相关文章推荐
潇洒的硬币  ·  脾气_百度百科·  5 天前    · 
打酱油的槟榔  ·  李庆远_百度百科·  4 月前    · 
帅气的水桶  ·  青花瓷传统纹样及寓意大全_图案·  1 年前    · 
满身肌肉的鸭蛋  ·  重磅!中国生物研发的复制缺陷型猴痘疫苗临床试 ...·  1 年前    · 
千年单身的灌汤包  ·  胚胎干细胞:是耶非耶?----中国科学院·  1 年前    · 
小百科  ›  Changelog · Tailscale
update
才高八斗的椅子
5 月前
Product
Solutions
Enterprise
Customers
Docs
Blog
Pricing
Download
Get started
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
Terms of Service Privacy Policy
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.

Tailscale v1.66.3

Update instructions

Note : Tailscale v1.66.2 was an internal-only release.

All platforms
  • Fixed: Login URLs did not always appear in the console when running tailscale up .
    • Android
  • Changed: Reintroduced the Quick Settings title that v1.66.0 temporarily removed.
  • Changed: Improved the VPN service connection logic, especially when rebooting the device with Always-On VPN enabled.
  • Changed: The persistent VPN status notification now informs the user with a muted icon when the VPN is disconnected. VPN status notifications can be disabled in the system notification settings.
  • Fixed: The "Enable" button in the exit node selector banner now renders with the correct background color.
    • Kubernetes operator
  • Breaking change: Starting with v1.66, the Kubernetes operator must always run the same or later version as the proxies it manages.
  • New: Expose cloud services on cluster network to the tailnet, using Kubernetes ExternalName Services. This allows exposing cloud services, such as RDS instances, to tailnet by their DNS names.
  • New: Expose tailnet services that use Tailscale HTTPS to cluster workloads. Refer to #11019 .
  • New: Cluster workloads can now refer to Tailscale Ingress resources by their MagicDNS names. Refer to #11019 .
  • New: Configure environment variables for Tailscale Kubernetes operator proxies using ProxyClass CRD. Refer to ProxyClass API .
  • New: Expose tailscaled metrics endpoint for Tailscale Kubernetes operator proxies through ProxyClass CRD. Note that the tailscaled metrics are unstable and will likely change in the future. Refer to ProxyClass API .
  • New: Configure labels for the Kubernetes operator Pods with Helm chart values. Refer to Helm chart values .
  • New: Configure affinity rules for Kubernetes operator proxy Pods with ProxyClass . Refer to ProxyClass API .
  • Fixed: Kubernetes operator proxy init container no longer attempts to enable IPv6 forwarding on systems that don't have IPv6 module loaded. Refer to #11867 .
    • Containers
  • Fixed: Tailscale containers running on Kubernetes no longer error if an empty Kubernetes Secret is pre-created for the tailscaled state. Refer to #11326 .
  • Fixed: Improved the ambiguous error messages when Tailscale running on Kubernetes does not have the right permissions to perform actions against the tailscaled state Secret . Refer to #11326 .

    • Dark mode in the admin console

    • New: Use the Light , Dark , or Use system setting theme in the admin console by clicking the avatar menu on the top-right and selecting Appearance . The default theme is Use system setting .

    Tailscale v1.66.1

    Update instructions

    This release is exclusively for Linux platforms and the standalone variant of the macOS client. It is not available for other platforms.

    Linux
  • New: tailscale set command flags --netfilter-mode , --snat-subnet-routes , and --stateful-filtering are added.
  • Fixed: Issue with nftables rules for stateful filtering, introduced in v1.66.0.
    • macOS
  • Fixed: A version mismatch warning no longer displays when upgrading, if no mismatch is detected.

    • ACL syntax updates

    • Changed: As part of a security fix to address an issue related to exit nodes and subnet routing ( TS-2024-005 ), changes are made to ACLs .
    • The meaning of * when used in the src field in ACLs has been changed. Previously, * expanded to include any IPv4 and IPv6 address. With this change, * expands to all Tailscale IP addresses and all IP addresses from approved subnet routes .
    • The new autogroup:danger-all ACL type has been added, which matches the previous definition of * when used in the src field. If you are using default ACLs or have specified * in src , you don't need to make any ACL changes to get the new secure behavior.
    • We recommend updating all Tailscale clients to v1.66 to benefit from the additional security improvements.

    Tailscale v1.66.0

    Update instructions

    We recommend updating all Tailscale clients to v1.66.0 or later to benefit from additional security improvements.

    All platforms
  • New: Implemented client-side quarantining for shared-in exit nodes, as a mitigation for a security vulnerability described in TS-2024-005 .
    • Linux
  • New: Use the --stateful-filtering flag for the tailscale up to enable stateful filtering for subnet routers and exit nodes , as a mitigation for a security vulnerability described in TS-2024-005 .

    • Note: This change can break existing setups that depend on forwarding connections from external hosts (internet, LAN, Docker containers, etc.) into the tailnet through a Tailscale node. If your setup depends on such forwarding, you can disable stateful filtering with the tailscale up --stateful-filtering=false command.

  • New: Use tab completion to type the first few letters of a Tailscale CLI command, flag, or arguments, followed by the tab key to complete the item being typed. Set up tab completion by using the tailscale completion command.
  • New: Use the tailscale exit-node suggest command to automatically pick an available exit node that is likely to perform best.
  • Changed: Site-to-site networking now also requires --stateful-filtering=false in addition to --snat-subnet-routes=false on new subnet routers. Existing subnet routers with --snat-subnet-routes=false will default to --stateful-filtering=false .
    • macOS
  • New: View a suggested exit node in the Exit Node picker when available.
  • New: Generate a macOS Configuration Report .txt file from the Bug Report view to help the Tailscale support team diagnose issues.
  • Changed: Improved error detection logic warns the user when a version mismatch is detected between the Tailscale client GUI and the network extension.
  • New: See direct vs. relayed connections in the Ping view.
  • New: View a suggested exit node in the Exit Node picker when available.
  • New: Use auth keys to log in without using the browser.
  • New: Search tagged devices by tag in the Devices list.
  • New: Remove accounts in the Fast User Switching view by using a long press, without having to log out.
  • Changed: Improved UI experience to log into a custom coordination server like Headscale .
  • Changed: The Fast User Switching view can now be used when Tailscale is disconnected.
  • Changed: Improved error detection logic warns the user when a version mismatch is detected between the Tailscale client GUI and the network extension.
  • Changed: Reduced app launch time.
  • New: Manage DNS configuration in the DNS Settings view.
  • New: Generate a bug report identifier by navigating to About Tailscale > Report an issue .
  • Changed: Improved error detection logic warns the user when a version mismatch is detected between the Tailscale client GUI and the network extension.
    • Android

    We've rebuilt the Android app from the ground up, adopting a similar design that we've previously rolled out on iOS and using the latest Android best practices.

  • New: Use new status indicators to see at-a-glance insights into node connectivity. Tap on a node to see detailed information.
  • New: See detailed information about resolvers, domains, and routing configurations in a dedicated DNS Settings view.
  • New: See the status of Tailnet lock and node keys.
  • New: Use Fast user switching to switch between two or more logged-in accounts on the same device, without requiring you to re-authenticate.
  • New: Use auth keys to log in without using the browser.
  • New: Manage Android devices in your tailnet using Mobile Device Management (MDM) solutions such as Google Workspace , Microsoft Intune , or TinyMDM , among other tools.
  • New: Accessibility support.
  • New: Use dark mode as an alternative to light mode.
  • Changed: The Quick Settings tile has been temporarily disabled, pending resolution of an issue.
  • Changed: More intuitive behavior switching between exit nodes.
  • Fixed: Issue with LAN access during exit node use.

    • Windows OS versions in admin console

    • Changed: Windows machines in the admin console are now displayed using their marketing version number instead of their internal version number.

    Changelog update

    • Changed: The Tailscale changelog has migrated to a new server. To prevent disruptions to RSS readers that subscribe to our changelog, we have limited the RSS feed to entries published on or after 2024-04-15. Existing RSS subscriptions should not lose access to older entries that have already been downloaded. The full changelog history is always available on our website.

    Share devices by email from the admin console

    • New: Share devices by sending emails directly from the admin console. The email will contain the invitation and instructions on how to accept the device share.

    Tailscale v1.64.0

    Update instructions
    All platforms
  • New: tailscale serve headers are now RFC 2047 Q-encoded.
  • New: Device web interface enabled by default locally on 100.100.100.100 .
  • Changed: Go is updated to version 1.22.2.
    • macOS
  • New: Use Tailscale for macOS as a Tailscale SSH client (Standalone variant only).
  • New: Receive alerts when an error occurs while changing client preferences.
  • New: Added a new Internet Access Policy for Little Snitch users.
  • Changed: The .pkg installer no longer requires a system restart after installing the client (Standalone variant only).
  • Fixed: Unexpected terminations for some macOS 10.15 Catalina users.
  • Fixed: Reduced number of alerts if the network extension terminates unexpectedly.
  • Fixed: Improved reliability of the ping chart presentation.
    • Synology
  • New: Update certificates using the cert CLI command.
  • Fixed: IPv6 addresses are available again.
    • Kubernetes operator
  • New: tailscale configure kubeconfig now respects KUBECONFIG environment variable.
  • Fixed: tailscale configure kubeconfig now works with partially empty kubeconfig .
  • Fixed: MSS clamping for Kubernetes operator proxies using nftables .
    • Containers
  • Fixed: Containers on hosts with partial support for ip6tables no longer crash.

    • Salesforce available as a preset app

    Invite users by email from the admin console

    • New: Invite external users by sending emails directly from the admin console. The email will contain the invitation and instructions on how to join the tailnet.

