tailscale

Allow the current user to operate on the Tailscale daemon

$ sudo tailscale set --operator $USER

$ tailscale up

$ tailscale down

$ tailscale status

$ tailscale ping [ip|hostname]

$ tailscale netcheck

$ tailscale web

$ tailscale bugreport

tailscale [global-options] <command> [command-options] [arguments]

--json
    Output results in JSON format, useful for scripting and programmatic parsing.

--socket <path>
    Specify the path to the Tailscale daemon's control socket. Useful if the default location is not desired or multiple daemons are running.

--verbose
    Enable verbose logging to standard error, providing more detailed information about the command's execution.

--debug
    Enable extensive debugging output to standard error, providing the most detailed logs for troubleshooting (implies --verbose).

The tailscale command-line tool is the primary interface for managing the Tailscale client on Linux systems. Tailscale is a zero-configuration VPN that establishes a secure mesh network using the WireGuard protocol. It connects devices, servers, and cloud instances seamlessly and securely, regardless of their location or network. Unlike traditional VPNs, Tailscale focuses on creating direct peer-to-peer connections whenever possible, enhancing performance and reducing latency. It leverages your existing identity provider (e.g., Google, Microsoft Entra ID, GitHub) for authentication, simplifying access control. The command allows users to bring their Tailscale interface up or down, view network status, manage services, generate TLS certificates, and perform various network-related diagnostics within their private Tailscale network. It automates firewall and routing configurations, making complex network setups accessible for remote work, cloud infrastructure, and personal use.

The tailscale command requires the Tailscale daemon (tailscaled) to be running in the background to function. Initial device authentication typically involves a web browser for logging in with an identity provider. Network connectivity is essential for the daemon to communicate with Tailscale's coordination servers and other peers. Proper firewall rules must allow WireGuard traffic (UDP port 4164) for peer-to-peer connections.

The tailscale command primarily operates through subcommands, each managing a specific aspect of the Tailscale client. Users typically interact with these subcommands to control the VPN connection and network settings.

up: Authenticates the device and brings the Tailscale network interface up, connecting to your network.
down: Shuts down the Tailscale network interface, disconnecting from your network.
status: Displays the current connection status, including connected peers, their IP addresses, and network health.
ip: Shows the Tailscale IP addresses assigned to the local device.
netcheck: Reports on the network environment, including NAT type and connectivity to Tailscale relays.
login: Initiates the web-based authentication flow to add your device to your Tailscale network.
logout: Disconnects the device from the Tailscale network and logs it out.
serve: Configures local services to be exposed securely on your Tailscale network.
cert: Manages TLS certificates issued by Tailscale for your device.

Tailscale was founded in 2019 by a team of engineers, with a vision to simplify secure network access. It quickly gained prominence by building upon the robust and efficient WireGuard protocol, adding a crucial layer of identity-aware access control and zero-configuration setup. Its focus on user experience, seamless integration with existing identity providers, and the ability to establish direct peer-to-peer connections has made it a leading solution for modern remote access and private networking, rapidly evolving its features and adoption since its inception.

wireguard(8), ip(8), wg(8), ssh(1), netstat(8)