FR: Make it easier to inspect and manage advertised routes

[djc]

What are you trying to do?

I'm using Tailscale to get access to GCP resources. I followed https://tailscale.com/kb/1147/cloud-gce/ so I used tailscale up --advertise-routes=.. --allow-dns=false and this seemed to work well.

However, as we've been bringing more resources online in GCP I've sometimes needed to add more routes (for example, for resources peered to a project's default VPC). I could not find (a) a way to add/remove advertised routes without recreating the full list of routes and passing this to tailscale up, and (b) a way to review which routes are currently being advertised. After enabling some routes, then advertising different routes by calling tailscale up again, the admin console still shows all the routes that were ever enabled/allowed, seemingly as if they're active.

How should we solve this?

• Add the currently advertised routes to the output of tailscale status
• Add a subcommand to tailscale that lets me add or remove advertised routes
• Make it obvious in the admin console which routes are currently being advertised

Some suggested improvements for the KB article:

• The screenshots could be updated to match the current state of GCP
• It does not explicitly mention the need to allow routes from the Tailscale admin console
• It could mention the 10.128/9 subnet that appears to be the default for GCP resources

What is the impact of not solving this?

There is no UX for managing routes incrementally and you have to repeat yourself/keep track of the current state.

Anything else?

The initial setup of the Tailscale gateway following the KB article was pretty easy and the result is pretty magic once it works! Figured I'd document my paper cuts so they might get looked at -- I think this is mostly "superficial" UI work. Also, I'd like to use Tailscale more but am prevented by the lack of #713.

[DentonGentry]

This is a specific case of #2096