Tailscale

Changes in sing-box 1.14.0

control_http_client
Dial Fields

Changes in sing-box 1.13.0

relay_server_port
relay_server_static_endpoints
system_interface
system_interface_name
system_interface_mtu
advertise_tags

Since sing-box 1.12.0

Structure

{
  "type": "tailscale",
  "tag": "ts-ep",
  "state_directory": "",
  "auth_key": "",
  "control_url": "",
  "control_http_client": {}, // or ""
  "ephemeral": false,
  "hostname": "",
  "accept_routes": false,
  "exit_node": "",
  "exit_node_allow_lan_access": false,
  "advertise_routes": [],
  "advertise_exit_node": false,
  "advertise_tags": [],
  "relay_server_port": 0,
  "relay_server_static_endpoints": [],
  "system_interface": false,
  "system_interface_name": "",
  "system_interface_mtu": 0,
  "udp_timeout": "5m",

  ... // Dial Fields
}

Fields

state_directory

The directory where the Tailscale state is stored.

tailscale is used by default.

Example: $HOME/.tailscale

auth_key

Note

Auth key is not required. By default, sing-box will log the login URL (or popup a notification on graphical clients).

The auth key to create the node. If the node is already created (from state previously stored), then this field is not used.

control_url

The coordination server URL.

https://controlplane.tailscale.com is used by default.

ephemeral

Indicates whether the instance should register as an Ephemeral node (https://tailscale.com/s/ephemeral-nodes).

hostname

The hostname of the node.

System hostname is used by default.

Example: localhost

accept_routes

Indicates whether the node should accept routes advertised by other nodes.

exit_node

The exit node name or IP address to use.

exit_node_allow_lan_access

Note

When the exit node does not have a corresponding advertised route, private traffics cannot be routed to the exit node even if exit_node_allow_lan_access is set.

Indicates whether locally accessible subnets should be routed directly or via the exit node.

advertise_routes

CIDR prefixes to advertise into the Tailscale network as reachable through the current node.

Example: ["192.168.1.1/24"]

advertise_exit_node

Indicates whether the node should advertise itself as an exit node.

advertise_tags

Since sing-box 1.13.0

Tags to advertise for this node, for ACL enforcement purposes.

Example: ["tag:server"]

relay_server_port

Since sing-box 1.13.0

The port to listen on for incoming relay connections from other Tailscale nodes.

relay_server_static_endpoints

Since sing-box 1.13.0

Static endpoints to advertise for the relay server.

system_interface

Since sing-box 1.13.0

Create a system TUN interface for Tailscale.

system_interface_name

Since sing-box 1.13.0

Custom TUN interface name. By default, tailscale (or utun on macOS) will be used.

system_interface_mtu

Since sing-box 1.13.0

Override the TUN MTU. By default, Tailscale's own MTU is used.

udp_timeout

UDP NAT expiration time.

5m will be used by default.

control_http_client

Since sing-box 1.14.0

HTTP Client for connecting to the Tailscale control plane.

See HTTP Client Fields for details.

Dial Fields

Deprecated in sing-box 1.14.0

Dial Fields in Tailscale endpoints are deprecated in sing-box 1.14.0 and will be removed in sing-box 1.16.0, use control_http_client instead.

See Dial Fields for details.