4via6 routes advertised by 1.68.0 subnet routers unusable #12448
Labels
Comments
|
Thank you for opening the issue. I can reproduce this with a subnet router We'll take a look at fixing this. |
|
Hello, |
irbekrm
added a commit
that referenced
this issue
Jun 13, 2024
Fix a bug where, for a subnet router that advertizes 4via6 route, all packets with a source IP matching the 4via6 address were being sent to the host itself. Instead, only send to host packets whose destination address is host's local address. Fixes #12448 Co-authored-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: Irbe Krumina <irbe@tailscale.com>
irbekrm
added a commit
that referenced
this issue
Jun 13, 2024
Fix a bug where, for a subnet router that advertizes 4via6 route, all packets with a source IP matching the 4via6 address were being sent to the host itself. Instead, only send to host packets whose destination address is host's local address. Fixes #12448 Co-authored-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: Irbe Krumina <irbe@tailscale.com>
irbekrm
added a commit
that referenced
this issue
Jun 13, 2024
Fix a bug where, for a subnet router that advertizes 4via6 route, all packets with a source IP matching the 4via6 address were being sent to the host itself. Instead, only send to host packets whose destination address is host's local address. Fixes #12448 Co-authored-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: Irbe Krumina <irbe@tailscale.com>
irbekrm
added a commit
that referenced
this issue
Jun 13, 2024
Fix a bug where, for a subnet router that advertizes 4via6 route, all packets with a source IP matching the 4via6 address were being sent to the host itself. Instead, only send to host packets whose destination address is host's local address. Fixes #12448 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Andrew Dunham <andrew@du.nham.ca>
irbekrm
added a commit
that referenced
this issue
Jun 13, 2024
Fix a bug where, for a subnet router that advertizes 4via6 route, all packets with a source IP matching the 4via6 address were being sent to the host itself. Instead, only send to host packets whose destination address is host's local address. Fixes #12448 Co-authored-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: Irbe Krumina <irbe@tailscale.com> (cherry picked from commit 5d692f2)
irbekrm
added a commit
that referenced
this issue
Jun 13, 2024
Fix a bug where, for a subnet router that advertizes 4via6 route, all packets with a source IP matching the 4via6 address were being sent to the host itself. Instead, only send to host packets whose destination address is host's local address. Fixes #12448 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Andrew Dunham <andrew@du.nham.ca> (cherry picked from commit 88f2d23)
irbekrm
added a commit
that referenced
this issue
Jun 13, 2024
Fix a bug where, for a subnet router that advertizes 4via6 route, all packets with a source IP matching the 4via6 address were being sent to the host itself. Instead, only send to host packets whose destination address is host's local address. Fixes #12448 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Andrew Dunham <andrew@du.nham.ca> (cherry picked from commit 88f2d23)
|
We installed the hotfix version 1.68.1, this fixed the issue. |
|
Thank you for confirming! |
chen8945
pushed a commit
to Ckid-Home/tailscale
that referenced
this issue
Jul 31, 2024
Fix a bug where, for a subnet router that advertizes 4via6 route, all packets with a source IP matching the 4via6 address were being sent to the host itself. Instead, only send to host packets whose destination address is host's local address. Fixes tailscale#12448 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Andrew Dunham <andrew@du.nham.ca>
chen8945
pushed a commit
to Ckid-Home/tailscale
that referenced
this issue
Jul 31, 2024
This refactors the logic for determining whether a packet should be sent to the host or not into a function, and then adds tests for it. Updates tailscale#11304 Updates tailscale#12448 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ief9afa98eaffae00e21ceb7db073c61b170355e5
Asutorufa
pushed a commit
to Asutorufa/tailscale
that referenced
this issue
Aug 23, 2024
Fix a bug where, for a subnet router that advertizes 4via6 route, all packets with a source IP matching the 4via6 address were being sent to the host itself. Instead, only send to host packets whose destination address is host's local address. Fixes tailscale#12448 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Andrew Dunham <andrew@du.nham.ca>
Asutorufa
pushed a commit
to Asutorufa/tailscale
that referenced
this issue
Aug 23, 2024
This refactors the logic for determining whether a packet should be sent to the host or not into a function, and then adds tests for it. Updates tailscale#11304 Updates tailscale#12448 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ief9afa98eaffae00e21ceb7db073c61b170355e5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the issue?
Using a 4via6 subnet route from any Tailscale client which is served by another peer running Tailscale 1.68.0, at least for HTTP/HTTPS TCP traffic, is not possible with identical configuration to 1.66.4. All attempted connections end up getting reset, though ICMP does appear to work to those endpoints. Advertised IPv4 routes work fine.
Steps to reproduce
Advertise a 4via6 route from one node, with a completely open ACL. On 1.66.4 this works fine and is usable from the second node. In this example, reaching a random google.com ipv4 endpoint via site id 123.
Update first node to 1.68.0.
Attempts to use these routes will reset in connections getting reset by peer.
Are there any recent changes that introduced the issue?
No response
OS
Linux
OS version
Debian 13
Tailscale version
1.68.0
Other software
No response
Bug report
No response
The text was updated successfully, but these errors were encountered: