TheArchive/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-12-23 15:26:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
01826c376a7b3ca07bf72b4e69b429319d0c0b1d
headscale/development/ref/derp/index.html

53 lines
49 KiB
HTML
Raw Normal View History

Deployed c2a58a30 to development with MkDocs 1.6.1 and mike 2.1.3
2025-10-16 11:00:30 +00:00
<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="An open source, self-hosted implementation of the Tailscale control server."><meta name=author content="Headscale authors"><link href=https://juanfont.github.io/headscale/development/ref/derp/ rel=canonical><link href=../dns/ rel=prev><link href=../remote-cli/ rel=next><link rel=icon href=../../assets/favicon.png><meta name=generator content="mkdocs-1.6.1, mkdocs-material-9.6.22"><title>DERP - Headscale</title><link rel=stylesheet href=../../assets/stylesheets/main.84d31ad4.min.css><link rel=stylesheet href=../../assets/stylesheets/palette.06af60db.min.css><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script><meta property=og:type content=website><meta property=og:title content="DERP - Headscale"><meta property=og:description content="An open source, self-hosted implementation of the Tailscale control server."><meta property=og:image content=https://juanfont.github.io/headscale/development/assets/images/social/ref/derp.png><meta property=og:image:type content=image/png><meta property=og:image:width content=1200><meta property=og:image:height content=630><meta content=https://juanfont.github.io/headscale/development/ref/derp/ property=og:url><meta name=twitter:card content=summary_large_image><meta name=twitter:title content="DERP - Headscale"><meta name=twitter:description content="An open source, self-hosted implementation of the Tailscale control server."><meta name=twitter:image content=https://juanfont.github.io/headscale/development/assets/images/social/ref/derp.png></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=white data-md-color-accent=indigo> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#derp class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <div data-md-color-scheme=default data-md-component=outdated hidden> </div> <header class=md-header data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../.. title=Headscale class="md-header__button md-logo" aria-label=Headscale data-md-component=logo> <img src=../../logo/headscale3-dots.svg alt=logo> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> Headscale </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> DERP </span> </div> </div> </div> <form class=md-header__option data-md-component=palette> <input class=md-option data-md-color-media data-md-color-scheme=default data-md-color-primary=white data-md-color-accent=indigo aria-label="Switch to dark mode" type=radio name=__palette id=__palette_0> <label class="md-header__button md-icon" title="Switch to dark mode" for=__palette_1 hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H
Deployed e949859d to development with MkDocs 1.6.1 and mike 2.1.3
2025-08-22 10:10:04 +00:00
</span><span id=__span-0-2><a id=__codelineno-0-2 name=__codelineno-0-2 href=#__codelineno-0-2></a><span class=w> </span><span class=nt>server</span><span class=p>:</span>
</span><span id=__span-0-3><a id=__codelineno-0-3 name=__codelineno-0-3 href=#__codelineno-0-3></a><span class=hll><span class=w> </span><span class=nt>enabled</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</span></span><span id=__span-0-4><a id=__codelineno-0-4 name=__codelineno-0-4 href=#__codelineno-0-4></a><span class=hll><span class=w> </span><span class=nt>ipv4</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">198.51.100.1</span>
</span></span><span id=__span-0-5><a id=__codelineno-0-5 name=__codelineno-0-5 href=#__codelineno-0-5></a><span class=hll><span class=w> </span><span class=nt>ipv6</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">2001:db8::1</span>
</span></span></code></pre></div> <p>Keep in mind that <a href=../../setup/requirements/#ports-in-use>additional ports are needed to run a DERP server</a>. Besides relaying traffic, it also uses STUN (udp/3478) to help clients discover their public IP addresses and perform NAT traversal. <a href=#check-derp-server-connectivity>Check DERP server connectivity</a> to see if everything works.</p> <h3 id=remove-tailscales-derp-servers>Remove Tailscale's DERP servers<a class=headerlink href=#remove-tailscales-derp-servers title="Permanent link">&para;</a></h3> <p>Once enabled, Headscale's embedded DERP is added to the list of free-to-use <a href=https://tailscale.com/kb/1232/derp-servers>DERP servers</a> offered by Tailscale Inc. To only use Headscale's embedded DERP server, disable the loading of the default DERP map:</p> <div class="language-yaml highlight"><span class=filename>config.yaml</span><pre><span></span><code><span id=__span-1-1><a id=__codelineno-1-1 name=__codelineno-1-1 href=#__codelineno-1-1></a><span class=nt>derp</span><span class=p>:</span>
</span><span id=__span-1-2><a id=__codelineno-1-2 name=__codelineno-1-2 href=#__codelineno-1-2></a><span class=w> </span><span class=nt>server</span><span class=p>:</span>
</span><span id=__span-1-3><a id=__codelineno-1-3 name=__codelineno-1-3 href=#__codelineno-1-3></a><span class=w> </span><span class=nt>enabled</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</span><span id=__span-1-4><a id=__codelineno-1-4 name=__codelineno-1-4 href=#__codelineno-1-4></a><span class=w> </span><span class=nt>ipv4</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">198.51.100.1</span>
</span><span id=__span-1-5><a id=__codelineno-1-5 name=__codelineno-1-5 href=#__codelineno-1-5></a><span class=w> </span><span class=nt>ipv6</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">2001:db8::1</span>
</span><span id=__span-1-6><a id=__codelineno-1-6 name=__codelineno-1-6 href=#__codelineno-1-6></a><span class=hll><span class=w> </span><span class=nt>urls</span><span class=p>:</span><span class=w> </span><span class="p p-Indicator">[]</span>
Deployed 2f3c365b to development with MkDocs 1.6.1 and mike 2.1.3
2025-09-09 09:06:06 +00:00
</span></span></code></pre></div> <div class="admonition warning"> <p class=admonition-title>Single point of failure</p> <p>Removing Tailscale's DERP servers means that there is now just a single DERP server available for clients. This is a single point of failure and could hamper connectivity.</p> <p><a href=#check-derp-server-connectivity>Check DERP server connectivity</a> with your embedded DERP server before removing Tailscale's DERP servers.</p> </div> <h3 id=customize-derp-map>Customize DERP map<a class=headerlink href=#customize-derp-map title="Permanent link">&para;</a></h3> <p>The DERP map offered to clients can be customized with a <a href=https://github.com/juanfont/headscale/blob/main/derp-example.yaml>dedicated YAML-configuration file</a>. This allows to modify previously loaded DERP maps fetched via URL or to offer your own, custom DERP servers to nodes.</p> <div class="tabbed-set tabbed-alternate" data-tabs=1:2><input checked=checked id=__tabbed_1_1 name=__tabbed_1 type=radio><input id=__tabbed_1_2 name=__tabbed_1 type=radio><div class=tabbed-labels><label for=__tabbed_1_1>Remove specific DERP regions</label><label for=__tabbed_1_2>Provide custom DERP servers</label></div> <div class=tabbed-content> <div class=tabbed-block> <p>The free-to-use <a href=https://tailscale.com/kb/1232/derp-servers>DERP servers</a> are organized into regions via a region ID. You can explicitly disable a specific region by setting its region ID to <code>null</code>. The following sample <code>derp.yaml</code> disables the New York DERP region (which has the region ID 1):</p> <div class="language-yaml highlight"><span class=filename>derp.yaml</span><pre><span></span><code><span id=__span-2-1><a id=__codelineno-2-1 name=__codelineno-2-1 href=#__codelineno-2-1></a><span class=nt>regions</span><span class=p>:</span>
</span><span id=__span-2-2><a id=__codelineno-2-2 name=__codelineno-2-2 href=#__codelineno-2-2></a><span class=w> </span><span class=nt>1</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">null</span>
</span></code></pre></div> <p>Use the following configuration to serve the default DERP map (excluding New York) to nodes:</p> <div class="language-yaml highlight"><span class=filename>config.yaml</span><pre><span></span><code><span id=__span-3-1><a id=__codelineno-3-1 name=__codelineno-3-1 href=#__codelineno-3-1></a><span class=nt>derp</span><span class=p>:</span>
Deployed e949859d to development with MkDocs 1.6.1 and mike 2.1.3
2025-08-22 10:10:04 +00:00
</span><span id=__span-3-2><a id=__codelineno-3-2 name=__codelineno-3-2 href=#__codelineno-3-2></a><span class=w> </span><span class=nt>server</span><span class=p>:</span>