    ACL Preview

    Tailscale v1.62.1

    Update instructions
    Linux
  • New: Send load balancing hint HTTP request header
    • Windows
  • Fixed: Do not allow msiexec to reboot the operating system
    • macOS
  • Fixed: Issue that could cause the Tailscale system extension to not be installed upon app launch, when deploying Tailscale using MDM and using a configuration profile to pre-approve the VPN tunnel (applies to standalone variant only)
    • Synology
  • Fixed: IPv6 routing
    • Kubernetes operator
  • Fixed: Kubernetes operator proxies should not accept subnet routes

    • Tailscale v1.62.0

    Update instructions
    All platforms
  • New: Web interface now uses ACL grants to manage access on tagged devices
  • Changed: Tailscale SSH connections now disable unnecessary hostname canonicalization
  • Changed: tailscale bugreport command for generating diagnostic logs now contain ethtool information
  • Changed: Mullvad's family-friendly server is added to the list of well known DNS over HTTPS (DoH) servers
  • Changed: DNS over HTTP requests now contain a timeout
  • Changed: TCP forwarding attempts in userspace mode now have a per-client limit
  • Changed: Endpoints with link-local IPv6 addresses is preferred over private addresses
  • Changed: WireGuard logs are less verbose
  • Changed: Go is updated to version 1.22.1
  • Fixed: DERP server region no longer changes if connectivity to the new DERP region is degraded
    • Linux
  • Changed: Auto-update version detection on Alpine Linux is improved
  • Changed: IPv6 support detection in a container environment is improved
  • Fixed: DNS configuration on Amazon Linux 2023 no longer causes an infinite loop
    • Windows
  • Changed: ManagedByOrganizationName , ManagedByCaption , and ManagedByURL system policy keys are now supported
  • Fixed: Tailscale Tunnel WinTun adapter handling is improved
  • Fixed: MSI upgrades no longer ignore policy properties set during initial install
    • macOS
  • New: A .pkg installer package is now available for the standalone release of the Tailscale client
  • Changed: Taildrop notifications now include actions to reveal the received file in the Finder, or delete it
  • Changed: Tailnet lock settings UI displays more information about the status, including key and public key trust status
  • Changed: The onboarding flow now guides the user in enabling the Tailscale system extension
  • Changed: Launch Tailscale at login settings item can now be toggled when the Tailscale client is disconnected
  • Changed: DNS behavior is improved when handling transitions between network interfaces
  • Changed: Battery usage is improved
  • Changed: Taildrop notifications now include actions to reveal the received file in the Files app, or delete it
  • Changed: Tailnet lock settings UI displays more information about the status, including key and public key trust status
  • Changed: Unnecessary log messages are removed when triggered by changes to device power state and routing
  • Changed: DNS behavior is improved when handling interface transitions between Wi-Fi and Cellular
    • Android
  • Changed: Settings persist from previous sign-ins
  • Changed: Always-on VPN handling is improved
  • Changed: Custom control server is applied on first start
    • Kubernetes operator
  • Changed: Ingress resource handling is improved when deployed before its backing Service resource
  • Fixed: Destination NAT (DNAT) rule management by egress proxies in nftables mode when IP address of tailscale.com/tailnet-fqdn changes

    • Secret scanning with GitLab

    Read more

    ACL groups and tests for Tailscale SSH

    • New: sshTests ACL top-policy section lets you write assertions about your SSH access rules and functions similarly to ACL tests , but for Tailscale SSH
    • New: user:*@<domain> ACL autogroup allows access for any user whose login is in the specified domain and is a direct member of the tailnet
    • New: localpart:*@<domain> ACL autogroup allows Tailscale SSH access to a user on the host whose name matches the local-part of the user's Tailscale login

    Exit node visibility

    Preset Apps GA

    • New: Preset Apps GA ( generally available )
    • Use Preset Apps to configure common applications with only a few clicks or an ACL configuration. Routes and domains for Preset Apps are automatically updated and managed by Tailscale, based on each app’s source of truth. Routes for preset apps are automatically approved and pushed down to all selected App connectors .
    • New: Confluence, GitHub, Google Workspace, Jira, Okta, and Stripe are now available as preset apps

    Updated pricing plans

    • Changed: The Free pricing plan is now called the Personal plan. All other aspects of the plan remain the same.
    • New: Customers who sign up with a custom domain will be auto-enrolled into a 14-day trial of the Enterprise plan with no provisioned user limits
    • New: Personal plan customers who use a custom or vanity domain for their tailnet can opt out of the trial and continue to use the Personal plan
    • Changed: Customers who use Tailscale for commercial purposes will be billed for all of their active users once they sign up for a plan

      • Note : Free trials are available for business customers. For details about billing, plan comparison, and support, see Pricing & Plans FAQ . For instructions on how to change your plan, see Modify billing .

    Tailscale v1.60.0

    Update instructions
    All platforms
  • New: tailscale status command output now includes location-based exit nodes
  • New: tailscale web command flag --read-only is added to run the web UI in read-only mode
  • New: A warning is logged when unable to find SSH host keys
  • New: Support added for legacy "urn:dslforum-org" port mapping services
  • Changed: Build with Go 1.22
  • Changed: Detect when Tailscale is running on Digital Ocean and automatically use Digital Ocean's DNS resolvers
  • Changed: Expose gVisor metrics in debug mode
  • Changed: Improve error message when running as non-root
  • Fixed: A valid login page is presented to users when attempting to log in even after leaving device unattended for several days
  • Fixed: An issue with noisy peer mtu discovery errors
  • Fixed: A potential crash when no supported port mapping services are found
    • Windows
  • Fixed: tailscaled could be slow or cause increased CPU usage with large routing tables
    • macOS

    Note : Tailscale v1.60.0 is built with Go 1.22 and Go 1.22 is the last release that will run on macOS 10.15 Catalina ( source ). We are providing notice that around August 15, 2024, Tailscale will be built with Go 1.23 at which time macOS users that want to run the latest version of Tailscale will require macOS 11 Big Sur or later. Note that macOS 10.15 Catalina is no longer supported by Apple and is no longer receiving security updates.

  • New: New UI to add, remove, and switch between user accounts, including using custom control servers
  • New: New UI to change client preferences
  • New: New UI to manage updates for the Standalone variant of the client, including switching in-app between stable and unstable builds
  • New: VPN On-Demand is now supported on macOS, to automatically connect/disconnect Tailscale when specific conditions are triggered
  • New: Reset VPN Configuration menu item in the Debug menu is now available to reset the system VPN configuration if needed
  • New: An alert window is presented when the Tailscale network extension fails to start, providing suggested troubleshooting steps
  • Changed: Tailscale appears in the macOS Dock when an app window is presented
  • Changed: The Network Devices list now shows all devices known to the control server, not only those seen in the last 4 days
  • Changed: The onboarding flow automatically advances once the user is connected
  • Fixed: A potential crash and excessive logging upon client launch
  • Fixed: Start on Login is set correctly on macOS Ventura and earlier versions
  • Fixed: A potential crash and excessive logging upon client launch
  • Fixed: Stale devices are no longer presented in the devices list
  • Fixed: A potential crash and excessive logging upon client launch
  • Fixed: Stale devices are no longer presented in the devices list
    • Android
  • Changed: Mullvad exit nodes now sorted to make it easier to find the best node for each location
  • Changed: Mullvad tunnels are no longer shown as regular nodes in UI
  • Fixed: Quick settings tile now works
    • Synology
  • Fixed: An issue with stalling of SMB transfers of large files
    • Kubernetes operator
  • New: A new ProxyClass custom resource that allows you to provide a custom configuration for cluster resources that the operator creates
  • New: ACL tags for the operator can now be configured via Helm chart values
  • Fixed: Routing to Ingress backends that require an exact path without a slash ( / ) suffix
    • App connectors
  • New: App connectors now flatten DNS CNAME chains down to a target A/AAAA routing record, for apps that are configured with a DNS record that is a CNAME
  • New: Apps can be preconfigured with known routes to have those routes auto-advertised by all selected app connectors, and immediately begin to route traffic

    • App connectors wildcard support change

    • Changed: New Apps and app connectors can no longer be selected via the * wildcard in a tailnet policy file or configuration flow. Instead, tag all app connectors and then use the tags as a selector. Existing * configurations will need to update to a tag-based selector upon the next tailnet policy file change. For details, see Wildcard connectors no longer supported .

    System policies GA

    Read more
    • Changed: System policies GA ( generally available )
    • Use system policies (also known as MDM policies) to control Tailscale client settings for your users, such as UI visibility, organization customization, auto-update functionality, and runtime configurations

    Tailscale v1.58.2

    Update instructions

    Note: The 1.58.1 release needed to be re-done. Use 1.58.2 instead.

    All platforms
  • Fixed: App connectors have improved scheduling and merging of route changes under some conditions
  • Fixed: Crash when performing UPnP portmapping on older routers with no supported portmapping services
    • macOS
  • Fixed: Opening the About window no longer displays a user interface when there is no newer version

    • Tailscale v1.58.0

    Update instructions

    Note: Rollout of 1.58.0 paused on 21-Jan-2024 while we investigate reports of a regression with portmapping.

