Say goodbye to your legacy VPNMake the switch to Tailscale
Get started
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.

Zero trust networking

Authorize, authenticate, and verify every interaction on your network

A Tailscale network connecting a variety of cloud providers together

Trusted by 9,000+ companies like these

Zero Trust with Tailscale

Zero Trust with Tailscale applies the same rigors designed for remote workers and devices to campus-based users and devices, ensuring that everyone has increased security and a consistent user experience.

Tailscale's policy engine

Least-privileged access by default

ACL file alongside a flow chart showing which types of users can access which tagged resources
git branch icon

Tailscale’s adaptive policy engine operates in least-privileged mode by default, which allows organizations to start with a ‘trust nothing, verify everything’ posture.

Create human-readable policies to determine which users, roles, or groups can access, which nodes on your Tailscale network. Even include tests that confirm the correct policy behavior.

Use GitOps to manage policy, use the Tailscale API for more complex automations, or manage Tailscale with Infrastructure as Code (IaC) tools.

Embed application capabilities in the policy engine by writing policies that grant access to actions within an application, regardless of Tailscale's awareness of those capabilities.

Easy connectivity, regardless of your networking stack

text

Connect resources across SaaS, PaaS, IaaS, sites, internal resources, legacy hardware, service mesh, applications, and even home networks. You can also onboard VPCs and external SaaS applications, or make your internal apps Tailscale-aware.

Tailscale logo connecting to various cloud environments

Segment your Tailscale network in granular ways, across teams, offices, departments, resource types, and more. Assign tags for easy policy enforcement.

Scale globally and stay performant with high availability across complex networks.

Bolster your organization’s security posture

Two user groups attempting to connect to the network, while ACL policies enforce access rules
Refresh icon

Tailscale implements continuous verification with machine and user identity built into every single request. So, you can secure your workforce and devices — no matter where they are.

Tailscale supports nearly all identity providers your organization uses, including Okta, Google, Apple, GitHub, Entra ID, passkeys, and more via custom OIDC. The groups you sync from these providers can have policies applied to them, ensuring changes only need to be reflected in one place.

Use device approval features to ensure only trusted devices ever enter the network. Tailscale’s device posture management helps your team ensure that devices inform Tailscale of their state and telemetry, so you can use device posture scores to drive policy decisions.

Migrate to zero trust progressively

Upward chart icon

With Tailscale, universal zero trust can be implemented iteratively, across every resource in the organization, with a consistent user experience no matter where an employee is, an easy-to-manage control plane, all at a price point designed for teams of all sizes.

Tailscale's admin console showing the Machines tab alongside a flow chart showing which user groups can access which devices

Get these features and more with Tailscale

App window icon

Use this drop-in replacement to manage & record shell access into any linux machine without needing to share or manage keys.

Stylized wrench icon

Quickly route traffic to & from Kubernetes clusters to your Tailnet while keeping services and the control plane off the public internet.

Subnet router icon

Establish connectivity to entire VPCs or devices where Tailscale can't be installed.

Left and right angle brackets icon

Easily deploy Tailscale into cloud and on-prem environments via your IaC provider of choice, including: Terraform, Pulumi, and Ansible.

Git branch icon

Easily modify and rollback JSON based network configuration directly from GitHub or GitLab.

Two diagonal arrows pointing at each other

Using a global network of servers, Tailscale facilitates direct device-to-device connections across a wide range of NAT gateways.

Stylized silhouette of a person next to a checkmark

Use SSO & MFA from a wide array of supported IdPs to authenticate users onto any Tailnet.

Activity icon

Natively stream network flow and configuration audit logs to popular SIEM providers.

Failover icon

Get case-sensitive keys and secrets from Tailscale: API access tokens, Auth keys, OAuth clients, SCIM API keys, Webhook secrets and more.


Pricing that works for everyone

Personal

For individuals who want to securely connect personal devices, for free.

$0per active user/month
Get started free
Starter

For teams or organizations looking for an easy-to-use, secure, legacy VPN replacement.

$6per active user/month
Get started free
Premium

For companies who need service and resource level authentication and access control.

$18per active user/month
Get started free
Enterprise

For companies who need advanced integrations, compliance and support for access control at scale.