Admin

  • About WireGuard and 2FA/MFA login

    WireGuard® is a modern and fast encrypted networking protocol that offers a number of performance benefits over traditional VPNs and TLS. Among …

  • Auth keys

    Pre-authentication keys (“auth keys” for short) let you register new nodes without needing to sign in via a web browser. This is most …

  • Block incoming connections

    This feature is available on Windows, Mac, and Linux for Tailscale v0.98.197 and up. If you don’t see this option, you may need to update …

  • Connecting to external services with IP block lists via Tailscale

    If you’re migrating from a traditional office networks or a centralized VPN concentrator, you might find you have external servers that …

  • Custom DERP Servers

    Tailscale runs DERP relays distributed around the world to link your Tailscale nodes peer-to-peer as a side channel during NAT traversal, and as …

  • Device authorization

    Device authorization is a feature that allows Tailscale network administrators to review and approve new devices before they can join the …

  • DNS in Tailscale

    Tailscale provides each device on your network with a unique IP address that stays the same no matter where your devices are. However, IP …

  • Enable two-factor and multi-factor auth (2FA/MFA)

    Tailscale relies on your existing identity provider to authenticate users. Any authentication settings from your identity provider are …

  • Enabling HTTPS

    Connections between Tailscale nodes are secured with end-to-end encryption. Browsers, web APIs, and products like Visual Studio Code are not …

  • Ephemeral nodes

    Ephemeral nodes make it easier to connect and then clean up short-lived devices such as containers, cloud functions, or CI/CD systems that spin …

  • Exit Nodes (route all traffic)

    Exit nodes capture all your network traffic, which is often not what you want. To configure Tailscale to only route certain subnets (the more …

  • How Tailscale assigns IP addresses

    Tailscale makes it easy to connect to your network by providing you with a stable IP address for each node (a device or a server). These …

  • Inviting others to your network

    Tailscale networks are based on your email address domain name. If you signed up as [email protected], only users with an @example.com email …

  • Key Expiry

    As a security feature, users need to periodically reauthenticate on each of their devices. The default expiration period depends on your domain …

  • Machine certificates and device management

    The mechanism by which nodes can join a domain is enforced by machine certificates. When a new device tries to join the Tailscale network, we …

  • Machine names

    On Tailscale, machines are distinguishable by a 100.x.y.z IP address, and by a machine name. The machine name, shown throughout the admin console …

  • MagicDNS

    MagicDNS automatically registers DNS names for devices in your network. If you add a new webserver called my-server to your network, you no …

  • Network access controls (ACLs)

    Tailscale supports network access control rules, sometimes called ACLs. ACLs let you precisely define what a particular user or device is …

  • Removing users

    You can remove users who should no longer be on your network in the admin console. If you want to delete your account, contact Support. Removing …

  • Server role accounts with ACL tags

    Tags let you assign an identity to a device that is separate from human users. This is most useful when adding servers to your Tailscale network: …

  • Sharing your nodes with other users

    Sharing lets you give another Tailscale user access to a private device within your network, without exposing it publicly. This can be helpful …

  • Subnet router failover

    When using subnet routers in large networks, you may want to provide a failover subnet router (also called a HA subnet router or …

  • Subnet routers and traffic relay nodes

    Tailscale works best when the client app is installed directly on every client, server, and VM in your organization. That way, traffic is …

  • Taildrop (alpha)

    Taildrop is a feature that makes it easy to send files between your personal devices on a Tailscale network. Like all traffic sent over …

  • Tailscale API

    Tailscale offers an API to let you automate various aspects of your network. You can find documentation for the API on GitHub → Authentication …

  • Tailscale CLI

    Tailscale ships with a built-in CLI that you can use to get information about your Tailscale+WireGuard® network and troubleshoot issues. Using …

  • User roles

    This topic covers how to understand and manage access to your Tailscale account, including modifying or configuring Tailscale settings. To …

  • Userspace networking mode (for containers)

    Userspace Networking mode allows running Tailscale where you don’t have access to create a VPN tunnel device. This often happens in …

  • Viewing the list of services on your network

    Tailscale’s services feature allows you to monitor and easily connect to the services running on machines in your Tailscale network. The …

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2021 Tailscale Inc.

Privacy & Terms