Features
Tailscale offers many features to achieve different needs for your network. Features may be available in different release stages.
Route traffic
Subnet routers
Reach devices on which you can’t install Tailscale: embedded devices, VPC peering, and incremental rollouts.
Read more →
Subnet router failover Beta
Multiple routers for the same subnet.
Read more →
4via6 subnet routers Alpha
Unambiguous and unique IPv6 address for each overlapping subnet.
Read more →
Exit nodes
Route all traffic through a specific device.
Read more →
Auto Approvers Beta
Authorize users to advertise subnet routes and exit nodes without further approval.
Read more →
Split DNS
Use a DNS server only for specific domains, e.g., for reaching SaaS applications.
Read more →
MagicDNS
Access devices using short hostnames, like http://dashboard
.
Read more →
Tailscale Funnel Alpha
Route traffic from the wider Internet to your Tailscale nodes.
Read more →
Set up servers
ACL tags
Tag servers based on their purpose and use these as part of access control.
Read more →
Auth keys
Authenticate servers and ephemeral nodes like containers to your network.
Read more →
Tailscale SSH Beta
Authenticate and encrypt SSH connections in your network using Tailscale node keys instead of SSH keys.
Read more →
Tailscale SSH Console Beta
Create a browser-based SSH session from the admin console to a node on your Tailscale network.
Read more →
HTTPS certificates Beta
Allow users to provision TLS certificates for their devices.
Read more →
Access and share services
Services Alpha
Collect and display information about services running on your network.
Read more →
Node sharing Beta
Share devices with users outside of your network, like a partner or customer.
Read more →
Taildrop Alpha
Send files between your devices.
Read more →
Restrict access
Access Control Lists (ACLs)
Write RBAC policies based on users and nodes, not IP addresses.
Read more →
Configuration audit logging
Identify who did what, and when, in your tailnet.
Read more →
Device authorization
Require new devices to be approved before they can access a network.
Read more →
User roles
Assign Admin roles for separation of duties in your network.
Read more →
Supported SSO providers
Authenticate to Tailscale with Google, Microsoft AD, GitHub, Okta, or OneLogin.
Read more →
User & group provisioning for Okta
Sync user attributes and push groups from Okta for use in ACLs using SCIM.
Read more →
Webhooks
Subscribe to events on your Tailscale network and process the notifications through an integration.
Read more →
Tailnet lock Alpha
Require nodes to verify public keys distributed by the Tailscale coordination server before trusting them on your
tailnet.
Read more →
OAuth clients Beta
Provide delegated fine-grained access to the Tailscale API.
Read more →