Blog

Today we’re expanding the list of devices that can run Tailscale, bringing secure remote networking to the Apple TV. The newly released tvOS 17 offers support for VPNs, and we’re proud to say Tailscale is among the first to use this new feature. You can now add your Apple TV directly to your tailnet, unlocking three powerful new use cases that we’re excited to share.

Tailscale has partnered with Mullvad to make its global network of VPN servers available for our customers. You can now easily browse the web using any one of Mullvad’s available servers as a Tailscale exit node while maintaining the user privacy that’s synonymous with Mullvad.

Mullvad is a Virtual Private Network (VPN) service that’s known for its strong commitment to user privacy, anonymity, and security. This new partnership means that even when you’re far from home, you can stay connected to the things you care about via Tailscale and maintain private internet browsing thanks to Mullvad’s secure and high-speed global network.

It’s been a busy August so far here at Tailscale. Earlier this month, we were at Black Hat Las Vegas, and enjoyed seeing all the attendees & customers who stopped by to say “hi” and learn what’s new. Check out some snaps from the event below. In product related news, we introduced user and group provisioning for Azure AD to help admins manage onboarding and offboarding of team members. We also launched Tailnet lock, which helps with node management on your tailnet. We’ve got more product updates as well as some community contributions to share this month. Let’s jump in:

Onboarding a new or transferred employee can be time-consuming, but it’s a good problem to have. Offboarding, on the other hand, not so much. Offboarding is not only inconvenient, but doing it poorly puts organizations at risk — as former employees may inadvertently retain access to shared company resources after their departure.

That’s why we’re introducing user & group provisioning for Azure AD, now in beta, so you can automatically sync disabled users from Azure AD to Tailscale as part of offboarding, and sync group membership to use in your access rules. This means you only have to update users in one place — your IdP — to ensure that team and personnel changes are reflected in Tailscale.

The Tailscale extension for VS Code just got a major upgrade — now you can seamlessly navigate and edit files on any node on your tailnet, all powered by Tailscale SSH. Bring the simplicity and power of VS Code to every device in your network.

Tailnet lock, now in beta, lets account admins enforce that nodes added to your tailnet must be signed by trusted nodes, which you manage.

What’s new in beta? We’ve improved the usability of tailnet lock so you can use mobile devices as trusted nodes, and implemented recovery mechanisms so you can regain control of your tailnet in case your trusted nodes are ever compromised.

We’re happy to announce that the Tailscale integration with Panther Labs is now Generally Available. We launched this feature a few weeks ago, and made lots of improvements based on your great feedback (thanks!).

Before we get into our July updates below, in case you missed it, we’ve uploaded videos from our first community event Tailscale Up. Check out all the highlights from the event here, including our new feature releases we introduced at the event. This month we also made some updates to our iOS app, and announced our new partnership with Panther Labs to help customers with their log streaming and monitoring. Read about these and other releases down below. We’ve got a bunch of cool community contributions and new Tailscale features to share this month. Let’s jump in:

We are happy to introduce a major update to our iOS app: a more polished experience, new features, and a complete UI rewrite in SwiftUI.

On the bright and sunny day of Wednesday, May 31, 2023 the developer relations team hosted Tailscale’s first user conference in San Francisco at Dogpatch Studios. We were looking to hear stories of Tailscale at home, work, and play from different industries and individuals, from around the world, in their own words. The day was full of talks sourced from the Tailscale community, 15 speakers from four different continents!

Wishlist has integrated with Tailscale to enable endpoint discovery for SSH services on your tailnet. You can use Wishlist to browse through and connect to the services that matter to you, whether they’re private, available only through your tailnet, or on the public internet.

We are excited to announce Panther Labs as our new log streaming partner — now in beta.

Pangolins have both tails and scales, so they are obviously the unofficial mascot of Tailscale. (And not just any kind of tail and scale — a prehensile tail, and scales made of keratin!) There isn’t a collective noun for pangolins, so we humbly suggest a network of pangolins.

We updated our Terms of Service and our Privacy Policy. See the changes and subscribe to new changes in the tailscale/terms-and-conditions repo on GitHub.

We are pleased to announce the general availability of network flow logs and log streaming.

Before we get into what happened in June, let’s go back to the beginning of the month. We wrapped up May and kicked off June with some pretty big news - we had our first ever community conference, Tailscale Up. To celebrate that occasion, we announced new features that address some of the top community feature requests.

An official Tailscale app has landed in the QNAP App Center. If you are the proud owner of a QNAP  network-attached storage device, you can download and install a Tailscale client with just a few clicks.

Tailscale now supports passkeys as the newest way to authenticate to your tailnet. Passkeys let you extend your tailnet to users beyond your identity provider, without worrying about weak or reused passwords. This also means that if you are on the Free plan and you’re using a single user email account to authenticate — like Gmail — you’ll now be able to invite other users to your tailnet with a passkey.

Tailscale’s ease of setup and use is one of the reasons so many individuals choose our free plan to run their homelabs. With a few clicks they can add devices to their tailnet, manage access controls for users, and with a little magic, host a private Minecraft server for their friends.  The fun doesn’t have to stop when Steve drops his ax—bring the magic of Tailscale to work.

Starting today, you can invite anyone to your Tailscale network (tailnet) even if they’re on a different domain or using a shared domain like Gmail. For those using Tailscale at home, you’ll be able to add family and friends with their existing email accounts — so multiple Gmail.com users can be on the same tailnet! For organizations using Tailscale, you can now invite external contractors or partners without setting up a temporary email account or adding them to your IdP. This also means that if you’re on the Free plan using a single-user email account to authenticate — like Gmail — you’ll now be able to invite more users to your tailnet.

