Tailscale has secured $12 million in a new funding round. Accel spearheaded the investment, with additional participation from Heavybit and Uncork Capital. The company is focused on developing an improved corporate VPN solution through the utilization of a contemporary protocol and a streamlined implementation process.

A VPN, which stands for virtual private network, creates a secure, encrypted connection between two separate devices. Numerous organizations depend on VPNs to facilitate remote work, connect multiple office locations, and provide access to internal services intended solely for employee use. For example, remote workers often utilize a VPN to connect to their company’s intranet and internal resources via their company-issued laptop.

https://techcrunch.com/2017/01/01/wtf-is-a-vpn/

In recent years, several approaches have emerged regarding access to a company’s internal network. Certain organizations employ complex access control policies. Google, for instance, has pursued this direction with its BeyondCorp zero trust system.

Conversely, other companies continue to depend on traditional corporate VPNs and firewalls due to their relative simplicity in setup. These often employ the IPsec protocol alongside a VPN gateway to manage connections to the internal network.

Those working remotely may have experienced limitations with this conventional VPN infrastructure. The gateway can become a point of congestion, leading to extended loading times when numerous users are connected simultaneously.

Turning to Tailscale, the startup aims to modernize the corporate VPN experience. This begins with a different VPN protocol. Tailscale has selected WireGuard, a streamlined VPN protocol that uses a combination of public and private keys to create a secure tunnel between devices.

However, WireGuard is simply a protocol itself. It doesn’t provide guidance on managing public keys or integrating new devices into the network. Tailscale functions as the unifying element, bringing all the necessary components together.

“From an architectural standpoint, I would characterize Tailscale as the control plane, while WireGuard serves as the data plane,” explained Avery Pennarun, co-founder and CEO.

When you attempt to connect to the internal services, Tailscale prompts you to authenticate using your company’s identity provider, such as G Suite, Okta, or Active Directory.

All Tailscale clients consult a coordination server to verify connection authorization. “It functions as a repository for public keys,” Pennarun stated. When an employee departs the company, their public key is removed from the coordination server, and Tailscale access is revoked. Keys are regularly rotated to enhance security.

A connection is then established directly between your laptop and the Git server, or your laptop and the wiki server. The VPN gateway is bypassed, as the Git server and wiki server each function as their own VPN gateway. Exposing your documentation wiki to the public internet is unnecessary, as employees first access the server through Tailscale.

You are not required to open the SSH port on the server, as Tailscale can establish a connection even through existing firewalls.

Despite its relatively small size, the company operates efficiently. With approximately 20 employees, Tailscale is currently experiencing tens of thousands of client installations each month.

You can begin using the service without charge with a single user and multiple devices. Some users have tested it with a Raspberry Pi at home to enable access to their home network while traveling, and then bring it to their workplace.

By maintaining low customer acquisition costs, Tailscale has successfully raised $12 million in funding. Twingate is another company addressing the same challenge, but it has adopted different technical approaches – utilizing TLS tunnels and relays.