From 07dca79b2065de50394ff27fd348886b06cac3e6 Mon Sep 17 00:00:00 2001 From: Jamie Greeff Date: Wed, 7 Sep 2022 14:16:04 +0100 Subject: [PATCH 1/4] Remove --rm flag from Docker example It appears to be causing confusion for users on Discord when copying/pasting from the example here, if Headscale crashes on launch then the container will be removed and logs can't be viewed with `docker logs`. --- docs/running-headscale-container.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/running-headscale-container.md b/docs/running-headscale-container.md index d341bb7cf3..f3626e9f65 100644 --- a/docs/running-headscale-container.md +++ b/docs/running-headscale-container.md @@ -66,7 +66,6 @@ db_path: /etc/headscale/db.sqlite docker run \ --name headscale \ --detach \ - --rm \ --volume $(pwd)/config:/etc/headscale/ \ --publish 127.0.0.1:8080:8080 \ --publish 127.0.0.1:9090:9090 \ From 33ae56acfaf96d6e4d3e8d15c91868b47ba5ed6c Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Sun, 18 Sep 2022 11:36:35 +0200 Subject: [PATCH 2/4] Add primary routes to node Signed-off-by: Kristoffer Dalby --- machine.go | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/machine.go b/machine.go index 9fe450a7df..b43c4571c4 100644 --- a/machine.go +++ b/machine.go @@ -35,6 +35,11 @@ const ( maxHostnameLength = 255 ) +var ( + ExitRouteV4 = netip.MustParsePrefix("0.0.0.0/0") + ExitRouteV6 = netip.MustParsePrefix("::/0") +) + // Machine is a Headscale client. type Machine struct { ID uint64 `gorm:"primary_key"` @@ -633,10 +638,17 @@ func (machine Machine) toNode( []netip.Prefix{}, addrs...) // we append the node own IP, as it is required by the clients - // TODO(kradalby): Needs investigation, We probably dont need this condition - // now that we dont have shared nodes - if includeRoutes { - allowedIPs = append(allowedIPs, machine.EnabledRoutes...) + allowedIPs = append(allowedIPs, machine.EnabledRoutes...) + + primaryRoutes := []netip.Prefix{} + if len(machine.EnabledRoutes) > 0 { + for _, route := range machine.EnabledRoutes { + if route == ExitRouteV4 || route == ExitRouteV6 { + continue + } + + primaryRoutes = append(primaryRoutes, route) + } } var derp string @@ -691,6 +703,7 @@ func (machine Machine) toNode( DiscoKey: discoKey, Addresses: addrs, AllowedIPs: allowedIPs, + PrimaryRoutes: primaryRoutes, Endpoints: machine.Endpoints, DERP: derp, From 356b76fc566a7610d903080a78b9097aac947aea Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Sun, 18 Sep 2022 11:37:38 +0200 Subject: [PATCH 3/4] Format Signed-off-by: Kristoffer Dalby --- machine.go | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/machine.go b/machine.go index b43c4571c4..ad31c860ed 100644 --- a/machine.go +++ b/machine.go @@ -26,9 +26,11 @@ const ( ) ErrCouldNotConvertMachineInterface = Error("failed to convert machine interface") ErrHostnameTooLong = Error("Hostname too long") - ErrDifferentRegisteredNamespace = Error("machine was previously registered with a different namespace") - MachineGivenNameHashLength = 8 - MachineGivenNameTrimSize = 2 + ErrDifferentRegisteredNamespace = Error( + "machine was previously registered with a different namespace", + ) + MachineGivenNameHashLength = 8 + MachineGivenNameTrimSize = 2 ) const ( @@ -695,17 +697,17 @@ func (machine Machine) toNode( StableID: tailcfg.StableNodeID( strconv.FormatUint(machine.ID, Base10), ), // in headscale, unlike tailcontrol server, IDs are permanent - Name: hostname, - User: tailcfg.UserID(machine.NamespaceID), - Key: nodeKey, - KeyExpiry: keyExpiry, - Machine: machineKey, - DiscoKey: discoKey, - Addresses: addrs, - AllowedIPs: allowedIPs, + Name: hostname, + User: tailcfg.UserID(machine.NamespaceID), + Key: nodeKey, + KeyExpiry: keyExpiry, + Machine: machineKey, + DiscoKey: discoKey, + Addresses: addrs, + AllowedIPs: allowedIPs, PrimaryRoutes: primaryRoutes, - Endpoints: machine.Endpoints, - DERP: derp, + Endpoints: machine.Endpoints, + DERP: derp, Online: &online, Hostinfo: hostInfo.View(), @@ -820,7 +822,8 @@ func (h *Headscale) RegisterMachineFromAuthCallback( } // Registration of expired machine with different namespace - if registrationMachine.ID != 0 && registrationMachine.NamespaceID != namespace.ID { + if registrationMachine.ID != 0 && + registrationMachine.NamespaceID != namespace.ID { return nil, ErrDifferentRegisteredNamespace } From f2da1a1665cc53fe4c426af0b11d6fc24b2ec591 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Sun, 18 Sep 2022 12:14:49 +0200 Subject: [PATCH 4/4] Add comment and update changelog Signed-off-by: Kristoffer Dalby --- CHANGELOG.md | 1 + machine.go | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cf0afb7f08..ac1e3832b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - Target Go 1.19 for Headscale [#778](https://github.com/juanfont/headscale/pull/778) - Target Tailscale v1.30.0 to build Headscale [#780](https://github.com/juanfont/headscale/pull/780) - Give a warning when running Headscale with reverse proxy improperly configured for WebSockets [#788](https://github.com/juanfont/headscale/pull/788) +- Fix subnet routers with Primary Routes [#811](https://github.com/juanfont/headscale/pull/811) ## 0.16.4 (2022-08-21) diff --git a/machine.go b/machine.go index ad31c860ed..92d714e758 100644 --- a/machine.go +++ b/machine.go @@ -642,6 +642,11 @@ func (machine Machine) toNode( allowedIPs = append(allowedIPs, machine.EnabledRoutes...) + // TODO(kradalby): This is kind of a hack where we say that + // all the announced routes (except exit), is presented as primary + // routes. This might be problematic if two nodes expose the same route. + // This was added to address an issue where subnet routers stopped working + // when we only populated AllowedIPs. primaryRoutes := []netip.Prefix{} if len(machine.EnabledRoutes) > 0 { for _, route := range machine.EnabledRoutes {