net/captivedetection: exclude ipsec interfaces from captive portal de…

…tection (tailscale#13598) Updates tailscale#1634 Logs from some iOS users indicate that we're pointlessly performing captive portal detection on certain interfaces named ipsec*. These are tunnels with the cellular carrier that do not offer Internet access, and are only used to provide internet calling functionality (VoLTE / VoWiFi). ``` attempting to do captive portal detection on interface ipsec1 attempting to do captive portal detection on interface ipsec6 ``` This PR excludes interfaces with the `ipsec` prefix from captive portal detection. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
nshalman · Sep 26, 2024 · 69be54c · 69be54c
1 parent 5550a17
commit 69be54c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/net/captivedetection/captivedetection.go b/net/captivedetection/captivedetection.go
@@ -112,7 +112,7 @@ func (d *Detector) detectCaptivePortalWithGOOS(ctx context.Context, netMon *netm
 // interfaces on iOS and Android, respectively, and would be needlessly battery-draining.
 func interfaceNameDoesNotNeedCaptiveDetection(ifName string, goos string) bool {
 	ifName = strings.ToLower(ifName)
-	excludedPrefixes := []string{"tailscale", "tun", "tap", "docker", "kube", "wg"}
+	excludedPrefixes := []string{"tailscale", "tun", "tap", "docker", "kube", "wg", "ipsec"}
 	if goos == "windows" {
 		excludedPrefixes = append(excludedPrefixes, "loopback", "tunnel", "ppp", "isatap", "teredo", "6to4")
 	} else if goos == "darwin" || goos == "ios" {