Authorizing the Tailscale system extension on macOS
When launching Tailscale for the first time on your Mac, you may be presented with one or more of the following warnings.
The above messages indicate that Tailscale launched successfully. However, granting permission to install the Tailscale system extension is necessary before Tailscale can connect your Mac to the network.
System extensions are a macOS technology used by Tailscale to extend the networking features of your Mac. For further information on system extensions, see below.
Configuration steps
The steps for granting permission to install the Tailscale extension will vary depending on the version of macOS you are using.
macOS 15 Sequoia and later
- Go to System Settings and open the General tab.
- In the Log Items & Extensions section, select the minus
-
button. - In the Network Extensions dialog, toggle IPNExtension to on, then authorize the operation using Touch ID, or by providing an administrator password.
- Select Done. If a window appears asking to install a VPN configuration, choose Allow.
Tailscale will begin connecting. If you have never logged into Tailscale before, you'll have to log in by using the Tailscale menu bar item at the top right of your screen.
macOS 14 Sonoma and earlier
- Go to System Settings and open the Privacy & Security tab.
- Scroll down the list of options until you reveal the message System software from application "Tailscale.app" was blocked from loading., and select Allow.
- Authorize the operation using Touch ID, or by providing an administrator password. If a window appears asking to install a VPN configuration, choose Allow.
Tailscale will begin connecting. If you have never logged into Tailscale before, you'll have to log in by using the Tailscale menu bar item at the top right of your screen.
What is a system extension?
You might wonder why this is necessary. Behind the scenes, the Standalone variant of Tailscale for macOS uses a technology introduced in macOS 10.15 called System Extensions.
System extensions represent a safer replacement for the legacy Kernel Extensions technology used by many security and networking tools in previous versions of macOS. They run within a sandbox, meaning that Tailscale runs isolated from the operating system kernel in your Mac. This can provide additional security guarantees. Additionally, system extensions can be distributed outside the Mac App Store. This allows us to provide a variant of Tailscale which doesn't depend on Apple for distribution.
Because system extensions are shared with other users of your Mac, explicit consent is required before they can be installed.
Automate this process for your users
If you are a system administrator managing a fleet of Macs, you can use a mobile device management (MDM) solution to automatically pre-approve the Tailscale system extension. See the MDM documentation for further details.