tailscale/ipn
Anton Tolchanov 8cc5c51888 health: warn about reverse path filtering and exit nodes
When reverse path filtering is in strict mode on Linux, using an exit
node blocks all network connectivity. This change adds a warning about
this to `tailscale status` and the logs.

Example in `tailscale status`:

```
- not connected to home DERP region 22
- The following issues on your machine will likely make usage of exit nodes impossible: [interface "eth0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310
```

Example in the logs:
```
2024/02/21 21:17:07 health("overall"): error: multiple errors:
	not in map poll
	The following issues on your machine will likely make usage of exit nodes impossible: [interface "eth0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310
```

Updates #3310

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-02-27 00:43:01 +00:00
..
conffile ipn/{conffile,ipnlocal}: start booting tailscaled from a config file w/ auth key 2023-10-17 07:12:49 -07:00
ipnauth go.mod, all: move away from inet.af domain seized by Taliban 2024-02-13 19:21:09 -08:00
ipnlocal health: warn about reverse path filtering and exit nodes 2024-02-27 00:43:01 +00:00
ipnserver ipn/ipnserver: always allow Windows SYSTEM user to connect 2024-01-12 14:37:53 -08:00
ipnstate ipn/ipnstate: add AllowedIPs to PeerStatus 2023-11-29 14:35:30 -05:00
localapi tailfs: clean up naming and package structure 2024-02-09 20:00:42 -06:00
policy ipn,tailconfig: clean up unreleased and removed app connector service 2023-11-09 22:36:52 -08:00
store cmd/k8s-operator,ipn/store/kubestore: patch secrets instead of updating 2023-08-29 13:24:05 -07:00
backend.go tailfs: clean up naming and package structure 2024-02-09 20:00:42 -06:00
conf.go ipn,cmd/tailscale/cli: support hierarchical MaskedPrefs (#10507) 2023-12-08 10:19:25 -08:00
doc.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
fake_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
ipn_clone.go linuxfw,wgengine/route,ipn: add c2n and nodeattrs to control linux netfilter 2023-12-05 14:22:02 -05:00
ipn_test.go net/packet: split off checksum munging into different pkg 2023-10-11 14:25:58 -07:00
ipn_view.go linuxfw,wgengine/route,ipn: add c2n and nodeattrs to control linux netfilter 2023-12-05 14:22:02 -05:00
prefs_test.go all: use reflect.TypeFor now available in Go 1.22 (#11078) 2024-02-08 17:34:22 -08:00
prefs.go ipn: apply ControlURL policy before login 2024-01-05 19:58:01 -05:00
serve_test.go ipn/localapi: require local Windows admin to set serve path (#9969) 2023-10-26 14:40:44 -07:00
serve.go ipn/localapi: require local Windows admin to set serve path (#9969) 2023-10-26 14:40:44 -07:00
store_test.go ipn: avoid useless no-op WriteState calls 2023-08-07 08:44:24 -07:00
store.go taildrop: lazily perform full deletion scan after first taildrop use (#10137) 2023-11-13 12:20:28 -06:00