mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-07 08:07:42 +00:00
ipn, tailcfg: change Windows subnet disabling behavior w/ WPAD
In 1.0, subnet relays were not specially handled when WPAD+PAC was present on the network. In 1.2, on Windows, subnet relays were disabled if WPAD+PAC was present. That was what some users wanted, but not others. This makes it configurable per domain, reverting back to the 1.0 default state of them not being special. Users who want that behavior can then enable it. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
parent
450cfedeba
commit
d21956436a
@ -1154,6 +1154,7 @@ func (b *LocalBackend) authReconfig() {
|
|||||||
uc := b.prefs
|
uc := b.prefs
|
||||||
nm := b.netMap
|
nm := b.netMap
|
||||||
hasPAC := b.prevIfState.HasPAC()
|
hasPAC := b.prevIfState.HasPAC()
|
||||||
|
disableSubnetsIfPAC := nm != nil && nm.Debug != nil && nm.Debug.DisableSubnetsIfPAC.EqualBool(true)
|
||||||
b.mu.Unlock()
|
b.mu.Unlock()
|
||||||
|
|
||||||
if blocked {
|
if blocked {
|
||||||
@ -1178,13 +1179,7 @@ func (b *LocalBackend) authReconfig() {
|
|||||||
if uc.AllowSingleHosts {
|
if uc.AllowSingleHosts {
|
||||||
flags |= controlclient.AllowSingleHosts
|
flags |= controlclient.AllowSingleHosts
|
||||||
}
|
}
|
||||||
if hasPAC {
|
if hasPAC && disableSubnetsIfPAC {
|
||||||
// TODO(bradfitz): make this policy configurable per
|
|
||||||
// domain, flesh out all the edge cases where subnet
|
|
||||||
// routes might shadow corp HTTP proxies, DNS servers,
|
|
||||||
// domain controllers, etc. For now we just want
|
|
||||||
// Tailscale to stay enabled while laptops roam
|
|
||||||
// between corp & non-corp networks.
|
|
||||||
if flags&controlclient.AllowSubnetRoutes != 0 {
|
if flags&controlclient.AllowSubnetRoutes != 0 {
|
||||||
b.logf("authReconfig: have PAC; disabling subnet routes")
|
b.logf("authReconfig: have PAC; disabling subnet routes")
|
||||||
flags &^= controlclient.AllowSubnetRoutes
|
flags &^= controlclient.AllowSubnetRoutes
|
||||||
|
@ -673,6 +673,10 @@ type Debug struct {
|
|||||||
// TrimWGConfig controls whether Tailscale does lazy, on-demand
|
// TrimWGConfig controls whether Tailscale does lazy, on-demand
|
||||||
// wireguard configuration of peers.
|
// wireguard configuration of peers.
|
||||||
TrimWGConfig opt.Bool `json:",omitempty"`
|
TrimWGConfig opt.Bool `json:",omitempty"`
|
||||||
|
|
||||||
|
// DisableSubnetsIfPAC controls whether subnet routers should be
|
||||||
|
// disabled if WPAD is present on the network.
|
||||||
|
DisableSubnetsIfPAC opt.Bool `json:",omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k MachineKey) String() string { return fmt.Sprintf("mkey:%x", k[:]) }
|
func (k MachineKey) String() string { return fmt.Sprintf("mkey:%x", k[:]) }
|
||||||
|
Loading…
x
Reference in New Issue
Block a user