Tailscale VPN review | TechRadar
Tailscale is a capable business VPN which allows you to securely connect your devices, applications and employees, wherever they are in the world.
The service isn’t a traditional VPN. Your devices don’t route their traffic through Tailscale servers. Instead, Tailscale helps you create a zero-trust mesh network, where every device connects directly to each other via an encrypted WireGuard-based tunnel. That’s much faster, and means you don’t have to worry about Tailscale logging any of your activities.
The service has all kinds of applications. You could use Tailscale to connect remote and in-house teams, devices and shared resources into a single secure network. But it also works as a safe remote access method for shared resources. Another option is site-to-site networking, allowing you to transfer data between private cloud environments.
This looks impressive, but is Tailscale right for you? This review will look at its plans, features, ease of use and support to see if it lives up to expectations.
Plans and pricing
Tailscale’s free plan provides a risk-free way to try out the service. It limits you to three users, but you can connect up to 100 devices, there’s email support if you need it, and it’s only missing a few of the most advanced features (there’s no logging of network traffic, for instance.)
Upgrading to the Starter plan supports unlimited users. You still get three users per free; each extra account costs $6 a month, and you get support for an extra 10 devices per user. That’s fair value, and should be enough for most businesses.
The Premium plan is relatively expensive at $18 per user. This gets you 20x devices per user and Priority Support for faster response times, but otherwise it’s mostly about high-end features for demanding users: fine-tuned access control, SSH authentication and encryption, more versatile user and device management, and more.
We browsed the plan comparison tables, and noticed one unexpected issue. Tailscale’s free plan is so generous that it actually has more features than the Starter plan. Free users can restrict individual users from accessing a particular resource, for instance; Starter users can’t.
Sounds strange, but it does make sense: Tailscale sees the free plan as an advertisement for its full product, so it wants users to be able to try almost everything. But that won’t help you if you’ve moved from Free to Starter just to get one extra user, and realise you’ve lost a feature you need. If that could be a problem, browse the Comparison table on Tailscale’s Pricing page, and make sure you understand exactly what you’re getting.
Tailscale integrations
Tailscale is all about ease of use, and the service has 100+ integrations to make that happen.
SSO (Single Sign On) support allows you to authenticate with credentials from 20+ identity providers, for instance: Google, Microsoft Azure AD, Okta, Apple, GitHub. There’s no need to create yet another account for Tailscale, just sign up with whatever you’re using already.
Custom Windows, Mac, Android, iOS, Linux and Synology apps allow you to use Tailscale just about everywhere.
The service aims to automatically connect to your network, even when you’re behind the best business firewalls. To make that happen, Tailscale already works with pfSense, OPNsense, Barracuda, Check Point, Cisco, Fortinet and more.
This isn’t just about making that initial connection, though. Tailscale also supports directly connecting to the platforms you use already: AWS (VPC, EC2, Lightsail, more), Google Cloud (VPC, GCE, GKE, more), Microsoft Azure (VPC, all VMs, app services), DigitalOcean, Docker and LXC containers, resources running in Kubernetes, GitHub and more.
Supporting integrations allow you to, say, raise notifications via Slack, Discord or Google Chat. And if you decide you need the private browsing features of a conventional VPN, good news: Tailscale also gives you built-in support for accessing the excellent Mullvad.
Getting started
Click ‘Get started’ on most websites and you’re launched into the usual ‘give us your details, choose yet another password, verify your email’ sequence. Tailscale’s SSO support meant we could sign on immediately with Google, Microsoft, GitHub, Apple or OIDC credentials, though, no further work required.
The Tailscale web dashboard didn’t make it obvious what we should do next. We opted to download and install the Windows app, though, and the process couldn’t have been any more straightforward. We clicked the Tailscale app; it opened a page in a browser tab; we tapped Connect, and that got our first device connected to the service.
We repeated the process on our MacBook Pro, and Tailscale connected the devices in a couple of seconds. There’s no big app interface to explore, no lists of locations, no need to choose protocols or anything else: Tailscale just works.
The Tailscale web dashboard on our Windows helpfully displayed the MacBook’s IP address, and suggested we ping it. We did, and it worked as expected. Tailscale then supports using whatever other network software you like to access resources, share information or anything else you want to do. (We ran a LAN messaging tool and that worked, too.)
That’s a great start, and enough to make Tailscale very useful all on its own, but the service has many other features to explore.
