Features
Last validated:
Access control
Understand the options available for access control in Tailscale.
Customize Tailscale using system policies
A list of configuration keys you can use to customize the Tailscale client using system policies, including MDM.
Device posture management
Use device posture for enforcing device rules in your tailnet.
Ephemeral nodes
Use ephemeral nodes in Tailscale for managing short-lived devices like containers and CI/CD systems.
Exit nodes (route all traffic)
Route all internet traffic through a specific device on your network.
Firewall mode in tailscaled
Understand the different firewall modes supported by Tailscale on Linux devices.
Group devices with tags
Use Tailscale tags to authenticate and identify non-user devices, such as a server.
How app connectors work
Route SasS application traffic in your tailnet using app connectors.
Kubernetes operator
Expose your Kubernetes cluster to your Tailscale network.
Logging overview
Understand Tailscale's logging infrastructure.
macOS and iOS shortcuts
Understand how Tailscale works with the Shortcuts app, allowing you to automate tasks.
MagicDNS
Find out how to automatically register DNS names for devices in your Tailscale network.
Manage multiple tailnets
Manage multiple tailnets under a single organization.
OAuth clients
Use OAuth clients to provide ongoing access to the Tailscale API.
Secure node state storage
Encrypt Tailscale node state at rest.
Share your machines with other users
Give a Tailscale user on another tailnet access to a private machine within your tailnet, without exposing the machine publicly.
Site-to-site networking
Connect two subnets in your tailnet with each other.
Subnet routers
Use subnet routers to give devices outside your local network access to services within specific subnets. Extend your private network with Tailscale.
Taildrive
Share folders securely between devices on your Tailscale network.
Taildrop
Send files between your personal devices on a Tailscale network.
Tailnet Lock
Ensure that no node joins your tailnet unless trusted nodes in your tailnet sign the new node.
Tailnet policy file
Understand the tailnet policy file.
Tailscale Funnel
Securely route internet traffic to local services using Tailscale Funnel.
Tailscale Peer Relays
Use Tailscale Peer Relays for client-to-client connections when direct connections aren't possible.
Tailscale Serve
Explore the Tailscale Serve service.
Tailscale Services
Securely connect to and manage access to your internal resources using Tailscale Services.
Tailscale SSH
Use Tailscale SSH to manage the authentication and authorization of SSH connections in your tailnet.
tsidp
Use tsidp to secure any service that supports OIDC/OAuth with no additional login while on a tailnet, including self-hosted apps like Grafana and MCP servers.
tsnet
Use the tsnet package to embed Tailscale inside a Go program.
Use device posture for just-in-time access
Use device posture for just-in-time access to resources in your tailnet.
User & group provisioning
Learn about the System for Cross-domain Identity Management (SCIM) identity providers that Tailscale supports.
Viewing the list of endpoints on your network
Find out how to monitor and easily connect to the endpoints running on machines in your Tailscale network.
Visual policy editor
Update your tailnet policy file with the visual policy editor.
Webhooks
Set up a webhook to receive notification of events on your Tailscale network.
Workload identity federation
Use federated OIDC workload identities from third-party providers to authenticate requests to the Tailscale API.