Authorizing the Tailscale System Extension on macOS

When launching Tailscale for the first time on your Mac, you may be presented with one or more of the following warnings.

A screenshot of the macOS system extension warning
A screenshot of the system extension warning in Tailscale
A screenshot of the system extension warning in the Tailscale menu

The above messages indicate that Tailscale launched successfully. However, granting permission to install the Tailscale system extension is necessary before Tailscale can connect your Mac to the network.

System extensions are a macOS technology used by Tailscale to extend the networking features of your Mac. For further information on system extensions, see below.

Configuration steps

  1. Open the System Settings app on your Mac, or click on the Open Settings button in the warning that appeared.

  2. Go to the Privacy & Security tab, if it isn’t already opened.

    A screenshot of the System Settings app in macOS, showing the Privacy & Security tab
  3. Scroll down the list of options until you reveal the message System software from application “Tailscale.app” was blocked from loading., and click on Allow.

    A screenshot of the System Settings app in macOS, showing the Privacy & Security tab scrolled down to the Tailscale privacy settings
  4. Authorize the operation using Touch ID, or by providing an administrator password.

    A screenshot of the prompt asking the user to allow installing the system extension with credentials
  5. If a window appears asking to install a VPN configuration, choose Allow.

    A screenshot of the prompt asking the user to allow installing a VPN configuration
  6. Tailscale will begin connecting. If you have never logged into Tailscale before, you’ll have to log in by using the Tailscale menu bar item at the top right of your screen.

What is a system extension?

You might wonder why this is necessary. Behind the scenes, the Standalone variant of Tailscale for macOS uses a technology introduced in macOS 10.15 called System Extensions.

System extensions represent a safer replacement for the legacy Kernel Extensions technology used by many security and networking tools in previous versions of macOS. They run within a sandbox, meaning that Tailscale runs isolated from the operating system kernel in your Mac. This can provide additional security guarantees. Additionally, system extensions can be distributed outside the Mac App Store. This allows us to provide a variant of Tailscale which doesn’t depend on Apple for distribution.

Because system extensions are shared with other users of your Mac, explicit consent is required before they can be installed.

Automate this process for your users

If you are a system administrator managing a fleet of Macs, you can use a mobile device management (MDM) solution to automatically pre-approve the Tailscale system extension. See the MDM documentation for further details.