PRODUCTS

wolfGuard for Tailscale is a FIPS-compliant implementation of the Tailscale mesh VPN. Built on wolfGuard and powered by wolfCrypt's FIPS 140-3 validated cryptography, it preserves the simplicity of Tailscale while replacing its standard cryptographic operations with FIPS-certified algorithms across the stack. The result is end-to-end FIPS 140-3-compliant mesh networking for government, defense, and other regulated environments.

Please email us at facts@wolfssl.com with any questions or to learn more about FIPS 140-3-compliant Tailscale deployments.

• FIPS 140-3 validated cryptography via wolfCrypt FIPS
• End-to-end protection across the data plane, control plane, DERP relay, and certificate provisioning services
• Familiar Tailscale CLI, workflows, and configuration
• Built on wolfGuard, wolfSSL's FIPS-compliant WireGuard implementation
• Self-hosted Headscale deployments with isolated coordination infrastructure
• Suitable for enterprise deployments and embedded products requiring FIPS compliance

• Full-stack FIPS 140-3 compliant mesh networking
• Secure node-to-node tunnels powered by wolfGuard
• FIPS-compatible Headscale coordination server support
• Secure DERP relay communications via wolfSSL TLS
• Automated device discovery and NAT traversal
• Preserve Tailscale's zero-trust networking architecture
• Compliance support for FIPS 140-3, FedRAMP, CJIS, CMMC 2.0, and other regulated environments

• Curve25519 → SECP256R1 (P-256)
• ChaCha20-Poly1305 → AES-256-GCM
• BLAKE2s → SHA-256m
• BLAKE2s MAC → HMAC-SHA256
• Go Crypto Libraries → wolfCrypt FIPS 140-3
• WireGuard v1 → WolfGuard v1
• Backed by commercial support and wolfSSL’s expertise
• Runs in any environment that traditional WireGuard can run