Blog

A combination of our newsletter and other posts, where we talk about Tailscale, WireGuard®, 2-factor auth, and other networking-related topics.

Subscribe via email, RSS or follow our Twitter.

Apple TV, now with more Tailscale

Today we’re expanding the list of devices that can run Tailscale, bringing secure remote networking to the Apple TV. The newly released tvOS 17 offers support for VPNs, and we’re proud to say Tailscale is among the first to use this new feature. You can now add your Apple TV directly to your tailnet, unlocking three powerful new use cases that we’re excited to share.

Mullvad on Tailscale: Privately browse the web

Kabir Sikand, Parker Higgins and James Tucker on
Photo of Kabir Sikand
Photo of Parker Higgins
Photo of James Tucker

Tailscale has partnered with Mullvad to make its global network of VPN servers available for our customers. You can now easily browse the web using any one of Mullvad’s available servers as a Tailscale exit node while maintaining the user privacy that’s synonymous with Mullvad.


Mullvad is a Virtual Private Network (VPN) service that’s known for its strong commitment to user privacy, anonymity, and security. This new partnership means that even when you’re far from home, you can stay connected to the things you care about via Tailscale and maintain private internet browsing thanks to Mullvad’s secure and high-speed global network.

Tailscale August Newsletter

Luis DelValle on
Photo of Luis DelValle
It’s been a busy August so far here at Tailscale. Earlier this month, we were at Black Hat Las Vegas, and enjoyed seeing all the attendees & customers who stopped by to say “hi” and learn what’s new. Check out some snaps from the event below. In product related news, we introduced user and group provisioning for Azure AD to help admins manage onboarding and offboarding of team members. We also launched Tailnet lock, which helps with node management on your tailnet. We’ve got more product updates as well as some community contributions to share this month. Let’s jump in:

Sync Azure AD users and groups to Tailscale

Andrew Dunham and Jeff Spencer on
Photo of Andrew Dunham
Photo of Jeff Spencer

Onboarding a new or transferred employee can be time-consuming, but it’s a good problem to have. Offboarding, on the other hand, not so much. Offboarding is not only inconvenient, but doing it poorly puts organizations at risk — as former employees may inadvertently retain access to shared company resources after their departure.

That’s why we’re introducing user & group provisioning for Azure AD, now in beta, so you can automatically sync disabled users from Azure AD to Tailscale as part of offboarding, and sync group membership to use in your access rules. This means you only have to update users in one place — your IdP — to ensure that team and personnel changes are reflected in Tailscale.

Introducing Machine Explorer, now in Tailscale’s VS Code extension

Parker Higgins on
Photo of Parker Higgins
The Tailscale extension for VS Code just got a major upgrade — now you can seamlessly navigate and edit files on any node on your tailnet, all powered by Tailscale SSH. Bring the simplicity and power of VS Code to every device in your network.

Tailnet lock is now available in beta

Tom D'Netto, Ross Zurowski and Adrian Dewhurst on
Photo of Tom D'Netto
Photo of Ross Zurowski
Photo of Adrian Dewhurst

Tailnet lock, now in beta, lets account admins enforce that nodes added to your tailnet must be signed by trusted nodes, which you manage.

What’s new in beta? We’ve improved the usability of tailnet lock so you can use mobile devices as trusted nodes, and implemented recovery mechanisms so you can regain control of your tailnet in case your trusted nodes are ever compromised.

Log streaming to Panther is Generally Available

Pouyan Aminian and Jeff Spencer on
Photo of Pouyan Aminian
Photo of Jeff Spencer
We’re happy to announce that the Tailscale integration with Panther Labs is now Generally Available. We launched this feature a few weeks ago, and made lots of improvements based on your great feedback (thanks!).

Tailscale July Newsletter

Luis DelValle on
Photo of Luis DelValle
Before we get into our July updates below, in case you missed it, we’ve uploaded videos from our first community event Tailscale Up. Check out all the highlights from the event here, including our new feature releases we introduced at the event. This month we also made some updates to our iOS app, and announced our new partnership with Panther Labs to help customers with their log streaming and monitoring. Read about these and other releases down below. We’ve got a bunch of cool community contributions and new Tailscale features to share this month. Let’s jump in:

Reimagining Tailscale for iOS

We are happy to introduce a major update to our iOS app: a more polished experience, new features, and a complete UI rewrite in SwiftUI.

That’s a wrap on Tailscale Up!

Jeremy Tanner and Katie Reese on
Photo of Jeremy Tanner
Photo of Katie Reese
On the bright and sunny day of Wednesday, May 31, 2023 the developer relations team hosted Tailscale’s first user conference in San Francisco at Dogpatch Studios. We were looking to hear stories of Tailscale at home, work, and play from different industries and individuals, from around the world, in their own words. The day was full of talks sourced from the Tailscale community, 15 speakers from four different continents!

