From 9b98c3b79f30c58e460c8cad23816941d3733f40 Mon Sep 17 00:00:00 2001
From: Juan Font <juanfontalonso@gmail.com>
Date: Sat, 31 Dec 2022 17:46:56 +0000
Subject: [PATCH] Send in AllowedIPs both primary routes AND enabled exit
 routes

---
 machine.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/machine.go b/machine.go
index 28242777..cae5c68c 100644
--- a/machine.go
+++ b/machine.go
@@ -683,7 +683,15 @@ func (h *Headscale) toNode(
 	}
 	primaryPrefixes := Routes(primaryRoutes).toPrefixes()
 
-	allowedIPs = append(allowedIPs, primaryPrefixes...)
+	machineRoutes, err := h.GetMachineRoutes(&machine)
+	if err != nil {
+		return nil, err
+	}
+	for _, route := range machineRoutes {
+		if route.Enabled && (route.IsPrimary || route.isExitRoute()) {
+			allowedIPs = append(allowedIPs, netip.Prefix(route.Prefix))
+		}
+	}
 
 	var derp string
 	if machine.HostInfo.NetInfo != nil {