New: Restrict [recommended][kb-recommended-exit-nodes] and automatically selected exit nodes using the new AllowedSuggestedExitNodes [system policy][kb-mdm-keys]. Applies only to platforms that support [system policies][kb-mdm-keys].
Changed: Improved [NAT traversal][bl-nat-traversal] for some uncommon scenarios.
Changed: Optimized [sending firewall rules to clients][kb-acls] more efficiently.
Fixed: [Exit node suggestion][kb-recommended-exit-nodes] CLI command now prints the hostname (which you can use with the [tailscale set][kb-cli-tailscale-set] command).
Fixed: [Taildrive][kb-taildrive] share paths configured through the CLI resolve relative to where you run the tailscale command.
Linux
Fixed: Switching from unstable to stable tracks using the [tailscale update][kb-cli-tailscale-update] command now works correctly.
Windows
New: Use the value auto:any to automatically select an [exit node][kb-exit-nodes] for the existing ExitNodeID [system policy][kb-mdm-keys]. Available for [Enterprise plan][co-pricing] users only.
New: The new AllowedSuggestedExitNodes [system policy][kb-mdm-keys] restricts which exit nodes Tailscale [recommends][kb-recommended-exit-nodes] or automatically selects.
Fixed: DNS leak issue.
Fixed: Switching from unstable to stable tracks using the [tailscale update][kb-cli-tailscale-update] command now works correctly.
Fixed: [Taildrive][kb-taildrive] server no longer starts unnecessarily when no drives are configured.
macOS
Note: As previously announced, Tailscale v1.70 is the last version to support macOS 10.15 Catalina. macOS 10.15 is no longer supported by Apple and no longer receives security updates. Users still running macOS 10.15 should update to a newer version of macOS to continue receiving security updates and new features.
New: Toggle Tailscale DNS from Siri or the Shortcuts app.
New: Receive health notifications in the client menu on macOS to inform you about lack of internet connectivity, firewalls blocking Tailscale, misconfiguration issues, and other issues. Health issues that affect [connectivity][kb-device-connectivity] also change the Tailscale icon in the system menubar to show an exclamation mark.
New: On MacBooks with a notch in the display, a notification window will now appear if the Tailscale icon is hidden behind the notch due to too many menubar items.
New: The Tailscale client now warns you when the built-in macOS [content filter (Screen Time)][kb-macos-screen-time] prevents Tailscale from connecting.
New: Use the value auto:any to automatically select an exit node for the existing ExitNodeID [system policy][kb-mdm-keys]. Available for [Enterprise plan][co-pricing] users only.
Changed: The exit node picker no longer presents exit node suggestions if the organization enforces always using the suggested exit node using the ExitNodeID [system policy][kb-mdm-keys].
Fixed: Disconnect shortcut no longer connects to the VPN tunnel if executed when Tailscale is disconnected.
Fixed: [Taildrive][kb-taildrive] server no longer starts unnecessarily when no drives are configured.
Fixed: Increased the reliability of the Install Updates Automatically setting.
iOS
New: Toggle Tailscale DNS from Siri or the Shortcuts app.
New: Use the value auto:any to automatically select an exit node for the existing ExitNodeID [system policy][kb-mdm-keys]. Available for [Enterprise plan][co-pricing] users only.
Fixed: [wireguard-go][xt-wireguard-go] memory pool deadlock issue is resolved.
Fixed: Disconnect shortcut no longer connects to the VPN tunnel if executed when Tailscale is disconnected.
Fixed: User interface no longer flickers when selecting an exit node.
tvOS
New: Use the value auto:any to automatically select an exit node for the existing ExitNodeID [system policy][kb-mdm-keys]. Available for [Enterprise plan][co-pricing] users only.
Fixed: [wireguard-go][xt-wireguard-go] memory pool deadlock issue is resolved.
Fixed: User interface no longer flickers when selecting an exit node.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps tailscale.com from 1.68.2 to 1.70.0.
Release notes
Sourced from tailscale.com's releases.
... (truncated)
Commits
d601f16
VERSION.txt: this is v1.70.02742153
cmd/k8s-operator: add a metric to track the amount of ProxyClass resources (#...646990a
tsweb: log once per request8882c6b
ipn/ipnlocal: wait for DERP before auto exit node migration35d2efd
licenses: update license noticesfc074a6
client/tailscale: add the nodeAttrs section014bf25
tsweb: fix TestStdHandler_panic flake0834712
ipn: allow FQDN in exit node selectionfec41e4
tsweb: add stack trace to panic error msgfd0acc4
cmd/cloner, cmd/viewer: add _test prefix for files generated with the test bu...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show