SSH endpoint discovery on your tailnet with Charm Wishlist

Parker Higgins on
Photo of Parker Higgins
Wishlist has integrated with Tailscale to enable endpoint discovery for SSH services on your tailnet. You can use Wishlist to browse through and connect to the services that matter to you, whether they’re private, available only through your tailnet, or on the public internet.

New log streaming integration with Panther Labs, now in beta

Jairo Camacho and Pouyan Aminian on
Photo of Jairo Camacho
Photo of Pouyan Aminian
We are excited to announce Panther Labs as our new log streaming partner — now in beta.

A network of pangolins

Pangolins have both tails and scales, so they are obviously the unofficial mascot of Tailscale. (And not just any kind of tail and scale — a prehensile tail, and scales made of keratin!) There isn’t a collective noun for pangolins, so we humbly suggest a network of pangolins.

Subscribe to our terms and conditions

Jenny Zhang, Maya Kaczorowski and David Carney on
Photo of Jenny Zhang
Photo of Maya Kaczorowski
Photo of David Carney
We updated our Terms of Service and our Privacy Policy. See the changes and subscribe to new changes in the tailscale/terms-and-conditions repo on GitHub.

Network flow logs is generally available

Pouyan Aminian and Jairo Camacho on
Photo of Pouyan Aminian
Photo of Jairo Camacho
We are pleased to announce the general availability of network flow logs and log streaming.

Tailscale June Newsletter

Jackie Pruter on
Photo of Jackie Pruter
Before we get into what happened in June, let’s go back to the beginning of the month. We wrapped up May and kicked off June with some pretty big news - we had our first ever community conference, Tailscale Up. To celebrate that occasion, we announced new features that address some of the top community feature requests.

Tailscale now in the QNAP App Center

Parker Higgins on
Photo of Parker Higgins
An official Tailscale app has landed in the QNAP App Center. If you are the proud owner of a QNAP  network-attached storage device, you can download and install a Tailscale client with just a few clicks.

Bring your tailnet to VS Code

Sam Linville, Christine Lee, Tyler Smalley and Marwan Sulaiman on
Photo of Sam Linville
Photo of Christine Lee
Photo of Tyler Smalley
Photo of Marwan Sulaiman

We’re releasing a Tailscale extension for Visual Studio Code, a text editor we hear is pretty popular. The new extension, now in beta, brings the magic of your tailnet even closer to your code and makes it easier than ever to share your local development over the internet for collaboration, testing, and experimentation.

You can install the extension from the VS Code Marketplace, or learn more about it in our documentation. It lets you use Tailscale directly in VS Code on macOS and Windows platforms.

Tailscale doesn't want your password

Ben Lee-Cohen and Jeff Spencer on
Photo of Ben Lee-Cohen
Photo of Jeff Spencer
Tailscale now supports passkeys as the newest way to authenticate to your tailnet. Passkeys let you extend your tailnet to users beyond your identity provider, without worrying about weak or reused passwords. This also means that if you are on the Free plan and you’re using a single user email account to authenticate — like Gmail — you’ll now be able to invite other users to your tailnet with a passkey.

Security, Productivity, and ZTNA with Tailscale Enterprise

Jairo Camacho and Jeff Spencer on
Photo of Jairo Camacho
Photo of Jeff Spencer
Tailscale’s ease of setup and use is one of the reasons so many individuals choose our free plan to run their homelabs. With a few clicks they can add devices to their tailnet, manage access controls for users, and with a little magic, host a private Minecraft server for their friends.  The fun doesn’t have to stop when Steve drops his ax—bring the magic of Tailscale to work.

Invite anyone to your tailnet

Ben Lee-Cohen on
Photo of Ben Lee-Cohen
Starting today, you can invite anyone to your Tailscale network (tailnet) even if they’re on a different domain or using a shared domain like Gmail. For those using Tailscale at home, you’ll be able to add family and friends with their existing email accounts — so multiple Gmail.com users can be on the same tailnet! For organizations using Tailscale, you can now invite external contractors or partners without setting up a temporary email account or adding them to your IdP. This also means that if you’re on the Free plan using a single-user email account to authenticate — like Gmail — you’ll now be able to invite more users to your tailnet.

Three new features launching at Tailscale Up

David Crawshaw and Parker Higgins on
Photo of David Crawshaw
Photo of Parker Higgins

Today we’re kicking off Tailscale Up, our first ever community conference. To celebrate the occasion, we’re announcing new features that address some of the top community feature requests — and we hope will excite you. We’ll be rolling out more information about these announcements over the next week, but for now we’ve got some stuff that we can’t wait to share.