May has been a big month for the Tailscale team. We launched session recording for Tailscale SSH in beta, allowing you to record the terminal output whenever someone on your tailnet initiates a Tailscale SSH connection. Along with SSH, we also announced that Custom OIDC is now available for all users, enabling seamless integration and authentication customization.

In case you missed it, we also hosted a live webinar, “Bring Tailscale to Work: Introduction to Tailscale Enterprise,” which is available to watch on-demand here.

We’re pleased to announce that custom OIDC is now generally available for all users. With custom OIDC, users can sign into Tailscale using any identity provider that supports OpenID Connect (OIDC). To use a custom OIDC provider with Tailscale, you must verify domain ownership by setting up a WebFinger endpoint.

Today, we’re launching session recording for Tailscale SSH in beta, allowing you to record the terminal output whenever someone on your tailnet initiates a Tailscale SSH connection. You can use these recordings to detect threats, investigate security incidents, and remain compliant with your network security policies. To set it up, see the documentation for Tailscale SSH session recording.

Everyone wants to get security right, and compliance is usually the forcing function to do so. For us, it was pursuing SOC 2, and for you it might be HIPAA, SOX, or something else. When thinking about securing customer data, it doesn’t necessarily mean locking that data in a safe and throwing away the key, but it can mean restricting who has access, and when. Restricting access to customer data can help prevent data leakage, while limiting how long customer data is reachable can reduce a company’s attack surface area. Learn how Reclaim.ai uses Tailscale to secure customer data and prod environments, and Indent to efficiently update permissions in a secure time-limited way.

Users can now sign in to Tailscale using their Apple ID. On the Mac and iPhone, signing in to Tailscale with your Apple ID takes advantage of TouchID and FaceID. This addition rounds out Tailscale’s support for major identity providers, alongside Google, GitHub, Microsoft, Okta, custom OIDC providers, and more.

For large organizations, identity management and access control isn’t just about authenticating users and defining what they have access to, it’s also about delivering a great user experience without compromising security. Tailscale requires users to log in with an identity provider (IdP) — which hasn’t been much of a problem because we currently have native SSO integrations for Google, Microsoft Azure AD, Okta, GitHub, and OneLogin. But what if you’re not using one of these providers?

Since launching four years ago, Tailscale has been adopted by thousands of companies seeking easier and more powerful ways to build networks and interconnect devices. Customers like Instacart, Mercari, Duolingo, and Mercury Bank are using Tailscale in wide-scale deployments, often with more than 1,000 users, as a key part of their network infrastructure.

Today we’re announcing the third generation of Tailscale plans and pricing. Most noticeably: The Free plan is expanding from one to three users. Monthly paid plans now include three free users, and bill you only for additional users who actively exchange data over Tailscale (“usage-based billing”) rather than for a fixed number of seats. Annual prepaid plans will have a new structure.

The new plans should save money for essentially everyone, but you can keep your old plan if you want. Existing annual, custom, and enterprise subscriptions are unaffected, and changes are opt-in. Monthly prices per user are staying the same.

In case you missed it, Tailscale Up is our first community conference that brings Tailscale out of the network layer and into the real world on Wednesday, May 31. Come to meet open source maintainers, hardware hackers, self-hosters, and Tailscalars (sometimes all the same person) to share stories, workflows, and favorite projects. You can find tickets, accommodation details, and more over on the developer community site.

March has flown by! All month long, we’ve been heads-down getting some cool new features over the finish line and into your hands, including custom OIDC and Funnel, both in beta. You can also make new users’ onboarding process less daunting by inviting them to join your tailnet.

And we are particularly thrilled to be hosting our first in-person community conference, Tailscale Up, featuring speakers Amye Scavarda Perrin, Justin Garrison, Emily Trau, Corey Quinn, and more to be announced soon. We are partnering with Dogpatch Studios in SF to host this event, and we’re excited to share more details about content, food, and more in the coming weeks.

When a new user signs up for Tailscale with alice@example.com, they automatically join the same Tailscale network (tailnet) as everyone else @example.com. This makes it easy for small teams to get started with Tailscale. For more complex management of users in your organization, you can invite users and assign them roles before they join. And, you can review and approve when users join your tailnet with user approval.

At Tailscale, we don’t want your users (or us) managing a separate list of usernames and passwords, which is why you must use single sign-on with an identity provider to create and manage your network. Until now, that meant you needed to choose from a handful of trusted identity providers including Google, Okta, GitHub, and Azure AD. Custom OIDC, now in open beta (and available for everyone), changes all that.

New users can set up custom OIDC and sign in at login.tailscale.com/start/oidc, and existing customers can contact our support team to request account migration.

We’re excited about what’s been happening at Tailscale this month! Configuration audit logs are now generally available for all Tailscale users, and we’ve announced a new integration that lets your CodeSandbox Repository access private resources on your tailnet. We’ve also introduced changes to make it easier to manage your billing with the Billing Admin role, and we’ve launched improvements for supporting OAuth in the Tailscale API. And last — but absolutely not least — we’re announcing our first in-person Tailscale community conference, Tailscale Up.

Tailscale is, at its heart, network infrastructure. The value of network infrastructure is what it enables us to connect with. Our Integrations page gives you a long list of where you can use Tailscale, so that you can easily see if it works with your infrastructure — but, spoiler alert — Tailscale works almost everywhere.

We’ve added a new additive user role, Billing Admin, so that you can designate multiple individuals to manage pricing plans and billing information for your tailnet, without also allowing them to edit other tailnet settings.