Connect to devices

Tailscale automatically assigns each device on your network a unique Tailscale IP address and MagicDNS name so that you can establish stable connections between devices anywhere in the world, even if they're behind a firewall or change networks. This guide covers connecting to devices in your tailnet after you've installed Tailscale on two or more devices.

Prerequisites

• Tailscale installed on at least two devices.
• Access control rules that allow the devices to connect. If you're using the default ACL rules, all connections will be allowed between any device in your tailnet.
• At least one service running on one of the devices.

Connect to devices in your tailnet

To connect to another device in your tailnet:

1. Identify the device to connect to.
2. Make sure the device is running a service you can access.
3. Connect to the service.

Identify your devices

Open the Machines page of the admin console. You'll find a list of all devices in your tailnet, along with their hostnames (device names) and Tailscale IP addresses.

Ensure services are running

Remember, you can only connect to services running on your devices. Common services include:

• SSH (usually on port 22)
  You can also use Tailscale SSH.
• Web servers (often on port 80 or 443)
• File sharing services (such as SFTP)
• Remote access tools (such as RDP)

Ensure the service you want to access runs on the target device. You can do so by checking the Services page of the admin console, or by confirming the service is running on the destination device.

Connect to a service

To connect to a service on a device in your tailnet:

• Use the device name or Tailscale IP address of the target device.
• Specify the port of the service you're trying to access.

For example, if you want to SSH into a device with the MagicDNS name dev-build-server, you can use the following command in a terminal emulator:

ssh username@dev-build-server

Visit the following topics to learn more about connecting to different types of services:

• Connect to a database.
• Connect to a Windows server using RDP.
• Connect to a cloud server.
• Connect to a remote development environment.
• Connect to a network attached storage (NAS).

Troubleshooting

If you can't connect to a service:

• Check if you can reach the device using tailscale ping.
• Verify that you're using the correct connection information.
• Ensure the service is running on the target device at the expected port number.
• Check if any firewalls (including the built-in firewall on the target device) are blocking the connection.
• Ensure that your tailnet policy file doesn’t contain any grants or ACLs that prevent a connection between the two devices.
• Visit troubleshooting device connectivity.

Advanced topics

The following sections cover other ways you can manage connections to devices in your tailnet.

Access control

When you create a tailnet, Tailscale automatically applies a default access control policy that allows you to connect to all devices you own. You can customize access control policies (such as ACLs or grants) in the tailnet policy file to create policies that control how devices in your tailnet connect to each other and other devices on the internet.

Tailscale SSH

Tailscale offers a built-in SSH feature that extends and simplifies SSH connections between your devices. When enabled, Tailscale SSH manages the authentication and authorization of SSH connections in your tailnet, letting you add additional security checks and providing a web console interface.

Sharing devices

You can share devices or specific services with other Tailscale users, allowing collaboration while maintaining security.

Routing

You can configure a device to route outbound traffic by running it as an exit node or inbound traffic by running it as a subnet router. Using a device as a subnet router lets you access devices without installing the Tailscale client.