tailscale-set

View documentation for tailscale up

$ tldr tailscale up

tailscale set [flags]

-advertise-exit-node
    Set to 'true' or 'false' to enable/disable advertising this device as an exit node.

-advertise-routes
    Comma-separated list of IP addresses or CIDR ranges to advertise as subnets (e.g., '192.168.1.0/24,10.0.0.0/8').

-exit-node
    Specify the IP address or hostname of a remote Tailscale device to use as an exit node.

-exit-node-ip
    Specify the exact IP address of the exit node to use, if multiple IPs are available for a given exit node.

-exit-node-allow-lan-access
    Set to 'true' or 'false' to allow/disallow access to local LAN resources when using an exit node.

-hostname
    Set the device's advertised hostname within the Tailscale network.

-json-config
    Path to a JSON file containing configuration options to apply.

-key-path
    Path to a key file for pre-authenticated node setup.

-login-server
    Specify an alternative login server URL for authentication (e.g., for Headscale).

-netcheck
    Set to 'true' or 'false' to enable/disable network connectivity checks.

-override-hostsfile
    Set to 'true' or 'false' to control if Tailscale manages /etc/hosts for MagicDNS.

-shields-up
    Set to 'true' or 'false' to enable/disable the 'Shields Up' firewall feature.

-ssh
    Set to 'true' or 'false' to enable/disable the built-in Tailscale SSH server.

-up
    Set to 'true' to ensure the Tailscale interface is brought up after configuration.

-webclient
    Set to 'true' or 'false' to enable/disable the local web UI (beta feature).

-wait-engine
    Wait for the Tailscale engine to be ready before executing the command.

The tailscale set command is a crucial subcommand of the main tailscale client, designed for comprehensive configuration of a Tailscale node directly from the command line. It provides granular control over various aspects of the Tailscale client's operation, allowing administrators and users to customize network behavior, security features, and device visibility within their tailnet.

Users can leverage tailscale set to enable or disable features such as advertising the device as an exit node or advertising specific subnets (routes) to the tailnet. It can also be used to configure the device to use a remote exit node, control whether that exit node allows local LAN access, and set the device's hostname within Tailscale. Advanced configurations include specifying a custom login server, enabling or disabling the built-in Tailscale SSH server, and activating the 'Shields Up' firewall feature for enhanced security.

This command is particularly useful for scripting Tailscale deployments, automating configurations in server environments, or making quick adjustments without needing to access the web-based admin console. Changes applied with tailscale set are generally persistent across system reboots, ensuring that the desired configuration remains active. It acts as the primary interface for fine-tuning a Tailscale node's role and connectivity within the secure mesh network.

The command typically requires root privileges (using sudo) to modify system-level network configurations. Changes made with tailscale set are usually persistent across reboots. Note that 'tailscale-set' is not a standalone binary but a conceptual representation; the actual command is 'tailscale set'. Incorrect configuration, especially of routes or exit nodes, can disrupt network connectivity.

Most configurations applied with tailscale set are written to the Tailscale configuration file and persist across system reboots, ensuring that your desired network behavior is maintained without manual re-configuration.

The tailscale set command interacts directly with the running tailscaled daemon. For the changes to take effect and for the command to function correctly, the Tailscale daemon must be active and accessible.

The tailscale set command has evolved significantly as Tailscale itself has matured. Initially, some configurations might have been handled by separate commands or primarily through the web UI. As the CLI became more comprehensive, set emerged as the central, unified command for managing device-specific settings. Its feature set expanded to include options for newer functionalities like Tailscale SSH and 'Shields Up' as these capabilities were introduced into the Tailscale platform, making it an indispensable tool for automation and fine-grained control.

tailscale(8), tailscale up(8), tailscale status(8), tailscale cert(8)