Docs →

Admin

  • Magic DNS

    Magic DNS automatically registers DNS names for devices in your network. For example, when you add a new webserver called...

  • Machine names

    On Tailscale, machines are distinguishable by a 100.x.y.z IP address, and by a machine name . The machine name , shown...

  • About WireGuard

    WireGuard® is a modern and fast encrypted networking protocol that offers a number of performance benefits over traditional...

  • Testing your connection

    Try these steps to check if your connection is working. hello.ipn.dev (IRC test server) You don’t need two endpoints...

  • Pre-authentication keys

    Pre-authentication keys (“auth keys”) allow you to register new nodes without doing an interactive login. This...

  • Enable multi-factor auth (MFA)

    Tailscale relies on your existing identity provider to authenticate users. Any authentication settings from your identity...

  • Block incoming connections

    Note This feature is available on Windows, Mac, and Linux for Tailscale v0.98.197 and up. If you don’t see this...

  • Connecting to external services with IP block lists via Tailscale

    If you’re migrating from a traditional office networks or a centralized VPN concentrator, you might find you have...

  • Sharing

    Sharing lets you give another Tailscale user access to a private device within your network, without exposing it publicly...

  • Inviting others to your network

    Tailscale networks are based on your email address domain name. If you signed up as david@example.com , only users with...

  • AWS EC2 with subnet routes

    Recent versions of Tailscale work fine even when nodes are placed behind an Amazon Managed NAT Gateway. However, because...

  • Machine certificates and device management

    Note To keep Tailscale easy for new users, manual and rule-based approval/rejection of machine certificates is disabled...

  • Tailscale CLI

    Tailscale ships with a built-in CLI that you can use to get information about your network and troubleshoot issues...

  • Subnet routes and relay nodes

    Tailscale works best when you install Tailscale on every client, server, or VM in your organization. That way, traffic is...

  • ACLs, ABAC, RBAC, and network security policies

    Access control lists (ACLs) restrict who can access which nodes on your network. ACLs can be defined in the admin console...

  • How Tailscale assigns IP addresses

    Tailscale makes it easy to connect to your network by providing you with a stable IP address for each node (a device or...

  • DNS in Tailscale

    By default, Tailscale provides each device with a unique, stable IP address. However, IP addresses aren’t very memorable...

  • Key Expiry

    As a security feature, users need to periodically reauthenticate on each of their devices. The default expiration period...