Tailscale v1.86.0
Update instructionsNote: The rollout of 1.86.0 for macOS was paused on July 25, 2025, while we investigate a reported regression.
All platforms
tsStateEncrypted
device posture attribute for checking whether the Tailscale client state is encrypted at rest.- Cross-site request forgery (CSRF) issue that may have resulted in a log in error when accessing the web interface.
- Hostnames are verified as expected when using CONNECT HTTPS proxy to connect to the control plane.
- Recommended exit node when the previously recommended exit node is offline.
Linux
tailscale up --exit-node=auto:any
andtailscale set --exit-node=auto:any
CLI commands track the recommended exit node and automatically switches to it when available exit nodes or network conditions change.tailscaled
CLI command flag--encrypt-state
encrypts the node state file on the disk using trusted platform module (TPM).
Windows
tailscale up --exit-node=auto:any
andtailscale set --exit-node=auto:any
CLI commands track the recommended exit node and automatically switches to it when available exit nodes or network conditions change.EncryptState
system policy enforces storing the node state file in encrypted format on disk using trusted platform module (TPM).- Selecting Recommended from the exit node picker makes the Tailscale client track the recommended exit node and automatically switch to it when available exit nodes or network conditions change.
AlwaysOn
system policy is enforced as expected.- System tray icon display a notification when the selected exit node is unavailable.
- Mullvad exit node picker hides after switching from a profile with Mullvad exit nodes to one without any exit nodes.
- WDAP/PAC proxy detection on Windows 10 1607 and earlier to ensure successful connectivity when a proxy is required.
macOS
tailscale up --exit-node=auto:any
andtailscale set --exit-node=auto:any
CLI commands track the recommended exit node and automatically switches to it when available exit nodes or network conditions change.ReconnectAfter
system policy setting, which configures the maximum period of time between a user disconnecting Tailscale and the client automatically reconnecting.EncryptState
system policy enforces storing the node state file in the Keychain. The App Store variant of the client always uses the Keychain regardless of this setting.OnboardingFlow
system policy enforces the suppression of the onboarding flow that displays when the client is installed. This replaces the deprecatedTailscaleOnboardingSeen
system policy.- Remove all accounts option in the Debug menu.
TailscaleOnboardingSeen
system policy is deprecated. Use the newOnboardingFlow
system policy instead.- Selecting Recommended from the exit node picker makes the Tailscale client track the recommended exit node and automatically switch to it when available exit nodes or network conditions change.
AlwaysOn
system policy is enforced as expected.- Shortcut action issues.
iOS
- Selecting Recommended from the exit node picker makes the Tailscale client track the recommended exit node and automatically switches to it when available exit nodes or network conditions change.
- Reset keychain option issues.
- Shortcut action issues.
- Taildrop resending issues.
tvOS
- Selecting Recommended from the exit node picker makes the Tailscale client track the recommended exit node and automatically switch to it when available exit nodes or network conditions change.