Make STUN run by default when embedded DERP is enabled

This commit also allows to set an external STUN server, while running the embedded DERP server (without embedded STUN)
This commit is contained in:
Juan Font Alonso 2022-03-15 13:22:25 +01:00
parent 61440c42d3
commit b8aad5451d
4 changed files with 21 additions and 12 deletions

5
app.go
View File

@ -62,6 +62,7 @@ const (
errUnsupportedLetsEncryptChallengeType = Error( errUnsupportedLetsEncryptChallengeType = Error(
"unknown value for Lets Encrypt challenge type", "unknown value for Lets Encrypt challenge type",
) )
errSTUNAddressNotSet = Error("STUN address not set")
DisabledClientAuth = "disabled" DisabledClientAuth = "disabled"
RelaxedClientAuth = "relaxed" RelaxedClientAuth = "relaxed"
@ -502,6 +503,10 @@ func (h *Headscale) Serve() error {
h.DERPMap = GetDERPMap(h.cfg.DERP) h.DERPMap = GetDERPMap(h.cfg.DERP)
if h.cfg.DERP.ServerEnabled { if h.cfg.DERP.ServerEnabled {
if h.cfg.DERP.STUNAddr == "" { // When embedded DERP is enabled we always need a STUN server address, embedded or external
return errSTUNAddressNotSet
}
h.DERPMap.Regions[h.DERPServer.region.RegionID] = &h.DERPServer.region h.DERPMap.Regions[h.DERPServer.region.RegionID] = &h.DERPServer.region
if h.cfg.DERP.STUNEnabled { if h.cfg.DERP.STUNEnabled {
go h.ServeSTUN() go h.ServeSTUN()

View File

@ -55,6 +55,9 @@ func LoadConfig(path string) error {
viper.SetDefault("dns_config", nil) viper.SetDefault("dns_config", nil)
viper.SetDefault("derp.server.enabled", false)
viper.SetDefault("derp.server.stun.enabled", true)
viper.SetDefault("unix_socket", "/var/run/headscale.sock") viper.SetDefault("unix_socket", "/var/run/headscale.sock")
viper.SetDefault("unix_socket_permission", "0o770") viper.SetDefault("unix_socket_permission", "0o770")

View File

@ -69,10 +69,13 @@ derp:
region_code: "headscale" region_code: "headscale"
region_name: "Headscale Embedded DERP" region_name: "Headscale Embedded DERP"
# If enabled, also listens in UDP at the configured address for STUN connections to help on NAT traversal # Enabled by default when embedded DERP is enabled. Listens in UDP at the configured address for STUN connections
# to help on NAT traversal.
# If DERP is enabled, but STUN is disabled you still need to input an external STUN server in the listen_addr field.
#
# For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/ # For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/
stun: stun:
enabled: false enabled: true
listen_addr: "0.0.0.0:3478" listen_addr: "0.0.0.0:3478"
# List of externally available DERP maps encoded in JSON # List of externally available DERP maps encoded in JSON

View File

@ -77,17 +77,15 @@ func (h *Headscale) generateRegionLocalDERP() (tailcfg.DERPRegion, error) {
}, },
} }
if h.cfg.DERP.STUNEnabled { _, portSTUNStr, err := net.SplitHostPort(h.cfg.DERP.STUNAddr)
_, portStr, err := net.SplitHostPort(h.cfg.DERP.STUNAddr)
if err != nil { if err != nil {
return tailcfg.DERPRegion{}, err return tailcfg.DERPRegion{}, err
} }
port, err := strconv.Atoi(portStr) portSTUN, err := strconv.Atoi(portSTUNStr)
if err != nil { if err != nil {
return tailcfg.DERPRegion{}, err return tailcfg.DERPRegion{}, err
} }
localDERPregion.Nodes[0].STUNPort = port localDERPregion.Nodes[0].STUNPort = portSTUN
}
return localDERPregion, nil return localDERPregion, nil
} }