diff --git a/go.mod b/go.mod
index 3268e221a9020..a1f8b6b7a7ac8 100644
--- a/go.mod
+++ b/go.mod
@@ -36,7 +36,7 @@ replace github.com/tcnksm/go-httpstat => github.com/coder/go-httpstat v0.0.0-202
 
 // There are a few minor changes we make to Tailscale that we're slowly upstreaming. Compare here:
 // https://github.com/tailscale/tailscale/compare/main...coder:tailscale:main
-replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20250121163848-c7962497b482
+replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20250129014916-8086c871eae6
 
 // This is replaced to include
 // 1. a fix for a data race: c.f. https://github.com/tailscale/wireguard-go/pull/25
diff --git a/go.sum b/go.sum
index d0310fee404f3..1737a0ea1e0b1 100644
--- a/go.sum
+++ b/go.sum
@@ -240,8 +240,8 @@ github.com/coder/serpent v0.10.0 h1:ofVk9FJXSek+SmL3yVE3GoArP83M+1tX+H7S4t8BSuM=
 github.com/coder/serpent v0.10.0/go.mod h1:cZFW6/fP+kE9nd/oRkEHJpG6sXCtQ+AX7WMMEHv0Y3Q=
 github.com/coder/ssh v0.0.0-20231128192721-70855dedb788 h1:YoUSJ19E8AtuUFVYBpXuOD6a/zVP3rcxezNsoDseTUw=
 github.com/coder/ssh v0.0.0-20231128192721-70855dedb788/go.mod h1:aGQbuCLyhRLMzZF067xc84Lh7JDs1FKwCmF1Crl9dxQ=
-github.com/coder/tailscale v1.1.1-0.20250121163848-c7962497b482 h1:hCyBW9rsYwBmyAP+jnsmUnYC0dVlyLdOuMvyFpGOiIk=
-github.com/coder/tailscale v1.1.1-0.20250121163848-c7962497b482/go.mod h1:1ggFFdHTRjPRu9Yc1yA7nVHBYB50w9Ce7VIXNqcW6Ko=
+github.com/coder/tailscale v1.1.1-0.20250129014916-8086c871eae6 h1:prDIwUcsSEKbs1Rc5FfdvtSfz2XGpW3FnJtWR+Mc7MY=
+github.com/coder/tailscale v1.1.1-0.20250129014916-8086c871eae6/go.mod h1:1ggFFdHTRjPRu9Yc1yA7nVHBYB50w9Ce7VIXNqcW6Ko=
 github.com/coder/terraform-config-inspect v0.0.0-20250107175719-6d06d90c630e h1:JNLPDi2P73laR1oAclY6jWzAbucf70ASAvf5mh2cME0=
 github.com/coder/terraform-config-inspect v0.0.0-20250107175719-6d06d90c630e/go.mod h1:Gz/z9Hbn+4KSp8A2FBtNszfLSdT2Tn/uAKGuVqqWmDI=
 github.com/coder/terraform-provider-coder v1.0.4 h1:MJldCvykIQzzqBVUDjCJpPyqvKelAAHrtJKfIIx4Qxo=
diff --git a/vpn/router.go b/vpn/router.go
index 07cba68d36333..6dfc49b4f2e44 100644
--- a/vpn/router.go
+++ b/vpn/router.go
@@ -36,12 +36,16 @@ func (*vpnRouter) Close() error {
 
 func convertRouterConfig(cfg router.Config) *NetworkSettingsRequest {
 	v4LocalAddrs := make([]string, 0)
+	v4SubnetMasks := make([]string, 0)
 	v6LocalAddrs := make([]string, 0)
+	v6PrefixLengths := make([]uint32, 0)
 	for _, addrs := range cfg.LocalAddrs {
 		if addrs.Addr().Is4() {
-			v4LocalAddrs = append(v4LocalAddrs, addrs.String())
+			v4LocalAddrs = append(v4LocalAddrs, addrs.Addr().String())
+			v4SubnetMasks = append(v4SubnetMasks, prefixToSubnetMask(addrs))
 		} else if addrs.Addr().Is6() {
-			v6LocalAddrs = append(v6LocalAddrs, addrs.String())
+			v6LocalAddrs = append(v6LocalAddrs, addrs.Addr().String())
+			v6PrefixLengths = append(v6PrefixLengths, uint32(addrs.Bits()))
 		} else {
 			continue
 		}
@@ -69,18 +73,31 @@ func convertRouterConfig(cfg router.Config) *NetworkSettingsRequest {
 		}
 	}
 
