We’re always shipping new features and fixes at Tailscale — so much so that sometimes the changelog can get a little overwhelming! This blog post is part of a new series called Release Recap that aims to grab a handful of updates from the last month or so and highlight what they actually mean for developers.
This month’s updates are all written by me, Parker, but we’re keeping the blurbs signed and you might get more perspectives from different teams here in coming months. And if you’d like to share how you’re using a newly released Tailscale feature, get in touch at firstname.lastname@example.org, on Twitter, or on the fediverse, and we may include your story in a future post.
Use VS Code to edit files on any machine on your tailnet
Parker: For many developers, the text editor is a comfortable home base, and it’s often appropriately customized to suit one’s needs exactly. But then you log into a remote machine, and that all goes out the window as you have to use whatever is available. That often means no syntax highlighting, no autocomplete from file contents, and even copy-and-paste can be a headache.
If you’re a VS Code user, the latest release of the Tailscale extension solves all those problems. The extension now ships with a Machine Explorer that allows you to browse, move, and edit files on any machine you can reach over Tailscale SSH. That means you can bring the power of VS Code to your whole tailnet, while leaving the hassle of SSH key management and all that behind.
My colleague Alex made a video demonstrating how easy and powerful the updated extension is:
Funnel and Serve web flows to get you started
Parker: It’s no secret that we here love Funnel (the Tailscale tool that lets you share a port on your localhost with the whole internet) and Serve (the super-simple server that powers Funnel and also lets you share privately with just your tailnet). But not everyone has had a chance to get acquainted with these features, and the first time activating them may require some adjustments to your settings or your ACLs.
For folks who try to use Serve or Funnel without all the right configuration in place, we’ve added a web-based guide to take you through these steps right when you need it. True story: I needed this guide the other day when trying to use Serve from a tagged device for the first time — and it solved my problem in seconds. So whether you’re a first-timer or literally a Tailscale employee, we’re hoping this new system will help you spend less time reading error messages and more time sharing with your tailnet or the whole internet.
Tailnet lock now in beta
Parker: Tailscale is always thinking about your security and privacy, and you can see it in the way we’ve designed our software. We use end-to-end WireGuard encryption for every tailnet connection, so we can never see your data. And we’ve given administrators a device approval option, to review any new node that tries to log in to the network, which provides a level of security and convenience that works for most users.
But for the most sensitive use cases, even that may not be enough. Tailscale is a hosted product, which gives us some technical ability, as the control plane, to inject or manipulate nodes in your tailnet. For users who are concerned about that threat angle, we provide tailnet lock — now in beta! — which requires that new node keys be verified by existing trusted nodes before other devices trust them. This will prevent any devices from being added to your tailnet unless and until they are vouched for by a signing key that you maintain and that Tailscale does not have access to.
To be clear, this is a level of security above device approval, and even we don’t have access to those signing keys, so you have to handle how they’re stored and managed.
Coming out of alpha, we’ve added some new features on that front. The beta now offers web configuration options, the ability to use an iOS device as a signing key, and a mechanism to recover tailnet control in case of a key compromise. For infosec-oriented users who are professionally paranoid — and we get it, this industry gives plenty of reason for paranoia — this is a feature you’ll want to check out.