Admin
-
Magic DNS
Magic DNS automatically registers DNS names for devices in your network. For example, when you add a new webserver called...
-
Machine names
On Tailscale, machines are distinguishable by a 100.x.y.z IP address, and by a machine name . The machine name , shown...
-
About WireGuard
WireGuard® is a modern and fast encrypted networking protocol that offers a number of performance benefits over traditional...
-
Testing your connection
Try these steps to check if your connection is working. hello.ipn.dev (IRC test server) You don’t need two endpoints...
-
Pre-authentication keys
Pre-authentication keys (“auth keys”) allow you to register new nodes without doing an interactive login. This...
-
Enable multi-factor auth (MFA)
Tailscale relies on your existing identity provider to authenticate users. Any authentication settings from your identity...
-
Block incoming connections
Note This feature is available on Windows, Mac, and Linux for Tailscale v0.98.197 and up. If you don’t see this...
-
Connecting to external services with IP block lists via Tailscale
If you’re migrating from a traditional office networks or a centralized VPN concentrator, you might find you have...
-
Sharing
Sharing lets you give another Tailscale user access to a private device within your network, without exposing it publicly...
-
Inviting others to your network
Tailscale networks are based on your email address domain name. If you signed up as david@example.com , only users with...
-
AWS EC2 with subnet routes
Recent versions of Tailscale work fine even when nodes are placed behind an Amazon Managed NAT Gateway. However, because...
-
Machine certificates and device management
Note To keep Tailscale easy for new users, manual and rule-based approval/rejection of machine certificates is disabled...
-
Tailscale CLI
Tailscale ships with a built-in CLI that you can use to get information about your network and troubleshoot issues...
-
Subnet routes and relay nodes
Tailscale works best when you install Tailscale on every client, server, or VM in your organization. That way, traffic is...
-
ACLs, ABAC, RBAC, and network security policies
Access control lists (ACLs) restrict who can access which nodes on your network. ACLs can be defined in the admin console...
-
How Tailscale assigns IP addresses
Tailscale makes it easy to connect to your network by providing you with a stable IP address for each node (a device or...
-
DNS in Tailscale
By default, Tailscale provides each device with a unique, stable IP address. However, IP addresses aren’t very memorable...
-
Key Expiry
As a security feature, users need to periodically reauthenticate on each of their devices. The default expiration period...