CodeCow/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-06-03 21:01:54 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
The easiest, most secure way to use WireGuard and 2FA.
10,250 Commits 1,116 Branches 228 Tags 150 MiB
Go 95.5%
C 1.6%
TypeScript 1%
Shell 0.6%
Swift 0.4%
Other 0.6%
044221b8c6
Go to file
Tom Meadows 044221b8c6
kube/certs: discover TLS domains from TCP TerminateTLS handlers (#19020) (#19021) 
After #18179 switched to L4 TCPForward, EnsureCertLoops found no
domains since it only checked service.Web entries. Certs were never
provisioned, leaving kube-apiserver ProxyGroups stuck at 0/N ready.

Fixes #19019


(cherry picked from commit a565833998)

Signed-off-by: Raj Singh <raj@tailscale.com>
Co-authored-by: Raj Singh <raj@tailscale.com>
2026-03-19 11:49:36 +00:00
.bencher bencher: add config to suppress failures on benchmark regressions. 2021-10-01 16:16:02 -07:00
.github .github/workflows: use tailscale/go for Windows CI too 2026-03-09 18:23:53 -05:00
appc appc,feature/conn25,net: Add DNS response interception for conn25 2026-02-20 07:43:37 -08:00
atomicfile all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
chirp all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
client cmd/tailscale,ipn,net/netutil: remove rp_filter strict mode warnings (#18863) 2026-03-04 14:09:19 -05:00
clientupdate clientupdate,net/tstun: add support for OpenWrt 25.12.0 using apk (#18545) 2026-03-05 13:39:07 -05:00
cmd cmd/{containerboot,k8s-operator}: reissue auth keys for broken proxies (#16450) (#18962) 2026-03-11 12:50:02 +00:00
control net/dns: make MagicDNS IPv6 registration opt-out now, not opt-in 2026-02-17 07:29:12 -10:00
derp all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
disco all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
docs all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
doctor all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
drive all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
envknob all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
feature feature/portlist: address case where poller misses CollectServices updates 2026-03-04 13:07:23 -08:00
gokrazy gokrazy: use monorepo for gokrazy appliance builds (monogok) 2026-02-13 16:19:14 -08:00
health cmd/tailscale,ipn,net/netutil: remove rp_filter strict mode warnings (#18863) 2026-03-04 14:09:19 -05:00
hostinfo hostinfo: retrieve OS version for Macs running the OSS client 2026-01-27 15:51:07 +00:00
internal cmd/tailscale/cli: allow fetching keys from AWS Parameter Store 2026-01-29 18:09:56 -05:00
ipn ipn/ipnlocal: skip writing netmaps to disk when disabled (#18883) 2026-03-04 15:13:30 -08:00
jsondb all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
k8s-operator cmd/k8s-proxy: use L4 TCPForward instead of L7 HTTP proxy (#18179) 2026-03-05 18:47:54 +00:00
kube kube/certs: discover TLS domains from TCP TerminateTLS handlers (#19020) (#19021) 2026-03-19 11:49:36 +00:00
licenses licenses: update license notices 2026-03-02 08:04:19 -08:00
log all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
logpolicy all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
logtail logtail/filch: fix filch test panic (#18660) 2026-02-10 13:24:00 -08:00
maths all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
metrics all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
net clientupdate,net/tstun: add support for OpenWrt 25.12.0 using apk (#18545) 2026-03-05 13:39:07 -05:00
omit all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
packages/deb all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
paths all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
portlist portlist: also tb.Skip benchmarks (not just tests) on bad Linux kernels 2026-02-12 13:19:09 -08:00
posture all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
prober prober: fix race condition in TestExcludeInRunAll (#18807) 2026-02-25 13:52:01 -05:00
proxymap all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
release all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
safesocket all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
safeweb all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
scripts scripts/installer.sh: handle KDE Linux (#18861) 2026-03-02 18:29:49 +00:00
sessionrecording all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
ssh/tailssh ssh/tailssh: fix data race on conn auth state in OnPolicyChange 2026-02-16 13:02:46 -10:00
syncs all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
tailcfg net/dns: make MagicDNS IPv6 registration opt-out now, not opt-in 2026-02-17 07:29:12 -10:00
tempfork feature/c2n: move answerC2N code + deps out of control/controlclient 2025-10-04 13:16:49 -07:00
tka all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
tool tool/listpkgs: add --affected-by-tag 2026-02-25 11:41:33 -08:00
tsconsensus tsconsensus: fix race condition in TestOnlyTaggedPeersCanBeDialed 2026-02-17 14:39:02 -07:00
tsconst all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
tsd wgengine/netstack: add local tailscale service IPs to route and terminate locally (#18461) 2026-01-30 16:46:03 -05:00
tsnet go.toolchain.branch: switch to Go 1.26 2026-03-04 21:57:05 -08:00
tstest go.toolchain.branch: switch to Go 1.26 2026-03-04 21:57:05 -08:00
