What devices can connect to or see mine?
Tailscale only allows devices that are logged into the same Tailscale network (known as a tailnet) or that are shared to connect to each other.
Tailscale uses ACLs to restrict which devices can connect to each other in a network. ACLs are “default deny”, meaning that two devices can only connect if an access rule explicitly allows it, otherwise the connection is denied.
In the Tailscale app on your device, the list of devices you can see includes:
- Devices that your device is able to connect to, as permitted by ACLs. This includes both devices in your network, and devices that are shared with you. This is called “netmap trimming”, and helps keep larger networks more manageable and private.
- Exit nodes that your device can use, as permitted by Tailscale ACLs. Note that any user who can access
autogroup:internetcan use any exit node in your network—you cannot restrict the use of a specific exit node.
- All devices which are authenticated as the same user, even if you are not permitted to connect to them. This allows for the use of Taildrop if it is enabled on your network.
If your co-workers don’t use Tailscale or use a different Tailscale network than the one you’re on, they can’t connect to or see your device.
If you and your co-workers use the same network, your devices may be connectable and visible by them, if allowed by ACLs.