Tailscale secures $160 million for its WireGuard-based VPN development

Building on WireGuard’s foundation

At the heart of Tailscale’s technology is WireGuard, a modern VPN protocol that offers significant security and performance advantages over legacy solutions. 

WireGuard is an open-source technology built in a way that minimizes the attack surface while providing greater performance than older VPN approaches. While WireGuard provides the secure cryptographic foundation, Tailscale builds the control and management layer on top.

“WireGuard provides the fundamental, really secure cryptography primitive that gets the packets from place to place with end-to-end encryption very quickly, and then Tailscale provides all the key management stuff,” Pennarun explained. “Key management, of course, is mostly about people and organizations, and that’s the kind of thing that you can’t fix necessarily with an algorithm—you have to fix with human systems design.”

WireGuard became an integrated part of the Linux kernel in 2020. Interestingly, despite WireGuard being integrated into the Linux kernel, Tailscale made an unconventional choice to use the user-space implementation instead.

“We made an odd choice in the beginning of Tailscale that I think has paid off for us,” says Pennarun. “We chose the user-space WireGuard, because that way we could use the exact same code on every platform we run on.”

The company has even managed to optimize its user-space implementation to outperform the kernel version in some scenarios—”something that most people would have said is impossible,” according to Pennarun.