Developing software in an IDE like CodeSandbox requires access to many on-prem or cloud resources, from package and container image registries to databases. When you’re using CodeSandbox for remote development, you’ll want to access those resources securely and with the lowest po … | Continue reading
We’re pleased to announce that configuration audit logs are now generally available for all Tailscale users. Configuration audit logs record changes made to your Tailscale network’s, or tailnet’s, configuration. If you’re an admin of a tailnet, you can access audit logs in the Lo … | Continue reading
Tailscale’s API gives you programmatic access to many of your Tailscale resources, including devices on your tailnet, access controls in your tailnet policy file, and DNS settings. Today we’re launching two improvements to how you authenticate to the Tailscale API: the ability to … | Continue reading
With Tailscale v1.36 actions can be directly triggered and automated with the Shortcuts app on iOS and macOS. We’ve added support for managing the connection state, using exit nodes, and switching between profiles. You can combine the Tailscale actions with other automations to c … | Continue reading
Traefik, the popular load balancing and reverse proxy tool, has added support for Tailscale as a certificate resolver in Traefik Proxy 3.0 beta, the latest release of its forward proxy offering. Today, one of the engineers behind this integration has published a fun deep dive int … | Continue reading
As we took a few days away from our keyboards over the holidays, we here at Tailscale also spent time reflecting on the year we had in 2022, which seemed to come and go before we knew it. It was quite a journey — and we wanted to share with you some highlights from what was a dec … | Continue reading
Our December newsletter is out a bit early as we here at Tailscale take the final days of 2022 to rest up, be festive, and reflect on the year gone by — and what a momentous year it’s been, with lots of big product updates and company news. Here are just a few highlights: We laun … | Continue reading
When setting up cloud infrastructure for your team, it often makes sense to provision sensitive services in private subnets. However, this usually means that those services are not easily accessible from your personal devices or CI/CD infrastructure. Tailscale already makes it po … | Continue reading
We’re pleased to announce that user & group provisioning for Okta is now generally available. You can sync group membership and deactivated users from Okta, and refer to a synced group as part of an access rule in your tailnet policy file. Onboarding and offboarding are two of th … | Continue reading
Today we are happy to announce that Crunchy Bridge has integrated with Tailscale to provide easy access to your database from any of your devices, wherever they are running. Crunchy Bridge is a managed Postgres product that runs your database for you on your choice of cloud. … | Continue reading
Users sometimes ask us, “How can I trust Tailscale?” From the beginning, we’ve tried to make it so you don’t have to, by architecting our infrastructure with security and privacy in mind. When you use Tailscale, your data is end-to-end encrypted. Tailscale doesn’t have the privat … | Continue reading
We made significant improvements to the throughput of wireguard-go, which is the userspace WireGuard® implementation that Tailscale uses. What this means for you: improved performance of the Tailscale client on Linux. We intend to upstream these changes to WireGuard as well. You … | Continue reading
Fast user switching has come to Tailscale! Starting in v1.34, out today, you’ll be able to quickly switch between Tailscale accounts on the same device, without re-authenticating. (We heard you.) To switch between tailnets on macOS, click on the Tailscale icon … | Continue reading
It’s been a dramatic month across the tech industry, but we have some good news: Tailscale is hiring! We’re looking for driven individuals who think differently, enjoy collaborating with highly technical remote teams, and are comfortable working asynchronously. See our open roles … | Continue reading
Today, we’re sharing golink, an open source private URL shortener service for tailnets. Using golink, you can create and share simple go/name links for commonly accessed websites, so that anyone in your network can access them no matter the device they’re on — without requiring b … | Continue reading
Last week, Tailscale hosted a three-day co-work week to prove Tailscale Runs Anywhere I Need (TRAIN) by traversing the Amtrak Coast Starlight line from Emeryville, CA to Seattle, WA. The week included a shared work day in Berkeley, an overnight on the train, a work day from the t … | Continue reading
Tailscale has recently been notified of security vulnerabilities in the Tailscale Windows client which allow a malicious website visited by a device running Tailscale to change the Tailscale daemon configuration and access information in the Tailscale local and peer APIs. To patc … | Continue reading
Tailscale lets you put all your devices on their own private tailnet so they can reach each other, ACLs permitting. Usually that’s nice and comforting, knowing that all your devices can then be isolated from the internet, without any ports needing to be open to the world. Sometim … | Continue reading
Hey everyone! The last few weeks have been something else eh? We want to make it easier for you to keep in touch with us. As such, we have created a Fediverse account on Hachyderm. Feel free to give us a follow if you want to keep up to date! We’re honored to be one of the first … | Continue reading
Tailscale lets you connect to your computers from anywhere in the world. We call this setup a virtual private network. Any device on the tailnet (our term for a Tailscale network) can connect directly to any other device on the tailnet. When you do this you can access your NAS fr … | Continue reading
Tailscale is amazing. But you already knew that, right? There’s nothing more satisfying than being able to set up a secure network in seconds, almost like magic — except maybe realizing it’s Friday when you thought it was Thursday, but I digress. Being a relatively new product, T … | Continue reading
It’s been a BIG month at Tailscale and we’re excited to share several new features with you. First off, MagicDNS is now GA (human-readable DNS names for each device in your tailnet). Speaking of DNS… have you ever wanted to run your own DNS resolver to block ads — but don’t actua … | Continue reading
