New: Restrict [recommended][kb-recommended-exit-nodes] and automatically selected exit nodes using the new AllowedSuggestedExitNodes [system policy][kb-mdm-keys]. Applies only to platforms that support [system policies][kb-mdm-keys].
Changed: Improved [NAT traversal][bl-nat-traversal] for some uncommon scenarios.
Changed: Optimized [sending firewall rules to clients][kb-acls] more efficiently.
Fixed: [Exit node suggestion][kb-recommended-exit-nodes] CLI command now prints the hostname (which you can use with the [tailscale set][kb-cli-tailscale-set] command).
Fixed: [Taildrive][kb-taildrive] share paths configured through the CLI resolve relative to where you run the tailscale command.
Linux
Fixed: Switching from unstable to stable tracks using the [tailscale update][kb-cli-tailscale-update] command now works correctly.
Windows
New: Use the value auto:any to automatically select an [exit node][kb-exit-nodes] for the existing ExitNodeID [system policy][kb-mdm-keys]. Available for [Enterprise plan][co-pricing] users only.
New: The new AllowedSuggestedExitNodes [system policy][kb-mdm-keys] restricts which exit nodes Tailscale [recommends][kb-recommended-exit-nodes] or automatically selects.
Fixed: DNS leak issue.
Fixed: Switching from unstable to stable tracks using the [tailscale update][kb-cli-tailscale-update] command now works correctly.
Fixed: [Taildrive][kb-taildrive] server no longer starts unnecessarily when no drives are configured.
macOS
Note: As previously announced, Tailscale v1.70 is the last version to support macOS 10.15 Catalina. macOS 10.15 is no longer supported by Apple and no longer receives security updates. Users still running macOS 10.15 should update to a newer version of macOS to continue receiving security updates and new features.
New: Toggle Tailscale DNS from Siri or the Shortcuts app.
New: Receive health notifications in the client menu on macOS to inform you about lack of internet connectivity, firewalls blocking Tailscale, misconfiguration issues, and other issues. Health issues that affect [connectivity][kb-device-connectivity] also change the Tailscale icon in the system menubar to show an exclamation mark.
New: On MacBooks with a notch in the display, a notification window will now appear if the Tailscale icon is hidden behind the notch due to too many menubar items.
New: The Tailscale client now warns you when the built-in macOS [content filter (Screen Time)][kb-macos-screen-time] prevents Tailscale from connecting.
New: Use the value auto:any to automatically select an exit node for the existing ExitNodeID [system policy][kb-mdm-keys]. Available for [Enterprise plan][co-pricing] users only.
Changed: The exit node picker no longer presents exit node suggestions if the organization enforces always using the suggested exit node using the ExitNodeID [system policy][kb-mdm-keys].
Fixed: Disconnect shortcut no longer connects to the VPN tunnel if executed when Tailscale is disconnected.
Fixed: [Taildrive][kb-taildrive] server no longer starts unnecessarily when no drives are configured.
Fixed: Increased the reliability of the Install Updates Automatically setting.
iOS
New: Toggle Tailscale DNS from Siri or the Shortcuts app.
New: Use the value auto:any to automatically select an exit node for the existing ExitNodeID [system policy][kb-mdm-keys]. Available for [Enterprise plan][co-pricing] users only.
Fixed: [wireguard-go][xt-wireguard-go] memory pool deadlock issue is resolved.
Fixed: Disconnect shortcut no longer connects to the VPN tunnel if executed when Tailscale is disconnected.
Fixed: User interface no longer flickers when selecting an exit node.
tvOS
New: Use the value auto:any to automatically select an exit node for the existing ExitNodeID [system policy][kb-mdm-keys]. Available for [Enterprise plan][co-pricing] users only.
Fixed: [wireguard-go][xt-wireguard-go] memory pool deadlock issue is resolved.
Fixed: User interface no longer flickers when selecting an exit node.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the gomod group with 2 updates in the / directory: golang.org/x/crypto and tailscale.com.
Updates
golang.org/x/cryptofrom 0.24.0 to 0.25.0Commits
9fadb0bgo.mod: update golang.org/x dependenciesa6a393fall: bump go.mod version and drop compatibility shims1c74500ssh/test: make struct comment match struct named4e7c9cssh: fail client auth immediately on receiving disconnect messageUpdates
tailscale.comfrom 1.66.4 to 1.70.0Release notes
Sourced from tailscale.com's releases.
... (truncated)
Commits
d601f16VERSION.txt: this is v1.70.02742153cmd/k8s-operator: add a metric to track the amount of ProxyClass resources (#...646990atsweb: log once per request8882c6bipn/ipnlocal: wait for DERP before auto exit node migration35d2efdlicenses: update license noticesfc074a6client/tailscale: add the nodeAttrs section014bf25tsweb: fix TestStdHandler_panic flake0834712ipn: allow FQDN in exit node selectionfec41e4tsweb: add stack trace to panic error msgfd0acc4cmd/cloner, cmd/viewer: add _test prefix for files generated with the test bu...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show