diff --git a/machine.go b/machine.go
index 1f958cce..bc01714d 100644
--- a/machine.go
+++ b/machine.go
@@ -675,19 +675,14 @@ func (h *Headscale) toNode(
 		[]netip.Prefix{},
 		addrs...) // we append the node own IP, as it is required by the clients
 
-	enabledRoutes, err := h.GetEnabledRoutes(&machine)
-	if err != nil {
-		return nil, err
-	}
-
-	allowedIPs = append(allowedIPs, enabledRoutes...)
-
 	primaryRoutes, err := h.getMachinePrimaryRoutes(&machine)
 	if err != nil {
 		return nil, err
 	}
 	primaryPrefixes := Routes(primaryRoutes).toPrefixes()
 
+	allowedIPs = append(allowedIPs, primaryPrefixes...)
+
 	var derp string
 	if machine.HostInfo.NetInfo != nil {
 		derp = fmt.Sprintf("127.3.3.40:%d", machine.HostInfo.NetInfo.PreferredDERP)
@@ -1057,6 +1052,7 @@ func (h *Headscale) EnableRoutes(machine *Machine, routeStrs ...string) error {
 		}
 	}
 
+	h.setLastStateChangeToNow()
 	return nil
 }
 
diff --git a/routes.go b/routes.go
index f59a6039..e4f74e6b 100644
--- a/routes.go
+++ b/routes.go
@@ -215,6 +215,7 @@ func (h *Headscale) handlePrimarySubnetFailover() error {
 		log.Error().Err(err).Msg("error getting routes")
 	}
 
+	routesChanged := false
 	for pos, route := range routes {
 		if route.isExitRoute() {
 			continue
@@ -235,6 +236,7 @@ func (h *Headscale) handlePrimarySubnetFailover() error {
 					return err
 				}
 
+				routesChanged = true
 				continue
 			}
 		}
@@ -306,9 +308,14 @@ func (h *Headscale) handlePrimarySubnetFailover() error {
 
 				return err
 			}
+
+			routesChanged = true
 		}
 	}
 
+	if routesChanged {
+		h.setLastStateChangeToNow()
+	}
 	return nil
 }