    All platforms
  • Changed: The number of 4via6 site IDs are increased from 256 to 65,536
  • Changed: Taildrop allows category Z unicode characters
  • Changed: DERP flapping (flipping back and forth between two regions rapidly) is reduced when there's still an active connection for the home DERP server
  • Changed: Portmap checks the epoch from NAT-PMP & PCP, and establishes a new portmapping if it changes
  • Changed: Portmap better handles multiple interfaces
  • Changed: Portmap handles multiple UPnP discovery responses
  • Changed: Increased binary size with Tailscale 1.56 is resolved
  • Fixed: Web interface issue related to accessing shared devices
  • Fixed: Web interface login issue when accessed over HTTPS
    • Linux
  • Fixed: Shell shebang is added in postinstall script, which fixes some Debian installations
    • macOS
  • New: DNS Settings view is added and displays the DNS configuration used when Tailscale is running
  • New: Quit the app without terminating the VPN tunnel by holding down the Option button and selecting Quit (Leave VPN Active)
  • New: Toggle Tailscale shortcut action can be used to connect or disconnect the VPN tunnel, depending on its current state
  • New: The KeyExpirationNotice system policy is now supported to customize the time interval before a key expiration notice is displayed to the user
  • New: The web interface is now supported in the standalone variant of the client
  • Changed: Onboarding flow includes a step to ask the user to approve key expiry notifications
  • Changed: Onboarding flow asks the user to approve the system extension if necessary, when using the standalone variant of the client
  • Changed: Pre-Sonoma compatibility is improved
  • Fixed: VPN tunnel terminates upon closing the app
  • Fixed: Opening the About window triggers a check for updates
  • Fixed: The standalone variant of the client checks for updates every 72 hours
  • New: Toggle Tailscale shortcut action can be used to connect or disconnect the VPN tunnel, depending on its current state. Ideal for the Action Button on iPhone 15 Pro.
  • New: The KeyExpirationNotice system policy is now supported to customize the time interval before a key expiration notice is displayed to the user
  • Fixed: Sign button in the Tailnet lock device sign view is rendered correctly
  • Fixed: Connectivity is no longer lost when transitioning from Wi-Fi to Cellular while an exit node is in use
    • Windows
  • New: The web interface is now supported
  • Changed: The lookup for netsh.exe uses the absolute path instead of the relative path
  • Changed: ADMX system policy descriptions are now available
  • Changed: Vestigial wintun support is removed, which might have caused Chocolatey installs to break
  • Fixed: A goroutine leak in winMon no longer occurs if the monitor is never started
  • Fixed: "This package requires Windows 10 or newer" message no longer falsely displays during an uninstall or repair
    • Android
  • Fixed: Active network change detection is improved
  • Fixed: Improvements to persistence of the client when running in the background
    • Kubernetes Operator
  • New: A Connector custom resource is added, allowing users to configure the operator to deploy an exit node , subnet router , or both
  • Changed: A warning displays if the unsupported ingress Exact path type is used
  • Changed: StatefulSet labels are synced to their Pods
  • Changed: A Tailscale IngressClass resource is added
  • Changed: Extra long Service names are properly truncated
    • Containers
  • Changed: Experimental support is added for configuring tailscaled using a mounted config file
  • Fixed: Tailscale images now contain layers of the same media type and can be parsed by Podman and Buildah

    • Security update indicators and filter in the admin console

    • Changed: Available update icons on the Machines page of the admin console now differentiate between regular and security updates
    • Changed: The Version filter on the Machines page can now show nodes with pending security updates

    Tailscale v1.44.3

    Update instructions
    Windows
  • Fixed: Added a security fix to address privilege escalation with tailscale serve and tailscale funnel that allowed low-privilege users to serve files they did not have access to ( TS-2024-001 ). This release is intended for Windows 7 and 8 users. Those with later versions of Windows should run the latest stable version of Tailscale, which is 1.56.1. This issue was resolved in Tailscale 1.52.push

    • ACL Grants

    Read more

    Device posture

    Read more

    Tailscale v1.56.0

    Update instructions
    All platforms
  • New: tailscale whois command shows the machine and user associated with a Tailscale IP address
  • Changed: System policies are now in beta
  • Changed: tailscale switch --list command shows name and profile ID to disambiguate profiles with common login names
  • Changed: Responsiveness is improved under load, especially with bidirectional traffic
  • Changed: UPnP port mapping is improved
    • Linux
  • New: The web interface allows users to configure some device settings such as exit nodes , subnet routers , and Tailscale SSH using a browser-based GUI instead of the Tailscale CLI
  • Changed: tailscale update command is supported for Unraid
  • Changed: containerboot symlinks its socket file if possible, making the Tailscale CLI work without --socket=/tmp/tailscale.sock
    • Windows
  • Changed: Throughput is improved for userspace ("netstack") mode in the presence of packet loss
  • Changed: Profile switcher displays the tailnet name
  • Changed: Dynamic DNS updates are disabled in the client interface via the registry setting
  • Changed: Client improvements when restarting after an upgrade
    • macOS
  • Changed: Taildrop notification displays when a file is received (App Store variant only)
  • Changed: Taildrop shortcut action is added for file sharing
  • Changed: Profile switcher displays the tailnet name
  • Changed: About Tailscale dialog indicates when the app is running a TestFlight build
  • Changed: In-app warnings and push notifications display when internet connectivity is blocked because the current exit node is offline or its key has expired
  • Changed: VPN tunnel fully terminates when Tailscale is stopped, using the menu bar toggle
  • Fixed: /etc/resolv file formatting with Tailscaled-on-macOS is improved
  • New: DNS Settings view is added
  • Changed: Taildrop shortcut action is added for file sharing
  • Changed: Taildrop notifications include the received file names
  • Changed: Profile switcher displays the tailnet name
  • Changed: About Tailscale dialog indicates when the app is running a TestFlight build
  • Changed: Allow Local Network Access option is added to the exit node picker UI
  • Changed: In-app warning and push notification displays when internet connectivity is blocked because the current exit node is offline or its key has expired
  • Changed: App size is reduced by about 2 MB with better asset compression
  • New: Apple TV can be configured as a subnet router, allowing you to remotely access resources on your home network that may not have Tailscale installed, such as a printer
  • Changed: About Tailscale dialog indicates when the app is running a TestFlight build
    • Kubernetes
  • Changed: Helm charts for the Tailscale Kubernetes Operator are now available on pkgs.tailscale.com/helmcharts
  • Changed: Kubernetes API server proxy supports impersonating groups via ACL Grants
  • Changed: Kubernetes operator cluster egress now supports referring to a tailnet service by its MagicDNS name in the Service annotation
    • GoKrazy
  • Changed: TUN mode is used by default

    • Tailscale v1.54.1

    Update instructions
    macOS
  • Fixed: Changing a pre-existing system policy value to nil no longer causes stability issues
  • Fixed: Changing a pre-existing system policy value to nil no longer causes stability issues
  • Fixed: Widget tracks the connection state more closely
  • Fixed: Changing a pre-existing system policy value to nil no longer causes stability issues

    • Configure CGNAT IP range subset

    Tailscale v1.54.0

    Update instructions
    All platforms
  • Changed: Go is updated to version 1.21.4
    • Linux
  • Changed: Substantially improve throughput for UDP packets over TUN device with recent Linux kernels
  • Fixed: Added a security fix to address privilege escalation with tailscale serve and tailscale funnel that allowed low-privilege users to serve files they did not have access to if the machine administrator had previously granted that user tailscale up --operator privilege ( TS-2024-001 )
    • Windows
  • New: Open menu with a regular click in addition to a right-click
    • macOS
  • New: Implement MDM settings for the standalone macOS application
  • New: Support for the tailscale update command for the standalone macOS application
  • Changed: Don't run Taildrop cleanup loop until the first file transfer, and avoid spurious security dialog
  • New: Show a helpful banner if there are no other devices on the tailnet
  • New: Add Allow Local Network Access setting when using an exit node
  • New: Show info bubble when key expires within 8 hours, or has expired
  • Fixed: Widgets now reflect the state of the VPN tunnel more accurately
  • New: Support for the tailscale update command

    • Secret scanning and TruffleHog

    Read more

    Automatic client updates

    Read more

    Kubernetes operator

    Read more
    • Changed: Tailscale Kubernetes operator is now in beta
    • Use the Kubernetes operator to expose services in your Kubernetes cluster to your tailnet, connect to your tailnet from a Kubernetes cluster, and securely connect to the Kubernetes control plane
    • New: Use a Helm chart to deploy the Kubernetes operator

    Tailscale extension for Visual Studio Code GA

    Tailscale v1.52.0

    Update instructions
    All platforms
  • Changed: tailscale cert command renews in the background. The current certificate only displays if it has expired.
  • Changed: tailscale status command displays a message about client updates when newer versions are available
  • Changed: tailscale up command displays a message about client updates when newer versions are available
  • Changed: Taildrop now resumes file transfers after partial transfers are interrupted
  • Changed: Taildrop prevents file duplication
  • Changed: Taildrop detects conflicting file transfers and only proceeds with one transfer
  • Changed: Wake on LAN (WoL) is now supported for peer node wake-ups
  • Changed: TCP DNS queries are speculatively started if UDP hasn't responded quickly enough
  • Changed: Truncated UDP DNS results are properly retried using TCP
  • Changed: Go is updated to version 1.21.3
    • Linux
  • New: tailscale set command flag --auto-update is added to opt in to automatic client updates ( beta )
  • Changed: tailscale serve and tailscale funnel commands are updated for improved usability
  • Changed: tailscale update command for manual updates is now in beta
  • Changed: Taildrop file transfer displays a progress meter
  • Changed: nftables auto-detection is improved when TS_DEBUG_FIREWALL_MODE=auto is used
  • Fixed: DNS detection of NetworkManager with configured but absent systemd-resolved , such as EndeavourOS
  • Fixed: DNS detection for Debian resolvconf version 1.90 or later
    • Windows
  • New: tailscale set command flag --auto-update is added to opt in to automatic client updates ( beta )
  • New: Preferences section contains auto-update setting
  • New: Update notice displays, when a new version is available
  • New: System policies allow system administrators to set a forced/suggested tailnet name, hide settings menu items, and more
  • Changed: tailscale serve and tailscale funnel commands are updated for improved usability
  • Changed: tailscale update command for manual updates is now in beta
  • Changed: iphlpsvc , netprofm , and WinHttpAutoProxySvc service dependencies are checked during installation
  • Fixed: Added a security fix to address privilege escalation with tailscale serve and tailscale funnel that allowed low-privilege users to serve files they did not have access to ( TS-2024-001 )
    • macOS
  • New: tailscale set command flag --auto-update is added to opt in to automatic client updates ( beta )
  • New: App menu displays a notification item when a newer version is available
  • New: System policies allow system administrators to set a forced/suggested tailnet name, prevent the VPN from stopping, hide categories of network devices and setting menu items, and more
  • New: Settings section has an option added for turning on auto-updates
  • Changed: Reauthenticate menu item shows time until expiry more prominently, presenting alerts when necessary
  • Changed: tailscale serve and tailscale funnel commands are updated for improved usability
  • Changed: tailscale update command for manual updates is now in beta
  • Changed: About window more clearly distinguishes between the Standalone and App Store variants of the client
  • Changed: Sparkle is updated to version 2.5.1
  • New: Settings page displays a notification banner when a newer version is available on the App Store
  • New: Home and lock screen widgets are supported
  • New: System policies allow system administrators to set a forced/suggested tailnet name, prevent the VPN from stopping, hide the VPN On-Demand settings, categories of network devices and settings menu items, and more
  • Fixed: DNS support when operating as an exit node

