tailscale

Table of Contents

All Platforms

New: DERP Return Path Optimization (DRPO), allows a pair of nodes in different DERP regions to connect more quickly by only requiring one side to connect to the other, cutting down some DERP setup latency
New: tailscaled --state=mem: registers as an ephemeral node and does not store state to disk
New: tailscale status --json now shows Tags and PrimaryRoutes for Peers. PrimaryRoutes shows whether a HA subnet router is currently the active one.
New: tailscale status --json | jq .TailnetName will show the name of the tailnet
New: the optional tailscaled debug server's Prometheus metrics exporter now also includes Go runtime metrics
New: tailscaled supports a new TS_PERMIT_CERT_UID environment variable containing either a userid or username to allow to fetch Tailscale TLS certificates for the node. This environment variable can be set in /etc/default/tailscaled to permit non-root web servers on the local machine to fetch certs from tailscaled.
Fixed: send heartbeats less often, saving some battery, matching 1.20 change on mobile platforms.
Changed: --auth-key and --authkey both work as tailscale up arguments

New: MSI installer
Fixed: Reject SIDs from deleted/invalid security principals to avoid failed to look up user from userid error

Fixed: More robust detection of systemd-resolved
Fixed: Efficiently parse extremely large /proc/net/route files
Fixed: Be more helpful in suggesting tailscale --operator=USER to use with Taildrop
Fixed: some broken host DNS configurations are now detected and reported in tailscale status

Changed: Add /var/packages/Tailscale/target/bin/tailscale configure-host to restore needed permissions. We recommend adding this as a scheduled task at boot.