Tailscale May Newsletter

Jackie Pruter on
Photo of Jackie Pruter
May has been a big month for the Tailscale team. We launched session recording for Tailscale SSH in beta, allowing you to record the terminal output whenever someone on your tailnet initiates a Tailscale SSH connection. Along with SSH, we also announced that Custom OIDC is now available for all users, enabling seamless integration and authentication customization.

In case you missed it, we also hosted a live webinar, “Bring Tailscale to Work: Introduction to Tailscale Enterprise,” which is available to watch on-demand here.

Custom OIDC is generally available

We’re pleased to announce that custom OIDC is now generally available for all users. With custom OIDC, users can sign into Tailscale using any identity provider that supports OpenID Connect (OIDC). To use a custom OIDC provider with Tailscale, you must verify domain ownership by setting up a WebFinger endpoint.

Announcing session recording for Tailscale SSH in beta

Sam Linville and Jairo Camacho on
Photo of Sam Linville
Photo of Jairo Camacho
Today, we’re launching session recording for Tailscale SSH in beta, allowing you to record the terminal output whenever someone on your tailnet initiates a Tailscale SSH connection. You can use these recordings to detect threats, investigate security incidents, and remain compliant with your network security policies. To set it up, see the documentation for Tailscale SSH session recording.

Securing customer data in production with Tailscale and Indent

Stevan Arychuk on
Photo of Stevan Arychuk
Everyone wants to get security right, and compliance is usually the forcing function to do so. For us, it was pursuing SOC 2, and for you it might be HIPAA, SOX, or something else. When thinking about securing customer data, it doesn’t necessarily mean locking that data in a safe and throwing away the key, but it can mean restricting who has access, and when. Restricting access to customer data can help prevent data leakage, while limiting how long customer data is reachable can reduce a company’s attack surface area. Learn how Reclaim.ai uses Tailscale to secure customer data and prod environments, and Indent to efficiently update permissions in a secure time-limited way.

Sign in to Tailscale with Apple

David Crawshaw on
Photo of David Crawshaw
Users can now sign in to Tailscale using their Apple ID. On the Mac and iPhone, signing in to Tailscale with your Apple ID takes advantage of TouchID and FaceID. This addition rounds out Tailscale’s support for major identity providers, alongside Google, GitHub, Microsoft, Okta, custom OIDC providers, and more.

Announcing network flow logs and log streaming

Pouyan Aminian and Jairo Camacho on
Photo of Pouyan Aminian
Photo of Jairo Camacho

Tailscale takes your network’s security and reliability seriously. That’s why we built features like configuration audit logs to help you monitor and review changes to your network. Recently, we released network flow logs, in beta, to help you monitor network activity in your tailnet. These logs allow you to detect threats, investigate security incidents, maintain compliance with your network security policies, and troubleshoot network issues. 

Network flow logs record the metadata about your network traffic. Your connections on Tailscale are (and remain) end-to-end encrypted and we never log the content of your network traffic, nor do we have access to do so.

Log into Tailscale with any OIDC-enabled identity provider

Jeff Spencer on
Photo of Jeff Spencer
For large organizations, identity management and access control isn’t just about authenticating users and defining what they have access to, it’s also about delivering a great user experience without compromising security. Tailscale requires users to log in with an identity provider (IdP) — which hasn’t been much of a problem because we currently have native SSO integrations for Google, Microsoft Azure AD, Okta, GitHub, and OneLogin. But what if you’re not using one of these providers?

Announcing Tailscale Enterprise

David Carney on
Photo of David Carney
Since launching four years ago, Tailscale has been adopted by thousands of companies seeking easier and more powerful ways to build networks and interconnect devices. Customers like Instacart, Mercari, Duolingo, and Mercury Bank are using Tailscale in wide-scale deployments, often with more than 1,000 users, as a key part of their network infrastructure.

Pricing v3, plans, packages, and debugging

Avery Pennarun on
Photo of Avery Pennarun

Today we’re announcing the third generation of Tailscale plans and pricing. Most noticeably: The Free plan is expanding from one to three users. Monthly paid plans now include three free users, and bill you only for additional users who actively exchange data over Tailscale (“usage-based billing”) rather than for a fixed number of seats. Annual prepaid plans will have a new structure.

The new plans should save money for essentially everyone, but you can keep your old plan if you want. Existing annual, custom, and enterprise subscriptions are unaffected, and changes are opt-in. Monthly prices per user are staying the same.