    • OAuth clients GA and Search domains GA

    Tailscale v1.50.1

    Update instructions
    All platforms
  • Fixed: tailscale serve configuration doesn't persist in container ( #9558 )
  • Fixed: tailnet lock fails to sign node in container ( #9539 )
  • Fixed: Funnel doesn't work for tsnet apps ( #9566 )
  • Fixed: UPnP potentially crashes in specific circumstances

    • Google Chat supported as a webhook destination

    • New: Webhook events are available in a format for Google Chat

    Tailscale v1.50.0

    Update instructions
    All platforms
  • New: Wikimedia DNS using DNS-over-HTTPS is supported
  • Changed: Build with Go 1.21.1
  • Changed: tailscale update command is unhidden on most platforms
  • Changed: tailscale ping command sends an ICMP Ping code of 0
  • Changed: tailscale web command updated to use React
  • Changed: tailscale debug portmap command now has the --log-http option
  • Fixed: tailscale netcheck command works even if the OS platform lacks CA certificates
  • Fixed: UPnP falls back to a permanent lease if a limited lease fails
  • Fixed: WireGuard peer endpoint selections are improved
    • Linux
  • Changed: Debian package lists the iptables and iproute2 packages as recommended, not required
  • Changed: nftables support interoperates with Uncomplicated Firewall (UFW)
    • Windows
  • Changed: tailscale bugreport logs contain additional diagnostic information
  • Fixed: Windows executable installer detects when it is running on Windows 7 or Windows 8.x and will automatically download the appropriate v1.44.2 MSI package, which is the final release supporting those operating systems
  • Fixed: Windows executable installer no longer embeds MSI packages in the executable. Instead, it automatically downloads the correct package. Users desiring the previous behavior may download the "full" executable installer at pkgs.tailscale.com .
    • macOS
  • New: Shortcuts are added for finding and pinging devices
  • New: Mullvad Exit Nodes allows you to select nodes by country and city
  • Fixed: Tailnet lock reliability improvements
  • Fixed: Taildrop no longer replaces spaces with %20 in file names when sending files to Windows devices
  • New: Fast user switching is available
  • New: iOS 17 supports customized device naming from Settings
  • New: App Shortcuts in Spotlight and Siri are supported. Try saying: " Hey Siri, connect to Tailscale " or " Hey Siri, is Tailscale connected? ".
  • New: Shortcuts are added for finding and pinging devices
  • New: Mullvad Exit Nodes includes an option to pick the best available node
  • Changed: UI accessibility improvements when using VoiceOver
  • Fixed: Taildrop no longer replaces spaces with %20 in file names when sending files to Windows devices
  • Fixed: VPN On Demand rules are no longer reset when disabled and then restarted

    • OAuth access tokens

    • New: Requests for OAuth access tokens may now specify a custom set of tags instead of always inheriting the tags from the OAuth client
    • Changed: Requesting OAuth access tokens with invalid scopes will now fail rather than returning a token with default scopes

    User status changes

    • Changed: The Active status filter option in the Users page of the admin console is removed. Use the Billing page to track your active users instead.
    • Changed: The Inactive badge and status filter option in the Users page of the admin console is renamed Idle

    Tailscale v1.48.1

    Update instructions
    All platforms
  • Fixed: Fix a security vulnerability in UPnP port mapping ( TS-2023-006 )
    • Linux
  • Fixed: Resolve nftables interaction between Tailscale and UFW which resulted in blocking subnet routed traffic
    • Synology
  • Fixed: Determine correct CPU architecture in tailscale update ( #8927 )

    • Tailscale v1.48.0

    Update instructions
    All platforms
  • New: tailscale exit-node sub-command
  • New: --upstream flag in the tailscale version command
  • New: The tailscale funnel command provides an interactive web UI that prompts you to allow Tailscale to enable Tailscale Funnel on your behalf
  • New: The tailscale serve command provides an interactive web UI that prompts you to allow Tailscale to enable HTTPS and Tailscale Funnel on your behalf
  • Changed: Tailnet lock is in beta
    • Linux

    Note: 1.48.0 introduced a regression in the interaction between Tailscale and Linux ufw . The Linux release has been withdrawn pending a fix.

  • New: Support for nftables
  • New: RPM packages are now fully signed
  • New: Support for the tailscale update command on Alpine, Arch and Fedora distro families
    • Synology
  • New: Support for the tailscale update command
    • macOS
  • New: Support for the tailscale update command
  • New: Support for VPN On Demand
  • Changed: VPN tunnel lifecycle improvements
  • Changed: Improved exit node selection
  • Changed: Minor UI tweaks

    • Tailscale Funnel interactive web UI

    • New: The Tailscale CLI now guides users through enabling serve and funnel .

    Log streaming with Panther Labs GA

    Read more

    Tailnet lock beta

    Read more

    Autogroup now supports autogroup:member syntax

    • New: Syntax for autogroups now supports autogroup:member in addition to autogroup:members when referring to all users in a tailnet

    SCIM ACL validation warnings in API

    • New: The tailnet policy file validation endpoint will now return warnings about SCIM synced groups in addition to errors in the response object. These will be the same warnings you would have seen visually in the admin console if you had tried to save that policy file. See the user and group provisioning documentaiton for more detail.

    Tailscale v1.46.0

    Update instructions
    Linux
  • New: Initial support for nftables-based configuration. This option is currently behind a temporary flag for testing and feedback. See issue #391 for details.
    • Windows
  • New: Tailnet lock is now supported
    • macOS
  • New: Tailnet lock is now supported
  • New: Tailnet lock is now supported
  • New: Onboarding flow is added for easier initial setup of the app
  • New: Ping devices on your tailnet from the app
  • Changed: The app Machines page is improved
  • Changed: The app Exit Node section is improved
  • Changed: The app Settings page is improved

    • iOS app redesign

    Read more
    • Changed: The Tailscale iOS client is updated with significant design and engineering improvements

    Tailscale v1.44.2

    Update instructions
    All platforms
  • Fixed: Handling of custom HTTP ports in tailscale serve
    • Windows
  • Changed: Restore support for Microsoft Windows 7 and Microsoft Windows 8.x.Tailscale v1.44.2 will be the last release to support the following operating systems: Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows Server 2008, and Microsoft Windows Server 2012.

    • Tailscale GitHub Action changes

    Network flow logs GA and Log streaming GA

    Read more

    Add a description to new keys and OAuth clients

    • New: Description field is added to the Generate auth key dialog in the Keys page of the admin console
    • New: Description field is added to the Generate access token dialog in the Keys page of the admin console
    • New: Description field is added to the Generate OAuth client dialog in the OAuth clients page of the admin console

    Tailscale v1.44.0

    Update instructions

    Note: This is the last release to support the following operating systems:

    • macOS 10.13 High Sierra • macOS 10.14 Mojave

    Tailscale releases after 1.44.0 will no longer install on these operating systems, though we expect to maintain forward compatibility and critical security updates for 1.44.0 with future releases until at least June 30, 2024.

    To install Tailscale on a High Sierra or Mojave system, visit the Purchased Items in the App Store Account page. macOS High Sierra or Mojave systems will be offered Tailscale 1.44 when the download link is clicked. If Tailscale does not appear in the Purchased Items it must first be successfully installed using a recent macOS system. The Tailscale app will then be available for the High Sierra or Mojave system to install from Purchased Items.

    All platforms
  • New: tailscale serve http command to serve over HTTP (tailnet only)
  • New: tailscale ssh command now supports remote port forwarding
  • New: Recursive DNS resolution is now initially supported to replace bootstrapDNS when operating in a parallel mode
  • Changed: Build with Go 1.20.5
  • Changed: --tun-userspace-networking stability improvements for userspace subnet routers
  • Changed: MagicSock private addresses are given preference when both private and public are available, to help keep traffic in private VPCs, where possible
  • Changed: Async support is removed from the portlist package. Update to use synchronous Poll() if this breaks your package.
  • Changed: WatchIPNBus now only requires read-only permissions to read
  • Changed: tailscale cert renewal decision is now based on the lifetime of the certificate instead of hard-coded. This better supports 14 day certificate lifetimes.
    • Linux
  • Changed: tailscale ssh support improvements for Security-Enhanced Linux (SELinux) systems
  • Changed: tailscale ssh supports user names with up to 256 characters
  • Changed: build_dist.sh better supports operating systems and CPU architectures which Tailscale release builds do not include
  • Changed: The iputils package can now be installed on Alpine-based Docker containers
    • Windows
  • Fixed: PreferGo supports better DNS caching
    • macOS
  • Fixed: ICMP6 forwarding works as expected when running as a subnet router
    • FreeBSD
  • Fixed: ICMP6 forwarding works as expected when running as a subnet router
    • OpenBSD
  • Fixed: ICMP6 forwarding works as expected when running as a subnet router
  • Fixed: tsnet applications compiled to WebAssembly are now better supported

    • Support for IPv6 in tailnet policy file

    • Fixed: IPv6 addresses can now be directly specified in ACL rules and tests.

    Edit policy groups dialog in admin console

    Custom OIDC setup option for user auth page prompt

    • Changed: Setup for custom OIDC providers provides the option for specifying a prompt ( none , consent , login , select_account ) for the user authentication page. If your tailnet was already using a custom OIDC provider, we updated your setup automatically to use consent , which prior to today was the only supported value.

