons of wireguard-go
- Lacks built-in NAT traversal and coordination features
- Requires manual configuration and key management
- Limited support for complex network topologies out of the box
Code Comparison
wireguard-go:
device := NewDevice(tun, conn, logger)
device.IpcSet(`private_key=...
public_key=...
endpoint=...
allowed_ip=...`)
device.Up()
Tailscale:
c := &tailscale.Config{
AuthKey: "tskey-...",
Hostname: "example-host",
}
ts, err := tailscale.NewClient(c)
if err != nil {
log.Fatal(err)
}
The wireguard-go code focuses on low-level device configuration, while Tailscale abstracts much of the complexity, providing a higher-level interface for network setup and management. Tailscale builds upon WireGuard's core technology, adding features like automatic key rotation, NAT traversal, and access controls, making it more suitable for larger, distributed networks.
OpenVPN is an open source VPN daemon
Pros of OpenVPN
- Mature and widely adopted open-source VPN solution
- Highly configurable and flexible for various network setups
- Supports a wide range of encryption protocols and authentication methods
Cons of OpenVPN
- Complex setup and configuration process
- Requires manual port forwarding and firewall configuration
- Can be challenging to maintain and troubleshoot for non-technical users
Code Comparison
OpenVPN configuration example:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
Tailscale configuration example:
# No explicit configuration required for basic setup
# Tailscale uses sensible defaults and auto-configuration
Tailscale offers a more streamlined setup process with minimal configuration required, while OpenVPN provides greater flexibility at the cost of increased complexity. Tailscale uses WireGuard as its underlying protocol, which is generally faster and more efficient than OpenVPN's older protocols. However, OpenVPN's long-standing presence in the market and extensive documentation make it a reliable choice for organizations with specific networking requirements.
Enterprise VPN server
Pros of Pritunl
- Open-source and self-hosted, offering more control over infrastructure
- Supports multiple VPN protocols (OpenVPN, WireGuard, IPSec)
- Provides a user-friendly web interface for management
Cons of Pritunl
- Requires more setup and maintenance compared to Tailscale
- Less seamless integration across different devices and platforms
- May have a steeper learning curve for non-technical users
Code Comparison
Pritunl (Python):
def start_threads():
thread = threading.Thread(target=journal_thread)
thread.daemon = True
thread.start()
Tailscale (Go):
func (e *userspaceEngine) Start(opts Options) error {
e.wgLock.Lock()
defer e.wgLock.Unlock()
e.closing = make(chan struct{})
return nil
}
Both projects use different programming languages, with Pritunl primarily using Python and Tailscale using Go. This affects performance characteristics and ecosystem compatibility. Tailscale's code tends to be more concise due to Go's nature, while Pritunl's Python code may be more readable for some developers. The code snippets show basic threading and locking mechanisms, highlighting the different approaches to concurrency in each project.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Tailscale
Private WireGuard® networks made easy
Overview
This repository contains the majority of Tailscale's open source code.
Notably, it includes the tailscaled
daemon and
the tailscale
CLI tool. The tailscaled
daemon runs on Linux, Windows,
macOS, and to varying degrees
on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's
code, but this repo doesn't contain the mobile GUI code.
Other Tailscale repos of note:
- the Android app is at https://github.com/tailscale/tailscale-android
- the Synology package is at https://github.com/tailscale/tailscale-synology
- the QNAP package is at https://github.com/tailscale/tailscale-qpkg
- the Chocolatey packaging is at https://github.com/tailscale/tailscale-chocolatey
For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.
Using
We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.
Other clients
The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.
Building
We always require the latest Go release, currently Go 1.23. (While we build releases with our Go fork, its use is not required.)
go install tailscale.com/cmd/tailscale{,d}
If you're packaging Tailscale for distribution, use build_dist.sh
instead, to burn commit IDs and version info into the binaries:
./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled
If your distro has conventions that preclude the use of
build_dist.sh
, please do the equivalent of what it does in your
distro's way, so that bug reports contain useful version information.
Bugs
Please file any issues about this code or the hosted service on the issue tracker.
Contributing
PRs welcome! But please file bugs. Commit messages should reference bugs.
We require Developer Certificate of
Origin
Signed-off-by
lines in commits.
See git log
for our commit message style. It's basically the same as
Go's style.
About Us
Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:
- https://github.com/tailscale/tailscale/graphs/contributors
- https://github.com/tailscale/tailscale-android/graphs/contributors
Legal
WireGuard is a registered trademark of Jason A. Donenfeld.
Top Related Projects
Cloudflare Tunnel client (formerly Argo Tunnel)
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
A scalable overlay networking tool with a focus on performance, simplicity and security
Mirror only. Official repository is at https://git.zx2c4.com/wireguard-go
OpenVPN is an open source VPN daemon
Enterprise VPN server
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot