The easiest, most secure way to use WireGuard and 2FA.
Go to file
Denton Gentry d2480fd508 net/netns: support !CAP_NET_ADMIN
netns_linux checked whether "ip rule" could run to determine
whether to use SO_MARK for network namespacing. However in
Linux environments which lack CAP_NET_ADMIN, such as various
container runtimes, the "ip rule" command succeeds but SO_MARK
fails due to lack of permission. SO_BINDTODEVICE would work in
these environments, but isn't tried.

In addition to running "ip rule" check directly whether SO_MARK
works or not. Among others, this allows Microsoft Azure App
Service and AWS App Runner to work.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-07-14 10:01:14 -07:00
.github Run tests on integration test changes (#2373) 2021-07-09 10:50:23 -04:00
atomicfile atomicfile: don't Chmod on windows 2020-07-15 12:31:40 -07:00
client/tailscale cmd/tailscale: make netcheck use active DERP map, delete static copy 2021-06-28 14:08:47 -07:00
cmd net/netns: support !CAP_NET_ADMIN 2021-07-14 10:01:14 -07:00
control/controlclient control/controlclient: add debug knob to force node to only IPv6 self addr 2021-06-28 15:26:58 -07:00
derp derp: allow self node when verifying clients 2021-07-13 08:37:37 -07:00
disco all: adapt to opaque netaddr types 2021-05-16 14:52:00 -07:00
health wgengine/magicsock: always run ReceiveIPv6 2021-04-28 11:07:14 -07:00
hostinfo hostinfo: add AWS Fargate. 2021-07-14 10:01:14 -07:00
internal/tooldeps util/deephash: move internal/deephash to util/deephash 2021-07-02 21:33:02 -07:00
ipn ipn/localapi: fix inability to receive taildrop files w/ escaped names 2021-07-13 15:37:59 -07:00
log log/filelogger: move our Windows disk file writing+rotation package here 2020-10-29 14:59:44 -07:00
logpolicy logpolicy: set log target on windows based on a registry key (#1542) 2021-03-18 13:23:56 -04:00
logtail staticcheck.conf: turn off noisy lint errors 2021-06-18 15:48:20 -07:00
metrics metrics: add LabelMap.GetFloat 2020-07-19 12:31:12 -07:00
net net/netns: support !CAP_NET_ADMIN 2021-07-14 10:01:14 -07:00
packages/deb packages/deb: add package to extract metadata from .deb files. 2021-06-07 16:22:23 -07:00
paths cmd/tailscale/web: restrict web access to synology admins. 2021-06-03 08:41:47 +05:00
portlist staticcheck.conf: turn off noisy lint errors 2021-06-18 15:48:20 -07:00
safesocket safesocket: create the test socket in a temp dir 2021-07-08 16:57:37 -07:00
scripts derp: add counters to track the type of dropped packets. 2021-07-12 13:15:59 -07:00
smallzstd smallzstd: new package that constructs zstd small encoders/decoders. 2020-07-02 16:13:06 -07:00
syncs syncs: add AtomicUint32 2021-06-23 08:51:37 -07:00
tailcfg tailcfg: break DERPNode.DERPTestPort into DERPPort & InsecureForTests 2021-07-09 12:30:31 -07:00
tempfork tempfork/wireguard-windows/firewall: add. 2021-03-01 19:37:22 -08:00
tsconst net/netns: add windows support. 2020-09-14 16:28:49 -07:00
tsnet all: adapt to opaque netaddr types 2021-05-16 14:52:00 -07:00
tstest ipn/ipnlocal: save prefs to disk on UpdatePrefs 2021-07-13 15:01:38 -07:00
tstime tstime: add RandomDurationBetween helper 2021-01-21 07:54:14 -08:00
tsweb tsweb: replace NewMux with a more flexible DebugHandler. 2021-06-16 19:00:47 -07:00
types types/logger: fix deadlock RateLimitedFn reentrancy 2021-06-25 08:38:08 -07:00
util util/deephash: don't reflect.Copy if element type is a defined uint8 2021-07-07 11:58:04 -07:00
version version: don't allocate parsing unsupported versions, empty strings 2021-07-01 14:25:50 -07:00
wf wf: loopback condition should use MatchTypeFlagsAllSet. 2021-06-16 12:57:57 +05:00
wgengine wgengine/magicsock: fix latent data race in test 2021-07-13 15:14:18 -07:00
.gitattributes .gitattributes: add a smudge filter for go.mod. 2020-02-19 20:02:02 -05:00
.gitignore Revert "cmd/tailscaled: split package main into main shim + package" 2021-03-25 09:06:00 -07:00
api.md api.md: update preview example 2021-07-02 08:24:19 -07:00
AUTHORS Move Linux client & common packages into a public repo. 2020-02-09 09:32:57 -08:00
build_dist.sh build_dist.sh: add a command to output the shell vars. 2021-06-05 19:02:42 -07:00
build_docker.sh build_docker.sh: use build_dist.sh to inject version information 2021-07-07 06:38:04 -07:00
CODE_OF_CONDUCT.md Add a code of conduct. 2020-02-10 22:16:30 -08:00
Dockerfile build_docker.sh, Dockerfile: fix bug with shell quoting 2021-03-05 10:38:32 -08:00
go.mod cmd/tailscale/cli: diagnose missing tailscaled on 'up' 2021-07-13 12:23:11 -07:00
go.sum cmd/tailscale/cli: diagnose missing tailscaled on 'up' 2021-07-13 12:23:11 -07:00
LICENSE LICENSE: Reformat for Github 2021-01-24 16:20:22 -08:00
Makefile wgengine/netstack: fix 32-bit build broken from prior commit 2021-03-01 11:19:31 -08:00
PATENTS Move Linux client & common packages into a public repo. 2020-02-09 09:32:57 -08:00
README.md Switch to Go 1.16. 2021-02-19 13:18:31 -08:00
SECURITY.md Add a SECURITY.md for vulnerability reports. 2020-02-11 10:26:41 -08:00
shell.nix add nix-shell boilerplate (#1028) 2020-12-29 12:17:03 -05:00
staticcheck.conf staticcheck.conf: remove unnecessary warning 2021-06-22 12:26:13 -07:00
VERSION.txt VERSION.txt: this is v1.11.0. 2021-06-24 15:45:08 -07:00

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains all the open source Tailscale client code and the tailscaled daemon and tailscale CLI tool. The tailscaled daemon runs primarily on Linux; it also works to varying degrees on FreeBSD, OpenBSD, Darwin, and Windows.

The Android app is at https://github.com/tailscale/tailscale-android

Using

We serve packages for a variety of distros at https://pkgs.tailscale.com .

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers that are not open source.

Building

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

We only guarantee to support the latest Go release and any Go beta or release candidate builds (currently Go 1.16) in module mode. It might work in earlier Go versions or in GOPATH mode, but we're making no effort to keep those working.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

WireGuard is a registered trademark of Jason A. Donenfeld.