Enable both exit node routes (IPv4 and IPv6) at the same time.

As indicated by bradfitz in #804 (comment), both routes for the exit node must be enabled at the same time. If a user tries to enable one of the exit node routes, the other gets activated too. This commit also reduces the API surface, making private a method that didnt need to be exposed.
juanfont · Jan 29, 2023 · 3ac2e0b · 3ac2e0b
1 parent b322cdf
commit 3ac2e0b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/machine.go b/machine.go
@@ -1047,8 +1047,8 @@ func (h *Headscale) IsRoutesEnabled(machine *Machine, routeStr string) bool {
 	return false
 }
 
-// EnableRoutes enables new routes based on a list of new routes.
-func (h *Headscale) EnableRoutes(machine *Machine, routeStrs ...string) error {
+// enableRoutes enables new routes based on a list of new routes.
+func (h *Headscale) enableRoutes(machine *Machine, routeStrs ...string) error {
 	newRoutes := make([]netip.Prefix, len(routeStrs))
 	for index, routeStr := range routeStrs {
 		route, err := netip.ParsePrefix(routeStr)

diff --git a/routes.go b/routes.go
@@ -90,7 +90,14 @@ func (h *Headscale) EnableRoute(id uint64) error {
 		return err
 	}
 
-	return h.EnableRoutes(&route.Machine, netip.Prefix(route.Prefix).String())
+	// Tailscale requires both IPv4 and IPv6 exit routes to
+	// be enabled at the same time, as per
+	// https://github.com/juanfont/headscale/issues/804#issuecomment-1399314002
+	if route.isExitRoute() {
+		return h.enableRoutes(&route.Machine, ExitRouteV4.String(), ExitRouteV6.String())
+	}
+
+	return h.enableRoutes(&route.Machine, netip.Prefix(route.Prefix).String())
 }
 
 func (h *Headscale) DisableRoute(id uint64) error {