CodeCow/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-06-06 21:01:11 +08:00
Code Issues Actions 18 Packages Projects Releases Wiki Activity
The easiest, most secure way to use WireGuard and 2FA.
10,292 Commits 1,134 Branches 230 Tags 153 MiB
Go 95.6%
C 1.6%
TypeScript 1%
Shell 0.6%
Swift 0.4%
Other 0.6%
authkey-reissue-restructured
Go to file
chaosinthecrd 6e407ee2f6
cmd/k8s-proxy: add auth key renewal support 
Add auth key reissue handling to k8s-proxy, mirroring containerboot.
When the proxy detects an auth failure (login-state health warning or
NeedsLogin state), it disconnects from control, signals the operator
via the state Secret, waits for a new key, clears stale state, and
exits so Kubernetes restarts the pod with the new key.

A health watcher goroutine runs alongside ts.Up() to short-circuit
the startup timeout on terminal auth failures.
2026-04-01 17:32:30 +01:00
.bencher bencher: add config to suppress failures on benchmark regressions. 2021-10-01 16:16:02 -07:00
.github .github: Bump github/codeql-action from 4.32.5 to 4.32.6 2026-03-11 22:13:04 -06:00
appc appc,feature/conn25: conn25: send address assignments to connector 2026-03-09 14:10:38 -07:00
atomicfile all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
chirp all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
client client/web: signal need to wait for auth across tabs 2026-03-11 08:15:21 +00:00
clientupdate all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
cmd cmd/k8s-proxy: add auth key renewal support 2026-04-01 17:32:30 +01:00
control all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
derp all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
disco all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
docs all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
doctor all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
drive all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
envknob all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
feature feature/conn25: rewrite A records for connector domains 2026-03-16 09:09:35 -07:00
gokrazy gokrazy: fix busybox breakglass support, add test 2026-03-12 11:25:31 -07:00
health all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
hostinfo all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
internal cmd/tailscale/cli: allow fetching keys from AWS Parameter Store 2026-01-29 18:09:56 -05:00
ipn netns: add Android callback to bind socket to network (#18915) 2026-03-11 12:28:28 -07:00
jsondb all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
k8s-operator all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
kube kube/authkey,kube/state,cmd/containerboot: preserve device_id across restarts 2026-04-01 16:20:45 +01:00
licenses licenses: update license notices 2026-03-02 08:04:19 -08:00
log all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
logpolicy all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
logtail all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
maths all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
metrics all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
net net/{batching,udprelay},wgengine/magicsock: add SO_RXQ_OVFL clientmetrics 2026-03-13 14:27:03 -07:00
omit all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
packages/deb all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
paths all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
portlist portlist: also tb.Skip benchmarks (not just tests) on bad Linux kernels 2026-02-12 13:19:09 -08:00
posture all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
prober all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
proxymap all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
release all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
safesocket all: fix typos in comments 2026-03-05 13:52:01 -08:00
safeweb all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
scripts scripts/installer.sh: handle KDE Linux (#18861) 2026-03-02 18:29:49 +00:00
sessionrecording all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
ssh/tailssh ipn/ipnlocal, feature/ssh: move SSH code out of LocalBackend to feature 2026-03-10 17:27:17 -07:00
syncs all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
tailcfg netns: add Android callback to bind socket to network (#18915) 2026-03-11 12:28:28 -07:00
tempfork feature/c2n: move answerC2N code + deps out of control/controlclient 2025-10-04 13:16:49 -07:00
tka all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
tool all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
tsconsensus all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
tsconst all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
tsd all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
tsnet tsnet: make tsnet fallback to control url from environment 2026-03-12 05:06:55 -07:00
tstest tstest/integration: add userspace-networking + proxymap WhoIs integration test 2026-03-13 15:01:31 -07:00
tstime all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
