- Does all traffic go through Tailscale?
- Does Tailscale encrypt traffic?
- Does Tailscale need port forwarding?
Does all traffic go through Tailscale?
By default, Tailscale acts as an overlay network: it only routes traffic between devices running Tailscale, but doesn't touch your public internet traffic, such as when you visit Google or Twitter.
Does Tailscale encrypt traffic?
Devices running Tailscale only exchange their public keys. Private keys never leave the device. All traffic is end-to-end encrypted, always.
Does Tailscale need port forwarding?
Nearly all of the time, you don't need to open any firewall ports for Tailscale. Tailscale uses various NAT traversal techniques to safely connect to other Tailscale nodes without manual intervention—it “just works.”