Download invoices beta
- New: Download invoices for your Tailscale account in the Billing page of the admin console (beta)
fd7a:115c:a1e0::/96
. Previously IPv6 addresses were assigned from fd7a:115c:a1e0:ab12::/64
.tailscale serve
and tailscale funnel
that allowed low-privilege users to serve files they did not have access to if the machine administrator had previously granted that user tailscale up --operator
privilege (TS-2024-001)tailscale update
command for the standalone macOS applicationtailscale update
commandtailscale cert
command renews in the background. The current certificate only displays if it has expired.tailscale status
command displays a message about client updates when newer versions are availabletailscale up
command displays a message about client updates when newer versions are availabletailscale set
command flag --auto-update
is added to opt in to automatic client updates (beta)tailscale serve
and tailscale funnel
commands are updated for improved usabilitytailscale update
command for manual updates is now in betanftables
auto-detection is improved when TS_DEBUG_FIREWALL_MODE=auto
is usedNetworkManager
with configured but absent systemd-resolved
, such as EndeavourOSresolvconf
version 1.90 or latertailscale set
command flag --auto-update
is added to opt in to automatic client updates (beta)tailscale serve
and tailscale funnel
commands are updated for improved usabilitytailscale update
command for manual updates is now in betaiphlpsvc
, netprofm
, and WinHttpAutoProxySvc
service dependencies are checked during installationtailscale serve
and tailscale funnel
that allowed low-privilege users to serve files they did not have access to (TS-2024-001)tailscale set
command flag --auto-update
is added to opt in to automatic client updates (beta)tailscale serve
and tailscale funnel
commands are updated for improved usabilitytailscale update
command for manual updates is now in betatailscale update
command is unhidden on most platformstailscale ping
command sends an ICMP Ping code of 0
tailscale web
command updated to use Reacttailscale debug portmap
command now has the --log-http
optiontailscale netcheck
command works even if the OS platform lacks CA certificatesiptables
and iproute2
packages as recommended, not requirednftables
support interoperates with Uncomplicated Firewall (UFW)tailscale bugreport
logs contain additional diagnostic information%20
in file names when sending files to Windows devices%20
in file names when sending files to Windows devicestailscale exit-node
sub-command--upstream
flag in the tailscale version
commandtailscale funnel
command provides an interactive web UI that prompts you to allow Tailscale to enable Tailscale Funnel on your behalftailscale serve
command provides an interactive web UI that prompts you to allow Tailscale to enable HTTPS and Tailscale Funnel on your behalfNote: 1.48.0 introduced a regression in the interaction between Tailscale and Linux ufw
. The Linux release has been withdrawn pending a fix.
nftables
tailscale update
command on Alpine, Arch and Fedora distro familiestailscale update
commandtailscale update
commandnodeDeleted
webhook event is now generated when a node is removed from the tailnet, including automatic removal of ephemeral nodesmy-server.yak-bebop.ts.net
instead of
my-server.example.com
. This is a display-only change and doesn’t modify the name of any
machines.tailscale netcheck
(#5919)tailscaled --no-logs-no-support
(or TS_NO_LOGS_NO_SUPPORT=true
environment variable)tailscale bugreport --record
flag to pause and write another bug reporttailscale netcheck
looks for a captive portaltailscaled
ExitNodeStatus
to tailscale status --json
tailscale ping -c N
to properly exit after N ping requests even if there are timeoutsSERVFAIL
if all upstream resolvers failssdp:all
ping (hostname)
now works correctlyAllowSameVersionUpgrades
attribute on MajorUpgrade
tag in Windows MSI script*.ts.net
DNS nametailscaled --state=mem:
registers as an ephemeral node and does not store state to disktailscale status --json
now shows Tags
and PrimaryRoutes
for Peers. PrimaryRoutes
shows whether a HA
subnet router is currently the active one.tailscale status --json | jq .TailnetName
will show the name of the tailnettailscaled
debug server’s Prometheus metrics exporter now also includes Go runtime metricstailscaled
supports a new TS_PERMIT_CERT_UID
environment variable containing either a userid or username to
allow to fetch Tailscale TLS certificates for the node. This environment variable can be set in
/etc/default/tailscaled
to permit non-root web servers on the local machine to fetch certs from tailscaled
.--auth-key
and --authkey
both work as tailscale up
arguments/proc/net/route
filestailscale --operator=USER
to use with Taildroptailscale status
failed to look up user from userid
error/var/packages/Tailscale/target/bin/tailscale configure-host
to restore needed
permissions. We recommend adding this as a scheduled task at boot.autogroup:self
for all tagged nodesautogroup:self
ruletailscale up --authkey=file:/path/to/secret
supporttailscale up --qr
for QR codeswhile tailscale up; do sleep 0.1; done
loops in Docker startup scripts.tailscale debug