-	return &NetworkSettingsRequest{
-		Mtu: uint32(cfg.NewMTU),
-		Ipv4Settings: &NetworkSettingsRequest_IPv4Settings{
+	var v4Settings *NetworkSettingsRequest_IPv4Settings
+	if len(v4LocalAddrs) > 0 || len(v4Routes) > 0 || len(v4ExcludedRoutes) > 0 {
+		v4Settings = &NetworkSettingsRequest_IPv4Settings{
 			Addrs:          v4LocalAddrs,
+			SubnetMasks:    v4SubnetMasks,
 			IncludedRoutes: v4Routes,
 			ExcludedRoutes: v4ExcludedRoutes,
-		},
-		Ipv6Settings: &NetworkSettingsRequest_IPv6Settings{
+			Router:         "", // NA
+		}
+	}
+
+	var v6Settings *NetworkSettingsRequest_IPv6Settings
+	if len(v6LocalAddrs) > 0 || len(v6Routes) > 0 || len(v6ExcludedRoutes) > 0 {
+		v6Settings = &NetworkSettingsRequest_IPv6Settings{
 			Addrs:          v6LocalAddrs,
+			PrefixLengths:  v6PrefixLengths,
 			IncludedRoutes: v6Routes,
 			ExcludedRoutes: v6ExcludedRoutes,
-		},
+		}
+	}
+
+	return &NetworkSettingsRequest{
+		Mtu:                 uint32(cfg.NewMTU),
+		Ipv4Settings:        v4Settings,
+		Ipv6Settings:        v6Settings,
 		TunnelOverheadBytes: 0,  // N/A
 		TunnelRemoteAddress: "", // N/A
 	}
diff --git a/vpn/router_internal_test.go b/vpn/router_internal_test.go
index 4f7f6d769a79b..d4a3f639677de 100644
--- a/vpn/router_internal_test.go
+++ b/vpn/router_internal_test.go
@@ -27,7 +27,8 @@ func TestConvertRouterConfig(t *testing.T) {
 			expected: &NetworkSettingsRequest{
 				Mtu: 1500,
 				Ipv4Settings: &NetworkSettingsRequest_IPv4Settings{
-					Addrs: []string{"100.64.0.1/32"},
+					Addrs:       []string{"100.64.0.1"},
+					SubnetMasks: []string{"255.255.255.255"},
 					IncludedRoutes: []*NetworkSettingsRequest_IPv4Settings_IPv4Route{
 						{Destination: "192.168.0.0", Mask: "255.255.255.0", Router: ""},
 					},
@@ -36,7 +37,8 @@ func TestConvertRouterConfig(t *testing.T) {
 					},
 				},
 				Ipv6Settings: &NetworkSettingsRequest_IPv6Settings{
-					Addrs: []string{"fd7a:115c:a1e0::1/128"},
+					Addrs:         []string{"fd7a:115c:a1e0::1"},
+					PrefixLengths: []uint32{128},
 					IncludedRoutes: []*NetworkSettingsRequest_IPv6Settings_IPv6Route{
 						{Destination: "fd00::", PrefixLength: 64, Router: ""},
 					},
@@ -50,16 +52,8 @@ func TestConvertRouterConfig(t *testing.T) {
 			name: "Empty",
 			cfg:  router.Config{},
 			expected: &NetworkSettingsRequest{
-				Ipv4Settings: &NetworkSettingsRequest_IPv4Settings{
-					Addrs:          []string{},
-					IncludedRoutes: []*NetworkSettingsRequest_IPv4Settings_IPv4Route{},
-					ExcludedRoutes: []*NetworkSettingsRequest_IPv4Settings_IPv4Route{},
-				},
-				Ipv6Settings: &NetworkSettingsRequest_IPv6Settings{
-					Addrs:          []string{},
-					IncludedRoutes: []*NetworkSettingsRequest_IPv6Settings_IPv6Route{},
-					ExcludedRoutes: []*NetworkSettingsRequest_IPv6Settings_IPv6Route{},
-				},
+				Ipv4Settings: nil,
+				Ipv6Settings: nil,
 			},
 		},
 	}
diff --git a/vpn/tunnel_internal_test.go b/vpn/tunnel_internal_test.go
index 8a55205605d7d..0110ce58ab195 100644
--- a/vpn/tunnel_internal_test.go
+++ b/vpn/tunnel_internal_test.go
@@ -317,12 +317,8 @@ func TestUpdater_createPeerUpdate(t *testing.T) {
 		},
 	})
 	require.Len(t, update.UpsertedAgents, 1)
-	slices.SortFunc(update.UpsertedAgents[0].Fqdn, func(a, b string) int {
-		return strings.Compare(a, b)
-	})
-	slices.SortFunc(update.DeletedAgents[0].Fqdn, func(a, b string) int {
-		return strings.Compare(a, b)
-	})
+	slices.SortFunc(update.UpsertedAgents[0].Fqdn, strings.Compare)
+	slices.SortFunc(update.DeletedAgents[0].Fqdn, strings.Compare)
 	require.Equal(t, update, &PeerUpdate{
 		UpsertedWorkspaces: []*Workspace{
 			{Id: w1ID[:], Name: "w1", Status: Workspace_Status(proto.Workspace_STARTING)},

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/16317.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/16317.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/16317.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/16317.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>