The easiest, most secure way to use WireGuard and 2FA.
This release is exclusively for Linux platforms and the standalone variant of the macOS client. It is not available for other platforms.
--netfilter-mode
, --snat-subnet-routes
, and --stateful-filtering
are added.We recommend updating all Tailscale clients to v1.66.0 or later to benefit from additional security improvements.
[^1]: We initially noted this as being released in 1.64.1, but that package was not uploaded incorrectly, so 1.64.2 has the actual fix.
tailscale serve
headers are now RFC 2047 Q-encodedtailscale ssh
and tailscale nc
are now supported in the Standalone variant of the client..pkg
installer no longer requires a system restart after installing the client (Standalone variant only)configure synology-cert
CLI commandtailscale configure kubeconfig
now respects KUBECONFIG
environment variable.tailscale configure kubeconfig
now works with partially empty kubeconfig
.New: Send load balancing hint HTTP request header
Fixed: Do not allow msiexec to reboot the operating system
Issue that could cause the Tailscale system extension to not be installed upon app launch, when deploying Tailscale using MDM and using a configuration profile to pre-approve the VPN tunnel (applies to standalone variant only)
Fixed: IPv6 routing
Fixed: Kubernetes operator proxies should not accept subnet routes
tailscale bugreport
command for generating diagnostic logs now contain ethtool informationManagedByOrganizationName
, ManagedByCaption
, and ManagedByURL
system policy keys are now supported.pkg
installer package is now available for the standalone release of the Tailscale client