IP pool
By default, Tailscale assigns IPv4 addresses to nodes in your tailnet from the 100.64.0.0/10 CGNAT range. This is a private IP range not used on the public internet.
The following IP ranges are reserved by Tailscale, and cannot be used in IP Pools:
- 100.100.0.0/24
- 100.100.100.0/24
- 100.115.92.0/23
For corporate networks that use parts of the same range for other purposes, you can configure Tailscale to use a specific smaller subset of the CGNAT range.
To do this, you can configure an "IP pool" in your tailnet policy file.
This is done using a node attribute that specifies an ipPool:
{
"acls": ["..."],
"nodeAttrs": [
{
"target": ["autogroup:admin"],
"ipPool": ["100.81.0.0/16"],
},
{
"target": ["group:dev"],
"ipPool": ["100.85.0.0/16"],
},
],
}
With this node attribute set, all new nodes managed by admins in your tailnet will be assigned an IP
from the range: 100.81.0.0/16, whereas nodes managed by members of group:dev will be assigned an IP from a subset
from the range: 100.85.0.0/16.
You can also change the IPv4 address of a node at any time by an admin in your tailnet.
