What devices can connect to or see mine?
Which devices can I connect to? Which devices can connect to my device?
Tailscale only allows devices that are logged into the same Tailscale network (known as a tailnet) or that are shared to connect to each other.
When you create a Tailscale account using an identity provider with a domain that you own or through a GitHub organization, Tailscale recognizes users as belonging to the same organization. As a result, they will be added to the same tailnet.
Tailscale uses ACLs to restrict which devices can connect to each other in a network. ACLs are “default deny”, meaning that two devices can only connect if an access rule explicitly allows it, otherwise the connection is denied.
Which devices can I see? Which devices can see my device?
In the Tailscale app on your device, the list of devices you can see includes:
- Devices that your device is able to connect to, as permitted by ACLs. This includes both devices in your network, and devices that are shared with you. This is called "netmap trimming", and helps keep larger networks more manageable and private.
- Exit nodes that your device can use, as permitted by Tailscale ACLs. Note that any user who can access
autogroup:internet
can use any exit node in your network—you cannot restrict the use of a specific exit node. - All devices which are authenticated as the same user, even if you are not permitted to connect to them. This allows for the use of Taildrop if it is enabled on your network.
- All devices that can connect to your device are also visible to you, even if you are not permitted to connect to them. This allows for establishing direct connections in as many environments as possible.
If I use Tailscale on my work device, can co-workers see my personal devices?
If your co-workers don't use Tailscale or use a different Tailscale network than the one you're on, they can't connect to or see your device.
If you and your co-workers use the same network, your devices may be connectable and visible by them, if allowed by ACLs.
How do I restrict access to my device?
Admins can restrict which devices can connect to each other using ACLs.
You can also restrict incoming connections from Tailscale to your device.