    Support for Ping Identity

    Tailnet lock login change for expired nodes

    • Changed: When logging in to a node that has an expired key in a tailnet that has enabled Tailnet lock , an error message is returned, directing you to reauthenticate instead of logging in, or to delete the machine from within the admin console before logging in again

    Invite any user to a tailnet

    Read more

    Leave an external tailnet

    Support for passkeys

    Read more
    • New: Use a passkey to authenticate to a tailnet ( beta )
    • New: Sign in with passkey option is added to the Tailscale login page (https://login.tailscale.com)

    Tailscale extension for Visual Studio Code

    Read more

    Tailscale v1.42.0

    Update instructions

    Note: This is the last release to support the following operating systems:

    • Microsoft Windows 7 • Microsoft Windows 8 • Microsoft Windows Server 2008 • Microsoft Windows Server 2012

    Tailscale releases after 1.42.0 will no longer install on these operating systems, though we expect to maintain forward compatibility and critical security updates for 1.42.0 with future releases until at least May 31, 2024.

    Note: Do not install this version of the Tailscale client on macOS 10.13. Upgrade to version 1.44.0 instead.

    All platforms
  • New: tailscale serve reset command to clear out the current serve configuration
  • Changed: Update internal DNS handling to better support mixtures of global and private DNS servers
    • Linux
  • Fixed: SSH login on platforms which lack getent
    • Windows

    Note: This release switches to a new application signing certificate, which is valid through 2025.

  • Changed: Notification icons are updated
    • macOS
  • Changed: Update Sparkle to check more regularly
  • Fixed: Taildrop delivery of incomplete files
  • New: Delete Account button to redirect to the admin panel
  • Changed: Better handle memory management to avoid hitting 50 MByte memory limit
    • Unraid
  • New: Support Unraid as a NAS platform similar to how Synology and QNAP are handled
    • Kubernetes
  • New: Support for priorityClassName

    • Discord and Mattermost supported as webhook destinations

    • New: Webhook events are available in formats for Discord and Mattermost

    Tailscale v1.40.1

    Update instructions
    Linux
  • New: Tailscale SSH is now supported for LDAP users
  • Fixed: Support for Tailscale SSH session recording to a local file is restored
  • Fixed: Debian and RPM packages for MIPS architecture generate as expected
    • Windows
  • Changed: Notification icons are updated
  • Fixed: The 32-bit Windows installer for the Tailscale client works as expected
    • macOS
  • Fixed: tailscale cert command no longer causes timeout failures
    • Kubernetes
  • Fixed: The Tailscale version displays in the startup logs

    • Tailscale v1.40.0

    Update instructions
    All platforms
  • Changed: tailscale up --force-reauth will now display a warning and 5 second countdown if you are connected over SSH over Tailscale, unless --accept-risk=lose-ssh is also given
  • Changed: Tailscale now dynamically increases the buffer size for DERP relay messages based on the amount of available RAM ( #7776 )
  • Changed: Improvements were made to how Tailscale advertises available endpoints to reduce the likelihood of a spurious loss of direct connections ( #7877 )
    • Linux
  • Changed: Substantially higher throughput—for details, see Surpassing 10Gb/s over Tailscale
  • Changed: Improved CPU consumption on systems with a very large (1M+) routing table
    • Windows
  • Changed: Redo migration of pre- Fast-User-Switching state for better robustness
    • macOS
  • Changed: "Settings" replaces "Preferences" as a menu item on macOS Ventura
    • Android
  • New: Added intents com.tailscale.ipn.CONNECT_VPN and com.tailscale.ipn.DISCONNECT_VPN
    • gokrazy
  • New: Tailscale SSH now works
  • Fixed: UI failure after reboot

    • Machines page updates

    • Changed: The Machines page of the admin console has been updated to use Version as a column heading instead of OS , and to show the Tailscale client version prior to the operating system name

    Audit log events for approved node routes

    • New: "Update auto approved routes for node" is logged as a configuration audit logging event for routes advertised by the node that are updated using autogroups
    • Changed: "Update approved routes for node" replaces "Update advertised routes for node" in Configuration audit logging events

    Webhook event when a node is deleted

    • New: nodeDeleted webhook event is now generated when a node is removed from the tailnet, including automatic removal of ephemeral nodes

    Audit log events for Network flow logs

    Billing page updates

    • Changed: The Billing page of the admin console is updated to show new Tailscale pricing plans and a tailnet's monthly active users

    Network flow logs

    Read more

    Additional custom OIDC providers

    Read more

    Updated pricing plans

    Read more

    New autogroup values

    • New: autogroup:admin , autogroup:it-admin , autogroup:network-admin , and autogroup:owner added as autogroups

    Machine address copy card

    • New: Click on a machine's IP address in the Machines page of the admin console to display a machine address copy card. Within the machine address card, click to copy the MagicDNS name, IPV4 address, or IPV6 address of the machine to your clipboard.

    Tailscale v1.38.4

    Update instructions
    All platforms
  • Changed: Build with Go 1.20.3 to address security fixes ( CVE-2023-24537, CVE-2023-24538, CVE-2023-24534, and CVE-2023-24536 ). These address potential DoS attacks against DNS over HTTPS and Funnel that can occur over the public internet, and PeerAPI attacks launched from other nodes already on the tailnet.
  • Changed: Added path support for proxy targets with tailscale serve
  • Fixed: Error displays when trying to use Funnel and tailscale up --shields-up simultaneously
    • Windows
  • Fixed: When connected to a Windows 10 client using Windows RDP , the Tailscale taskbar right-click option for the remote client works as expected ( #7698 )

    • Tailscale v1.38.3

    Update instructions
    All platforms
  • New: Support for stripping HTTP request paths from Funnel proxy routes ( #6571 )
  • Changed: Tailscale Funnel is now beta
  • Fixed: tailscale serve issue that did not use actual SrcAddr as X-Forwarded-For
    • Linux
  • Fixed: Certificate storage issue that did not actually use Kubernetes secrets
    • Windows
  • Changed: Upgraded the Walk framework for the GUI client to improve menu responsiveness

    • Tailscale v1.38.2

    Update instructions
    All platforms
  • Changed: tailscale lock tskey-wrap has been replaced by tailscale lock sign
  • Changed: tailscale lock sign now supports signing auth keys
    • Linux
  • Fixed: --tun=userspace-networking issue running in Azure App Services
    • macOS
  • New: Sparkle automatically checks updates for the standalone package . This does not impact the App Store package.
    • FreeBSD
  • Fixed: Issue setting the effective group ID on some non-interactive Tailscale SSH sessions. This issue is specific to FreeBSD's implementation of setgroups and does not impact other platforms.

    • Tailscale v1.38.1

    Update instructions
    All platforms
  • New: tailscale configure command to configure resources that you want to include in your tailnet
  • New: tailscale lock sign to sign pre-approved auth keys for use with tailnet lock
  • New: tailscale debug derp command to help diagnose DERP-related difficulty
  • New: tailscale debug capture command to write packet capturing for debugging
  • Changed: The tailscale debug portmap command replaces tailscaled debug -portmap . This is now available on platforms without a tailscaled binary (like the macOS App Store).
  • Changed: tailscale serve command has been overhauled
  • Changed: tailscale serve funnel has been made into its own command, tailscale funnel
  • Fixed: Several improvements to UPnP port mapping have been made that allow it to work with a broader set of home routers
    • Linux
  • New: Certificates can be stored in Kubernetes secret storage
    • Windows
  • New: MSI installers start the GUI without user interaction to allow remote upgrades
    • macOS
  • New: Notification upon node key expiration (only on macOS 10.14 and later)
  • New: Tailscale SSH server component is available for macOS open source Tailscale + tailscaled CLI devices
  • New: Support for alternate control servers by setting the URL in Settings page of the admin console
    • Android
  • Fixed: Chromecast support while Tailscale is active

    • Note: v1.38.0 was never released.

    Settings page is reorganized

    • New: Device management section is added to the Settings page of the admin console
    • New: User management section is added to the Settings page of the admin console
    • Changed: Feature Previews section is removed from the Settings page of the admin console. All feature previews are now located in the General page.
    • Changed: Identity Provider and User & Group Provisioning options are moved from the General page to the User management page of the admin console
    • Changed: Device Approval and Key Expiry options are moved from the General page to the Device management page of the admin console
    • Changed: Billing drop-down option for logged in users is removed from the admin console. Use the Billing section in the General page instead.

    Webhook event when a user role is updated

    Tailscale v1.36.2

    Update instructions
    macOS
  • Fixed: Prevent using an exit node while being an exit node
  • Fixed: Improve detection of default interface
  • Fixed: Improve detection of default interface
    • Windows
  • Fixed: Improve clean out of registry entries during upgrade

    • Billing admin

    Read more
    • New: Billing admin role to manage pricing plan and billing information, but not modify other tailnet settings
    • Changed: All users with the Admin role can manage pricing plan and billing information
    • Changed: Configuration audit logging no longer includes "Update billing owner for tailnet" events. Changes to Billing admin roles are included in "Update role for user" events

    Webhook events when a webhook is updated or deleted

    • New: webhookUpdated and webhookDeleted events are now generated when a webhook is updated or deleted. These events are subscribed by default and cannot be disabled.

