We use Go, containers, and integration testing to reimplement Tailscale’s (https://tailscale.com/) control server, the closed source SaaS product that coordinates their Open Source WireGuard-based client. This talk tells the story of how we managed to build a stable version of the control server that is now starred by almost 10k on Github and has users all over the world through extensive focus on integration tests. Tailscale is a modern mesh VPN built on top of Wireguard (https://wireguard.com/). It works like an overlay network between the computers of your networks - using NAT traversal. The Tailscale’s core client, Android client, and supporting libraries and software are Open Source. The SaaS control server and client UIs to proprietary OS (macOS, iOS and Windows) areis closed source. Headscale implements this control server and allows self-hosters and open source aficionados to use Tailscale’s clients without having to use a closed source product. In this talk we will tell the story of how we started reimplementing the control server based on the code from Tailscale’s official client. We went through stages of “man this works surprisingly well” to “how does this even work” after we started to use aggressive integration testing to improve the “correctness” of our implementation. For every test we added, we found tons of issues to fix, and eventually, we got to a stage where we could improve headscale with great confidence. Today, integration testing is potentially the most vital part of our development cycle and we both use it to fix “old and broken”, and add “new and shiny”. We have managed to take what started out as a learning project to understand how Tailscale worked and built it into a healthy open source project and community.