NOTE 21-Jan-2024: rollout of 1.58.0 has been paused while we investigate reports of a problem in handling portmap responses.
All Platforms
- portmap: check the epoch from NAT-PMP & PCP, establish new portmapping if it changes
- portmap: better handle multiple interfaces
- portmap: handle multiple UPnP discovery responses
- increase the number of 4via6 site IDs from 256 to 65,536
- taildrop: allow category Z unicode characters
- increased binary size with 1.56 is resolved in 1.58
- Reduce home DERP flapping when there's still an active connection
- device web ui: fixed issue when accessing shared devices
- device web ui: fixed login issue when accessed over https
Windows
- find the full path to
netsh.exe - add ADMX policy descriptions
- remove vestigial wintun support which broke Chocolatey install at some sites
- fix goroutine leak in winMon if the monitor is never started
- fix "This package requires Windows 10 or newer" with Uninstall or Repair from the .msi file
- support for
tailscale set --webclient
Linux
- add shell shebang in postinstall script, fixes some Debian installs
macOS
- a new DNS Settings view shows the DNS configuration used when Tailscale is running
- onboarding flow now includes a step to ask the user to approve notifications (for key expiry notifications)
- better onboarding flow for the Standalone variant of the client, asking the user to approve the system extension if necessary
- Tailscale app can now quit without terminating the VPN tunnel by holding down the Option button and selecting “Quit (Leave VPN Active)”
- Toggle Tailscale shortcut action can be used to connect or disconnect the VPN tunnel depending on its current state
- Better compatibility with versions of macOS prior to Sonoma
- VPN tunnel now terminates upon closing the app
- Opening the About window now triggers a check for app updates
- downloadable variant of the client now checks for app updates every 72 hours
- support for
tailscale set --webclientfrom macsys build KeyExpirationNoticesystem policy now supported on macOS, to customize the time interval before a key expiration notice is displayed
iOS
- Toggle Tailscale shortcut action can be used to connect or disconnect the VPN tunnel depending on its current state
- Connectivity is no longer lost when transitioning from Wi-Fi to Cellular while an exit node is in use
- The "Sign" button in the Tailnet lock device sign view is now rendered correctly
KeyExpirationNoticesystem policy now supported on iOS, to customize the time interval before a key expiration notice is displayed
tvOS
- Improvements to persistence of the client when running in the background
Android
- better detect when active network changes
Kubernetes Operator
- introduce a new Connector Custom Resource that can be used to deploy subnet routers and exit nodes on Kubernetes
- sync operator managed labels to StatefulSet Pods
- add a Tailscale IngressClass resource
- fix extra long Service name truncation
- warn if the unsupported Ingress Exact path type is used
Containers
- add experimental support for configuring tailscale daemon using a mounted config file
- fix a bug where tailscale images contained different layer types and could not be parsed by podman/buildah