|
|
@ -15,6 +15,7 @@ import (
|
|
|
|
"runtime"
|
|
|
|
"runtime"
|
|
|
|
"strconv"
|
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"sync"
|
|
|
|
|
|
|
|
|
|
|
|
"github.com/peterbourgon/ff/v2/ffcli"
|
|
|
|
"github.com/peterbourgon/ff/v2/ffcli"
|
|
|
|
"github.com/tailscale/wireguard-go/wgcfg"
|
|
|
|
"github.com/tailscale/wireguard-go/wgcfg"
|
|
|
@ -53,6 +54,7 @@ specify any flags, options are reset to their default.
|
|
|
|
upf.BoolVar(&upArgs.acceptDNS, "accept-dns", true, "accept DNS configuration from the admin panel")
|
|
|
|
upf.BoolVar(&upArgs.acceptDNS, "accept-dns", true, "accept DNS configuration from the admin panel")
|
|
|
|
upf.BoolVar(&upArgs.singleRoutes, "host-routes", true, "install host routes to other Tailscale nodes")
|
|
|
|
upf.BoolVar(&upArgs.singleRoutes, "host-routes", true, "install host routes to other Tailscale nodes")
|
|
|
|
upf.BoolVar(&upArgs.shieldsUp, "shields-up", false, "don't allow incoming connections")
|
|
|
|
upf.BoolVar(&upArgs.shieldsUp, "shields-up", false, "don't allow incoming connections")
|
|
|
|
|
|
|
|
upf.BoolVar(&upArgs.forceReauth, "force-reauth", false, "force reauthentication")
|
|
|
|
upf.StringVar(&upArgs.advertiseTags, "advertise-tags", "", "ACL tags to request (comma-separated, e.g. eng,montreal,ssh)")
|
|
|
|
upf.StringVar(&upArgs.advertiseTags, "advertise-tags", "", "ACL tags to request (comma-separated, e.g. eng,montreal,ssh)")
|
|
|
|
upf.StringVar(&upArgs.authKey, "authkey", "", "node authorization key")
|
|
|
|
upf.StringVar(&upArgs.authKey, "authkey", "", "node authorization key")
|
|
|
|
upf.StringVar(&upArgs.hostname, "hostname", "", "hostname to use instead of the one provided by the OS")
|
|
|
|
upf.StringVar(&upArgs.hostname, "hostname", "", "hostname to use instead of the one provided by the OS")
|
|
|
@ -75,6 +77,7 @@ var upArgs struct {
|
|
|
|
acceptDNS bool
|
|
|
|
acceptDNS bool
|
|
|
|
singleRoutes bool
|
|
|
|
singleRoutes bool
|
|
|
|
shieldsUp bool
|
|
|
|
shieldsUp bool
|
|
|
|
|
|
|
|
forceReauth bool
|
|
|
|
advertiseRoutes string
|
|
|
|
advertiseRoutes string
|
|
|
|
advertiseTags string
|
|
|
|
advertiseTags string
|
|
|
|
enableDERP bool
|
|
|
|
enableDERP bool
|
|
|
@ -212,6 +215,8 @@ func runUp(ctx context.Context, args []string) error {
|
|
|
|
defer cancel()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
|
|
|
|
var printed bool
|
|
|
|
var printed bool
|
|
|
|
|
|
|
|
var loginOnce sync.Once
|
|
|
|
|
|
|
|
startLoginInteractive := func() { loginOnce.Do(func() { bc.StartLoginInteractive() }) }
|
|
|
|
|
|
|
|
|
|
|
|
bc.SetPrefs(prefs)
|
|
|
|
bc.SetPrefs(prefs)
|
|
|
|
opts := ipn.Options{
|
|
|
|
opts := ipn.Options{
|
|
|
@ -225,7 +230,7 @@ func runUp(ctx context.Context, args []string) error {
|
|
|
|
switch *s {
|
|
|
|
switch *s {
|
|
|
|
case ipn.NeedsLogin:
|
|
|
|
case ipn.NeedsLogin:
|
|
|
|
printed = true
|
|
|
|
printed = true
|
|
|
|
bc.StartLoginInteractive()
|
|
|
|
startLoginInteractive()
|
|
|
|
case ipn.NeedsMachineAuth:
|
|
|
|
case ipn.NeedsMachineAuth:
|
|
|
|
printed = true
|
|
|
|
printed = true
|
|
|
|
fmt.Fprintf(os.Stderr, "\nTo authorize your machine, visit (as admin):\n\n\t%s/admin/machines\n\n", upArgs.server)
|
|
|
|
fmt.Fprintf(os.Stderr, "\nTo authorize your machine, visit (as admin):\n\n\t%s/admin/machines\n\n", upArgs.server)
|
|
|
@ -251,6 +256,10 @@ func runUp(ctx context.Context, args []string) error {
|
|
|
|
// ephemeral frontends that read/modify/write state, once
|
|
|
|
// ephemeral frontends that read/modify/write state, once
|
|
|
|
// Windows/Mac state is moved into backend.
|
|
|
|
// Windows/Mac state is moved into backend.
|
|
|
|
bc.Start(opts)
|
|
|
|
bc.Start(opts)
|
|
|
|
|
|
|
|
if upArgs.forceReauth {
|
|
|
|
|
|
|
|
printed = true
|
|
|
|
|
|
|
|
startLoginInteractive()
|
|
|
|
|
|
|
|
}
|
|
|
|
pump(ctx, bc, c)
|
|
|
|
pump(ctx, bc, c)
|
|
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
return nil
|
|
|
|