Today, we’re launching a web-based SSH client: Tailscale SSH Console. | Continue reading
If you’re managing and using Tailscale along with several other users, it’s hard to keep track of what changes get made, even with audit logs. For example, another admin might make an update, or an event that you need to react to could occur — such as a node needing authorization … | Continue reading
Naming products is hard. One of Tailscale’s key features, MagicDNS, has long been a source of armchair grammar controversy. To wit: Some people think we should call it Magic DNS because Apple calls their flagship keyboard and mouse the Magic Keyboard and the Magic Mouse. | Continue reading
Tailscale automatically assigns IP addresses for every unique device in your network, giving each device an IP address no matter where it is located. We further improved on this with MagicDNS, which automatically registers a human-readable, easy-to-remember DNS name for each devi … | Continue reading
Ever wanted to run your own DNS resolver but you don’t actually want to run your own DNS resolver because running DNS is fraught with pain? | Continue reading
Understanding what changes were made to your Tailscale network, and who made them, is critical for maintaining the security and integrity of your network. That’s why we’re making it even easier for admins — and your auditors! — to review changes made to your tailnet’s configurati … | Continue reading
… But if you must, we made something that can help you do it right. | Continue reading
This month we’re making sharing nodes a rewarding experience! When you share a node with a unique user and they accept the invitation, we’ll increase the device limit on both your accounts by two. The rewards will be reflected in your device limits on your Billing page. (Don’t wo … | Continue reading
When I was in college almost a decade ago, I lived on the computer science floor of my dorm. It was quite possibly one of the most interesting places I’ve ever lived. It was full of nerds, and we had file shares and LAN parties every weekend. While I was there, I got introduced t … | Continue reading
Open source is in Tailscale’s bones. After our seed round, when we were only five people making our initial open source plans, we each already had decades of experience writing and using community software. Personally, I’m a Unix programmer only because of a Slackware CD I picked … | Continue reading
Managing privileged access can help improve security by reducing unnecessary access to sensitive resources and customer data. With Tailscale ACLs, you can already manage access to company resources and restrict access with “default deny” rules. | Continue reading
As your teams grow and become more distributed, it makes sense to limit an employee’s access based on their job function rather than to give everyone persistent access to your production environment. This not only lets you manage sensitive resources such as customer data more eff … | Continue reading
Today we’re delighted to introduce Tailscale SSH, to more easily manage SSH connections in your tailnet. Tailscale SSH allows you to establish SSH connections between devices in your Tailscale network, as authorized by your access controls, without managing SSH keys, and authenti … | Continue reading
Previously on the Tailscale blog, I walked through how authentication works | Continue reading
We’ve raised $100M in a Series B financing led by CRV and Insight Partners, with participation from our existing major investors: Accel, Heavybit, and Uncork Capital, along with a cast of many prominent angels and smaller investors. | Continue reading
You can do many things with computers. Some of them are more productive than others. My recent blog post shows how to authenticate to any service, such as Grafana. Some people took the idea of using Tailscale for authenticating to any service as a neat fact. Others took this as a … | Continue reading
Connections between Tailscale nodes are secured with end-to-end encryption. Browsers, web APIs, and products like Visual Studio Code are not aware of that, however, and can warn users or disable features based on the fact that HTTP URLs to your tailnet services look unencrypted s … | Continue reading
Hi, it’s us again, the ones who used to store our database in a single JSON file on disk, and then moved to etcd. Time for another change! We’re going to put everything in a single file on disk again. | Continue reading
TL;DR: Tailscale’s free plan is free because we keep our scaling costs low relative to typical SaaS companies. We care about privacy, so unlike some other freemium models, you and your data are not the product. Rather, increased word-of-mouth from free plans sells the more valuab … | Continue reading
You can use subnet routers in Tailscale to easily connect an existing network you have to your tailnet—for example, a virtual private cloud, or an on-premises legacy network. To set up a subnet router, you advertise routes from the device, and then approve these from the admin co … | Continue reading
This Thanksgiving, Tailscale is thankful for all the people whose code we build upon. | Continue reading
Remote development is hard. You need access to all the things from wherever you happen to be working from this week. It could be a coffee shop, the train, or even (gasp!) the office. In an ideal world, it shouldn’t take longer to gain access to what you need to get your work done … | Continue reading
Tailscale on iOS runs as a special kind of app, a Network Extension. This lets us run in the background, so we can secure traffic from all of your applications, without them having to change anything. But with this power comes a memory straightjacket. Normal iOS apps can use 5GB … | Continue reading
Connections between Tailscale nodes are already secured with end-to-end encryption—that’s a huge benefit of being built on WireGuard. However, browsers are not aware of that because they rely on verifying the TLS certificate of a domain. | Continue reading
Tailscale loves open source. We know that it can be tough to develop a project in the open, and collaborate with individuals and organizations around the world. | Continue reading
Role-based access control was great. Let’s talk about what happened since then. | Continue reading