v1.24.1

All Platforms

• fix two issues where the new control plane protocol could fail to make a connection to our servers (#4538, #4544)
• set TCP keep-alives in userspace-networking subnet router to avoid connection leaks (#4522)
• avoid using the LTE radio after transition to Wi-Fi

v1.24.0

All Platforms

• improve netstack performance via better GC tuning
• Initial support for site-relative IPv4 addressing using IPv6
• MagicDNS: PTR records for TS service IPs
• First for-keepsies deployment of ts2021 protocol
• build with Go 1.18
• tsnet now supports providing a custom ipn.StateStore.

Linux

• taildrop: add file get --loop
• taildrop: add file get --conflict=(skip|overwrite|rename)
• default to userspace-networking mode on gokrazy
• set tailscale0 link speed to UNKNOWN, not 1Gbps.
• Attempt to load the xt_mark kernel module when it is not present.

Windows

• improve HTTPS proxy handling
• fix naming in MSI installer

macOS

• fix CLI in macSys build
• make quit on termination more reliable, helps with restart after upgrade

iOS

• make quit on termination more reliable, helps with restart after upgrade

Android

• add Android TV support
• fix and reintroduce Talkback support

Synology

• improve HTTPS proxy handling

FreeBSD

• fix portmapping support

1.22.2

Linux

• fix a potential crash at startup when using BGP

Windows

• fix MSI not restarting GUI after MSI-to-MSI upgrade

1.22.1

Fixes:

• better operation with gokrazy
• Fix portmapping on FreeBSD
• In userspace-networking mode, always close SOCKS proxied connections
• Fix a Windows NSIS installer bug when upgrading
• Fix macOS GUI "Must restart" dialog in some cases

1.22.0

All Platforms

• New: DERP Return Path Optimization (DRPO), allows a pair of nodes in different DERP regions to connect more quickly by only requiring one side to connect to the other, cutting down some DERP setup latency
• New: tailscaled --state=mem: registers as an ephemeral node and does not store state to disk
• New: tailscale status --json now shows Tags and PrimaryRoutes for Peers. PrimaryRoutes shows whether a HA subnet router is currently the active one.
• New: tailscale status --json | jq .TailnetName will show the name of the tailnet
• New: the optional tailscaled debug server's Prometheus metrics exporter now also includes Go runtime metrics
• New: tailscaled supports a new TS_PERMIT_CERT_UID environment variable containing either a userid or username to allow to fetch Tailscale TLS certificates for the node. This environment variable can be set in /etc/default/tailscaled to permit non-root web servers on the local machine to fetch certs from tailscaled.
• Fixed: send heartbeats less often, saving some battery, matching 1.20 change on mobile platforms.
• Changed: --auth-key and --authkey both work as tailscale up arguments

Windows

• New: MSI installer
• Fixed: Reject SIDs from deleted/invalid security principals to avoid failed to look up user from userid error

Linux

• Fixed: More robust detection of systemd-resolved
• Fixed: Efficiently parse extremely large /proc/net/route files
• Fixed: Be more helpful in suggesting tailscale --operator=USER to use with Taildrop
• Fixed: some broken host DNS configurations are now detected and reported in tailscale status

Synology

• Changed: Add /var/packages/Tailscale/target/bin/tailscale configure-host to restore needed permissions. We recommend adding this as a scheduled task at boot.

1.20.4

• Fix DNS lookups via an exit node in many cases
• fix Openresolv /etc/resolv.conf handling
• better handle extremely large /proc/net/route files for very large routers
• fix BGP advertisement with subnet router failover

1.20.3

(only released for Synology platforms)

Fix Synology options page #3811

1.20.2

• Fix #3762, memory footprint growth in userspace-networking mode
• Fix #2642, userspace-networking will accept a TCP SYN with ECN bits set
• Fix saving resolver list for OpenBSD

1.20.1

Fix a potential deadlock in handling the DERPmap.

1.20.0

All Platforms

• New: When using an exit node, DNS queries will be forwarded to the exit node for resolution
• New: tailscaled now allows running the outgoing SOCKS5 and HTTP proxies on the same port.
• New: SOCKS5/HTTP proxies now allow connecting via subnet routers & exit nodes when run in userspace-networking mode
• New: More debug metrics available
• New: tailscale ip -1 flag
• New: CLI now lets you select exit node by name
• New: CLI now shows you which nodes are offering exit nodes
• New: CLI now refuses to let you pick an invalid exit node (when connected)
• New: Packet filter now supports matching any IP protocol number when enabled in ACLs (previously only TCP, UDP, ICMP and SCTP)
• New: Added Online boolean to tailscale status --json, made tailscale status show offline nodes
• New: Added tailscale up --json
• Fixed: MagicDNS now works over IPv6 when CGNAT IPv4 is disabled using DisableIPv4: true in ACL
• Fixed: choose a new DERP if the current DERP is removed from the DERPmap
• Fixed: bug fixes, cleanups, log spam reduction

Linux

• Changed: tailscale file cp sends via the local tailscaled now, so it now supports tailscaled running in tun-free, userspace-networking mode (such as on Synology DSM7 unless you enable TUN mode)

Windows

• New: GUI support for running an exit node

macOS

• New: GUI support for running an exit node

iOS

• Changed: Send heartbeats less often, to conserve battery

Android

• New: Talkback support
• New: Menu selection to generate a bug report
• New: "Allow LAN Access" checkbox in Exit Node menu
• Changed: Send heartbeats less often, to conserve battery
• Changed: implement DNS config reporting, no longer require fallback DNS to be configured in admin panel
• Fixed: Report in the UI when connectivity is lost; this functionality was present but broken in prior releases

FreeBSD

• Fixed: Now supports running in a jail (if devd isn't available, it falls back to network status polling mode)