From cd8b434ccd9008cd22852d035b30fd14d69d2cd8 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Thu, 27 May 2021 10:07:17 -0700 Subject: [PATCH] ipn/ipnlocal: ignore NetfilterMode pref on Synology On clean installs we didn't set use iptables, but during upgrades it looks like we could use old prefs that directed us to go into the iptables paths that might fail on Synology. Updates #1995 Fixes tailscale/tailscale-synology#57 (I think) Signed-off-by: Brad Fitzpatrick (cherry picked from commit a04801e037367a1bcbed309d3c44e57b4c011688) --- ipn/ipnlocal/local.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go index bb614c07e..bf997023f 100644 --- a/ipn/ipnlocal/local.go +++ b/ipn/ipnlocal/local.go @@ -44,11 +44,13 @@ "tailscale.com/types/logger" "tailscale.com/types/netmap" "tailscale.com/types/persist" + "tailscale.com/types/preftype" "tailscale.com/types/wgkey" "tailscale.com/util/dnsname" "tailscale.com/util/osshare" "tailscale.com/util/systemd" "tailscale.com/version" + "tailscale.com/version/distro" "tailscale.com/wgengine" "tailscale.com/wgengine/filter" "tailscale.com/wgengine/router" @@ -2043,6 +2045,11 @@ func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs *ipn.Prefs) *router Routes: peerRoutes(cfg.Peers, 10_000), } + if distro.Get() == distro.Synology { + // Issue 1995: we don't use iptables on Synology. + rs.NetfilterMode = preftype.NetfilterOff + } + // Sanity check: we expect the control server to program both a v4 // and a v6 default route, if default routing is on. Fill in // blackhole routes appropriately if we're missing some. This is