Tailscale
Tailscale
Get Started with Apps!
Get Started with Apps!
App Version: v1.82.0
(Changelog)
Keywords: vpn, tailscale
Train: Community
Home Page: https://tailscale.com/
Keywords: vpn, tailscale
Train: Community
Home Page: https://tailscale.com/
Tailscale Details
Added: 2024-07-30
Last Updated: 2025-04-23
Added: 2024-07-30
Last Updated: 2025-04-23
Secure remote access to shared resources
Run as Context- Tailscale runs as a root user.
Group: 0 / root
User: 0 / root
×
![Full Screenshot]()
Host Mounts
- /dev/net/tun : Network device
Security Capabilities
- Tailscale is able to perform various network-related operations.
- Tailscale is able to bind to a privileged port.
- Tailscale is able to load kernel modules.
- Tailscale is able to chown files.
- Tailscale is able to bypass permission checks for it's sub-processes.
- Tailscale is able to bypass permission checks.
App Metadata (Raw File)
{
"1.2.17": {
"healthy": true,
"supported": true,
"healthy_error": null,
"location": "/__w/apps/apps/trains/community/tailscale/1.2.17",
"last_update": "2025-04-23 17:40:39",
"required_features": [],
"human_version": "v1.82.0_1.2.17",
"version": "1.2.17",
"app_metadata": {
"app_version": "v1.82.0",
"capabilities": [
{
"description": "Tailscale is able to perform various network-related operations.",
"name": "NET_ADMIN"
},
{
"description": "Tailscale is able to bind to a privileged port.",
"name": "NET_RAW"
},
{
"description": "Tailscale is able to load kernel modules.",
"name": "SYS_MODULE"
},
{
"description": "Tailscale is able to chown files.",
"name": "CHOWN"
},
{
"description": "Tailscale is able to bypass permission checks for it's sub-processes.",
"name": "FOWNER"
},
{
"description": "Tailscale is able to bypass permission checks.",
"name": "DAC_OVERRIDE"
}
],
"categories": [
"networking"
],
"changelog_url": "https://tailscale.com/changelog#client",
"date_added": "2024-07-30",
"description": "Secure remote access to shared resources",
"home": "https://tailscale.com/",
"host_mounts": [
{
"description": "Network device",
"host_path": "/dev/net/tun"
}
],
"icon": "https://media.sys.truenas.net/apps/tailscale/icons/icon.png",
"keywords": [
"vpn",
"tailscale"
],
"lib_version": "2.1.16",
"lib_version_hash": "dac15686f882b9ce65b8549a3d5c0ed7bafe2df7a9028880d1a99b0ff4af1eff",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "tailscale",
"run_as_context": [
{
"description": "Tailscale runs as a root user.",
"gid": 0,
"group_name": "root",
"uid": 0,
"user_name": "root"
}
],
"screenshots": [],
"sources": [
"https://tailscale.com/",
"https://hub.docker.com/r/tailscale/tailscale"
],
"title": "Tailscale",
"train": "community",
"version": "1.2.17"
},
"schema": {
"groups": [
{
"name": "Tailscale Configuration",
"description": "Configure Tailscale"
},
{
"name": "Network Configuration",
"description": "Configure Network for Tailscale"
},
{
"name": "Storage Configuration",
"description": "Configure Storage for Tailscale"
},
{
"name": "Labels Configuration",
"description": "Configure Labels for Tailscale"
},
{
"name": "Resources Configuration",
"description": "Configure Resources for Tailscale"
}
],
"questions": [
{
"variable": "TZ",
"label": "Timezone",
"description": "Timezone",
"group": "Tailscale Configuration",
"schema": {
"type": "string",
"default": "Etc/UTC",
"$ref": [
"definitions/timezone"
]
}
},
{
"variable": "tailscale",
"label": "",
"group": "Tailscale Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "hostname",
"label": "Hostname",
"description": "The hostname for Tailscale Node.</br>\nOnly lowercase letters, numbers, and hyphens are allowed.</br>\nSame as `--hostname` flag.\n",
"schema": {
"type": "string",
"default": "truenas-scale",
"valid_chars": "^[a-z0-9-]+$",
"valid_chars_error": "Only lowercase letters, numbers, and hyphens are allowed.\n",
"required": true
}
},
{
"variable": "auth_key",
"label": "Auth Key",
"description": "The auth key for Tailscale Node.</br>\nSame as `--authkey` flag.</br>\nTo generate one: https://login.tailscale.com/admin/settings/keys\n",
"schema": {
"type": "string",
"default": "",
"required": true,
"private": true
}
},
{
"variable": "auth_once",
"label": "Auth Once",
