What devices can connect to or see mine?
Which devices can I connect to? Which devices can connect to my device?
Tailscale only allows devices that are logged into the same Tailscale network or that are shared to connect to each other.
@gmail.com) or using a GitHub organization, Tailscale treats these as the same organization and so the same network.
Tailscale uses ACLs to restrict which devices can connect to each other in a network. ACLs are “default deny”, meaning that two devices can only connect if an access rule explicitly allows it, otherwise the connection is denied.
Which devices can I see? Which devices can see my device?
In the Tailscale app on your device, the list of devices you can see includes:
- Devices that your device is able to connect to, as permitted by ACLs. This includes both devices in your network, and devices that are shared with you. This is called “netmap trimming”, and helps keep larger networks more manageable and private.
- Exit nodes that your device can use, as permitted by Tailscale ACLs. Note that any user who can access
autogroup:internetcan use any exit node in your network—you cannot restrict the use of a specific exit node.
- All devices which are authenticated as the same user, even if you are not permitted to connect to them. This allows for the use of Taildrop if it is enabled on your network.
If I use Tailscale on my work device, can co-workers see my personal devices?
If your co-workers don’t use Tailscale or use a different Tailscale network than the on you’re on, they can’t connect to or see your device.
If you and your co-workers use the same network, your devices may be connectable and visible by them, if allowed by ACLs.
How do I restrict access to my device?
Admins can restrict which devices can connect to each other using ACLs.
You can also restrict incoming connections from Tailscale to your device.