Tailscale offers many features to achieve different needs for your network. Features may be available in different release stages.

Route traffic

Subnet routers

Reach devices on which you can’t install Tailscale: embedded devices, VPC peering, and incremental rollouts.
Read more →

Subnet router failover Beta

Multiple routers for the same subnet.
Read more →

4via6 subnet routers Alpha

Unambiguous and unique IPv6 address for each overlapping subnet.
Read more →

Exit nodes

Route all traffic through a specific device.
Read more →

Auto Approvers Beta

Authorize users to advertise subnet routes and exit nodes without further approval.
Read more →

Split DNS

Use a DNS server only for specific domains, e.g., for reaching SaaS applications.
Read more →

MagicDNS Beta

Access devices using short hostnames, like http://dashboard.
Read more →

Set up servers

ACL tags

Tag servers based on their purpose and use these as part of access control.
Read more →

Auth keys

Authenticate servers and ephemeral nodes like containers to your network.
Read more →

Tailscale SSH Beta

Authenticate and encrypt SSH connections in your network using Tailscale node keys instead of SSH keys.
Read more →

HTTPS certificates Beta

Allow users to provision TLS certificates for their devices.
Read more →

Access and share services

Services Alpha

Collect and display information about services running on your network.
Read more →

Node sharing Beta

Share devices with users outside of your network, like a partner or customer.
Read more →

Taildrop Alpha

Send files between your devices.
Read more →

Restrict access

Access Control Lists (ACLs)

Write RBAC policies based on users and nodes, not IP addresses.
Read more →

Device authorization

Require new devices to be approved before they can access a network.
Read more →

User roles

Assign Admin roles for separation of duties in your network.
Read more →

Supported SSO providers

Authenticate to Tailscale with Google, Microsoft AD, GitHub, Okta, or OneLogin.
Read more →

User & group provisioning Beta

Sync user attributes and push groups from Okta for use in ACLs using SCIM.
Read more →

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2022 Tailscale Inc.

Privacy & Terms