From Tailnet to platform (Interview)

What It Covers

Tailscale Chief Strategy Officer David Carney outlines how Tailscale is evolving from a VPN replacement into a full networking platform. The conversation covers TSIDP (a private OIDC provider), TSNET (a Go library for building network-native apps), multi-tailnet isolation, and Aperture, Tailscale's new AI gateway that consolidates API keys and logs all LLM interactions with identity attached.

Key Questions Answered

• •TSIDP for passwordless internal auth: Tailscale's open-source TSIDP project (github.com/tailscale/tsidp) acts as a private OIDC/OAuth 2.1 endpoint inside your tailnet. Tools like Proxmox that support OIDC can be configured to authenticate silently via TSIDP, eliminating login prompts entirely. Because every Tailscale connection already carries verified user identity, TSIDP simply reflects that identity back to internal apps — no repeated OAuth flows, no password managers needed for self-hosted infrastructure.
• •TSNET turns any Go app into a tailnet node: TSNET is a Go library that embeds a complete Tailscale networking stack into any Go application. Once compiled in, the app appears as a named node on the tailnet with its own IP address in the CG-NAT range, inherits ACL policies, and gets identity and encryption baked in at layer 3. This eliminates firewall port management, IP whitelisting, and custom authentication systems — Aperture itself is built entirely on TSNET.
• •Aperture solves the API key sprawl problem: Aperture is Tailscale's early-alpha AI gateway (aperture.tailscale.com) that stores all LLM API keys centrally. Team members point coding agents at a single internal proxy endpoint (e.g., http://ai) instead of holding individual keys. Because every request arrives over Tailscale, the gateway knows the requester's identity automatically, making every API call attributable, auditable, and revocable without disrupting engineering workflows or rotating credentials across dozens of machines.
• •Full LLM session logging enables team-level AI governance: Aperture logs every API request and response — including full context windows sent on each stateless call — and consolidates them into sessions. Admins can review tool calls, token usage (input, output, cache, reasoning), and prompt patterns across the entire team. This creates a compliance trail linking git commits to specific coding sessions, enables prompt review analogous to code review, and allows security teams to analyze agent behavior both in real time and after the fact.
• •Multi-tailnet isolation replaces complex ACL policy files: Tailscale now supports multiple independent tailnets within one organization (blog post: "One Organization, Multiple Tailnets"). Rather than managing a single complex policy file where one misconfigured wildcard rule could expose all nodes, teams can spin up separate tailnets per workload — staging, production, per-customer, or per-agent sandbox. API-only tailnets (machine-to-machine, no user identity required) are available now; user-identity tailnets are in beta and accessible to home lab users.
• •Dynamic Client Registration (DCR) removes MCP deployment friction: MCP's OAuth 2.1 spec calls for Dynamic Client Registration, which allows MCP clients and servers to self-register against an auth endpoint without manual configuration steps. Most existing enterprise IDPs don't support DCR, making large-scale MCP rollouts operationally painful. TSIDP implements DCR natively, enabling MCP servers to spin up, join the tailnet, and register themselves automatically — removing the human-in-the-loop bottleneck that was slowing MCP adoption across organizations in late 2024.
• •MCP spec fatigue caused a strategic pullback worth noting: After heavy conference engagement through summer and fall 2024, Tailscale deliberately slowed its MCP investment as spec churn accelerated and organizations began pausing implementations. The pattern observed: many companies were adopting MCP as a substitute for an actual AI strategy rather than solving a concrete problem. The practical lesson is to wait for standards to coalesce around a smaller set of stable primitives before building deep integrations — Tailscale pivoted toward the more tangible API key management problem instead.