Tailscale offers many features to achieve different needs for your network. Features may be available in different release stages.

Route traffic

Subnet routers

Reach devices on which you can’t install Tailscale: embedded devices, VPC peering, and incremental rollouts.
Read more →

Subnet router failover Beta

Multiple routers for the same subnet.
Read more →

4via6 subnet routers Alpha

Unambiguous and unique IPv6 address for each overlapping subnet.
Read more →

Exit nodes

Route all traffic through a specific device.
Read more →

Auto Approvers Beta

Authorize users to advertise subnet routes and exit nodes without further approval.
Read more →

Split DNS

Use a DNS server only for specific domains, e.g., for reaching SaaS applications.
Read more →


Access devices using short hostnames, like http://dashboard.
Read more →

Tailscale Funnel Alpha

Route traffic from the wider Internet to your Tailscale nodes.
Read more →

Set up servers

ACL tags

Tag servers based on their purpose and use these as part of access control.
Read more →

Auth keys

Authenticate servers and ephemeral nodes like containers to your network.
Read more →

Tailscale SSH Beta

Authenticate and encrypt SSH connections in your network using Tailscale node keys instead of SSH keys.
Read more →

Tailscale SSH Console Beta

Create a browser-based SSH session from the admin console to a node on your Tailscale network.
Read more →

HTTPS certificates Beta

Allow users to provision TLS certificates for their devices.
Read more →

Access and share services

Services Alpha

Collect and display information about services running on your network.
Read more →

Node sharing Beta

Share devices with users outside of your network, like a partner or customer.
Read more →

Taildrop Alpha

Send files between your devices.
Read more →

Restrict access

Access Control Lists (ACLs)

Write RBAC policies based on users and nodes, not IP addresses.
Read more →

Configuration audit logging

Identify who did what, and when, in your tailnet.
Read more →

Device authorization

Require new devices to be approved before they can access a network.
Read more →

User roles

Assign Admin roles for separation of duties in your network.
Read more →

Supported SSO providers

Authenticate to Tailscale with Google, Microsoft AD, GitHub, Okta, or OneLogin.
Read more →

User & group provisioning for Okta

Sync user attributes and push groups from Okta for use in ACLs using SCIM.
Read more →


Subscribe to events on your Tailscale network and process the notifications through an integration.
Read more →

Tailnet lock Alpha

Require nodes to verify public keys distributed by the Tailscale coordination server before trusting them on your tailnet.
Read more →

OAuth clients Beta

Provide delegated fine-grained access to the Tailscale API.
Read more →

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2023 Tailscale Inc.

Privacy & Terms