tsweb all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
types types/key: add NodePrivate.Raw32 and DiscoPrivateFromRaw32 2026-03-10 07:36:35 -07:00
util util/linuxfw: fix nil pointer panic in connmark rules without IPv6 (#18946) 2026-03-10 15:19:15 -04:00
version all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
wf wf: allow limited broadcast to/from permitted interfaces when using an exit node on Windows 2026-01-23 18:30:38 -06:00
wgengine wgengine/netstack: don't register subnet/4via6 TCP flows with proxymap 2026-03-13 19:41:30 -07:00
wif all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
words all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
.gitattributes .: add .gitattributes entry to use Go hunk-header driver 2021-12-03 17:56:02 -08:00
.gitignore Add .stignore for syncthing (#18540) 2026-01-27 16:15:17 -08:00
.golangci.yml .github: Bump golangci/golangci-lint-action from 6.5.0 to 7.0.0 (#15476) 2025-04-14 16:04:36 -06:00
.stignore Add .stignore for syncthing (#18540) 2026-01-27 16:15:17 -08:00
ALPINE.txt docker: bump alpine v3.19 -> 3.22 (#17155) 2025-09-17 20:22:24 +01:00
api.md {api.md,publicapi}: remove old API docs (#13468) 2024-09-13 14:10:33 -06:00
assert_ts_toolchain_match.go .: permit running binary built with TS_GO_NEXT=1 2026-02-23 09:37:04 -08:00
build_dist.sh build_dist.sh: keep --extra-small making a usable build, add --min 2025-10-06 21:15:25 -07:00
build_docker.sh build_docker.sh: support including extra files (#17405) 2025-10-02 13:29:03 +01:00
CODE_OF_CONDUCT.md CODE_OF_CONDUCT.md: update code of conduct 2025-10-28 08:58:00 -07:00
CODEOWNERS CODEOWNERS: add the start of an owners file 2023-08-16 15:57:29 -07:00
Dockerfile go.toolchain.branch: switch to Go 1.26 2026-03-04 21:57:05 -08:00
Dockerfile.base all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
flake.lock nix: update flakes to get a nixpkgs version with go 1.26 2026-03-06 04:06:57 -08:00
flake.nix go.mod: bump tailscale/wireguard-go 2026-03-16 13:51:04 -07:00
go.mod go.mod: bump tailscale/wireguard-go 2026-03-16 13:51:04 -07:00
go.mod.sri go.mod: bump tailscale/wireguard-go 2026-03-16 13:51:04 -07:00
go.sum go.mod: bump tailscale/wireguard-go 2026-03-16 13:51:04 -07:00
go.toolchain.branch go.toolchain.branch: switch to Go 1.26 2026-03-04 21:57:05 -08:00
go.toolchain.next.branch tool/gocross, pull-toolchain.sh: support a "next" Go toolchain 2026-01-27 14:07:35 -08:00
go.toolchain.next.rev go.toolchain.next.rev: update to final Go 1.26.1 [next] (#18939) 2026-03-10 08:23:01 -04:00
go.toolchain.rev go.mod: bump for internal/poll: move rsan to heap on windows 2026-03-09 16:48:31 -05:00
go.toolchain.rev.sri go.mod: bump for internal/poll: move rsan to heap on windows 2026-03-09 16:48:31 -05:00
go.toolchain.version go.mod: bump to Go 1.26.1 2026-03-06 11:27:29 -08:00
gomod_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
header.txt all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
LICENSE all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
license_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
Makefile Makefile, cmd/*/depaware.txt: split out vendor packages explicitly 2025-10-01 13:02:06 -07:00
PATENTS Move Linux client & common packages into a public repo. 2020-02-09 09:32:57 -08:00
pkgdoc_test.go gokrazy: use monorepo for gokrazy appliance builds (monogok) 2026-02-13 16:19:14 -08:00
pull-toolchain.sh pull-toolchain.sh: advance the next hash if it's behind 2026-03-10 06:58:53 -07:00
README.md README: update the version of Go in the README 2025-09-29 22:09:25 +01:00
SECURITY.md Add a SECURITY.md for vulnerability reports. 2020-02-11 10:26:41 -08:00
shell.nix go.mod: bump tailscale/wireguard-go 2026-03-16 13:51:04 -07:00
staticcheck.conf all: cleanup unused code, part 2 (#10670) 2023-12-21 17:40:03 -08:00
update-flake.sh flake.nix: update Nix to use tailscale/go 1.25.2 (#17500) 2025-10-08 14:37:47 -04:00
version_tailscale_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
version_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
version-embed.go cmd/printdep: add --next flag to use rc Go build hash instead 2026-01-27 14:49:56 -08:00
VERSION.txt VERSION.txt: this is v1.97.0 (#18898) 2026-03-05 15:24:48 -05:00

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains the majority of Tailscale's open source code. Notably, it includes the tailscaled daemon and the tailscale CLI tool. The tailscaled daemon runs on Linux, Windows, macOS, and to varying degrees on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.

Other Tailscale repos of note:

For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.

Using

We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.

Building

We always require the latest Go release, currently Go 1.25. (While we build releases with our Go fork, its use is not required.)

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

See commit-messages.md (or skim git log) for our commit message style.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

Legal

WireGuard is a registered trademark of Jason A. Donenfeld.