You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Anton Tolchanov 8cc5c51888 health: warn about reverse path filtering and exit nodes ... When reverse path filtering is in strict mode on Linux, using an exit node blocks all network connectivity. This change adds a warning about this to `tailscale status` and the logs. Example in `tailscale status`: ``` - not connected to home DERP region 22 - The following issues on your machine will likely make usage of exit nodes impossible: [interface "eth0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310 ``` Example in the logs: ``` 2024/02/21 21:17:07 health("overall"): error: multiple errors: not in map poll The following issues on your machine will likely make usage of exit nodes impossible: [interface "eth0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310 ``` Updates #3310 Signed-off-by: Anton Tolchanov <anton@tailscale.com>		2 years ago
..
addlicense	all: update tools that manage copyright headers	3 years ago
build-webclient	client/web: precompress assets	2 years ago
cloner	cmd/cloner: fix typo in test type's name	3 years ago
connector-gen	cmd/connector-gen: add helper tool for wide app connector configurations	2 years ago
containerboot	cmd/{containerboot,k8s-operator/deploy/manifests}: optionally allow proxying cluster traffic to a cluster target via ingress proxy (#11036)	2 years ago
derper	cmd/derper: apply TCP keepalive and timeout to TLS as well	2 years ago
derpprobe	prober: migrate to Prometheus metric library	3 years ago
dist	cmd/dist: update logs for synology builds	2 years ago
get-authkey	util/cmpx: delete now that we're using Go 1.22	2 years ago
gitops-pusher	cmd/gitops-pusher: only use OAuth creds if non-empty string	2 years ago
hello	cmd/hello: link to the Hello KB article (#11022)	2 years ago
k8s-operator	cmd/k8s-operator,k8s-operator: proxy configuration mechanism via a new ProxyClass custom resource (#11074)	2 years ago
mkmanifest	cmd/mkmanifest, cmd/tailscale, cmd/tailscaled: remove Windows arm32 resources from OSS	3 years ago
mkpkg	go.mod: upgrade nfpm to v2 (#8786)	3 years ago
mkversion	version/mkversion: open-source version generation logic	3 years ago
nardump	all: update copyright and license headers	3 years ago
netlogfmt	util/cmpx: remove code that's in the stdlib now	2 years ago
nginx-auth	tailcfg,all: add and use Node.IsTagged()	3 years ago
pgproxy	various: add golangci-lint, fix issues (#7905)	3 years ago
printdep	cmd/printdep: print correct toolchain URL	3 years ago
proxy-to-grafana	tailcfg,all: add and use Node.IsTagged()	3 years ago
sniproxy	go.mod, all: move away from inet.af domain seized by Taliban	2 years ago
speedtest	all: update copyright and license headers	3 years ago
ssh-auth-none-demo	all: replace deprecated ioutil references	3 years ago
stunc	all: update copyright and license headers	3 years ago
stund	util/cmpx: delete now that we're using Go 1.22	2 years ago
sync-containers	all: adjust some build tags for plan9	3 years ago
tailscale	health: warn about reverse path filtering and exit nodes	2 years ago
tailscaled	cmd/tailscaled, ipn/ipnlocal, wgengine: shutdown tailscaled if wgdevice is closed	2 years ago
testcontrol	all: update copyright and license headers	3 years ago
testwrapper	cmd/testwrapper: apply results of all unit tests to coverage for all packages	2 years ago
tsconnect	all: remove LenIter, use Go 1.22 range-over-int instead	2 years ago
tsidp	cmd/tsidp: add start of OIDC Tailscale IdP	2 years ago
tsshd	all: update copyright and license headers	3 years ago
viewer	cmd/cloner: add regression test for slice nil/empty semantics	3 years ago