    Device authorization is now called Device approval

    • Changed: " Device approval " replaces "Device authorization" as the name of the feature in the General settings page of the admin console
    • Changed: " Needs approval " replaces "Needs authorization" in the Disabled filter of the Machines page
    • Changed: " Pre-approved " replaces "Pre-authorized" in the Generate auth key dialog of the Keys page
    • Changed: "nodeApproved" replaces "nodeAuthorized" in webhook events
    • Changed: "nodeNeedsApproval" replaces "nodeNeedsAuthorization" in webhook events
    • Changed: "Enable device approval for tailnet" replaces "Enable device authorization for tailnet" in Configuration audit logging events
    • Changed: "Disable device approval for tailnet" replaces "Disable device authorization for tailnet" in Configuration audit logging events
    • Changed: "Approve node" replaces "Authorize node" in Configuration audit logging events

    get-authkey utility

    Tailscale v1.36.1

    Update instructions
    All Platforms
  • Fixed: Potential infinite loop when node key expires
    • macOS
  • Fixed: Handle starting the app before network interfaces are ready
  • Fixed: Handle starting the app before network interfaces are ready
  • Fixed: Get Status intent will not connect the VPN
    • Windows
  • Fixed: Potential crash in netstat handling
  • Fixed: Windows 7 checks for KB2533623

    • Feature invite logs no longer include acceptor

    Tailscale v1.36

    Update instructions
    All Platforms
  • New: --json flag for the tailscale lock status and tailscale lock log commands
  • New: --json flag for the tailscale version command
  • New: tailscale update command to update client
  • New: tailscale debug daemon-logs to watch server logs
  • Changed: tailscale status --json now includes KeyExpiry time and Expired boolean on nodes
  • Changed: tailscale version now advertises when you're on the unstable (dev) track
  • Changed: (Unix platforms) When /etc/resolv.conf needs to be overwritten for lack of options, a comment in the file now links to https://tailscale.com/s/resolvconf-overwrite
  • Fixed: Tailscale SSH : SSH to tailscaled as a non-root user works again, as long as you only SSH to the same user that tailscaled is running as
  • Fixed: Handle cases where a node expires and we don't receive an update about it from the control server ( #6929 and #6937 )
  • Fixed: Support UPnP port mapping of gateway devices where they are deployed as a highly available pair ( #6946 )
  • Fixed: Support arbitrary IP protocols like EOIP and GRE ( #6423 )
  • Fixed: Exit node handling of a large number of split DNS domains ( #6875 )
  • Fixed: Accept DNS-over-TCP responses up to 4K bytes ( #6805 )
    • Linux
  • New: Add build support for Loongnix CPU architecture
  • Changed: Improved throughput performance on Linux ( #6663 )
    • macOS
  • New: Tailscale actions (connect, disconnect, switch profile, use exit node) are available in the Shortcuts app (read the blog post )
  • Fixed: Tailscale traffic looping upon certain sleep/resume/Wi-Fi change transitions ( #5156 )
  • New: Tailscale actions (connect, disconnect, use exit node) are available in the Shortcuts app
  • Fixed: Tailscale using cellular data even after Wi-Fi becomes available ( #6565 )
    • Windows
  • Changed: Add a more robust mechanism to remove WinTun ( #6433 )
  • Changed: Update taskbar menu radio button implementation
    • Android
  • Changed: New version of the Gio UI library with internationalization and accessibility fixes
  • Changed: Allow Sonos app to discover local devices while Tailscale is connected
    • Synology
  • New: Show whether outgoing connections are configured in the web UI
    • Containers
  • New: Run in a Kubernetes environment without setting TS_KUBE_SECRET ( #6704 )
    • OpenBSD
  • New: Tailscale SSH runs on OpenBSD

    • Login page interstitial to confirm node authentication

    • New: The Tailscale login page ( https://login.tailscale.com ) describes the action taking place, such as adding a new device or authorizing SSH access. For some actions, like adding a new node, a second redirection page will be used as a confirmation step.

    Self-request access to Tailscale Funnel

    Tailscale v1.34.2

    Update instructions
    Linux
  • Fixed: Handling of a very large number of SplitDNS domains with an exit node
    • macOS
  • Fixed: UI glitch with macOS 10.14 and 10.13
    • Windows
  • Fixed: Custom server URL from registry key support
    • Synology
  • Fixed: Crashes manifesting on ARM-based platforms and models with very old kernels

    • Tailscale v1.34

    Update instructions
    All Platforms
  • New: tailscale switch command to switch between accounts using fast user switching
  • New: tailscale login command to login with a specified account
  • New: tailscale set command to modify configuration settings without needing to repeat the others
  • New: tailscale lock command to manage tailnet lock for your tailnet
  • New: Additional 4via6 DNS name format, Q-R-S-T-via-X (or Q-R-S-T-via-X.yak-bebop.ts.net ), for systems that required dashes instead of dots
  • Changed: Display decoded punycode hostnames in status list
  • Changed: Warn in tailscale status health and tailscale up if there are nodes advertising routes but --accept-routes=false
    • Linux
  • New: Add fast user switching using tailscale login and tailscale switch
  • Changed: Warn in tailscale status health if something else overwrites /etc/resolv.conf
    • macOS
  • New: Add fast user switching by selecting the desired tailnet from the Tailscale icon in the menubar, or via the tailscale login and tailscale switch commands
    • Windows
  • New: Add fast user switching by selecting the desired tailnet from the Tailscale icon in the taskbar, or via the tailscale login and tailscale switch commands
  • New: Use named pipes to communicate between UI and Service
  • Changed: Move state storage responsibility from frontend to backend. The current state is migrated, this should not be a noticeable change.
  • Changed: Switch to wingoes for OLE support, use multithreaded apartment
  • Changed: Received Taildrop files get placed in the C:\Users\(username)\Downloads directory (previously they were placed in the C:\Users\(username)\Desktop directory)
    • Android
  • Fixed: Allow Sonos app to discover speakers on the local LAN
    • Synology
  • Fixed: Better detect DSM version, locate local socket correctly
    • Containers
  • Changed: Replace run.sh with cmd/containerboot
    • FreeBSD
  • New: Support for Tailscale SSH (Thanks Pat Maddox!)

    • Tailscale v1.32.3

    Update instructions
    All Platforms
  • Fixed: Security vulnerability in the Windows client that allows a malicious website to reconfigure the Tailscale daemon tailscaled , which can then be used to remotely execute code ( CVE-2022-41924 , TS-2022-004 )
  • Fixed: Security vulnerability in the client that allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables ( CVE-2022-41925 , TS-2022-005 )
    • Windows
  • Changed: Set Zone.Identifier alternate data stream for Taildrop files
    • macOS
  • Changed: Set com.apple.quarantine flag for Taildrop files

    • Webhook event payload additions

    • New: The actor is included in all webhook event payloads
    • New: The key expiration time is included in payloads for expiration-related events
    • Changed: Slack messages generated for webhook events now have timestamps formatted in the local timezone of the user viewing the message

    Tailscale v1.32.2

    Update instructions
    All Platforms
  • Changed: Substantially improve userspace-networking handling of packet loss
    • macOS
  • Fixed: Fix a crash impacting some macOS systems ( #6065 )
    • Android
  • Fixed: Fix a 4-in-6 DNS problem mainly impacting Android (fixed by Peter Cai) ( #5698 )

    • Ability to change tailnet fun name

    Webhooks

    Read more
    • New: Use webhooks to subscribe to certain events on your tailnet and process the event notifications through an integration or app

    Tailscale v1.32.1

    Update instructions
    All Platforms
  • Fixed: Avoid crash in tailscale netcheck ( #5919 )
    • macOS
  • Fixed: Avoid a condition which can result in high CPU consumption ( #5879 )
  • Fixed: Fix Taildrop failures when sending many files ( #5873 )
  • Fixed: Fix Taildrop failures when sending many files ( #5873 )
    • Windows
  • Fixed: Correct IPv6 MTU setting ( #5914 )

    • Customizable expiry for keys

    Fully qualified domain name in API responses

    • Changed: In output of Tailscale API calls, a machine's name uses the fully qualified domain name based on the tailnet name , instead of the previous format based on the organization name . For example, a machine name in API output is now my-server.yak-bebop.ts.net instead of my-server.example.com . This is a display-only change and doesn't modify the name of any machines.

    Tailnet name changed

    • Changed: Tailnets use .ts.net instead of .beta.tailscale.net for the tailnet name
    • To avoid publicizing your organization name, Tailscale provides you with a tailnet name, which is used by features like MagicDNS, HTTPS, and sharing. The tailnet name is visible in the DNS page of the admin console.
    • Previously, you might have used a name ending in .beta.tailscale.net . If so, migrate to the new tailnet name. The existing beta.tailscale.net name remains supported until at least November 1, 2023.
    • What we previously called the tailnet name is now called the organization name. The organization name is used by the Tailscale API, and is visible in the Settings page of the admin console.

    NextDNS

    Read more

    Tailscale v1.32.0

    Update instructions
    All Platforms
  • New: Support NextDNS
  • New: Add tailscaled --no-logs-no-support (or TS_NO_LOGS_NO_SUPPORT=true environment variable)
  • New: tailscale bugreport --record flag to pause and write another bug report
  • Changed: More in-depth health checks in a bugreport
  • Changed: tailscale netcheck looks for a captive portal
  • Changed: Build with Go 1.19.2
  • Fixed: IP fragmentation handling as an exit node
  • Fixed: SSH inadvertently closing tmux/etc panes at disconnect
  • Fixed: Always respond to 4via6 ICMP echo requests
  • Fixed: Normalize more process names in Services report
    • Linux
  • New: Coexist with mwan3 package iptables rule fwmark masks, for OpenWRT
  • New: Add an eBPF helper to pass the first packet on a new flow up to tailscaled
  • Changed: Better detect when running in a container
    • macOS
  • Fixed: Incorrect list of Taildrop target devices
    • Windows
  • New: Log Windows service diagnostics when the wintun device fails to install
  • Fixed: Incorrect list of Taildrop target devices
    • Android
  • Changed: Show an error when unable to accommodate multiple users
    • Synology
  • New: envknob support
  • Fixed: Configure-host version parsing

    • DNS entries for DERP regions for firewalls

    • New: Per-DERP-region DNS entries, such as derp1-all.tailscale.com , available for firewall allowlists or other compliance requirements

    Key type embedded in keys

    • Changed: Key type is embedded in new keys, for example, tskey-auth-012345abcdef instead of tskey-012345abcdef

    Check mode supported for nodes provisioned with an auth key

    Tailscale v1.30.2

    Update instructions
    All Platforms
  • Fixed: IPv6-mapped-IPv4 addresses in STUN responses
  • Changed: Better detect when running in a container

    • Tailscale v1.30.1

    Update instructions
    All Platforms
  • Fixed: Exit nodes in userspace-networking mode break Chrome v.104 or later IPv6 connectivity
  • Fixed: SIGINT when running in a container without job control

