diff --git a/ipn/localapi/cert.go b/ipn/localapi/cert.go index 26eb3650f..a088021ee 100644 --- a/ipn/localapi/cert.go +++ b/ipn/localapi/cert.go @@ -29,6 +29,7 @@ import ( "net/http" "os" "path/filepath" + "runtime" "strings" "sync" "time" @@ -37,6 +38,7 @@ import ( "tailscale.com/envknob" "tailscale.com/ipn/ipnstate" "tailscale.com/types/logger" + "tailscale.com/version/distro" ) // Process-wide cache. (A new *Handler is created per connection, @@ -53,6 +55,13 @@ var ( func (h *Handler) certDir() (string, error) { d := h.b.TailscaleVarRoot() + + // As a workaround for Synology DSM6 not having a "var" directory, use the + // app's "etc" directory (on a small partition) to hold certs at least. + // See https://github.com/tailscale/tailscale/issues/4060#issuecomment-1186592251 + if d == "" && runtime.GOOS == "linux" && distro.Get() == distro.Synology && distro.DSMVersion() == 6 { + d = "/var/packages/Tailscale/etc" // base; we append "certs" below + } if d == "" { return "", errors.New("no TailscaleVarRoot") } diff --git a/version/distro/distro.go b/version/distro/distro.go index d5c9a201f..df97327a4 100644 --- a/version/distro/distro.go +++ b/version/distro/distro.go @@ -8,6 +8,7 @@ package distro import ( "os" "runtime" + "strconv" "sync/atomic" ) @@ -94,3 +95,17 @@ func freebsdDistro() Distro { } return "" } + +// DSMVersion reports the Synology DSM major version. +// +// If not Synology, it reports 0. +func DSMVersion() int { + if runtime.GOOS != "linux" { + return 0 + } + if Get() != Synology { + return 0 + } + v, _ := strconv.Atoi(os.Getenv("SYNOPKG_DSM_VERSION_MAJOR")) + return v +} diff --git a/wgengine/router/router_linux.go b/wgengine/router/router_linux.go index 687cc411b..8925aae16 100644 --- a/wgengine/router/router_linux.go +++ b/wgengine/router/router_linux.go @@ -182,11 +182,7 @@ func useAmbientCaps() bool { if distro.Get() != distro.Synology { return false } - v, err := strconv.Atoi(os.Getenv("SYNOPKG_DSM_VERSION_MAJOR")) - if err != nil { - return false - } - return v >= 7 + return distro.DSMVersion() >= 7 } var forceIPCommand = envknob.Bool("TS_DEBUG_USE_IP_COMMAND")