Docs →

Admin

  • Magic DNS

    Magic DNS automatically registers DNS names for devices in your network. For example, when you add a new webserver called...

  • About WireGuard

    WireGuard® is a modern and fast encrypted networking protocol that offers a number of performance benefits over traditional...

  • Testing your connection

    Try these steps to check if your connection is working. hello.ipn.dev (IRC test server) You don’t need two endpoints...

  • Enable multi-factor auth (MFA)

    Tailscale relies on your existing identity provider to authenticate users. Any authentication settings from your identity...

  • Block incoming connections

    Note This feature is available on Windows, Mac, and Linux for Tailscale v0.98.197 and up. If you don’t see this...

  • Connecting to external services with IP block lists via Tailscale

    If you’re migrating from a traditional office networks or a centralized VPN concentrator, you might find you have...

  • Beta features: ACL tags, subnet ACLs, and pre-authenticated keys

    Note These features are in beta. Please let us know how these features work for you. ACL Tags In Tailscale&rsquo...

  • Inviting others to your network

    Tailscale networks are based on your email address domain name. If you signed up as david@example.com , only users with...

  • AWS EC2 with subnet routes

    Recent versions of Tailscale work fine even when nodes are placed behind an Amazon Managed NAT Gateway. However, because...

  • Machine certificates and device management

    Note To keep Tailscale easy for new users, manual and rule-based approval/rejection of machine certificates is disabled...

  • Tailscale CLI

    Tailscale ships with a built-in CLI that you can use to get information about your network and troubleshoot issues...

  • Subnet routes and relay nodes

    The simplest way to install Tailscale is to run a copy on every client and server machine or VM in your organization. That...

  • ACLs, ABAC, RBAC, and network security policies

    Access control lists (ACLs) restrict who can access which nodes on your network. ACLs can be defined in the admin console...

  • How Tailscale assigns IP addresses

    Tailscale makes it easy to connect to your network by providing you with a stable IP address for each node (a device or...

  • DNS in Tailscale

    By default, Tailscale provides each device with a unique, stable IP address. However, IP addresses aren’t very memorable...

  • Key Expiry

    As a security feature, users need to periodically reauthenticate on each of their devices. The default expiration period...