The long wondrous life of a Tailscale packet

Tailscale, a software that facilitates secure networking, enables users to connect devices seamlessly without the need for traditional VPN setups. The process begins when a user shares a service, such as a prototype sloth webcam, using Tailscale, which relies on a TUN/TAP network interface to route packets. Unlike privacy VPNs that route all network traffic through a cloud server, Tailscale routes only specific IP addresses within its network, enhancing privacy by ensuring that Tailscale-owned servers never see unencrypted traffic. Built on WireGuard, Tailscale encrypts data at the IP layer, ensuring secure transmission without needing HTTPS. The encryption process starts once the packet arrives at the Tailscale process and involves a handshake to establish a shared key for encryption. Tailscale's NAT traversal finds a direct path for communication, and once a handshake is complete, the packet is encrypted and sent over the internet to the recipient's device. Upon arrival, the packet is decrypted, checked against Tailscale's access controls, and finally delivered to the intended application, allowing users to access shared services securely and efficiently.