"description": "Attempt to log in only if not already logged in.",
"schema": {
"type": "boolean",
"default": true
}
},
{
"variable": "reset",
"label": "Reset",
"description": "Reset unspecified settings to default values.</br>\nSame as `--reset` flag.\n",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "accept_dns",
"label": "Accept DNS",
"description": "Accept DNS</br>\nSame as `--accept-dns` flag.\n",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "userspace",
"label": "Userspace",
"description": "Run Tailscale in userspace</br>\nSame as `--userspace` flag.\n",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "advertise_exit_node",
"label": "Advertise Exit Node",
"description": "Advertise exit node</br>\nSame as `--advertise-exit-node` flag.</br>\nNeeds enabled IP forwarding on the host via System > Advanced Settings > Sysctls.</br>\nPlease make sure you read and understand the warnings displayed when adding Sysctls</br>\nSee also https://tailscale.com/kb/1019/subnets?tab=linux#enable-ip-forwarding\n",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "advertise_routes",
"label": "Advertise Routes",
"description": "Advertise routes</br>\nSame as `--advertise-routes` flag.</br>\nNeeds enabled IP forwarding on the host via System > Advanced Settings > Sysctls.</br>\nPlease make sure you read and understand the warnings displayed when adding Sysctls</br>\nSee also https://tailscale.com/kb/1019/subnets?tab=linux#enable-ip-forwarding\n",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "route",
"label": "Route",
"schema": {
"type": "string",
"required": true
}
}
]
}
},
{
"variable": "extra_args",
"label": "Extra Arguments",
"description": "Extra arguments</br>\nFlags to pass to tailscale CLI in a tailscale set command.\n",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "arg",
"label": "Argument",
"schema": {
"type": "string",
"required": true
}
}
]
}
},
{
"variable": "tailscaled_args",
"label": "Tailscale Daemon Arguments",
"description": "Tailscaled arguments</br>\nFlags to pass to the tailscaled daemon.\n",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "arg",
"label": "Argument",
"schema": {
"type": "string",
"required": true
}
}
]
}
},
{
"variable": "additional_envs",
"label": "Additional Environment Variables",
"description": "Configure additional environment variables for Tailscale.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "env",
"label": "Environment Variable",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "name",
"label": "Name",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "network",
"label": "",
"group": "Network Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "host_network",
"label": "Host Network",
"description": "Bind to the host network.</br>\nNeeded in most cases in order to communicate with the host.\n",
"schema": {
"type": "boolean",
"default": true
}
}
]
}
},
{
"variable": "storage",
"label": "",
"group": "Storage Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "state",
"label": "Tailscale State Storage",
"description": "The path to store Tailscale State.",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.\n",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "ix_volume",
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"hidden": true,
"default": "state"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
}
]
}
},
{
"variable": "additional_storage",
"label": "Additional Storage",
"description": "Additional storage for Tailscale.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "storageEntry",
"label": "Storage Entry",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.</br>\nSMB Share: Is a SMB share that is mounted to as a volume.\n",
"schema": {
"type": "string",
"required": true,
"default": "ix_volume",
"immutable": true,
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
},
{
"value": "cifs",
"description": "SMB/CIFS Share (Mounts a volume to a SMB share)"
}
]
}
},
{
"variable": "read_only",
"label": "Read Only",
"description": "Mount the volume as read only.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "mount_path",
"label": "Mount Path",
"description": "The path inside the container to mount the storage.",
"schema": {
"type": "path",
