libtailscale: do not close old TUNs during reconfig#790
Merged
Conversation
Back in 2020, to work around a ChromeOS bug, we started closing previous tunnels, breaking TCP sessions on reconfig, in 8dbac87. This behavior has been preserved during the android app rewrite in 98a72c2, but we never actually needed it on Android. In c290ccf, the author of the original commit said: "note that seamless VPN tunnel handover works on Android But not on ChromeOS, and I haven't found a robust way to detect ChromeOS.". The isChromeOS method was added in a7dfea2 for an unrelated reason, but we never stopped closing the tunnels on Android. In this PR, we update (*backend).updateTUN to avoid closing the old tunnels unless we're running on ChromeOS or have an empty config. Updates tailscale/tailscale#19591 Signed-off-by: Nick Khyl <nickk@tailscale.com>
The bug that required us to close previous tunnels during VPN reconfiguration on ChromeOS in 8dbac87 was resolved sometime between June 2020 and February 2021. While we do not know exactly when it was fixed, we believe the issue was resolved in November 2020, when OpenVpnDriver was migrated to the VpnService state machine: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2497361 While I couldn't find a reliable way to determine which ChromeOS version we're running on, the Auto Update Expiration (AUE) policy suggests that only devices manufactured in 2017 or earlier might not be eligible for an update to a version with the seamless handover fix. Considering the above, in this commit we stop closing old TUNs on ChromeOS to avoid breaking connections for users running newer (November 2020+) ChromeOS releases. Updates tailscale/tailscale#19591 Signed-off-by: Nick Khyl <nickk@tailscale.com>
Member
Author
|
I tested this manually on both Android and ChromeOS -- seems fine. But I'd give it a bit more time on a few devices before merging, mainly because the /cc @croakerbcts -- this change might be a good candidate for more scrupulous testing in 1.99.x / 1.100 when it lands. |
Collaborator
|
Awesome!! Thanks for the fix! |
kari-ts
approved these changes
May 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[2 commits to preserve a bit more context around these changes; see commit messages for details]
libtailscale: do not close old TUNs during reconfig, except on ChromeOSlibtailscale: do not close old TUNs during reconfig on ChromeOSUpdates tailscale/tailscale#19591