Surpassing 10Gb/s over Tailscale

Jordan Whited on
Photo of Jordan Whited

Hi, it’s us again. You might remember us from when we made significant performance-related changes to wireguard-go, the userspace WireGuard® implementation that Tailscale uses. We’re releasing a set of changes that further improves client throughput on Linux. We intend to upstream these changes to WireGuard as we did with the previous set of changes, which have since landed upstream.

With this new set of changes, Tailscale joins the 10Gb/s club on bare metal Linux, and wireguard-go pushes past (for now) the in-kernel WireGuard implementation on that hardware. How did we do it? Through UDP segmentation offload and checksum optimizations. You can experience these improvements in the current unstable Tailscale client release, and also in Tailscale v1.40, available in the coming days. Continue reading to learn more, or jump down to the Results section if you just want numbers.

An update on Tailscale Up — our conference for you! 

Jeremy Tanner and Katie Reese on
Photo of Jeremy Tanner
Photo of Katie Reese
In case you missed it, Tailscale Up is our first community conference that brings Tailscale out of the network layer and into the real world on Wednesday, May 31. Come to meet open source maintainers, hardware hackers, self-hosters, and Tailscalars (sometimes all the same person) to share stories, workflows, and favorite projects. You can find tickets, accommodation details, and more over on the developer community site.

Tailscale March newsletter

Mark Ogilbee on
Photo of Mark Ogilbee

March has flown by! All month long, we’ve been heads-down getting some cool new features over the finish line and into your hands, including custom OIDC and Funnel, both in beta. You can also make new users’ onboarding process less daunting by inviting them to join your tailnet.

And we are particularly thrilled to be hosting our first in-person community conference, Tailscale Up, featuring speakers Amye Scavarda Perrin, Justin Garrison, Emily Trau, Corey Quinn, and more to be announced soon. We are partnering with Dogpatch Studios in SF to host this event, and we’re excited to share more details about content, food, and more in the coming weeks.

Tailscale Funnel now available in beta

Tailscale Funnel, a tool that lets you share a web server on your private tailnet with the public internet, is now available as a beta feature for all users. With Funnel enabled, you can share access to a local development server, test a webhook, or even host a blog.

We got nerdsniped into simulating our logo going through a funnel.

Funnel provides a DNS name tied to your node that becomes publicly accessible once enabled. When a user on the public internet requests your service, we use a secure Tailscale tunnel to forward those requests along.

Invite and review users joining your tailnet

Claire Wang and Fran Bull on
Photo of Claire Wang
Photo of Fran Bull
When a new user signs up for Tailscale with alice@example.com, they automatically join the same Tailscale network (tailnet) as everyone else @example.com. This makes it easy for small teams to get started with Tailscale. For more complex management of users in your organization, you can invite users and assign them roles before they join. And, you can review and approve when users join your tailnet with user approval.

Introducing Custom OIDC

At Tailscale, we don’t want your users (or us) managing a separate list of usernames and passwords, which is why you must use single sign-on with an identity provider to create and manage your network. Until now, that meant you needed to choose from a handful of trusted identity providers including Google, Okta, GitHub, and Azure AD. Custom OIDC, now in open beta (and available for everyone), changes all that.

New users can set up custom OIDC and sign in at login.tailscale.com/start/oidc, and existing customers can contact our support team to request account migration.

Tailscale February newsletter

Mark Ogilbee on
Photo of Mark Ogilbee
We’re excited about what’s been happening at Tailscale this month! Configuration audit logs are now generally available for all Tailscale users, and we’ve announced a new integration that lets your CodeSandbox Repository access private resources on your tailnet. We’ve also introduced changes to make it easier to manage your billing with the Billing Admin role, and we’ve launched improvements for supporting OAuth in the Tailscale API. And last — but absolutely not least — we’re announcing our first in-person Tailscale community conference, Tailscale Up.

We ❤️️ integrations

Maya Kaczorowski on
Photo of Maya Kaczorowski
Tailscale is, at its heart, network infrastructure. The value of network infrastructure is what it enables us to connect with. Our Integrations page gives you a long list of where you can use Tailscale, so that you can easily see if it works with your infrastructure — but, spoiler alert — Tailscale works almost everywhere.

Manage pricing and billing with Billing Admin

Claire Wang and Maya Kaczorowski on
Photo of Claire Wang
Photo of Maya Kaczorowski
We’ve added a new additive user role, Billing Admin, so that you can designate multiple individuals to manage pricing plans and billing information for your tailnet, without also allowing them to edit other tailnet settings.

Subscribe for monthly updates

Product updates, blog posts, company news, and more.

Too much email? RSS Twitter