github tailscale/tailscale v0.99.0
v0.99
on GitHub

latest releases: v1.66.2, v1.66.3, v1.66.1...
3 years ago

Tailscale Backend

  • A new "Shields Up" mode offers a simple complement to ACLs. When a machine has shields up, it can connect to other Tailscale nodes, but all incoming connections are blocked.
  • The ACL subsystem supports specifying CIDR-style network prefixes as destinations. This makes it much simpler to create ACLs for subnet routers.
  • Tailscale now functions correctly in IPv6-only environments (e.g. a VPS lacking IPv4 internet access). Connectivity to IPv4-only hosts is provided through DERP.

Linux

  • Tailscale can make outbound connections through a SOCKS proxy, if such a proxy is specified in the all_proxy environment variable.
  • For advanced uses, system administrators can control the degree of automatic firewall configuration, with the --netfilter-mode flag to tailscale up. Setting this flag to "off" disables all management of netfilter. "nodivert" creates and manages Tailscale sub-chains, but leaves the calling of those chains up to the administrator. The default is "on", meaning full management of Tailscale's rules.
    • Note that if you set --netfilter-mode to "off" or "nodivert", it is your responsibility to configure the firewall securely for Tailscale traffic. We recommend using the rules installed by --netfilter-mode=on as a starting point.
  • It is now possible to disable source NAT on subnet route traffic, with the --snat-subnet-routes=false flag on tailscale up. This allows destinations on subnets to see the Tailscale IP of the client, rather than that of the subnet router, but requires additional network configuration for return traffic.
  • tailscale up warns if --advertise-routes is requested but IP forwarding is disabled on the system.
  • The routing and firewall rules configured by Tailscale are now compatible with a wider variety of systems.
  • Subnet routing now works even in the presence of conflicting local routes (for example, being on the same LAN that another machine is advertising as a subnet route).
  • Experimental: forwarding all traffic to a single other Tailscale node should now be possible, with --advertise-routes=0.0.0.0/0. Please file bugs if you encounter any.
  • tailscale netcheck supports --format=json for machine-readable output (format not guaranteed to be stable), and --every=DURATION for periodic probing of network conditions.

Windows

  • The system tray icon now matches the Tailscale logo, and works across light and dark modes.
  • A new "Shields up" checkbox. When a machine has shields up, it can connect to other Tailscale nodes, but all incoming connections are blocked.
  • Reduced memory usage

macOS

  • A new "Shields up" checkbox. When a machine has shields up, it can connect to other Tailscale nodes, but all incoming connections are blocked.
  • Reduced memory usage

iOS

  • Various stability and memory usage improvements.

A complete list of changes can be found here: v0.98.0...v0.99.0

Check out latest releases or
releases around tailscale/tailscale v0.99.0

Don't miss a new tailscale release

NewReleases is sending notifications on new releases.

Get notifications