mirror of
https://github.com/tailscale/tailscale.git
synced 2025-07-30 07:43:42 +00:00
db34cdcfe7
We already present a health warning about this, but it is easy to miss on a server when blackholing traffic makes it unreachable. In addition to a health warning, present a risk message when exit node is enabled. Example: ``` $ tailscale up --exit-node=lizard The following issues on your machine will likely make usage of exit nodes impossible: - interface "ens4" has strict reverse-path filtering enabled - interface "tailscale0" has strict reverse-path filtering enabled Please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310 To skip this warning, use --accept-risk=linux-strict-rp-filter $ ``` Updates #3310 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
17 lines
854 B
Go
17 lines
854 B
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
// Package healthmsg contains some constants for health messages.
|
|
//
|
|
// It's a leaf so both the server and CLI can depend on it without bringing too
|
|
// much in to the CLI binary.
|
|
package healthmsg
|
|
|
|
const (
|
|
WarnAcceptRoutesOff = "Some peers are advertising routes but --accept-routes is false"
|
|
TailscaleSSHOnBut = "Tailscale SSH enabled, but " // + ... something from caller
|
|
LockedOut = "this node is locked out; it will not have connectivity until it is signed. For more info, see https://tailscale.com/s/locked-out"
|
|
WarnExitNodeUsage = "The following issues on your machine will likely make usage of exit nodes impossible"
|
|
DisableRPFilter = "Please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310"
|
|
)
|