You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

James Tucker 86985228bc cmd/natc: add a flag to use specific DNS servers If natc is running on a host with tailscale using `--accept-dns=true` then a DNS loop can occur. Provide a flag for some specific DNS upstreams for natc to use instead, to overcome such situations. Updates #14667 Signed-off-by: James Tucker <james@tailscale.com>		6 months ago
.bencher	bencher: add config to suppress failures on benchmark regressions.	4 years ago
.github	.github/workflows: do a go mod download & cache it before all jobs	6 months ago
appc	appc: fix a deadlock in route advertisements (#15031 )	10 months ago
atomicfile	atomicfile: use ReplaceFile on Windows so that attributes and ACLs are preserved	11 months ago
chirp	all: update copyright and license headers	3 years ago
client	client/local: use an iterator to stream bus events (#16269 )	6 months ago
clientupdate	clientupdate: fix MSI exit code handling, preserve MSI and updater logs on Windows	8 months ago
cmd	cmd/natc: add a flag to use specific DNS servers	6 months ago
control	health: prefix Warnables received from the control plane	6 months ago
derp	net/netcheck: preserve live home DERP through packet loss	6 months ago
disco	net/udprelay{/endpoint}, all: move ServerEndpoint to independent pkg (#15934 )	7 months ago
docs	docs/commit-messages.md: explain #cleanup commits (#15933 )	7 months ago
doctor	all: remove non-applicable "linux" deps on Android	7 months ago
drive	drive: fix index out of bounds when parsing request local paths (#15517 )	8 months ago
envknob	ssh/tailssh: add Plan 9 support for Tailscale SSH	8 months ago
feature	feature/relayserver,net/{netcheck,udprelay}: implement addr discovery (#16253 )	6 months ago
gokrazy	gokrazy/natlab: update gokrazy, wire up natlab tests to GitHub CI	9 months ago
health	cmd/tailscale/cli: add a risk message about rp_filter	6 months ago
hostinfo	hostinfo, ipnlocal: add optional os-specific callback for querying the hostname (#15647 )	8 months ago
internal	cmd/k8s-operator,internal/client/tailscale: use VIPService annotations for ownership tracking (#15356 )	9 months ago
ipn	ipn/ipnlocal,wgengine/magicsock: use eventbus for node & filter updates (#16271 )	6 months ago
jsondb	all: update copyright and license headers	3 years ago
k8s-operator	cmd/k8s-operator,kube/kubetypes,k8s-operator/apis: reconcile L3 HA Services (#15961 )	7 months ago
kube	cmd/k8s-operator,kube/kubetypes,k8s-operator/apis: reconcile L3 HA Services (#15961 )	7 months ago
licenses	licenses: update license notices	8 months ago
log	log/sockstatlog: don't block for more than 5s on shutdown	1 year ago
logpolicy	logpolicy: fix log target override with a custom HTTP client	8 months ago
logtail	logtail: remove unneeded IP redaction code	7 months ago
maths	maths: add exponentially weighted moving average type	9 months ago
metrics	metrics,syncs: add ShardedInt support to metrics.LabelMap	11 months ago
net	net/packet: cleanup IPv4 fragment guards	6 months ago
omit	cmd/tailscaled, ipn/conffile: support ec2 user-data config file	2 years ago
packages/deb	go.mod: upgrade nfpm to v2 (#8786 )	2 years ago
paths	all: illumos/solaris userspace only support	11 months ago
portlist	portlist: add Plan 9 support	8 months ago
posture	posture: propagate serial number from MDM on Android	6 months ago
prober	prober: record DERP dropped packets as they occur	6 months ago
proxymap	ipnlocal,proxymap,wgengine/netstack: add optional WhoIs/proxymap debug	1 year ago
release	cmd/dist,release/dist: sign QNAP builds with a Google Cloud hosted key	8 months ago
safesocket	all: remove non-applicable "linux" deps on Android	7 months ago
safeweb	safeweb: Set Cross-Origin-Opener-Policy for browser requests (#15936 )	7 months ago
scripts	scripts/installer.sh: add Miracle Linux as a RHEL derivative (#15671 )	8 months ago
sessionrecording	net/{netx,memnet},all: add netx.DialFunc, move memnet Network impl	8 months ago
smallzstd	all: use Go 1.22 range-over-int	2 years ago
ssh/tailssh	ssh/tailssh: display more useful error messages when authentication fails	6 months ago
syncs	syncs: fix AtomicValue.CompareAndSwap (#16137 )	6 months ago
tailcfg	controlclient,health,ipnlocal,tailcfg: add DisplayMessage support	6 months ago
tempfork	tempfork/acme: update to latest version (#15543 )	8 months ago
tka	tka: reject removal of the last signing key	6 months ago
tool	tool/gocross: break circular dependency on tailcfg (#15829 )	7 months ago
tsconsensus	tsconsensus: protect from data race	6 months ago
tsconst	cmd/tailscale/cli: support passing network lock keys via files	1 year ago
tsd	all: update the tsd.System constructor name (#15372 )	8 months ago
tsnet	cmd/tailscale/cli: add a risk message about rp_filter	6 months ago
