rel:: [[Networking]] # tailscale Zero config [[VPN]]. Installs on any device in minutes, manages firewall rules for you, and works from anywhere. Built on [wireguard](https://www.wireguard.com/) ## Experimental Features - [tailscale ssh](https://tailscale.com/kb/1193/tailscale-ssh/) - [tsnet](https://readwise.io/reader/shared/01gh1z5kk41zv95y2fdn3mzmz5), IP-per-process in userspace - [tailnet lock](https://tailscale.com/kb/1230/tailnet-lock-whitepaper/) - trusted nodes sign public keys before distribution so the tailscale coordination server doesn't need to be trusted ## Experience Reports - [Improving Tailscale throughput using TSO/GRO](x-devonthink-item://A2D3CEF4-BBCA-4B55-8F50-1450E15096CA) - userspace driver segments TCP packets on send/receive into larger chunks, specified by [set_offload](https://github.com/torvalds/linux/blob/f443e374ae131c168a065ea1748feac6b2e76613/drivers/net/tun.c#L2803), reducing overhead of `sendmsg`/`write`/`read` (sender) and `write`/`recvmsg`/`sendmsg` (receiver) syscall - TSO - TCP Segmentation Offload - GRO - Generic Receive Offload ## Setup ### Releases https://pkgs.tailscale.com/stable/ ### Subnets https://tailscale.com/kb/1019/subnets/ ### [[UniFi Dream Machine Pro|UDM Pro]] https://github.com/SierraSoftworks/tailscale-udm add to `/mnt/data/tailscale/tailscale-env` ```bash TAILSCALE_FLAGS="--advertise-routes=192.168.0.0/20" ```