Admin

• AWS EC2 with subnet routes

  Recent versions of Tailscale work fine even when nodes are placed behind an Amazon Managed NAT Gateway. However, because...

• Inviting others to your network

  Tailscale networks are based on your email address domain name. If you signed up as david@example.com , only users with...

• How Tailscale assigns IP addresses

  Tailscale makes it easy to connect to your network by providing you with a consistent IP address for each node (a device...

• Machine certificates and device management

  Note To keep Tailscale easy for new users, manual and rule-based approval/rejection of machine certificates is disabled...

• RBAC, ABAC, ACLs, and network security policies

  Access control lists (ACLs) restrict who can access which nodes on your network. ACLs can be defined in the admin console...

• DNS in Tailscale

  Many people have requested a feature to have Tailscale automatically register DNS names for nodes in your network, to make...

• Connecting to external services with IP block lists via Tailscale

  If you’re migrating from a traditional office networks or a centralized VPN concentrator, you might find you have...

• Key Expiry

  As a security feature, users need to periodically reauthenticate on each of their devices. The default expiration period...

• Testing your connection

  Try these steps to check if your connection is working. hello.ipn.dev (IRC test server) You don’t need two endpoints...

• Subnet routes and relay nodes

  The simplest way to install Tailscale is to run a copy on every client and server machine or VM in your organization. That...

• About WireGuard

  WireGuard® is a modern and fast encrypted networking protocol that offers a number of performance benefits over traditional...

• Beta features: ACL tags, subnet ACLs, and pre-authenticated keys

  Note These features are in beta and are only expected to work in Tailscale 0.98-120 and later. You may need to be using...