awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
tailscale avatar

tailscale/tailscale

0
View on GitHub↗
32,596 Stars·2,662 Forks·Go·BSD-3-Clause·14 Aufrufetailscale.com↗

Tailscale

Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules.

What distinguishes Tailscale is its deep integration with existing identity providers, which allows organizations to bind network access to verified user accounts and device posture. It enforces granular security through declarative access control lists and microsegmentation, enabling administrators to define precise permissions for users and services. Beyond standard connectivity, the platform includes a secure AI gateway that proxies and audits language model requests, providing centralized control over API usage, spending limits, and security guardrails.

The project offers a comprehensive suite of administrative and developer tools, including infrastructure-as-code support, automated node registration, and identity-based SSH access that eliminates the need for manual key management. It also provides flexible traffic management capabilities, such as exit nodes for egress control, subnet routers for bridging isolated network segments, and public-facing service exposure through encrypted tunnels.

The software is distributed as an open-source command-line daemon, supporting a wide range of operating systems and containerized environments to facilitate automated infrastructure deployment.

Features

  • Traffic Management - Proxies language model requests through a centralized gateway to manage keys and audit interactions.
  • Network Connection Managers - Provides command-line tools to manage secure network tunnels and routing preferences.
  • Overlay Networks - Uses a high-performance VPN protocol to establish encrypted peer-to-peer tunnels between devices.
  • Access Control Policies - Enables granular network and application permissions through centralized access control lists.
  • Identity Authentication - Delegates user verification to external identity services to bind network access to organizational accounts.
  • Identity Provider Integrations - Authenticates users by connecting with identity providers like Google, Microsoft, or GitHub to manage access to private networks.
  • Posture-Based Access Control - Restricts access to sensitive resources by requiring devices to meet specific security compliance criteria.
  • Zero Trust Access - Connects remote users and devices to private resources securely without public internet exposure.
  • Mesh Networking - Connects distributed devices and services into a private, encrypted mesh network.
  • Traffic Proxying - Routes local traffic to a private network service from devices outside the network.
  • System Services - Runs an open-source command-line networking daemon to manage connections via the kernel interface.
  • Application Access Controls - Manages and monitors user access to web applications across your network using connectors that require no end-user configuration.
  • Device Posture Validation - Validates security and compliance requirements before granting access to protected resources.
  • Distributed Key Authorities - Manages cryptographic identity and node authorization through a decentralized signing model that ensures only verified devices join the network.
  • Identity-Based Access Control - Manages network permissions by verifying user identity and device posture.
  • Identity-Based SSH Access - Manages secure shell connections using existing identity providers to eliminate manual key distribution.
  • Network Access Grants - Allows creation of flexible access control rules to manage device communication and resource permissions.
  • Network Security Hardening - Requires cryptographic signatures from trusted nodes before allowing new devices to join or communicate.
  • Secure SSH Access - Authenticates and authorizes secure shell connections using existing identity credentials.
  • Control Planes - Maintains a global state of network nodes and access policies to coordinate secure connectivity.
  • Access Controls - Configures access grants to limit which specific artificial intelligence models users can interact with.
  • Provider Configurations - Allows entering API keys and model details to route requests to specific artificial intelligence services.
  • Usage Quotas - Enforces organizational budgets and individual user spending limits to control infrastructure costs.
  • Connectivity Fabrics - Bridges cloud environments and on-premises data centers into a single private network.
  • Kubernetes Network Operators - Deploys a network operator within a cluster to automatically expose services and pods to a private network.
  • Network Overlays - Automates the deployment of secure network overlays across cloud and on-premises environments.
  • Gateway Configuration - Configures devices as gateways for local networks by enabling IP forwarding and route advertisement.
  • Service Exposure - Enables secure access to local services over a private network with automated HTTPS certificate management.
  • Subnet Gateways - Extends private network reach by routing traffic between the overlay mesh and isolated local network segments via designated bridge nodes.
  • VPC Bridging - Deploys a subnet router on a cloud instance to provide secure and private network access to all resources within a virtual private cloud.
  • Kernel Networking - Implements network protocol handling in user space to enable cross-platform compatibility.
  • Awesome List - A community-curated directory that catalogs and links out to other open-source projects, rather than a standalone tool you run yourself.
  • Just-in-Time Access - Provides temporary access to network resources by automating time-limited permission updates.
  • Multifactor Authentication Policies - Extends identity provider security policies to network access by requiring multifactor authentication.