</span><span id=__span-3-3><a id=__codelineno-3-3 name=__codelineno-3-3 href=#__codelineno-3-3></a><span class=w> </span><span class=nt>enabled</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
Deployed 2f3c365b to development with MkDocs 1.6.1 and mike 2.1.3
2025-09-09 09:06:06 +00:00
</span><span id=__span-3-4><a id=__codelineno-3-4 name=__codelineno-3-4 href=#__codelineno-3-4></a><span class=w> </span><span class=nt>urls</span><span class=p>:</span>
</span><span id=__span-3-5><a id=__codelineno-3-5 name=__codelineno-3-5 href=#__codelineno-3-5></a><span class=w> </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">https://controlplane.tailscale.com/derpmap/default</span>
</span><span id=__span-3-6><a id=__codelineno-3-6 name=__codelineno-3-6 href=#__codelineno-3-6></a><span class=hll><span class=w> </span><span class=nt>paths</span><span class=p>:</span>
</span></span><span id=__span-3-7><a id=__codelineno-3-7 name=__codelineno-3-7 href=#__codelineno-3-7></a><span class=hll><span class=w> </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">/etc/headscale/derp.yaml</span>
</span></span></code></pre></div> </div> <div class=tabbed-block> <p>The following sample <code>derp.yaml</code> references two custom regions (<code>custom-east</code> with ID 900 and <code>custom-west</code> with ID 901) with one custom DERP server in each region. Each DERP server offers DERP relay via HTTPS on tcp/443, support for captive portal checks via HTTP on tcp/80 and STUN on udp/3478. See the definitions of <a href=https://pkg.go.dev/tailscale.com/tailcfg#DERPMap>DERPMap</a>, <a href=https://pkg.go.dev/tailscale.com/tailcfg#DERPRegion>DERPRegion</a> and <a href=https://pkg.go.dev/tailscale.com/tailcfg#DERPNode>DERPNode</a> for all available options.</p> <div class="language-yaml highlight"><span class=filename>derp.yaml</span><pre><span></span><code><span id=__span-4-1><a id=__codelineno-4-1 name=__codelineno-4-1 href=#__codelineno-4-1></a><span class=nt>regions</span><span class=p>:</span>
</span><span id=__span-4-2><a id=__codelineno-4-2 name=__codelineno-4-2 href=#__codelineno-4-2></a><span class=w> </span><span class=nt>900</span><span class=p>:</span>
</span><span id=__span-4-3><a id=__codelineno-4-3 name=__codelineno-4-3 href=#__codelineno-4-3></a><span class=w> </span><span class=nt>regionid</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">900</span>
</span><span id=__span-4-4><a id=__codelineno-4-4 name=__codelineno-4-4 href=#__codelineno-4-4></a><span class=w> </span><span class=nt>regioncode</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">custom-east</span>
</span><span id=__span-4-5><a id=__codelineno-4-5 name=__codelineno-4-5 href=#__codelineno-4-5></a><span class=w> </span><span class=nt>regionname</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">My region (east)</span>
</span><span id=__span-4-6><a id=__codelineno-4-6 name=__codelineno-4-6 href=#__codelineno-4-6></a><span class=w> </span><span class=nt>nodes</span><span class=p>:</span>
</span><span id=__span-4-7><a id=__codelineno-4-7 name=__codelineno-4-7 href=#__codelineno-4-7></a><span class=w> </span><span class="p p-Indicator">-</span><span class=w> </span><span class=nt>name</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">900a</span>
</span><span id=__span-4-8><a id=__codelineno-4-8 name=__codelineno-4-8 href=#__codelineno-4-8></a><span class=w> </span><span class=nt>regionid</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">900</span>
</span><span id=__span-4-9><a id=__codelineno-4-9 name=__codelineno-4-9 href=#__codelineno-4-9></a><span class=w> </span><span class=nt>hostname</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">derp900a.example.com</span>
</span><span id=__span-4-10><a id=__codelineno-4-10 name=__codelineno-4-10 href=#__codelineno-4-10></a><span class=w> </span><span class=nt>ipv4</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">198.51.100.1</span>
</span><span id=__span-4-11><a id=__codelineno-4-11 name=__codelineno-4-11 href=#__codelineno-4-11></a><span class=w> </span><span class=nt>ipv6</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">2001:db8::1</span>
</span><span id=__span-4-12><a id=__codelineno-4-12 name=__codelineno-4-12 href=#__codelineno-4-12></a><span class=w> </span><span class=nt>canport80</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</span><span id=__span-4-13><a id=__codelineno-4-13 name=__codelineno-4-13 href=#__codelineno-4-13></a><span class=w> </span><span class=nt>901</span><span class=p>:</span>
