Get started
© 2024

IP pool

By default, Tailscale assigns IPv4 addresses to nodes on your tailnet from the CGNAT range. This is a private IP range not used on the public internet.

For corporate networks that use parts of the same range for other purposes, you can configure Tailscale to use a specific smaller subset of the CGNAT range.

To do this, you can configure an "IP pool" in your tailnet policy file.

IP pool is currently in beta.

This is done using a node attribute that specifies an ipPool:

        "acls": ["..."],
        "nodeAttrs": [
                "target": ["autogroup:admin"],
                "ipPool": [""],
                "target": ["group:dev"],
                "ipPool": [""],

With this node attribute set, all new nodes managed by admins in your tailnet will be assigned an IP from the range:, whereas nodes managed by members of group:dev will be assigned an IP from a subset from the range:

You can also change the IPv4 address of a node at any time by an admin in your tailnet.

IPv4 Edit Dialog