Until recently, I assumed Tailscale was proxying most or all traffic through cloud servers. It turns out that it’s much cooler than that though. In most cases they can establish direct peer to peer connections. This article talks about how they traverse Network Address Translation and stateful firewalls.
Josh Betz
Made with 🧀 in Madison
The interesting thing is that it can also route peers directly to each other and use the public jump server only for the initial NAT port exchange. Wireguard can’t do that out of the box with peers behind NAT which is why I’m considering moving my homelab network to Tailscale (Headscale).