    • Tailscale v1.30

    Update instructions
    All Platforms
  • New: Use DNS-over-HTTPS for Mullvad DNS servers
  • New: Report whether a subnet router is running in userspace-networking or kernel mode
  • New: send Tailscale client version number in ACME requests (to Let's Encrypt, for example)
  • New: Report whether host kernel supports IPv6
  • New: Add tailscale licenses with link to open source licenses
  • Changed: Delete node immediately if tailscaled exists and was using mem: state storage
  • Changed: tsnet ephemeral nodes will delete themselves on Close()
  • Changed: Add a timeout when writing to BIRD socket
  • Changed: Clients can use Noise with any HTTPS port with capver 39 (mainly for Headscale)
  • Fixed: 100.100.100.100 will respond with SERVFAIL if there are no upstream resolvers
    • Linux
  • Fixed: Gracefully handle restarts in resolved support
    • macOS
  • Changed: Report variant (App Store, system extension) in the about box
  • Fixed: Fix missing IP address display in the status menu
    • Windows
  • New: Add native ARM build for backend Tailscale service (only in NSIS installer in this release)
  • Changed: Update Proxy support
  • Changed: Notice when group policy entries change and move our NRPT rules between the local and group policy subkeys as needed
  • Fixed: Avoid 2.3 second DNS lookup delay when Smart Name Resolution is enabled by adding MagicDNS names to hosts file
  • Fixed: Disable NetBIOS nameservice on Tailscale interfaces
  • Fixed: Fix potential crash in notification handling
  • Fixed: Fix dismissing of error indication if a bugreport fails
    • Android
  • New: Allow coordination server URL to be set. Click the Authentication menu three times quickly to enable
  • Fixed: Fix Google Stadia, Android Auto, GoPro, and Messages RCS with the VPN active
    • Synology
  • Fixed: Fix /dev/net permissions in tailscale configure-host
    • OpenBSD
  • New: Support functioning as a subnet router or exit node using hybrid netstack mode
    • Other
  • Fixed: Accommodate shared nodes in nginx-auth
  • Fixed: Fix race in derper (Custom DERP servers) with manual certificates

    • Share invite links without a label

    • Changed: Invite links for sharing a device are automatically generated and copied, and no longer requires a label to be generated

    OneCGNATRoute setting, custom derp server upgrade

    • New: The network policy options section in ACLs now contains the OneCGNATRoute setting which controls the routes that Tailscale clients will generate
    • Fixed: Bug that can cause slow connects and a crash in a custom DERP server in manual cert mode (not using Let's Encrypt). We encourage you to upgrade your derper binary. If you use the default Let's Encrypt mode, no action is required

    pfSense

    Tailscale v1.28

    Update instructions
    All Platforms
  • New: Add ExitNodeStatus to tailscale status --json
  • Fixed: Fix tailscale ping -c N to properly exit after N ping requests even if there are timeouts
  • Changed: MagicDNS recursive resolution now returns SERVFAIL if all upstream resolvers fail
  • Changed: portmapper: Send discovery packet for IGD specifically, some routers don't respond to ssdp:all
    • Linux
  • Changed: Implement specific DNS support for AWS, Google Cloud, and Azure to add internal split DNS domain and fallback DNS
    • macOS
  • Changed: Use one large 100.64.0.0/10 route entry if there are no other interfaces using CGNAT, to avoid Network Changed errors in browsers where possible
    • Windows
  • Fixed: Suppress nonfunctional link-local IPv6 addresses on Tailscale interface, PowerShell ping (hostname) now works correctly
  • Changed: Set registry values to not send DNS changes concerning our interface to AD domain controllers
  • Changed: Update Windows split DNS settings to work alongside other NRPT entries set by group policy
  • Changed: Set AllowSameVersionUpgrades attribute on MajorUpgrade tag in Windows MSI script
  • New: Add portmapper support for NAT-PMP, PCP, UPnP
  • New: Add MagicDNS support for TCP
  • Changed: The minimum iOS version is now iOS 15, which makes substantially more memory available (the App Store will offer Tailscale 1.26.2 for iOS 13 and 14 devices)
    • Android
  • New: Android can now be an exit node (previously available but hidden)

    • Tailscale v1.26.2

    Update instructions
    All Platforms
  • Fixed: tailscaled being able to restart while mosh-server is running from an SSH session
  • Fixed: Make tailscale up --operator="" clear a previously set operator
    • Linux
  • Fixed: Tailscale SSH support with Arch Linux
    • macOS
  • Changed: Limit SSH login to 16 groups
    • Windows
  • Changed: Make SSH command prefer Windows ssh.exe over PATH
  • Changed: Try harder to notify for SSH check mode

    • 4via6 subnet routers

    DNS records for shared devices

    • Fixed: Sharing a device with a tailnet domain alias now lets the share recipient also use the shared device's *.ts.net DNS name

    Tailscale SSH

    • New: Use Tailscale SSH to allow Tailscale to manage the authentication and authorization of SSH connections in your tailnet ( beta )
    • Changed: Default ACL now allows users to access their own devices using Tailscale SSH with check mode . This only affects tailnets with default ACLs, including new tailnets and tailnets which have never modified their ACLs

    Tailscale v1.26

    Update instructions
    All Platforms
  • New: Add --peerapi <peer> flag in tailscale ping to check connectivity to a peer using the PeerAPI
  • New: Add --timeout <duration> flag in tailscale up to enforce a maximum amount of time to wait for the Tailscale service to initialize
  • New: Allow LoginInteractive via LocalAPI
  • New: MagicDNS supports DNS/TCP and handling IP fragmented UDP frames
  • New: Add an overall 10 second timeout for recursive MagicDNS queries
  • New: Add Wake-on-LAN function to PeerAPI. There is no UI for it currently.
  • New: Provide /run.sh as an entrypoint for Docker container builds
  • Fixed: Configured MTU is now consistent between a TUN device and a userspace device
  • Changed: Refactor tailscale.com/client/tailscale package with LocalClient type
  • Changed: Change MagicDNS "via route" DNS names from "via-SITEID.10.2.3.4" to "10.2.3.4.via-SITEID". The old format will continue to work for the next one or two releases.
  • Changed: Build with Go 1.18.3
    • macOS
  • New: Tailscaled-on-macOS now supports MagicDNS, including Split DNS
  • New: Initial release of a standalone macOS client, which is independent of the App Store, in the stable track
    • Windows
  • New: Add TS_NOLAUNCH property to allow admins to deploy silent MSI installs without automatically starting the GUI
  • Fixed: MagicDNS lookup of own hostname
  • Fixed: Handle more than 50 Split DNS domains
  • Fixed: Resolve one source of shutdown delay (there may still be more)
    • Synology
  • New: Allow the NAS disks to hibernate by moving telemetry buffering to tmpfs
  • Changed: Improve HTTP proxy handling
  • New: Bug report menu option in the UI

    • Search, role filtering, and pagination now supported in the Users page

    • New: Search for users and filter based on user role in the Users page
    • New: Pagination when user list is large in the Users page

    Autogroup:members as a tag owner

    • New: autogroup:members as a tag owner , to enable device tagging by any user who is a direct member (not a shared user) of the tailnet

    Format ACLs when saving

    • New: ACLs are automatically formatted when saved from the Access controls page of the admin console or the API

    Tailscale v1.24.2

    Update instructions
    All Platforms
  • Fixed: Handling of HTTP proxies in certain circumstances
  • Fixed: An issue where the new control plane protocol could fail to make a connection to our servers ( #4557 )
    • Synology
  • Fixed: Additional fix in handling of HTTP proxies

    • Tailscale v1.24.1

    Update instructions
    All Platforms
  • Fixed: Two issues where the new control plane protocol could fail to make a connection to our servers ( #4544 , #4538 )
  • Fixed: Set TCP keep-alives in userspace-networking subnet router to avoid connection leaks ( #4522 )
  • Fixed: Avoid using the LTE radio after transition to Wi-Fi

    • Tailscale v1.24

    Update instructions
    All Platforms
  • New: Initial support for site-relative IPv4 addressing using IPv6
  • New: First for-keepsies deployment of ts2021 protocol
  • New: tsnet now supports providing a custom ipn.StateStore
  • Fixed: Improve netstack performance via better GC tuning
  • Fixed: MagicDNS: PTR records for TS service IPs
  • Changed: Build with Go 1.18
    • Linux
  • New: taildrop: add file get --loop
  • New: taildrop: add file get --conflict=(skip|overwrite|rename)
  • Changed: Default to userspace-networking mode on gokrazy
  • Changed: Set tailscale0 link speed to UNKNOWN, not 1Gbps
  • Changed: Attempt to load the xt_mark kernel module when it is not present
    • Windows
  • Fixed: Improve HTTPS proxy handling
    • Synology
  • Fixed: Improve HTTPS proxy handling
    • Android
  • New: Android TV support
  • Fixed: Fix and reintroduce Talkback support
    • FreeBSD
  • Fixed: Portmapping support

    • ACL tests now support group in syntax

    • New: ACL tests now support group as an option for the src field, and as the host portion of the accept and deny fields.

    ACL tests now support accept/deny syntax

    • New: Policy syntax for ACL tests now supports accept / deny in addition to allow / deny when specifying destinations that the ACL rules should accept or deny.

    Tailscale v1.22.1

    Update instructions
    All Platforms
  • Fixed: In userspace-networking mode, always close SOCKS proxied connections
    • Linux
  • Fixed: Better operation with gokrazy
    • macOS
  • Fixed: Fix macOS GUI "Must restart" dialog in some cases
    • Windows
  • Fixed: Fix a Windows NSIS installer bug when upgrading
    • FreeBSD
  • Fixed: Fix portmapping

    • Auto Approvers for routes and exit nodes

    Read more

    Tailscale v1.22

    Update instructions
    All Platforms
  • New: DERP Return Path Optimization (DRPO), allows a pair of nodes in different DERP regions to connect more quickly by only requiring one side to connect to the other, cutting down some DERP setup latency
  • New: tailscaled --state=mem: registers as an ephemeral node and does not store state to disk
  • New: tailscale status --json now shows Tags and PrimaryRoutes for Peers. PrimaryRoutes shows whether a HA subnet router is currently the active one.
  • New: tailscale status --json | jq .TailnetName will show the name of the tailnet
  • New: The optional tailscaled debug server's Prometheus metrics exporter now also includes Go runtime metrics
  • New: tailscaled supports a new TS_PERMIT_CERT_UID environment variable containing either a userid or username to allow to fetch Tailscale TLS certificates for the node. This environment variable can be set in /etc/default/tailscaled to permit non-root web servers on the local machine to fetch certs from tailscaled .
  • Fixed: Send heartbeats less often, saving some battery, matching v1.20 change on mobile platforms.
  • Changed: --auth-key and --authkey both work as tailscale up arguments
    • Linux
  • Fixed: More robust detection of systemd-resolved
  • Fixed: Efficiently parse extremely large /proc/net/route files
  • Fixed: Be more helpful in suggesting tailscale --operator=USER to use with Taildrop
  • Fixed: Some broken host DNS configurations are now detected and reported in tailscale status
    • Windows
  • New: MSI installer
  • Fixed: Reject SIDs from deleted/invalid security principals to avoid failed to look up user from userid error
    • Synology
  • Changed: Add /var/packages/Tailscale/target/bin/tailscale configure-host to restore needed permissions. We recommend adding this as a scheduled task at boot.

