From 6240c78684853ccc7fb3b2424c0d456cf67ce54d Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Sun, 3 Nov 2024 16:55:02 -0800 Subject: [PATCH] cmd/lopower: add Limitations to README Change-Id: I6baaa7fa45eaa0c90482123acc51d0f402205e96 Signed-off-by: Brad Fitzpatrick --- cmd/lopower/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cmd/lopower/README.md b/cmd/lopower/README.md index 59d657c8f..85fcc9bc9 100644 --- a/cmd/lopower/README.md +++ b/cmd/lopower/README.md @@ -18,3 +18,8 @@ Tailscale LOPOWER is a proxy that you run nearby that bridges a low-power WireGu * optional IPv4 support. IPv6 is always enabled, as it never conflicts with anything. But IPv4 (or CGNAT) might already be in use on your client's network. * includes a DNS server (at `fd7a:115c:a1e0:9909::1` by default and optionally also at `10.90.0.1`) to serve both MagicDNS names as well as forwarding non-Tailscale DNS names onwards * if IPv4 is disabled, MagicDNS `A` records are filtered out, and only `AAAA` records are served. + +## Limitations + +* this runs in userspace using gVisor's netstack. That means it's portable (and doesn't require kernel/system configuration), but that does mean it doesn't operate at a packet level but rather it stitches together two separate TCP (or UDP) flows and doesn't support IP protocols such as SCTP or other things that aren't TCP or UDP. +* the standard WireGuard configuration doesn't support specifying DNS search domains, so resolving bare names like the `go` in `http://go/foo` won't work and you need