Features
Tailscale has a built-in file transfer feature called Taildrop. It’s in alpha and currently only allows you to securely copy files between your own devices, but we were keen to see how it worked.
The feature was disabled by default on our MacBook for security reasons, but we enabled it in a click from the MacOS Extensions list. After that, transfers were as easy as right-clicking a file in Explorer, selecting ‘Send with Tailscale’ and choosing the target device.
Taildrop transfers were fast and secure (thanks to WireGuard encryption), and moments later our files appeared in the MacBook’s Downloads folder. Taildrop is a little short on settings – okay, there are none at all – but that’s no surprise for an alpha, and it’s already enough to be useful.
You can use Tailscale as a sort-of VPN by using exit nodes. Install Tailscale on a computer in your home or office, for instance, and you can configure it as an exit node. Then, when you next need to browse on unsecured WiFi, connect to Tailscale and choose your exit node.
Just like using a conventional VPN, Tailscale routes all your internet traffic through a secure connection to your exit node computer, then sends it on to its destination. Speeds may not be great, depending on your exit node’s connection, but it works, and you use this right now with Tailscale’s free plan.
If you need VPN functionality but don’t have devices in the locations you’re after, there is another option. Tailscale allows users to set up Mullvad VPN locations as exit nodes, and you can connect to the VPN as required.
This does bump up your costs, to the tune of an extra $5 a month. But that’s less than half the monthly price you’ll pay with some VPNs. And better still, that $5 allows you to configure up to five of your devices as able to use Mullvad’s servers as exit nodes. Even if you only set this up on a couple of devices, that’s a really good deal.
Access controls
Creating a secure network isn’t just about establishing encrypted tunnels. Tailscale also provides a stack of essential management features to control who can access the network, which devices they can use, and what, exactly, they can do.
You can invite new members by creating a one-time use link, then sending it via email, a messaging app or whatever route you prefer. By default they can log in and use Tailscale immediately, but you can add another layer of protection by requiring admin approval. (They can connect immediately, but not access other devices until an admin says it’s okay.)
Users are assigned ‘roles’ which define exactly what they can do on Tailscale. By default new users are sensibly set at ‘Members’, which means they can access the network but not view or change any settings, but there are other roles available. Setting someone as ‘IT Admin’ allows them to add new users, for instance, and similar new management tasks, but not change any technical settings.
An extremely flexible Access Controls system allows you to organise your users into custom groups, if necessary (‘sales’, ‘engineering’, whatever fits), then control who can access which devices.
This has to be defined by editing a JSON configuration file, making it a little more complex than the rest of Tailscale. But the file has helpful comments, with examples, and in-depth articles on the Support site, and we figured the basics out within a few minutes.
It’s a strong set of features which does a lot to keep you safe, but Tailscale does require some manual configuration to get the best results.
For example, because Tailscale allows users to log in via third-party identity provider accounts, it can’t enforce multi-factor authentication. If your users all use a company Google account, that’s not a problem: you can enforce logon rules there. But if they’re using personal accounts, the best you can do is ask them to turn on MFA.
Although Android, iOS and macOS apps are updated automatically, we were surprised to see Linux and Windows devices require manual updates. You can use Tailscale’s web dashboard to see devices which require updates, and alert the owners if they haven’t spotted the issue, but the Windows app in particular really should be able to handle this itself.
Support
Tailscale doesn’t offer many direct support routes. There’s no live chat and no phone support. The company does offer email support, but only from 9am-6pm Monday to Friday US Eastern Time, and replies can take a while. (Issues classed as ‘normal’, such as a feature not working properly, might not get an initial response for two business days.)
Fortunately, there are other options for those in a hurry. Tailscale’s excellent Knowledgebase is a great place to start, with its array of setup documents, How-To guides, FAQs and more advanced API and other references.
Although Tailscale closed its own web forum in the summer of 2023, you can still get support from other users via its subreddit. As we write, this has seven new posts in the past 24 hours, all of them with answers, and most replies arriving in under an hour.
Final Verdict
Tailscale is a top-notch VPN service which makes it easy to create your own private network, and gives you all kinds of access and other controls to keep it secure. Large or inexperienced teams might have an issue with the underpowered apps and limited support, but Tailscale could be ideal for small and medium-sized teams who know exactly what they’re doing. Unsure? That’s what the free plan is for: sign up and see for yourself.