tstime all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
tsweb tsweb/varz: remove unnecessary Map.Init() calls in tests 2026-02-06 18:35:30 +00:00
types types/geo: fix floating point bug causing NaN returns in SphericalAngleTo (#18777) 2026-03-02 17:33:57 -08:00
util util/linuxfw: fix nil pointer panic in connmark rules without IPv6 (#18946) (#18947) 2026-03-10 15:23:54 -04:00
version go.toolchain.branch: switch to Go 1.26 2026-03-04 21:57:05 -08:00
wf wf: allow limited broadcast to/from permitted interfaces when using an exit node on Windows 2026-01-23 18:30:38 -06:00
wgengine util/linuxfw,wgengine/router: add connmark rules for rp_filter workaround (#18860) 2026-03-04 14:09:11 -05:00
wif all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
words all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
.gitattributes .: add .gitattributes entry to use Go hunk-header driver 2021-12-03 17:56:02 -08:00
.gitignore Add .stignore for syncthing (#18540) 2026-01-27 16:15:17 -08:00
.golangci.yml .github: Bump golangci/golangci-lint-action from 6.5.0 to 7.0.0 (#15476) 2025-04-14 16:04:36 -06:00
.stignore Add .stignore for syncthing (#18540) 2026-01-27 16:15:17 -08:00
ALPINE.txt docker: bump alpine v3.19 -> 3.22 (#17155) 2025-09-17 20:22:24 +01:00
api.md {api.md,publicapi}: remove old API docs (#13468) 2024-09-13 14:10:33 -06:00
assert_ts_toolchain_match.go .: permit running binary built with TS_GO_NEXT=1 2026-02-23 09:37:04 -08:00
build_dist.sh build_dist.sh: keep --extra-small making a usable build, add --min 2025-10-06 21:15:25 -07:00
build_docker.sh build_docker.sh: support including extra files (#17405) 2025-10-02 13:29:03 +01:00
CODE_OF_CONDUCT.md CODE_OF_CONDUCT.md: update code of conduct 2025-10-28 08:58:00 -07:00
CODEOWNERS CODEOWNERS: add the start of an owners file 2023-08-16 15:57:29 -07:00
Dockerfile go.toolchain.branch: switch to Go 1.26 2026-03-04 21:57:05 -08:00
Dockerfile.base all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
flake.lock .github/Makefile/flake: update nix flake support (#16636) 2025-08-19 10:46:07 -04:00
flake.nix go.toolchain.branch: switch to Go 1.26 2026-03-04 21:57:05 -08:00
go.mod go.mod: bump to Go 1.26.1 2026-03-09 18:43:39 -05:00
go.mod.sri go.mod: bump github.com/cloudflare/circl version (#18878) 2026-03-04 10:59:43 -08:00
go.sum go.mod: bump github.com/cloudflare/circl version (#18878) 2026-03-04 10:59:43 -08:00
go.toolchain.branch go.toolchain.branch: switch to Go 1.26 2026-03-04 21:57:05 -08:00
go.toolchain.next.branch tool/gocross, pull-toolchain.sh: support a "next" Go toolchain 2026-01-27 14:07:35 -08:00
go.toolchain.next.rev go.toolchain.next.rev: update to final Go 1.26.0 [next] 2026-02-10 20:44:30 -08:00
go.toolchain.rev go.mod: bump for internal/poll: move rsan to heap on windows 2026-03-09 18:43:39 -05:00
go.toolchain.rev.sri go.mod: bump for internal/poll: move rsan to heap on windows 2026-03-09 18:43:39 -05:00
go.toolchain.version go.mod: bump to Go 1.26.1 2026-03-09 18:43:39 -05:00
gomod_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
header.txt all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
LICENSE all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
license_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
Makefile Makefile, cmd/*/depaware.txt: split out vendor packages explicitly 2025-10-01 13:02:06 -07:00
PATENTS Move Linux client & common packages into a public repo. 2020-02-09 09:32:57 -08:00
pkgdoc_test.go gokrazy: use monorepo for gokrazy appliance builds (monogok) 2026-02-13 16:19:14 -08:00
pull-toolchain.sh go.toolchain.{rev,next.rev}: update to Go 1.25.7 / Go 1.26rc3 (#18633) 2026-02-06 12:54:11 -08:00
README.md README: update the version of Go in the README 2025-09-29 22:09:25 +01:00
SECURITY.md Add a SECURITY.md for vulnerability reports. 2020-02-11 10:26:41 -08:00
shell.nix go.mod: bump github.com/cloudflare/circl version (#18878) 2026-03-04 10:59:43 -08:00
staticcheck.conf all: cleanup unused code, part 2 (#10670) 2023-12-21 17:40:03 -08:00
update-flake.sh flake.nix: update Nix to use tailscale/go 1.25.2 (#17500) 2025-10-08 14:37:47 -04:00
version_tailscale_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
version_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
version-embed.go cmd/printdep: add --next flag to use rc Go build hash instead 2026-01-27 14:49:56 -08:00
VERSION.txt VERISON.txt this is v1.96.2 2026-03-17 15:05:14 -07:00

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains the majority of Tailscale's open source code. Notably, it includes the tailscaled daemon and the tailscale CLI tool. The tailscaled daemon runs on Linux, Windows, macOS, and to varying degrees on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.

Other Tailscale repos of note:

For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.

Using

We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.

Building

We always require the latest Go release, currently Go 1.25. (While we build releases with our Go fork, its use is not required.)

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

See commit-messages.md (or skim git log) for our commit message style.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

Legal

WireGuard is a registered trademark of Jason A. Donenfeld.