  • Network Access Lists - Provides rule-based security policies to control traffic flow between devices and users.
  • Pre-Authentication Keys - Supports automated node registration in containerized and infrastructure deployment workflows.
  • Software-Defined Perimeters - Hides network resources from the public internet and grants access only to authenticated users.
  • AI Request Routing - Secures, monitors, and routes language model requests using identity-based authentication and centralized telemetry.
  • AI Security Gateways - Centralizes and audits access to language models to enforce security policies and track usage.
  • Gateway Management - Manages proxy settings, providers, and quotas to control how artificial intelligence requests are routed.
  • Networking And Proxies - WireGuard-based mesh VPN solution.
  • Overlay Networks - WireGuard-based mesh networking for secure device connectivity.
  • Cloud Application Connectivity - Connects cloud-hosted application services to a private network to enable secure communication between distributed nodes.
  • Exit Node Traffic Routing - Routes all internet traffic from a device through a designated node to secure connections and provide geographical flexibility.
  • High Availability Networking - Deploys redundant subnet routers to ensure continuous network connectivity and automatic failover.
  • Virtual Machine Connectivity - Establishes private and secure tunnels to virtual machine instances in public clouds to manage remote resources.
  • Automated Node Provisioning - Facilitates automated device registration using authentication keys to bypass interactive login steps.
  • Identity and Access Management - Controls user access by configuring approval workflows, administrative roles, and session management.
  • Network Microsegmentation - Supports dividing networks into isolated logical segments to limit security incident impact.
  • Resource Access Policies - Enables access control rules by specifying allowed source and destination addresses and hostnames.
  • SSH Authentication - Authorizes SSH connections using network node keys and access policies.
  • AI Guardrails - Inspects and blocks incoming language model requests to enforce security and usage policies.
  • Usage Analytics - Tracks artificial intelligence usage patterns and tool adoption metrics through a centralized dashboard.
  • Database Connectivity - Routes database traffic through a secure network overlay to access cloud-hosted storage instances privately.
  • Managed Database Connectivity - Routes database traffic through a secure network overlay to access managed cloud database instances privately.
  • CLI Gateways - Interacts with the gateway using command-line tools to discover resources and execute agents.
  • CI/CD Authentication Helpers - Enables secure access to private resources during automated build and deployment processes.
  • Local Resource Exposure - Makes local services or files accessible to the public internet by generating a unique, encrypted URL that routes traffic directly to the resource.
  • Network Addressing - Assigns domain names and virtual IP addresses to backend hosts for secure network resource access.
  • Subnet Routing - Provides access to non-networked devices on a local network from within a private network.
  • Credential Lifecycle Management - Enforces security standards by configuring expiration policies for authentication keys.
  • Device Identity Management - Allows assigning tags to devices to manage identity and access control permissions.
  • External Resource Sharing - Grants external users access to specific machines by sending invitations for secure connectivity.
  • Key Revocation Protocols - Removes compromised signing keys through a multi-step, co-signed process.
  • Network Firewall Integrations - Connects security appliances to the mesh network to protect communication between devices and manage traffic flow.
  • SSH Encryption - Encrypts SSH traffic end-to-end using the underlying network protocol.
  • SSH Key Management - Distributes SSH host keys automatically to enable seamless host recognition.
  • Tagged Device Policies - Ensures consistent access management for infrastructure endpoints through tagged device expiration policies.
  • AI Access Control - Performs fine-grained access control decisions on model usage and tool execution.
  • Compatibility Layers - Updates base URL and authentication settings in tools to route requests through a secure proxy.
  • Observability Pipelines - Routes artificial intelligence usage and event data to external observability platforms for processing.
  • Container Networking Tools - Facilitates secure communication between containers by running networking clients as sidecars.
  • Infrastructure-as-Code Providers - Automates network resource configuration and lifecycle management using code.
  • Network Control APIs - Allows programmatic management of network status and device configurations via web APIs.
  • Cryptographic Authorization - Authorizes specific nodes to sign and approve new devices joining the network.
  • Device Approval Workflows - Ensures only verified hardware gains network access through an administrative review process.
  • Firewall VPN Deployments - Sets up a secure virtual private network on firewall appliances to enable encrypted communication across devices.
  • Identity Propagation - Injects authenticated user identity information into HTTP headers for downstream services.
  • Key Expiry Management - Enables control over authentication lifecycles by managing periodic key expiration.
  • Network Isolation - Restricts shared machines to incoming connections only to prevent unauthorized outbound traffic.
  • Passkey Authentication - Enables passkey authentication for users joining the network as a secure alternative to traditional passwords.
  • Network Flow Log Streaming - Monitors traffic patterns by streaming connection flow data to external security information and event management systems.

