- New: Use 4via6 subnet routers to route traffic when you have existing subnets with overlapping IPv4 addresses
--peerapi <peer>flag in
tailscale pingto check connectivity to a peer using the PeerAPI
--timeout <duration>flag in
tailscale upto enforce a maximum amount of time to wait for the Tailscale service to initialize
Wake-on-LANfunction to PeerAPI. There is no UI for it currently.
/run.shas an entrypoint for Docker container builds
TS_NOLAUNCHproperty to allow admins to deploy silent MSI installs without automatically starting the GUI
autogroup:membersas a tag owner, to enable device tagging by any user who is a direct member (not a shared user) of the tailnet
file get --loop
file get --conflict=(skip|overwrite|rename)
groupas an option for the
srcfield, and as the
hostportion of the
denyin addition to
denywhen specifying destinations that the ACL rules should accept or deny.
autogroup:membersto write rules to allow access for users who are direct members (not shared users) of the tailnet
userspace-networkingmode, always close SOCKS proxied connections
tailscaled --state=mem:registers as an ephemeral node and does not store state to disk
tailscale status --jsonnow shows
PrimaryRoutesshows whether a HA subnet router is currently the active one.
tailscale status --json | jq .TailnetNamewill show the name of the tailnet
tailscaleddebug server’s Prometheus metrics exporter now also includes Go runtime metrics
tailscaledsupports a new
TS_PERMIT_CERT_UIDenvironment variable containing either a userid or username to allow to fetch Tailscale TLS certificates for the node. This environment variable can be set in
/etc/default/tailscaledto permit non-root web servers on the local machine to fetch certs from
--authkeyboth work as
tailscale --operator=USERto use with Taildrop
failed to look up user from useriderror
/var/packages/Tailscale/target/bin/tailscale configure-hostto restore needed permissions. We recommend adding this as a scheduled task at boot.
dstin addition to
portswhen referring to sources and destinations
/proc/net/routefiles for very large routers
Only the Synology client released v1.20.3. All other platforms remain with v1.20.2.
tailscalednow allows running the outgoing SOCKS5 and HTTP proxies on the same port.
tailscale ip -1flag
tailscale status --json, made
tailscale statusshow offline nodes
tailscale up --json
disableIPv4: truein ACL
tailscale file cpsends via the local tailscaled now, so it now supports
tailscaledrunning in tun-free,
userspace-networkingmode (such as on Synology DSM7 unless you enable TUN mode)
protospecified and allows
autogroup:selfto write access rules to allow access to devices authenticated as the same user as the source IP address
ipcommand to program routes and policy routing
tailscaleddebug server now exports Prometheus metrics at
tailscaled -state arn:aws:ssm:eu-west-1:123456789:parameter/foo) (thank you Maxime Visonneau)
/etc/resolv.confbut pointed it to
systemd-resolvedfor DNS not resolvconf
/etc/resolv.confbut pointed it to
systemd-resolvedfor DNS not NetworkManager
/etc/resolv.confbeing a bind mount into a container, such that we cannot
TS_DEBUG_USE_IP_COMMANDenvironment variable to revert to use of
/sbin/ipif this breaks your device
tailscale up --authkey=file:/path/to/secretsupport
tailscale up --qrfor QR codes
while tailscale up; do sleep 0.1; doneloops in Docker startup scripts.
--qras part of
tailscale upto generate a QR code for the login URL
--tun=userspace-networkingto dial the HTTPS domain name of the Tailnet
tailscale upwill wait for the socket to tailscaled to be created, not exit with an error. It should no longer be necessary to run it in a loop.
Note: v1.14.1 and v1.14.2 were never released.