This article contains various suggestions and tips to help troubleshoot setup and connectivity issues. Please email suggestions to email@example.com.
- Why can’t I ping my own 100.x IP address on macOS or iOS?
- I can’t send/receive pings from Windows or macOS.
- My macOS client gets stuck at Loading backend…
- My firewall blocks all everything by default. Which ports do I need to open?
- Tailscale won’t automatically update on macOS
- Two of my macOS devices have the same 100.x IP address
- I have managed to set up Tailscale on my Mac and iPhone. How do I access my Mac’s files from my iPhone?
- How do I know if my traffic is being routed through DERP?
- Can I route all of my traffic through a default route?
- How can I see the IP routes Tailscale installs?
- How can I disable subnet route masquerading?
- How do I deploy Tailscale to a large fleet of devices?
Why can’t I ping my own 100.x IP address on macOS or iOS?
This is a known issue. We’ve investigated it and are working on a solution. You should be able to ping your iOS and macOS devices from other devices.
I can’t send/receive pings from Windows or macOS.
Windows generally has aggressive firewall rules set up, even for ICMP (ping) traffic (both incoming and outgoing). Be sure that you’ve enabled your Windows machines to be able to both send and receive ICMP traffic.
A faster, but riskier approach to test this is to (temporarily) disable the Windows firewalls to see if it makes any impact.
Similarly, macOS’ “stealth mode” will prevent macOS from responding to pings. This can be enabled/disabled in your Mac’s Security & Privacy settings.
Please refer to this issue for updates on improving related notifications and user experience.
My macOS client gets stuck at
Do you have a virus scanner (or other form of endpoint security) such as ESET installed? In some cases we’ve found that security measures interfere with Tailscale’s operation.
My firewall blocks all everything by default. Which ports do I need to open?
In general, you want to:
- Let your internal devices initiate TCP connections to
- Let your internal devices initiate UDP from
Tailscale won’t automatically update on macOS
Unfortunately, the App Store can’t automatically update the Tailscale macOS app while it’s running. You need to explicitly quit Tailscale before updating. This is a known issue that we’re working on.
Two of my macOS devices have the same 100.x IP address
This can occur if you use a backup of one machine to create another (i.e. the Tailscale configuration files are duplicated.)
To completely reset Tailscale on your Mac:
- Quit Tailscale.
- Open the
Keychain Accessapp. Search for
- Delete the entries for
- Restart Tailscale.
I have managed to set up Tailscale on my Mac and iPhone. How do I access my Mac’s files from my iPhone?
- Open the
Filesapp on your iPhone.
- Go to the
- Tap the
...in the top right.
Connect to Serverand enter your Mac’s Tailscale IP address.
At this point, any folders shared by your Mac (via SMB) are browseable.
How do I know if my traffic is being routed through DERP?
If you’re on Linux, you can try the
tailscale status command. The remote address that’s surrounded by *stars* is the one being used. If no entries match, then your traffic is being routed through the relay.
This command is not (yet) supported on other platforms.
Can I route all of my traffic through a default route?
This is a common feature request. Please see this issue on Github to track its status.
If you want to force your traffic through a particular IP (to handle an IP blocklist — a.k.a. an IP whitelist) then see the article on connecting to external services with IP blocklists via Tailscale.
How can I see the IP routes Tailscale installs?
As of v0.99 Tailscale routes moved into a separate routing table (to prevent
routing loops in subnet routing), which the legacy
To see routes installed by Tailscale use
ip route instead
ip route show table 88
How can I disable subnet route masquerading?
You can disable subnet route masquerading with
tailscale up --snat-subnet-routes=false
How do I deploy Tailscale to a large fleet of devices?
You’ll want to use Tailscale’s pre-authenticated keys feature, which let you authenticate devices by key rather than in-browser.
As an admin, you can create keys in the admin panel once you’re logged in.