All Platforms
- New: DERP Return Path Optimization (DRPO), allows a pair of nodes in different DERP regions to connect more quickly by only requiring one side to connect to the other, cutting down some DERP setup latency
- New:
tailscaled --state=mem:
registers as an ephemeral node and does not store state to disk - New:
tailscale status --json
now showsTags
andPrimaryRoutes
for Peers.PrimaryRoutes
shows whether a HA subnet router is currently the active one. - New:
tailscale status --json | jq .TailnetName
will show the name of the tailnet - New: the optional
tailscaled
debug server's Prometheus metrics exporter now also includes Go runtime metrics - New: tailscaled supports a new
TS_PERMIT_CERT_UID
environment variable containing either a userid or username to allow to fetch Tailscale TLS certificates for the node. This environment variable can be set in/etc/default/tailscaled
to permit non-root web servers on the local machine to fetch certs fromtailscaled
. - Fixed: send heartbeats less often, saving some battery, matching 1.20 change on mobile platforms.
- Changed:
--auth-key
and--authkey
both work astailscale up
arguments
Windows
- New: MSI installer
- Fixed: Reject SIDs from deleted/invalid security principals to avoid
failed to look up user from userid
error
Linux
- Fixed: More robust detection of systemd-resolved
- Fixed: Efficiently parse extremely large
/proc/net/route
files - Fixed: Be more helpful in suggesting
tailscale --operator=USER
to use with Taildrop - Fixed: some broken host DNS configurations are now detected and reported in
tailscale status
Synology
- Changed: Add
/var/packages/Tailscale/target/bin/tailscale configure-host
to restore needed permissions. We recommend adding this as a scheduled task at boot.