</span><span id=__span-4-14><a id=__codelineno-4-14 name=__codelineno-4-14 href=#__codelineno-4-14></a><span class=w> </span><span class=nt>regionid</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">901</span>
</span><span id=__span-4-15><a id=__codelineno-4-15 name=__codelineno-4-15 href=#__codelineno-4-15></a><span class=w> </span><span class=nt>regioncode</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">custom-west</span>
</span><span id=__span-4-16><a id=__codelineno-4-16 name=__codelineno-4-16 href=#__codelineno-4-16></a><span class=w> </span><span class=nt>regionname</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">My Region (west)</span>
</span><span id=__span-4-17><a id=__codelineno-4-17 name=__codelineno-4-17 href=#__codelineno-4-17></a><span class=w> </span><span class=nt>nodes</span><span class=p>:</span>
</span><span id=__span-4-18><a id=__codelineno-4-18 name=__codelineno-4-18 href=#__codelineno-4-18></a><span class=w> </span><span class="p p-Indicator">-</span><span class=w> </span><span class=nt>name</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">901a</span>
</span><span id=__span-4-19><a id=__codelineno-4-19 name=__codelineno-4-19 href=#__codelineno-4-19></a><span class=w> </span><span class=nt>regionid</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">901</span>
</span><span id=__span-4-20><a id=__codelineno-4-20 name=__codelineno-4-20 href=#__codelineno-4-20></a><span class=w> </span><span class=nt>hostname</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">derp901a.example.com</span>
</span><span id=__span-4-21><a id=__codelineno-4-21 name=__codelineno-4-21 href=#__codelineno-4-21></a><span class=w> </span><span class=nt>ipv4</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">198.51.100.2</span>
</span><span id=__span-4-22><a id=__codelineno-4-22 name=__codelineno-4-22 href=#__codelineno-4-22></a><span class=w> </span><span class=nt>ipv6</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">2001:db8::2</span>
</span><span id=__span-4-23><a id=__codelineno-4-23 name=__codelineno-4-23 href=#__codelineno-4-23></a><span class=w> </span><span class=nt>canport80</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</span></code></pre></div> <p>Use the following configuration to only serve the two DERP servers from the above <code>derp.yaml</code>:</p> <div class="language-yaml highlight"><span class=filename>config.yaml</span><pre><span></span><code><span id=__span-5-1><a id=__codelineno-5-1 name=__codelineno-5-1 href=#__codelineno-5-1></a><span class=nt>derp</span><span class=p>:</span>
</span><span id=__span-5-2><a id=__codelineno-5-2 name=__codelineno-5-2 href=#__codelineno-5-2></a><span class=w> </span><span class=nt>server</span><span class=p>:</span>
</span><span id=__span-5-3><a id=__codelineno-5-3 name=__codelineno-5-3 href=#__codelineno-5-3></a><span class=w> </span><span class=nt>enabled</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
</span><span id=__span-5-4><a id=__codelineno-5-4 name=__codelineno-5-4 href=#__codelineno-5-4></a><span class=w> </span><span class=nt>urls</span><span class=p>:</span><span class=w> </span><span class="p p-Indicator">[]</span>
</span><span id=__span-5-5><a id=__codelineno-5-5 name=__codelineno-5-5 href=#__codelineno-5-5></a><span class=hll><span class=w> </span><span class=nt>paths</span><span class=p>:</span>
</span></span><span id=__span-5-6><a id=__codelineno-5-6 name=__codelineno-5-6 href=#__codelineno-5-6></a><span class=hll><span class=w> </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">/etc/headscale/derp.yaml</span>
</span></span></code></pre></div> </div> </div> </div> <p>Independent of the custom DERP map, you may choose to <a href=#enable-embedded-derp>enable the embedded DERP server and have it automatically added to the custom DERP map</a>.</p> <h3 id=verify-clients>Verify clients<a class=headerlink href=#verify-clients title="Permanent link">&para;</a></h3> <p>Access to DERP serves can be restricted to nodes that are members of your Tailnet. Relay access is denied for unknown clients.</p> <div class="tabbed-set tabbed-alternate" data-tabs=2:2><input checked=checked id=__tabbed_2_1 name=__tabbed_2 type=radio><input id=__tabbed_2_2 name=__tabbed_2 type=radio><div class=tabbed-labels><label for=__tabbed_2_1>Embedded DERP</label><label for=__tabbed_2_2>3<sup>rd</sup>-party DERP</label></div> <div class=tabbed-content> <div class=tabbed-block> <p>Client verification is enabled by default.</p> <div class="language-yaml highlight"><span class=filename>config.yaml</span><pre><span></span><code><span id=__span-6-1><a id=__codelineno-6-1 name=__codelineno-6-1 href=#__codelineno-6-1></a><span class=nt>derp</span><span class=p>:</span>
