Features
Tailscale offers many features to achieve different needs for your network. Features may be available in different release stages.
Route traffic
Split DNS
Use a DNS server only for specific domains, e.g., for reaching SaaS applications.
Read more →
MagicDNS
Access devices using short hostnames, like http://dashboard
.
Read more →
Search Domains
Set custom DNS search domains in your tailnet.
Read more →
Subnet routers
Reach devices on which you can’t install Tailscale: embedded devices, VPC peering, and incremental rollouts.
Read more →
Subnet router failover Beta
Multiple routers for the same subnet.
Read more →
4via6 subnet routers Alpha
Unambiguous and unique IPv6 address for each overlapping subnet.
Read more →
Exit nodes
Route all traffic through a specific device.
Read more →
Manage access
Access Control Lists (ACLs)
Write RBAC policies based on users and nodes, not IP addresses.
Read more →
ACL tests
Test ACLs to avoid unnecessary exposure on your network.
Read more →
GitOps for ACLs
Use a GitOps workflow for version control of ACLs.
Read more →
User roles
Assign Admin roles for separation of duties in your network.
Read more →
Set up servers
ACL tags
Tag servers based on their purpose and use these as part of access control.
Read more →
Auth keys
Authenticate servers and ephemeral nodes like containers to your network.
Read more →
OAuth clients
Provide delegated fine-grained access to the Tailscale API.
Read more →
Tailscale SSH Beta
Authenticate and encrypt SSH connections in your network using Tailscale node keys instead of SSH keys.
Read more →
Tailscale SSH Console Beta
Create a browser-based SSH session from the admin console to a node on your Tailscale network.
Read more →
Tailscale Funnel Beta
Route traffic from the wider Internet to your Tailscale nodes.
Read more →
Access & share services
Node sharing Beta
Share devices with users outside of your network, like a partner or customer.
Read more →
Taildrop Alpha
Send files between your devices.
Read more →
Services Alpha
Collect and display information about services running on your network.
Read more →
HTTPS certificates Beta
Allow users to provision TLS certificates for their devices.
Read more →
tsnet
Embed Tailscale inside of a Go program.
Read more →
Kubernetes operator Beta
Provide full ingress and egress connectivity from Kubernetes clusters to non-Kubernetes resources.
Read more →
Manage users
Single sign-on
Authenticate to Tailscale with Google, Microsoft AD, GitHub, Okta, OneLogin, or passkeys.
Read more →
Custom OIDC providers
Use a custom OIDC provider to authenticate to your tailnet.
Read more →
User & group provisioning
Sync user attributes and push groups from SCIM-integrated identity providers for use in ACLs.
Read more →
User approval Beta
Require new users to be approved before they can access a network.
Read more →
Key expiry
Require users to re-authenticate regularly.
Read more →
Manage devices
Device approval
Require new devices to be approved before they can access a network.
Read more →
Tailnet lock Beta
Require nodes to verify public keys distributed by the Tailscale coordination server before trusting them on your
tailnet.
Read more →
Monitor & log events
Configuration audit logging
Identify who did what, and when, in your tailnet.
Read more →
Network flow logs
Understand which nodes connected to which other nodes, and when, in your tailnet.
Read more →
Log streaming
Stream configuration or network flow logs into a security information and event management
(SIEM) system.
Read more →
SSH session recording Beta
Capture and stream terminal sessions over Tailscale SSH for analysis or storage.
Read more →
Webhooks
Subscribe to events on your Tailscale network and process the notifications through an integration.
Read more →
Interfaces
Desktop & mobile clients
Use native clients for Linux, Windows, macOS, iOS, Android, and more.
Download Tailscale →
Admin console UI
Manage users, nodes, permissions, and DNS settings for your tailnet.
Go to admin console →
CLI
Manage devices and troubleshoot issues.
Read more →
API
Manage your network’s devices, ACLs, DNS settings, and more.
Read more →
Infrastructure as code
Configure your tailnet using Terraform or Pulumi.
Read more →