はてなブックマーク

WireGuard is a registered trademark of Jason A. Donenfeld. We’re thrilled to announce that Tailscale SSH is now Generally Available. Tailscale SSH allows Tailscale to manage the authentication and authorization of SSH connections on your tailnet. From the user’s perspective, you use SSH as normal—authenticating with Tailscale according to configurable rules—and we handle SSO, MFA, and key rotation

Tailscale Funnel is currently in beta. To try it, follow the steps below to enable it for your network using Tailscale v1.38.3 or later. Tailscale Funnel lets you route traffic from the broader internet to a local service running on a device in your Tailscale network (known as a tailnet). You can use it to share a local service, like a web app, for anyone to access—even if they don’t use Tailscale

WireGuard is a registered trademark of Jason A. Donenfeld. Hi, we’re back to talk about performance. You might remember us from our previous work (post #1 & post #2), which increased TCP throughput over wireguard-go, the userspace WireGuard® implementation that Tailscale uses. We’re releasing a set of changes that builds on this foundation, significantly improving UDP throughput on Linux. As with

WireGuard is a registered trademark of Jason A. Donenfeld. Tailscale has never supported password-based authentication. As security-conscious software that connects your private devices across the internet, we had to face a harsh reality: the password is outdated technology that requires kludges to use safely. Passwords must be complex enough that a human cannot remember them and they must not be

WireGuard is a registered trademark of Jason A. Donenfeld. Today we’re announcing the third generation of Tailscale plans and pricing. Most noticeably: The Free plan is expanding from one to three users. Monthly paid plans now include three free users, and bill you only for additional users who actively exchange data over Tailscale (“usage-based billing”) rather than for a fixed number of seats. A

WireGuard is a registered trademark of Jason A. Donenfeld. Tailscale Funnel, a tool that lets you share a web server on your private tailnet with the public internet, is now available as a beta feature for all users. With Funnel enabled, you can share access to a local development server, test a webhook, or even host a blog. We got nerdsniped into simulating our logo going through a funnel. Funnel

Contributed by @voluntas. Shiguredo Inc. develops and provides a software package called WebRTC SFU Sora (Sora) and its cloud service. WebRTC (Real-Time Communication) is a technology for exchanging voice, video, and data in real time over P2P. Sora is a WebRTC SFU (Selective Forwarding Unit), which is different from P2P communication in that it delivers audio and video data “via server.” With Sor

We made significant improvements to the throughput of wireguard-go, which is the userspace WireGuard® implementation that Tailscale uses. What this means for you: improved performance of the Tailscale client on Linux. We intend to upstream these changes to WireGuard as well. You can experience these improvements in the current unstable Tailscale client release, and also in Tailscale v1.36, availab

WireGuard is a registered trademark of Jason A. Donenfeld. Tailscale lets you put all your devices on their own private tailnet so they can reach each other, ACLs permitting. Usually that’s nice and comforting, knowing that all your devices can then be isolated from the internet, without any ports needing to be open to the world. Sometimes, though, you need something from the big, scary, non-Tails

Plan HighlightsLimited to 3 users 100 devices Access nearly all of Tailscale’s features Use Tailscale for free, indefinitely Add-on devices for $0.50 each per month

Based in Japan, Mercari is an online marketplace for preloved items, connecting buyers and sellers across the U.S. and Japan. With more than 20 million active monthly users, their mobile app allows users to sell and purchase everything from clothing, jewelry, and electronics to office and pet supplies. As a remote company with offices in the U.S. and Japan, Mercari leverages Google Cloud Platform

WireGuard is a registered trademark of Jason A. Donenfeld. Today, we’re launching a web-based SSH client: Tailscale SSH Console. From the Tailscale admin console, admins will now see a little “SSH…” button to connect to devices running Tailscale SSH. Click this, and you’ll pop open an SSH client, right in your browser. Tailscale SSH Console is now available in beta. To start a Tailscale SSH Consol

WireGuard is a registered trademark of Jason A. Donenfeld. Tailscale automatically assigns IP addresses for every unique device in your network, giving each device an IP address no matter where it is located. We further improved on this with MagicDNS, which automatically registers a human-readable, easy-to-remember DNS name for each device —  so you don’t need to use an IP address to access your d

WireGuard is a registered trademark of Jason A. Donenfeld. Ever wanted to run your own DNS resolver but you don’t actually want to run your own DNS resolver because running DNS is fraught with pain? Tailscale now supports NextDNS! NextDNS lets you choose exactly how you want to run a DNS resolver — but they run it for you, all over the world. (It’s a bit more robust and lower latency from other ci

Use your existing identity provider and multi-factor authentication to protect SSH connections. Protect SSH connections the same way you authorize and protect application access. Rotate keys with a single command. Tailscale does the key distribution. Each server and user device gets its own node key, used for authenticating and encrypting the Tailscale connection. Follow key management best practi

WireGuard is a registered trademark of Jason A. Donenfeld. Today we’re delighted to introduce Tailscale SSH, to more easily manage SSH connections in your tailnet. Tailscale SSH allows you to establish SSH connections between devices in your Tailscale network, as authorized by your access controls, without managing SSH keys, and authenticates your SSH connection using WireGuard®. Many organization

WireGuard is a registered trademark of Jason A. Donenfeld. You can use Tailscale to securely connect to the resources you need for development, including internal tools and databases, no matter where you are or where your development environment lives. Today, as part of DockerCon, we’re excited to launch our Tailscale Docker Desktop extension. The Tailscale extension for Docker Desktop makes it ea

Previously on the Tailscale blog, I walked through how authentication works with Tailscale for Grafana and even for Minecraft. Today we’re going to take that basic concept and show how to extend it to services that you have proxied behind NGINX. The Grafana/Minecraft authentication proxy trick works because we set up a whole new node on your tailnet to proxy traffic directly to Grafana or Minecraf

WireGuard is a registered trademark of Jason A. Donenfeld. Hi, it’s us again, the ones who used to store our database in a single JSON file on disk, and then moved to etcd. Time for another change! We’re going to put everything in a single file on disk again. As you might expect from our previous choice (and as many on the internet already predicted), we ran into some limits with etcd. Database si

WireGuard is a registered trademark of Jason A. Donenfeld. TL;DR: Tailscale’s free plan is free because we keep our scaling costs low relative to typical SaaS companies. We care about privacy, so unlike some other freemium models, you and your data are not the product. Rather, increased word-of-mouth from free plans sells the more valuable corporate plans. I know, it sounds too good to be true. Le

WireGuard is a registered trademark of Jason A. Donenfeld. Tailscale on iOS runs as a special kind of app, a Network Extension. This lets us run in the background, so we can secure traffic from all of your applications, without them having to change anything. But with this power comes a memory straightjacket. Normal iOS apps can use 5GB or so of memory before iOS kills them. We get 15MB. With an “

WireGuard is a registered trademark of Jason A. Donenfeld. Recently, I’ve started blogging, and to serve the raw Markdown into delicious HTML and CSS, I wrote a basic web server in Go that compiles Markdown and then injects it into a template and serves it over HTTP. The biggest annoyance in this server is deployment; every change I make needs to be pulled on the server-side, potentially recompile