IP pool

By default, Tailscale assigns IPv4 addresses to nodes on your tailnet from the CGNAT range. This is a private IP range not used on the public internet.

For corporate networks that use parts of the same range for other purposes, you can configure Tailscale to use a specific smaller subset of the CGNAT range.

To do this, you can configure an “IP pool” in your tailnet policy file.

IP pool is currently in private alpha. Therefore, this topic is currently hidden.

This is done using a node attribute that specifies an ipPool:

        "acls": ["..."],
        "nodeAttrs": [
                "target": ["*"],
                "ipPool": [""],

This configures all nodes that are added to the tailnet after the policy is put in place to use an IP address from the range, which is a subset of the CGNAT address space.


  • IP pool can currently only be used with the target *.

Last updated