[tatersolid]

It never was FIPS-approved and likely will never be. The wireguard protocol used by Tailscale uses ChaCha20 for encryption which is not FIPS approved.

[keepamovin]

Interesting. What is the FIPS version of wireguard?

[cronos]

There are some forks that are not compatible with regular wireguard, for example from wolfssl. Or just classic mTLS.

[tatersolid]

> What is the FIPS version of wireguard?

IPsec or TLS-based overlays which use AES encryption and NIST-approved ECC curves or (gasp) RSA for key exchange and authentication. They generally suck in comparison with wireguard, which is a clean-sheet modern cryptographic protocol.