QuickConnect is a lightweight desktop agent that securely connects a user's machine to Functionize's ACS (Advanced Connectivity Security) network.
What it does:
- Takes a connection key — the user pastes a one-time ACS Connection Key (provided by Functionize).
- Checks connectivity — runs preflight checks (DNS, TCP, TLS, DERP relay, STUN) to verify the network path is clear.
- Handles corporate proxies — auto-detects HTTP/HTTPS/SOCKS5/PAC proxies and prompts for credentials (Basic or NTLM) if the proxy requires authentication.
- Joins the Functionize private network — uses that key to join a Tailscale-based private tailnet, establishing an encrypted tunnel back to ACS.
- Exposes a local SOCKS5 proxy — once connected, Functionize's cloud services route traffic through this proxy to reach resources on the user's internal network (internal apps).
Key properties:
- Runs on Windows, macOS, and Linux
- GUI mode (system tray) or headless/CLI mode (--no-gui)
- Stateless per session — no persistent config written to disk
- Works behind corporate proxies and firewalls
Logging
All network traffic is logged at the start of the connection. Log files will be named Functionize-QuickConnect-YYMMDD-HHMMSS.mmm.log
Example: Functionize-QuickConnect-260501-142315.482.log.
Logging Location:
- Primary — directory of the running executable.
- Windows/Linux: next to the binary.
- MacOS: parent of the .app bundle (where user placed it: Desktop, Downloads, …).
- Fallback — ~/Documents/Functionize QuickConnect/logs/ if exe dir not writable; os.TempDir() if no home.
Known Issues
1. Corporate proxy inspecting encrypted traffic — cannot connect
Affects: Zscaler, Netskope, Forcepoint, Cisco, Symantec/BlueCoat deployments with "full HTTPS inspection" or "SSL decryption" enabled
Some corporate security proxies decrypt and re-encrypt all internet traffic to scan it. QuickConnect's connection to Functionize's network uses end-to-end encryption that is deliberately designed to detect and reject this. When the proxy intercepts it, the connection fails. Currently QuickConnect retries silently for about 9 minutes before giving up, with no clear error message.
What the customer can do: Ask IT to add an exception — called a "bypass" or "do not inspect" rule — for *.tailscale.com. This tells the proxy to let that traffic through without decrypting it. Most security vendors (Zscaler, Netskope, etc.) support this type of exception as a standard request.
If IT cannot grant the exception: install and run QuickConnect on a machine that has unrestricted internet access — such as a server in a less-restricted network zone — instead of on the locked-down client machine.
Fix in progress: QuickConnect will detect this situation immediately and show a clear error message with instructions to hand to IT.