There are three ways to run Tailscale on macOS:

1. The Mac App Store version, from https://apps.apple.com/ca/app/tailscale/id1475387142
2. A standalone Mac application, in development but not broadly available for download yet.
3. The open source tailscale + tailscaled CLI version, from https://github.com/tailscale/tailscale/wiki/Tailscaled-on-macOS

The three variants share the same core packet processing code; they differ primarily in how they’re packaged and how they interact with the system.

Why are there three ways?

To be in the Mac App Store, applications run in the macOS App Sandbox, isolating the app from the rest of the system. In that sandbox, applications can be a Network Extension to implement VPNs or VPN-like functionality. The Network Extension system does not work for applications distributed outside of the Mac App Store.

In later versions of macOS, Apple added the similar but slightly different System Extension method of implementing VPNs.

We have a version of the Tailscale macOS application that uses a System Extension instead and can be distributed outside of the App Store (as a DMG or zip), but it’s not finished enough for wide distribution yet. It will be available for general download in the future.

The final method is running the open source Tailscale code. It uses the kernel utun interface rather than the Network Extension or System Extension frameworks. It has no GUI and some functionality, such as MagicDNS, is not fully implemented.

In summary:

Automating App Store installs

To automate installs of the Mac App Store version of Tailscale, the mas-cli tool lets you run:

mas install 1475387142