Features

Tailscale offers many features to achieve different needs for your network. Features may be available in different release stages.

Route traffic

Split DNS

Use a DNS server only for specific domains, e.g., for reaching SaaS applications.
Read more →

MagicDNS

Access devices using short hostnames, like http://dashboard.
Read more →

Search Domains

Set custom DNS search domains in your tailnet.
Read more →

Subnet routers

Reach devices on which you can’t install Tailscale: embedded devices, VPC peering, and incremental rollouts.
Read more →

Subnet router failover Beta

Multiple routers for the same subnet.
Read more →

4via6 subnet routers Alpha

Unambiguous and unique IPv6 address for each overlapping subnet.
Read more →

Exit nodes

Route all traffic through a specific device.
Read more →

Manage access

Access Control Lists (ACLs)

Write RBAC policies based on users and nodes, not IP addresses.
Read more →

ACL tests

Test ACLs to avoid unnecessary exposure on your network.
Read more →

GitOps for ACLs

Use a GitOps workflow for version control of ACLs.
Read more →

User roles

Assign Admin roles for separation of duties in your network.
Read more →

Set up servers

ACL tags

Tag servers based on their purpose and use these as part of access control.
Read more →

Auth keys

Authenticate servers and ephemeral nodes like containers to your network.
Read more →

OAuth clients

Provide delegated fine-grained access to the Tailscale API.
Read more →

Tailscale SSH Beta

Authenticate and encrypt SSH connections in your network using Tailscale node keys instead of SSH keys.
Read more →

Tailscale SSH Console Beta

Create a browser-based SSH session from the admin console to a node on your Tailscale network.
Read more →

Tailscale Funnel Beta

Route traffic from the wider Internet to your Tailscale nodes.
Read more →

Share devices with users outside of your network, like a partner or customer.
Read more →

Taildrop Alpha

Send files between your devices.
Read more →

Services Alpha

Collect and display information about services running on your network.
Read more →

HTTPS certificates Beta

Allow users to provision TLS certificates for their devices.
Read more →

tsnet

Embed Tailscale inside of a Go program.
Read more →

Kubernetes operator Beta

Provide full ingress and egress connectivity from Kubernetes clusters to non-Kubernetes resources.
Read more →

Manage users

Single sign-on

Authenticate to Tailscale with Google, Microsoft AD, GitHub, Okta, OneLogin, or passkeys.
Read more →

Custom OIDC providers

Use a custom OIDC provider to authenticate to your tailnet.
Read more →

User & group provisioning

Sync user attributes and push groups from SCIM-integrated identity providers for use in ACLs.
Read more →

User approval Beta

Require new users to be approved before they can access a network.
Read more →

Key expiry

Require users to re-authenticate regularly.
Read more →

Manage devices

Device approval

Require new devices to be approved before they can access a network.
Read more →

Tailnet lock Beta

Require nodes to verify public keys distributed by the Tailscale coordination server before trusting them on your tailnet.
Read more →

Monitor & log events

Configuration audit logging

Identify who did what, and when, in your tailnet.
Read more →

Network flow logs

Understand which nodes connected to which other nodes, and when, in your tailnet.
Read more →

Log streaming

Stream configuration or network flow logs into a security information and event management (SIEM) system.
Read more →

SSH session recording Beta

Capture and stream terminal sessions over Tailscale SSH for analysis or storage.
Read more →

Webhooks

Subscribe to events on your Tailscale network and process the notifications through an integration.
Read more →

Interfaces

Desktop & mobile clients

Use native clients for Linux, Windows, macOS, iOS, Android, and more.
Download Tailscale →

Admin console UI

Manage users, nodes, permissions, and DNS settings for your tailnet.
Go to admin console →

Features

On This Page