diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go
index a4c8cc414..842e38406 100644
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -900,6 +900,10 @@ func peerStatusFromNode(ps *ipnstate.PeerStatus, n tailcfg.NodeView) {
 		v := n.PrimaryRoutes()
 		ps.PrimaryRoutes = &v
 	}
+	if n.AllowedIPs().Len() != 0 {
+		v := n.AllowedIPs()
+		ps.AllowedIPs = &v
+	}
 
 	if n.Expired() {
 		ps.Expired = true
diff --git a/ipn/ipnstate/ipnstate.go b/ipn/ipnstate/ipnstate.go
index 1a58b0170..4a3c80106 100644
--- a/ipn/ipnstate/ipnstate.go
+++ b/ipn/ipnstate/ipnstate.go
@@ -216,6 +216,8 @@ type PeerStatus struct {
 
 	// TailscaleIPs are the IP addresses assigned to the node.
 	TailscaleIPs []netip.Addr
+	// AllowedIPs are IP addresses allowed to route to this node.
+	AllowedIPs *views.Slice[netip.Prefix] `json:",omitempty"`
 
 	// Tags are the list of ACL tags applied to this node.
 	// See tailscale.com/tailcfg#Node.Tags for more information.
@@ -414,6 +416,9 @@ func (sb *StatusBuilder) AddPeer(peer key.NodePublic, st *PeerStatus) {
 	if v := st.PrimaryRoutes; v != nil && !v.IsNil() {
 		e.PrimaryRoutes = v
 	}
+	if v := st.AllowedIPs; v != nil && !v.IsNil() {
+		e.AllowedIPs = v
+	}
 	if v := st.Tags; v != nil && !v.IsNil() {
 		e.Tags = v
 	}