From 3ac2e0b253f9c462ed6dc4292d94d0ec49fcd8ef Mon Sep 17 00:00:00 2001 From: Juan Font Date: Sun, 22 Jan 2023 22:39:42 +0000 Subject: [PATCH] Enable both exit node routes (IPv4 and IPv6) at the same time. As indicated by bradfitz in https://github.com/juanfont/headscale/issues/804#issuecomment-1399314002, both routes for the exit node must be enabled at the same time. If a user tries to enable one of the exit node routes, the other gets activated too. This commit also reduces the API surface, making private a method that didnt need to be exposed. --- machine.go | 4 ++-- routes.go | 9 ++++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/machine.go b/machine.go index 2d3a076b..793253b4 100644 --- a/machine.go +++ b/machine.go @@ -1047,8 +1047,8 @@ func (h *Headscale) IsRoutesEnabled(machine *Machine, routeStr string) bool { return false } -// EnableRoutes enables new routes based on a list of new routes. -func (h *Headscale) EnableRoutes(machine *Machine, routeStrs ...string) error { +// enableRoutes enables new routes based on a list of new routes. +func (h *Headscale) enableRoutes(machine *Machine, routeStrs ...string) error { newRoutes := make([]netip.Prefix, len(routeStrs)) for index, routeStr := range routeStrs { route, err := netip.ParsePrefix(routeStr) diff --git a/routes.go b/routes.go index a58be576..020ef2f2 100644 --- a/routes.go +++ b/routes.go @@ -90,7 +90,14 @@ func (h *Headscale) EnableRoute(id uint64) error { return err } - return h.EnableRoutes(&route.Machine, netip.Prefix(route.Prefix).String()) + // Tailscale requires both IPv4 and IPv6 exit routes to + // be enabled at the same time, as per + // https://github.com/juanfont/headscale/issues/804#issuecomment-1399314002 + if route.isExitRoute() { + return h.enableRoutes(&route.Machine, ExitRouteV4.String(), ExitRouteV6.String()) + } + + return h.enableRoutes(&route.Machine, netip.Prefix(route.Prefix).String()) } func (h *Headscale) DisableRoute(id uint64) error {