    • ACL rules now support src/dst syntax

    • New: Policy syntax for ACL rules now supports src / dst in addition to users / ports when referring to sources and destinations

    Preview rules bug fixes

    • Fixed: Preview rules in the admin console does not confuse access for tagged nodes with other tagged nodes ( #3957 )
    • Fixed: Preview rules no longer shows autogroup:self for all tagged nodes
    • Fixed: Preview rules no longer shows an error if there is an autogroup:self rule

    Pre-authorized auth keys

    Tailscale v1.20.4

    Update instructions
    All Platforms
  • Fixed: DNS lookups via an exit node in many cases
    • Linux
  • Fixed: Better handling of extremely large /proc/net/route files for very large routers
  • Fixed: BGP advertisement with subnet router failover
    • OpenBSD
  • Fixed: openresolv /etc/resolv.conf handling

    • Tagged devices are managed by a tag, not a user

    • Changed: A device tagged with an ACL tag is associated with the tag applied to it, not with the user who authenticated the device
    • Changed: Tagged devices are listed under "Tagged Devices" in the list of Network devices in Tailscale clients
    • Changed: Users cannot use Taildrop to send files to and from nodes they have tagged
    • Fixed: A user without any nodes can be specified as part of an ACL test

    Tailscale v1.20

    Update instructions
    All Platforms
  • New: When using an exit node, DNS queries will be forwarded to the exit node for resolution
  • New: tailscaled now allows running the outgoing SOCKS5 and HTTP proxies on the same port.
  • New: SOCKS5/HTTP proxies now allow connecting via subnet routers & exit nodes when run in userspace-networking mode
  • New: More debug metrics available
  • New: tailscale ip -1 flag
  • New: CLI now lets you select exit node by name
  • New: CLI now shows you which nodes are offering exit nodes
  • New: CLI now refuses to let you pick an invalid exit node (when connected)
  • New: Packet filter now supports matching any IP protocol number when enabled in ACLs (previously only TCP, UDP, ICMP and SCTP)
  • New: Added Online boolean to tailscale status --json , made tailscale status show offline nodes
  • New: Added tailscale up --json
  • Fixed: MagicDNS now works over IPv6 when CGNAT IPv4 is disabled using disableIPv4: true in ACL
  • Fixed: Choose a new DERP relay server if the current DERP is removed from the DERPmap
  • Fixed: Bug fixes, cleanups, log spam reduction
    • Linux
  • Changed: tailscale file cp sends via the local tailscaled now, so it now supports tailscaled running in tun-free, userspace-networking mode (such as on Synology DSM7 unless you enable TUN mode )
    • Windows
  • New: GUI support for running an exit node
    • macOS
  • New: GUI support for running an exit node
  • Changed: Send heartbeats less often to conserve battery
    • Android
  • New: Talkback support
  • New: Menu selection to generate a bug report
  • New: "Allow LAN Access" checkbox in Exit Node menu
  • Changed: Send heartbeats less often to conserve battery
  • Changed: Implement DNS config reporting
  • Changed: No longer require fallback DNS to be configured in admin console
  • Fixed: Report in the UI when connectivity is lost; this functionality was present but broken in prior releases
    • FreeBSD
  • Fixed: Now supports running in a jail (if devd isn't available, it falls back to network status polling mode)

    • Tailscale v1.18.2

    Update instructions
    All Platforms
  • New: Permit protocols other than TCP, UDP, or SCTP if an ACL rule has a proto specified and allows * port range
  • Fixed: Exit node selection takes effect (almost) immediately
    • Linux
  • Fixed: In DNS DirectManager, allow comments at the end of a line
  • Fixed: Don't get stuck waiting for systemd-resolved to restart in one particular DNS configuration
    • Synology
  • New: Receive Taildrop files

    • Autogroup:self

    • New: ACLs can now use autogroup:self to write access rules to allow access to devices authenticated as the same user as the source IP address

    Tailscale v1.18.1

    Update instructions
    Linux
  • Fixed: Regressions on some kernel configs related to our direct use of netlink rather than using the ip command to program routes and policy routing

    • Tailscale v1.18

    Update instructions
    All Platforms
  • New: tailscaled debug server now exports Prometheus metrics at /debug/metrics
  • Fixed: Improved UPnP discovery so that eero devices now work, allowing a port to be opened for direct connections (also in 1.16.2)
  • Fixed: State machine transition regarding expired key extension
  • Changed: If unable to upload telemetry, limit amount buffered to 50MB
  • Changed: Retry more transient DNS errors, instead of passing the failure back to the client
    • Linux
  • New: Support storing Tailscale state using AWS SSM (for example, tailscaled -state arn:aws:ssm:eu-west-1:123456789:parameter/foo ) (thank you Maxime Visonneau)
  • Fixed: If resolvconf wrote /etc/resolv.conf but pointed it to systemd-resolved , use systemd-resolved for DNS not resolvconf
  • Fixed: If NetworkManager wrote /etc/resolv.conf but pointed it to systemd-resolved , use systemd-resolved for DNS not NetworkManager
  • Fixed: Handle /etc/resolv.conf being a bind mount into a container, such that we cannot rename() it.
  • Fixed: Work around Ubuntu 18.04 setLinkDomain length limit by omitting reverse lookup information
  • Changed: Use AF_NETLINK messages to configure IP, not the ip command. Set TS_DEBUG_USE_IP_COMMAND environment variable to revert to use of /sbin/ip if this breaks your device
  • Changed: On iOS 15+, where Network Extensions have more memory available, allow the same number of DNS-over-HTTPS requests in flight as other platforms
    • Synology
  • Changed: Only use AmbientCaps on DSM7+

    • IPv4 addresses for ephemeral nodes

    • Changed: Ephemeral nodes now have both IPv6 and IPv4 addresses

    Authentication settings

    Read more

    Tailscale v1.16

    Update instructions
    All Platforms
  • New: Support storage of node state as a Kubernetes secret.
  • New: tailscale up --authkey=file:/path/to/secret support
  • New: tailscale up --qr for QR codes
  • New: tailscaled in userspace-networking mode can now run an HTTP proxy server (in addition to the prior SOCKS5 proxy server support)
  • Fixed: No longer need the while tailscale up; do sleep 0.1; done loops in Docker startup scripts.
  • Fixed: CPU/memory profiling support in tailscale debug
  • Fixed: Bake in LetsEncrypt's ISRG Root X1 root (also in 1.14.6)
    • Linux
  • Fixed: Support containers with !CAP_NET_RAW and !CAP_NET_ADMIN (like CircleCI runners)
  • Fixed: Service (portlist) scanning optimized; uses much less CPU on busy servers
    • Windows
  • Fixed: Move state to C:\ProgramData (also in 1.14.4)
    • macOS
  • Fixed: Super rare Wireguard packet loop network flood when using a DNS server behind a subnet router, when a macOS device resumes from sleep and the network changes (also iOS, but triggers less there). Fixes {{< issue id="1526" >}} (also in 1.14.6)
  • Fixed: Turn the radio on less often to improve battery performance
    • Android
  • Fixed: Support Taildrop on older Android releases
  • Fixed: Turn the radio on less often to improve battery performance

    • Service Updates

    Update instructions
    All Platforms
  • Changed: Include Let's Encrypt's ISRG Root X1 root as an alternate to try if the platform roots fail
  • Changed: If tailscale cert fails because it needs to be run as root, say so.
  • Fixed: Avoid looping packets in tstun, believed to fix {{< issue id="1526" >}}
  • Fixed: Allow SOCKS5 proxy for --tun=userspace-networking to dial the HTTPS domain name of the Tailnet
  • Fixed: Ensure state directory is set to perm 0700.
  • Changed: Ignore ipsec link monitor events for iOS to avoid waking the system

    • Service Updates

    Update instructions
    Windows
  • Changed: Move state files from C:\Windows to C:\ProgramData, to better handle Windows
    • Synology
  • Fixed: Fix segfaults shortly after starting, resolves {{< issue id="2733" >}}

    • Tailscale v1.14.3

    Update instructions
    All Platforms
  • Changed: tailscale up will wait for the socket to tailscaled to be created, not exit with an error. It should no longer be necessary to run it in a loop.
  • Fixed: Crash in TCP forwarding with userspace-networking; resolves {{< issue id="2658" >}}
    • Windows
  • Fixed: Default route lookup on Windows; resolves {{< issue id="2707" >}}

    • Note: v1.14.1 and v1.14.2 were never released.

     
    推荐文章
    潇洒的硬币  ·  脾气_百度百科
    5 天前
    打酱油的槟榔  ·  李庆远_百度百科
    4 月前
    帅气的水桶  ·  青花瓷传统纹样及寓意大全_图案
    1 年前
    满身肌肉的鸭蛋  ·  重磅!中国生物研发的复制缺陷型猴痘疫苗临床试验申请获受理_手机 ...
    1 年前
    千年单身的灌汤包  ·  胚胎干细胞:是耶非耶?----中国科学院
    1 年前
    Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
    小百科 - 百科知识指南