What is a tailnet?

A tailnet is your private network. When you log in for the first time to Tailscale on your phone, laptop, desktop, or cloud VM, a tailnet is created.

For personal users, you are a tailnet of many devices and one person. Each device gets a private Tailscale IP address in the CGNAT range and every device can talk directly to every other device, wherever they are on the internet.

For businesses and organizations, a tailnet is many devices and many users. It can be based on your Microsoft Active Directory, your Google Workspace, a GitHub organization, Okta tenancy, or other identity provider namespace. All of the devices and users in your tailnet can be seen by the tailnet administrators in the Tailscale admin console. There you can apply tailnet-wide configuration, such as ACLs that affect visibility of devices inside your tailnet, DNS settings, and more.

It is also possible to share access to devices between tailnets. This gives you the ability to share internal organization services with tailscale users outside your organization (or share your personal Minecraft server with your friends).

Your tailnet is your space. The internet cannot reach it. Think of it like a conference room with only people you have invited inside. Your tailnet can be a safe network where you are free to explore without the rest of the internet watching.

Each tailnet has both a tailnet name and an organization name.

A tailnet name is provided by Tailscale to avoid publicizing your organization name. The tailnet name is used by features such as MagicDNS, HTTPS, and sharing. You can choose whether a default tailnet name (such as tailfe8c.ts.net) or a fun tailnet name (such as yak-bebop.ts.net) is your active tailnet name. You can view your tailnet name and switch between the default and fun names in the DNS page of the admin console.

An organization name is based on your corporate domain, email address, or GitHub username. The organization name is used by the Tailscale API. You cannot change your organization name. You can view your organization name in the Settings page of the admin console.

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2023 Tailscale Inc.

Privacy & Terms