This month's updates include all the features announced during Tailscale's Fall Update Week, an updated GitHub Action, plus other improvements. For instructions on how to update to the latest version, visit our update guide.
Tailscale GitHub Action v4.0.0
Tailscale's GitHub Action, rewritten in TypeScript, added a number of improvements. It supports a ping parameter to verify tailnet connections, can log out ephemeral nodes after CI runs, and has improved its logging efficiency.
Tailscale Services (beta)
Tailscale Services, allows for the creation and management of dedicated applications and services on your tailnet, without tying them to any one device. (Blog)
Tailscale Peer Relays (beta)
Tailscale Peer Relays allow for controlling your own UDP-based relays, providing high-performance traffic routing inside hard firewalls and cloud infrastructure. (Blog)
Multiple tailnets (alpha)
Administrators can now create multiple tailnets inside one organization, while utilizing a common identity provider and domain, for sandboxing, staging, and other uses. (Blog)
Workload identity federation (beta)
Workload identity federation simplifies the creation of agents and workloads in infrastructure and CI/CD environments, utilizing Tailscale identity data instead of managing keys and secrets. (Blog)
Visual policy editor (GA)
The visual policy editor, which allows for creating and editing policies with browser-based controls and search, is now generally available.
Tailnet name types
Changes have been made to Tailscale's admin console to reflect new naming tools, and better support multiple tailnets.
- Display name is an optional field that lets you assign a custom display name to your tailnet that appears in the admin console, client UI, and client CLI, instead of your domain or email address.
- Tailnet ID should be used in the
tailnetIdfield for Tailscale API path parameters instead of your organization name. - Legacy ID has replaced the Organization field in the console. Organization field will continue to display for existing tailnets but will not display for newly created tailnets.
Client updates
We released a series of updates and fixes to improve security and stability across all platforms.
Tailscale v1.88.4 to v1.90.5
All platforms
- A deadlock issue no longer occurs in the client when checking for the network to be available.
tailscaledshuts down as expected and without panic.- Clients can use configured DNS resolvers for all domains even when the client also uses an exit node using the nameserver settings in the DNS page of the admin console.
- Node keys will be renewed seamlessly, so clients will maintain existing connections while re-authenticating.
Linux
- Tailscale SSH no longer hangs for 10s when connecting to
tsrecorder. This affected tailnets that use Tailscale SSH recording. tailscaledno longer sporadically panics when a Trusted Platform Module (TPM) device is present.tailscaledstarts up as expected in a no router configuration environment.Aniptablesregression on non-amd64/arm64 platforms is resolved, and the client starts as expected.- Running Tailscale on devices equipped with Trusted Platform Module (TPM) 1.x no longer causes the
tailscaleddaemon to fail. - Node key sealing is GA (generally available) and enabled by default. For more information, refer to Secure node state storage.
Windows
tailscaledno longer sporadically panics when a Trusted Platform Module (TPM) device is present.- Node key sealing is GA (generally available) and enabled by default. For more information, refer to Secure node state storage.
MacOS
- The Tailscale dock icon closes as expected when the client is not using the windowed UI (beta).
- The Hide Dock Icon checkbox located in Settings lets you remove the Tailscale icon from the macOS dock when the client window is closed.
- The
tailscale driveCLI command for sharing Taildrive directories is no longer available. Use the client GUI for sharing directories instead. - Node key sealing is GA (generally available) and enabled by default. For more information, refer to Secure node state storage.Exit node selection using the macOS Shortcuts app work as expected.
- Accounts displayed using the macOS menu bar Tailscale icon load as expected.
- Client users preference for automatic/recommended exit node selection is remembered as expected.
iOS
- Exit node selection using the iOS Shortcuts app work as expected.
- Client users preference for automatic/recommended exit node selection is remembered as expected.
Android
- Client is able to establish direct connections as expected.
WASM
- The JS/WASM client used by
tsconnectno longer crashes unexpectedly.
FreeBSD
tailscaledstarts up as expected in a no router configuration environment.
OpenBSD
tailscaledstarts up as expected in a no router configuration environment.
All of these fixes and changes are available in the current stable release, 1.90.5
Container, Kubernetes, and tsrecorder updates
Container image v1.90.5
This version contains no changes except for library updates.
Kubernetes operator v1.90.5
- DNSConfig nameserver supports Pods with IPv6 addresses and will serve AAAA records.
- DNSConfig nameserver supports specifying a replica count for high-availability deployment.
- DNSConfig nameserver supports specifying pod tolerations.
- ProxyClass now supports the
dnsConfiganddnsPolicyfields for refined DNS specifications. - Reconciler logs are now sent to the Tailscale control plane in addition to the core client logs that are already sent. As before, this can be disabled by setting the
TS_NO_LOGS_NO_SUPPORTenvironment variable totruewithin the operator deployment.
tsrecorder v1.90.5
tsrecorderis updated with web interface search, filtering and, enhanced design.kubectl execsessions record as expected.- Cached recordings on large datasets no longer fail if the caching process exceeds one minute.
- Recordings are no longer stopped when a session exceeds one minute.
Those are the highlights for this month. If you have questions or feedback, we're here to help. Thank you for using Tailscale.
Kevin Purdy
