What is a tailnet?
A tailnet is your private network. When you log in for the first time to Tailscale on your phone, laptop, desktop, or cloud VM, a tailnet is created.
For personal users, you are a tailnet of many devices and one person. Each device gets a private Tailscale IP address in the CGNAT range and every device can talk directly to every other device, wherever they are on the internet.
For businesses and organizations, a tailnet is many devices and many users. It can be based on your Microsoft Active Directory, your Google Workspace, a GitHub organization, Okta tenancy, or other identity provider namespace. All of the devices and users in your tailnet can be seen by the tailnet administrators in the Tailscale admin console. There you can apply tailnet-wide configuration, such as ACLs that affect visibility of devices inside your tailnet, DNS settings, and more.
It is also possible to share access to devices between tailnets. This gives you the ability to share internal organization services with tailscale users outside your organization (or share your personal Minecraft server with your friends).
Your tailnet is your space. The internet cannot reach it. Think of it like a conference room with only people you have invited inside. Your tailnet can be a safe network where you are free to explore without the rest of the internet watching.