Three ways to run Tailscale on macOS
There are three ways to run Tailscale on macOS:
- The Mac App Store version, from https://apps.apple.com/ca/app/tailscale/id1475387142
- A standalone Mac application, available from Tailscale packages
- The open source
tailscaledCLI version, from https://github.com/tailscale/tailscale/wiki/Tailscaled-on-macOS
The three variants share the same core packet processing code; they differ primarily in how they’re packaged and how they interact with the system.
To be in the Mac App Store, applications run in the macOS App Sandbox, isolating the app from the rest of the system. In that sandbox, applications can be a Network Extension to implement VPNs or VPN-like functionality. The Network Extension system does not work for applications distributed outside of the Mac App Store.
In later versions of macOS, Apple added the similar but slightly different System Extension method of implementing VPNs.
Tailscale also has a version of the Tailscale macOS application that uses a System Extension instead, which can be distributed outside of the App Store (as a DMG or zip).
The final method is running the open source Tailscale
It uses the kernel
rather than the Network Extension or System Extension frameworks. It has no GUI and
thus some functionality, such as Taildrop, does not have the same user experience
as the macOS GUI versions.
|Minimum macOS||macOS 10.13||macOS 10.15||macOS 10.13|
|Run in background||no; sandboxed||possible; not done||yes|
|Keychain used||user||system||none; files on disk|
|Auto-updates||yes; App Store||notification of new update; Sparkle||no|
|Exit nodes||yes||yes||partial; can advertise as exit node but cannot use them|
To automate installs of the Mac App Store version of Tailscale, the
mas-cli tool lets you run:
mas install 1475387142