</span><span id=__span-6-2><a id=__codelineno-6-2 name=__codelineno-6-2 href=#__codelineno-6-2></a><span class=w> </span><span class=nt>server</span><span class=p>:</span>
</span><span id=__span-6-3><a id=__codelineno-6-3 name=__codelineno-6-3 href=#__codelineno-6-3></a><span class=hll><span class=w> </span><span class=nt>verify_clients</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
Deployed c2a58a30 to development with MkDocs 1.6.1 and mike 2.1.3
2025-10-16 11:00:30 +00:00
</span></span></code></pre></div> </div> <div class=tabbed-block> <p>Tailscale's <code>derper</code> provides two parameters to configure client verification:</p> <ul> <li>Use the <code>-verify-client-url</code> parameter of the <code>derper</code> and point it towards the <code>/verify</code> endpoint of your Headscale server (e.g <code>https://headscale.example.com/verify</code>). The DERP server will query your Headscale instance as soon as a client connects with it to ask whether access should be allowed or denied. Access is allowed if Headscale knows about the connecting client and denied otherwise.</li> <li>The parameter <code>-verify-client-url-fail-open</code> controls what should happen when the DERP server can't reach the Headscale instance. By default, it will allow access if Headscale is unreachable.</li> </ul> </div> </div> </div> <h2 id=check-derp-server-connectivity>Check DERP server connectivity<a class=headerlink href=#check-derp-server-connectivity title="Permanent link">&para;</a></h2> <p>Any Tailscale client may be used to introspect the DERP map and to check for connectivity issues with DERP servers.</p> <ul> <li>Display DERP map: <code>tailscale debug derp-map</code></li> <li>Check connectivity with the embedded DERP<sup id=fnref:1><a class=footnote-ref href=#fn:1>1</a></sup>:<code>tailscale debug derp headscale</code></li> </ul> <p>Additional DERP related metrics and information is available via the <a href=../debug/#metrics-and-debug-endpoint>metrics and debug endpoint</a>.</p> <h2 id=limitations>Limitations<a class=headerlink href=#limitations title="Permanent link">&para;</a></h2> <ul> <li>The embedded DERP server can't be used for Tailscale's captive portal checks as it doesn't support the <code>/generate_204</code> endpoint via HTTP on port tcp/80.</li> <li>There are no speed or throughput optimisations, the main purpose is to assist in node connectivity.</li> </ul> <div class=footnote> <hr> <ol> <li id=fn:1> <p>This assumes that the default region code of the <a href=../configuration/ >configuration file</a> is used.&#160;<a class=footnote-backref href=#fnref:1 title="Jump back to footnote 1 in the text">&#8617;</a></p> </li> </ol> </div> </article> </div> <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script> </div> <button type=button class="md-top md-icon" data-md-component=top hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg> Back to top </button> </main> <footer class=md-footer> <nav class="md-footer__inner md-grid" aria-label=Footer> <a href=../dns/ class="md-footer__link md-footer__link--prev" aria-label="Previous: DNS"> <div class="md-footer__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> </div> <div class=md-footer__title> <span class=md-footer__direction> Previous </span> <div class=md-ellipsis> DNS </div> </div> </a> <a href=../remote-cli/ class="md-footer__link md-footer__link--next" aria-label="Next: Remote CLI"> <div class=md-footer__title> <span class=md-footer__direction> Next </span> <div class=md-ellipsis> Remote CLI </div> </div> <div class="md-footer__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg> </div> </a> </nav> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> <div class=md-copyright__highlight> Copyright &copy; 2025 Headscale authors </div> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> <div class=md-social> <a href=https://github.com/juanfont/headscale target=_blank rel=noopener title=github.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 512 512"><!-- Font Awesome Free 7.1.0 by @fontawesome - htt
Reference in New Issue Copy Permalink