From 7d6407a6323c5fe95c081514e26c0f05ef834ab9 Mon Sep 17 00:00:00 2001
From: Maisem Ali <maisem@tailscale.com>
Date: Mon, 13 Dec 2021 09:45:09 -0800
Subject: [PATCH] wgengine/router{windows}: return the output from the
 firewallTweaker on error.

While debugging a customer issue where the firewallTweaker was failing
the only message we have is `router: firewall: error adding
Tailscale-Process rule: exit status 1` which is not really helpful.
This will help diagnose firewall tweaking failures.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
(cherry picked from commit d24a8f7b5a0bac043e81d0807e3448180ba71f1a)
---
 wgengine/router/router_windows.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/wgengine/router/router_windows.go b/wgengine/router/router_windows.go
index 6dcb6a7ff..37090f553 100644
--- a/wgengine/router/router_windows.go
+++ b/wgengine/router/router_windows.go
@@ -183,7 +183,10 @@ func (ft *firewallTweaker) runFirewall(args ...string) (time.Duration, error) {
 	args = append([]string{"advfirewall", "firewall"}, args...)
 	cmd := exec.Command("netsh", args...)
 	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
-	err := cmd.Run()
+	b, err := cmd.CombinedOutput()
+	if err != nil {
+		err = fmt.Errorf("%w: %v", err, string(b))
+	}
 	return time.Since(t0).Round(time.Millisecond), err
 }