Enable both exit node routes (IPv4 and IPv6) at the same time.

As indicated by bradfitz in https://github.com/juanfont/headscale/issues/804#issuecomment-1399314002,
both routes for the exit node must be enabled at the same time. If a user tries to enable one of the exit node routes,
the other gets activated too.

This commit also reduces the API surface, making private a method that didnt need to be exposed.
This commit is contained in:
Juan Font 2023-01-22 22:39:42 +00:00
parent b322cdf251
commit 3ac2e0b253
2 changed files with 10 additions and 3 deletions

View file

@ -1047,8 +1047,8 @@ func (h *Headscale) IsRoutesEnabled(machine *Machine, routeStr string) bool {
return false
}
// EnableRoutes enables new routes based on a list of new routes.
func (h *Headscale) EnableRoutes(machine *Machine, routeStrs ...string) error {
// enableRoutes enables new routes based on a list of new routes.
func (h *Headscale) enableRoutes(machine *Machine, routeStrs ...string) error {
newRoutes := make([]netip.Prefix, len(routeStrs))
for index, routeStr := range routeStrs {
route, err := netip.ParsePrefix(routeStr)

View file

@ -90,7 +90,14 @@ func (h *Headscale) EnableRoute(id uint64) error {
return err
}
return h.EnableRoutes(&route.Machine, netip.Prefix(route.Prefix).String())
// Tailscale requires both IPv4 and IPv6 exit routes to
// be enabled at the same time, as per
// https://github.com/juanfont/headscale/issues/804#issuecomment-1399314002
if route.isExitRoute() {
return h.enableRoutes(&route.Machine, ExitRouteV4.String(), ExitRouteV6.String())
}
return h.enableRoutes(&route.Machine, netip.Prefix(route.Prefix).String())
}
func (h *Headscale) DisableRoute(id uint64) error {