"required": true
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "storage_entry"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "cifs_config",
"label": "SMB Configuration",
"description": "The configuration for the SMB dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"cifs"
]
],
"attrs": [
{
"variable": "server",
"label": "Server",
"description": "The server to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "path",
"label": "Path",
"description": "The path to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "username",
"label": "Username",
"description": "The username to use for the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "password",
"label": "Password",
"description": "The password to use for the SMB share.",
"schema": {
"type": "string",
"required": true,
"private": true
}
},
{
"variable": "domain",
"label": "Domain",
"description": "The domain to use for the SMB share.",
"schema": {
"type": "string"
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "labels",
"label": "",
"group": "Labels Configuration",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "label",
"label": "Label",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "key",
"label": "Key",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "containers",
"label": "Containers",
"description": "Containers where the label should be applied",
"schema": {
"type": "list",
"items": [
{
"variable": "container",
"label": "Container",
"schema": {
"type": "string",
"required": true,
"enum": [
{
"value": "tailscale",
"description": "tailscale"
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "resources",
"label": "",
"group": "Resources Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "limits",
"label": "Limits",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "cpus",
"label": "CPUs",
"description": "CPUs limit for Tailscale.",
"schema": {
"type": "int",
"default": 2,
"required": true
}
},
{
"variable": "memory",
"label": "Memory (in MB)",
"description": "Memory limit for Tailscale.",
"schema": {
"type": "int",
"default": 4096,
"required": true
}
}
]
}
}
]
}
}
]
},
"readme": "<h1>Tailscale</h1> <p><a href=\"https://tailscale.com\">Tailscale</a> Secure remote access to shared resources</p> <ul> <li>When <code>Userspace</code> is <strong>disabled</strong>, <code>Tailscale</code> will run with <code>/dev/net/tun</code> device mounted from the host.</li> </ul>",
"changelog": null,
"chart_metadata": {
"app_version": "v1.82.0",
"capabilities": [
{
"description": "Tailscale is able to perform various network-related operations.",
"name": "NET_ADMIN"
},
{
"description": "Tailscale is able to bind to a privileged port.",
"name": "NET_RAW"
},
{
"description": "Tailscale is able to load kernel modules.",
"name": "SYS_MODULE"
},
{
"description": "Tailscale is able to chown files.",
"name": "CHOWN"
},
{
"description": "Tailscale is able to bypass permission checks for it's sub-processes.",
"name": "FOWNER"
},
{
"description": "Tailscale is able to bypass permission checks.",
"name": "DAC_OVERRIDE"
}
],
"categories": [
"networking"
],
"changelog_url": "https://tailscale.com/changelog#client",
"date_added": "2024-07-30",
"description": "Secure remote access to shared resources",
"home": "https://tailscale.com/",
"host_mounts": [
{
"description": "Network device",
"host_path": "/dev/net/tun"
}
],
"icon": "https://media.sys.truenas.net/apps/tailscale/icons/icon.png",
"keywords": [
"vpn",
"tailscale"
],
"lib_version": "2.1.16",
"lib_version_hash": "dac15686f882b9ce65b8549a3d5c0ed7bafe2df7a9028880d1a99b0ff4af1eff",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "tailscale",
"run_as_context": [
{
"description": "Tailscale runs as a root user.",
"gid": 0,
"group_name": "root",
"uid": 0,
"user_name": "root"
}
],
"screenshots": [],
"sources": [
"https://tailscale.com/",
"https://hub.docker.com/r/tailscale/tailscale"
],
"title": "Tailscale",
"train": "community",
"version": "1.2.17"
}
}
}Support, maintenance, and documentation for applications within the Community catalog is handled by the TrueNAS community. The TrueNAS Applications Portal hosts but does not validate or maintain any linked resources associated with this app.