Star-Verlauf

Star-Verlauf für tailscale/tailscaleStar-Verlauf für tailscale/tailscale

KI-Suche

Entdecke weitere awesome Repositories

Beschreibe in einfachen Worten, was du brauchst — die KI bewertet tausende kuratierte Open-Source-Projekte nach Relevanz.

Start searching with AI

Open-Source-Alternativen zu Tailscale

Ähnliche Open-Source-Projekte, sortiert nach der Anzahl der gemeinsamen Funktionen mit Tailscale.
  • octelium/octeliumAvatar von octelium

    octelium/octelium

    3,371Auf GitHub ansehen↗

    Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,

    Goabacai-gatewayapi-gateway
    Auf GitHub ansehen↗3,371
  • netbirdio/netbirdAvatar von netbirdio

    netbirdio/netbird

    26,188Auf GitHub ansehen↗

    NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce

    Gogolangmeshmesh-networks
    Auf GitHub ansehen↗26,188
  • gravitl/netmakerAvatar von gravitl

    gravitl/netmaker

    11,630Auf GitHub ansehen↗

    Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration. The platform distinguishes itself through its focus on zero-trust network access and soft

    Goclouddevsecopsipv6-support
    Auf GitHub ansehen↗11,630
  • fosrl/pangolinAvatar von fosrl

    fosrl/pangolin

    21,255Auf GitHub ansehen↗

    Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n

    TypeScriptcrowdsecdockerhome-lab
    Auf GitHub ansehen↗21,255
Alle 30 Alternativen zu Tailscale anzeigen→

Häufig gestellte Fragen

Was macht tailscale/tailscale?

Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution,…

Was sind die Hauptfunktionen von tailscale/tailscale?

Die Hauptfunktionen von tailscale/tailscale sind: Traffic Management, Network Connection Managers, Overlay Networks, Access Control Policies, Identity Authentication, Identity Provider Integrations, Posture-Based Access Control, Zero Trust Access.

Welche Open-Source-Alternativen gibt es zu tailscale/tailscale?

Open-Source-Alternativen zu tailscale/tailscale sind unter anderem: octelium/octelium — Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and… netbirdio/netbird — NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the… gravitl/netmaker — Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a… fosrl/pangolin — Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private… firezone/firezone — Firezone is a zero trust network access platform that uses WireGuard to provide identity-based connectivity to… hashicorp/boundary — Boundary is an identity-aware access proxy and privileged access management tool. It brokers secure network…