fix(routes): ensure routes are correctly propagated

When using Tailscale v1.34.1, enabling or disabling a route does not
effectively add or remove the route from the node's routing table.
We must restart tailscale on the node to have a netmap update.

Fix this by refreshing last state change so that a netmap diff is sent.

Also do not include secondary routes in allowedIPs, otherwise secondary
routes might be used by nodes instead of the primary route.

Signed-off-by: Fatih Acar <facar@scaleway.com>

machine.go

@@ -675,19 +675,14 @@ func (h *Headscale) toNode(
 		[]netip.Prefix{},
 		addrs...) // we append the node own IP, as it is required by the clients
 
-	enabledRoutes, err := h.GetEnabledRoutes(&machine)
-	if err != nil {
-		return nil, err
-	}
-
-	allowedIPs = append(allowedIPs, enabledRoutes...)
-
 	primaryRoutes, err := h.getMachinePrimaryRoutes(&machine)
 	if err != nil {
 		return nil, err
 	}
 	primaryPrefixes := Routes(primaryRoutes).toPrefixes()
 
+	allowedIPs = append(allowedIPs, primaryPrefixes...)
+
 	var derp string
 	if machine.HostInfo.NetInfo != nil {
 		derp = fmt.Sprintf("127.3.3.40:%d", machine.HostInfo.NetInfo.PreferredDERP)
@@ -1057,6 +1052,7 @@ func (h *Headscale) EnableRoutes(machine *Machine, routeStrs ...string) error {
 		}
 	}
 
+	h.setLastStateChangeToNow()
 	return nil
 }
 

routes.go

@@ -215,6 +215,7 @@ func (h *Headscale) handlePrimarySubnetFailover() error {
 		log.Error().Err(err).Msg("error getting routes")
 	}
 
+	routesChanged := false
 	for pos, route := range routes {
 		if route.isExitRoute() {
 			continue
@@ -235,6 +236,7 @@ func (h *Headscale) handlePrimarySubnetFailover() error {
 					return err
 				}
 
+				routesChanged = true
 				continue
 			}
 		}
@@ -306,9 +308,14 @@ func (h *Headscale) handlePrimarySubnetFailover() error {
 
 				return err
 			}
+
+			routesChanged = true
 		}
 	}
 
+	if routesChanged {
+		h.setLastStateChangeToNow()
+	}
 	return nil
 }