Admin

• About WireGuard

  WireGuard® is a modern and fast encrypted networking protocol that offers a number of performance benefits over traditional VPNs and TLS. Among …

• ACLs, ABAC, RBAC, and network security policies

  Access control lists (ACLs) restrict who can access which nodes on your network. ACLs can be defined in the admin console. Our Solo and …

• Block incoming connections

  This feature is available on Windows, Mac, and Linux for Tailscale v0.98.197 and up. If you don’t see this option, you may need to update …

• Connecting to external services with IP block lists via Tailscale

  If you’re migrating from a traditional office networks or a centralized VPN concentrator, you might find you have external servers that …

• Device authorization

  Device authorization is a feature that allows Tailscale network administrators to review and approve new devices before they can join the …

• DNS in Tailscale

  By default, Tailscale provides each device with a unique, stable IP address. However, IP addresses aren’t very memorable, and can be …

• Enable multi-factor auth (MFA)

  Tailscale relies on your existing identity provider to authenticate users. Any authentication settings from your identity provider are …

• Exit Nodes

  Exit nodes are a feature available in Tailscale v1.6 or greater. Exit nodes will have no effect on older versions. Update to v1.6 to use exit …

• How Tailscale assigns IP addresses

  Tailscale makes it easy to connect to your network by providing you with a stable IP address for each node (a device or a server). These …

• Inviting others to your network

  Tailscale networks are based on your email address domain name. If you signed up as david@example.com, only users with an @example.com email …

• Key Expiry

  As a security feature, users need to periodically reauthenticate on each of their devices. The default expiration period depends on your domain …

• Machine certificates and device management

  The mechanism by which nodes can join a domain is enforced by machine certificates. When a new device tries to join the Tailscale network, we …

• Machine names

  On Tailscale, machines are distinguishable by a 100.x.y.z IP address, and by a machine name. The machine name, shown throughout the admin panel …

• Magic DNS

  Magic DNS automatically registers DNS names for devices in your network. If you add a new webserver called my-server to your network, you no …

• Pre-authentication keys

  Pre-authentication keys (“auth keys”) allow you to register new nodes without doing an interactive login. This is most useful when …

• Services

  Tailscale’s services feature allows you to monitor and easily connect to the services running on machines in your Tailscale network. …

• Sharing

  Sharing lets you give another Tailscale user access to a private device within your network, without exposing it publicly. This can be helpful …

• Subnet routes and relay nodes

  Tailscale works best when you install Tailscale on every client, server, or VM in your organization. That way, traffic is end-to-end encrypted, …

• Tailscale API

  Tailscale offers an API to let you automate various aspects of your network. Authentication Requests to the API are authenticated via an API Key, …

• Tailscale CLI

  Tailscale ships with a built-in CLI that you can use to get information about your network and troubleshoot issues. Using the CLI Commands up …