Get started
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.
Zero Trust Networking icon


Secure, manage, and monitor your IoT & OT across environments and networks

Easily manage your entire fleet of devices and protect your critical infrastructure with least privilege access enforcement


Manage remote access to devices in the field from a unified control plane

Secure resources
ACL tags
Secure resources
I save a lot of time working over Tailscale. It’s so much simpler that I can now actually do other work. It’s more reliable than the other VPNs that we tried. It never crashes, and it’s always available.
Christian Waatland, Head of Network Operations at Finter
Read full story

Connect tens of thousands of devices across the world, just like that

End-to-end encryption

Small binaries for embedded devices and wide OS support

IoT-sized agents and wide OS support means all of your devices can connect to the network. Agent-based and agentless deployment models are supported.

Works across networks: Starlink, LTE, 4G, WiFi, etc

Lightweight tunnel connections over Wireguard® for low latency uploads and downloads across networks and infrastructure.
Visibility into your network

NAT traversal and minimal firewall changes

Nearly all of the time, you don’t need to reconfigure your firewalls for Tailscale.
Tailscale SSH session recording

Tailscale SSH

Built-in to the Tailscale Client, Tailscale SSH eliminates secrets management. With SSH session recording and time-bound access available.
Encrypted peer-to-peer connections

Peer-to-peer connections with end-to-end encryption

Modern WireGuard® encryption protocols protect data at rest and in transit.

ACLs (access control lists)

Any connection on the network between user, device, or service must be explicitly authorized in access control lists (ACLs).

Everything you need to build a secure network across all your assets


SSO with IDP

Users can authenticate using one of our supported identity providers to access the tailnet.

User & group provisioning (SCIM)

Sync users and group settings from one of our supported IdPs to keep ACLs up-to-date.

On-demand access

Partner integrations allow administrators to provide time-bound, elevated privileges for users.


Device Approval

Require devices to be approved by an administrator before joining the tailnet.

Device posture management

Collect device attributes and use them as part of connectivity rules within your Tailnet to limit access for devices that do not meet security requirements.


Access controls lists (ACLs)

Create RBAC policies to determine which users, roles, or groups can access, which nodes on your tailnet.

ACL Tests

Verify ACLs provide sufficient coverage against unnecessary exposure.

GitOps for ACLs

Manage ACLs version control within a CI/CD workflow using GitHub or GitLab.

Tailnet Lock Alpha

A predetermined trusted node must verify the trusted keys of any nodes attempting to join your tailnet.


Configuration audit logging

Surface what configuration-based actions occurred, by whom, and when.

Network flow logging

Surface what node-to-node interaction occurred, and when.

Log streaming

Natively stream configuration or network flow logs to our SIEM integration partners.

SSH session recording

Store any Tailscale SSH session recording long-term in any S3-compatible service or local disk.

Try Tailscale for free

Schedule a demo
Contact sales
cta phone