f69003fd46
Specifically, this sequence: iptables -N ts-forward iptables -A ts-forward -m mark --mark 0x10000 -j ACCEPT iptables -A FORWARD -j ts-forward doesn't work on Debian-9-using-nftables, but this sequence: iptables -N ts-forward iptables -A FORWARD -j ts-forward iptables -A ts-forward -m mark --mark 0x10000 -j ACCEPT does work. I'm sure the reason why is totally fascinating, but it's an old version of iptables and the bug doesn't seem to exist on modern nftables, so let's refactor our code to add rules in the always-safe order and pretend this never happened. Fixes #401. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
Tailscale
Private WireGuard® networks made easy
Overview
This repository contains all the open source Tailscale code. It currently includes the Linux client.
The Linux client is currently cmd/relaynode, but will
soon be replaced by cmd/tailscaled.
Using
We serve packages for a variety of distros at https://pkgs.tailscale.com .
Building
go install tailscale.com/cmd/tailscale{,d}
We only guarantee to support the latest Go release and any Go beta or release candidate builds (currently Go 1.14) in module mode. It might work in earlier Go versions or in GOPATH mode, but we're making no effort to keep those working.
Bugs
Please file any issues about this code or the hosted service on the issue tracker.
Contributing
under_construction.gif
PRs welcome, but we are still working out our contribution process and tooling.
We require Developer Certificate of
Origin
Signed-off-by lines in commits.
About Us
We are apenwarr, bradfitz, crawshaw, danderson, dfcarney, from Tailscale Inc. You can learn more about us from our website.
WireGuard is a registered trademark of Jason A. Donenfeld.