Tailscale builds on top of WireGuard and provides OAuth2 (SSO), OpenID, and SAML authentication for peers to build a mesh network. It is crossplatform, has ACL settings and internal DNS.
Install . Alternatively, one can use unstable builds by installing the AUR or AUR package.
To use tailscale, enable/start
tailscaled.service and run the server as follows:
# tailscale up
You can authenticate a headless machine by specifying auth key
tailscale up --authkey=tskey-KEY.