Get started
© 2024

Secure the network

Use Tailscale security features to help prevent security issues with your Tailscale network (known as a tailnet).

Manage access policy

Access control lists (ACLs) let you precisely define permissions for users and devices in your tailnet. Permissions are defined using ACL syntax and are stored in the tailnet policy file.

Learn how to use ACLs for managing access to your tailnet resources.

Manage client access

Tailscale provides features for securely accessing devices in your tailnet, and for managing the Tailscale client application.

Tailscale SSH

Use Tailscale SSH to let Tailscale manage the authentication and authorization of SSH connections for your tailnet. You can use SSH as you may have done previously, and you can optionally verify high-risk connections by using check mode.

Learn how to enable and establish Tailscale SSH connections.

HTTPS certificates

Connections between tailnet devices are end-to-end encrypted. Items such as browsers and web APIs are not aware of that, however. They can warn users or disable features based on the fact that HTTP URLs to your tailnet services look unencrypted. To provide your servers with TLS certificates, you can enable HTTPS.

Learn how to enable HTTPS certificates.

Mobile device management

If you are using a mobile device management (MDM) solution, you can apply a set of system policies across devices that are running Tailscale. These system policies can be used to customize the behavior of the Tailscale client to match the policies and use cases of your organization.

Learn how to configure Tailscale clients with an MDM solution.

Manage tailnet security

Tailscale provides features for helping secure your tailnet, including tailnet configuration.

Tailnet lock

Tailnet lock provides an additional level of security where new nodes added to your tailnet must be signed by a trusted tailnet lock key before they are allowed to connect to other nodes. Specifically, tailnet lock lets you cryptographically verify the public keys distributed by the Tailscale coordination server before trusting them for network connectivity.

Learn how to verify that no node is added to your tailnet without being signed by trusted nodes in your tailnet.


Tailscale provides recommendations for helping to secure your tailnet.

Learn about the recommendations to help secure your tailnet.

Shared responsibility

Securing a virtual private network requires both the provider and the user to share in the burden of responsibility.

Learn about the Tailscale and user responsibilities for helping secure tailnets.