Say goodbye to your legacy VPNMake the switch to Tailscale
Get started
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.
Zero Trust Networking icon

Edge & IoT Deployments

Secure, manage, and monitor IoT & edge devices

Reliably connect to thousands of devices with Tailscale’s zero trust network overlay.

IoT

Manage remote access to devices in the field, from a unified control plane

Secure resources
ACL tags
Secure resources
alt
I save a lot of time working over Tailscale. It’s so much simpler that I can now actually do other work. It’s more reliable than the other VPNs that we tried. It never crashes, and it’s always available.
Christian Waatland, Head of Network Operations at Finter
Read full story

Connect thousands of devices across the world, just like that

End-to-end encryption

Small binaries for embedded devices and wide OS support

SBC & SoC sized agents with wide OS support means every device can connect to the network. Both agent-based and agentless deployment models are supported.
Microsegmentation

Works across networks: Satellite, LTE, 5G, WiFi, etc.

Lightweight connections over Wireguard® tunnels enable resilient and low latency data transfer.
Visibility into your network

Easy NAT traversal with minimal firewall changes

Tailscale helps keep firewall ports closed and direct connections open.
Tailscale SSH session recording

Tailscale SSH

Built-in to the Tailscale Client, Tailscale SSH eliminates secrets management. With SSH session recording and time-bound access available.
Encrypted peer-to-peer connections

Peer-to-peer connections with end-to-end encryption

Modern WireGuard® encryption protocols protect data from device to data center.
ACLs

ACLs (access control lists)

Any connection on the network between user, device, or service must be explicitly authorized in access control lists (ACLs).

Everything needed to build a secure network across every device

Users

SSO with IDP

Users can authenticate using one of our supported identity providers to access the tailnet.

User & group provisioning (SCIM)

Sync users and group settings from one of our supported IdPs to keep ACLs up-to-date.

On-demand access

Partner integrations allow administrators to provide time-bound, elevated privileges for users.

Devices

Device Approval

Require devices to be approved by an administrator before joining the tailnet.

Device posture management

Collect device attributes and use them as part of connectivity rules within your Tailnet to limit access for devices that do not meet security requirements.

Policies

Access controls lists (ACLs)

Create RBAC policies to determine which users, roles, or groups can access, which nodes on your tailnet.

ACL Tests

Verify ACLs provide sufficient coverage against unnecessary exposure.

GitOps for ACLs

Manage ACLs version control within a CI/CD workflow using GitHub or GitLab.

Tailnet Lock Alpha

A predetermined trusted node must verify the trusted keys of any nodes attempting to join your tailnet.

Logging

Configuration audit logging

Surface what configuration-based actions occurred, by whom, and when.

Network flow logging

Surface what node-to-node interaction occurred, and when.

Log streaming

Natively stream configuration or network flow logs to our SIEM integration partners.

SSH session recording

Store any Tailscale SSH session recording long-term in any S3-compatible service or local disk.

Try Tailscale for free

Schedule a demo
Contact sales
cta phone
mercury
instacart
Retool
duolingo
Hugging Face