tstest	feature/taildrop, ipn/ipnlocal: remove leftover dup calls to osshare	7 months ago
tstime	tstime: add GoDuration which JSON serializes with time.Duration.String (#15726 )	8 months ago
tsweb	tsweb/varz: add binary name to version metric	6 months ago
types	types/netmap,wgengine/magicsock: propagate CapVer to magicsock.endpoint (#16244 )	6 months ago
util	util/must: add Get2 for functions that return two values	6 months ago
version	safesocket, version: fix safesocket_darwin behavior for cmd/tailscale (#15275 )	9 months ago
wf	wf/firewall: allow link-local multicast for permitted local routes when the killswitch is on on Windows	1 year ago
wgengine	ipn/ipnlocal,wgengine/magicsock: use eventbus for node & filter updates (#16271 )	6 months ago
words	words: C what I did there?	8 months ago
.gitattributes	.: add .gitattributes entry to use Go hunk-header driver	4 years ago
.gitignore	tstest/tailmac: add customized macOS virtualization tooling (#13146 )	1 year ago
.golangci.yml	.github: Bump golangci/golangci-lint-action from 6.5.0 to 7.0.0 (#15476 )	8 months ago
ALPINE.txt	Bump Alpine, link iptables back to legacy (#15428 )	8 months ago
AUTHORS	Move Linux client & common packages into a public repo.	6 years ago
CODEOWNERS	CODEOWNERS: add the start of an owners file	2 years ago
CODE_OF_CONDUCT.md	Add a code of conduct.	6 years ago
Dockerfile	Bump Alpine, link iptables back to legacy (#15428 )	8 months ago
Dockerfile.base	Bump Alpine, link iptables back to legacy (#15428 )	8 months ago
LICENSE	all: update tools that manage copyright headers	3 years ago
Makefile	cmd/tsidp: add Docker image building support (#16078 )	6 months ago
PATENTS	Move Linux client & common packages into a public repo.	6 years ago
README.md	commit-messages.md: make our git commit message style guide public	8 months ago
SECURITY.md	Add a SECURITY.md for vulnerability reports.	6 years ago
VERSION.txt	VERSION.txt: this is v1.85.0 (#16042 )	7 months ago
api.md	{api.md,publicapi}: remove old API docs (#13468 )	1 year ago
assert_ts_toolchain_match.go	tailscaleroot: panic if tailscale_go build tag but Go toolchain mismatch	1 year ago
build_dist.sh	hostinfo,tailcfg: report TPM availability on windows/linux (#15831 )	7 months ago
build_docker.sh	cmd/tsidp: add Docker image building support (#16078 )	6 months ago
flake.lock	nix: update nix and use go 1.24 (#15578 )	8 months ago
flake.nix	nix: update nix and use go 1.24 (#15578 )	8 months ago
go.mod	.github/workflows: do a go mod download & cache it before all jobs	6 months ago
go.mod.sri	nix: update nix and use go 1.24 (#15578 )	8 months ago
go.sum	go.mod: bump github.com/cloudflare/circl (#16264 )	6 months ago
go.toolchain.branch	go.toolchain.branch: update to Go 1.24 (#15016 )	10 months ago
go.toolchain.rev	go.toolchain.rev: bump to go 1.24.4 (#16230 )	6 months ago
gomod_test.go	go.mod: add test that replace directives aren't added in oss	2 years ago
header.txt	cmd/k8s-operator: operator can create subnetrouter (#9505 )	2 years ago
pkgdoc_test.go	all: skip looking for package comments in .git/ repository (#15384 )	9 months ago
pull-toolchain.sh	pull-toolchain.sh: don't run update-flake.sh	3 years ago
shell.nix	nix: update nix and use go 1.24 (#15578 )	8 months ago
staticcheck.conf	all: cleanup unused code, part 2 (#10670 )	2 years ago
update-flake.sh	Code Improvements (#11311 )	2 years ago
version-embed.go	Fix various linting, vet & static check issues	11 months ago
version_tailscale_test.go	tailscaleroot: panic if tailscale_go build tag but Go toolchain mismatch	1 year ago
version_test.go	go.mod,wgengine/netstack: bump gvisor	2 years ago

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains the majority of Tailscale's open source code. Notably, it includes the tailscaled daemon and the tailscale CLI tool. The tailscaled daemon runs on Linux, Windows, macOS, and to varying degrees on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.

Other Tailscale repos of note:

the Android app is at https://github.com/tailscale/tailscale-android
the Synology package is at https://github.com/tailscale/tailscale-synology
the QNAP package is at https://github.com/tailscale/tailscale-qpkg
the Chocolatey packaging is at https://github.com/tailscale/tailscale-chocolatey

For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.

Using

We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.

Building

We always require the latest Go release, currently Go 1.23. (While we build releases with our Go fork, its use is not required.)

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

See commit-messages.md (or skim git log) for our commit message style.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

Legal

WireGuard is a registered trademark of Jason A. Donenfeld.