From 4987a7d46c172d3f03f38d32bd514cb2ed4124f3 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Tue, 4 Aug 2020 09:48:34 -0700
Subject: [PATCH] wgengine/magicsock: when hard NAT, add stun-ipv4:static-port
 as candidate

If a node is behind a hard NAT and is using an explicit local port
number, assume they might've mapped a port and add their public IPv4
address with the local tailscaled's port number as a candidate endpoint.
---
 wgengine/magicsock/magicsock.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go
index 4214e3d77..f1491ebf9 100644
--- a/wgengine/magicsock/magicsock.go
+++ b/wgengine/magicsock/magicsock.go
@@ -666,6 +666,17 @@ func (c *Conn) determineEndpoints(ctx context.Context) (ipPorts []string, reason
 
 	if nr.GlobalV4 != "" {
 		addAddr(nr.GlobalV4, "stun")
+
+		// If they're behind a hard NAT and are using a fixed
+		// port locally, assume they might've added a static
+		// port mapping on their router to the same explicit
+		// port that tailscaled is running with. Worst case
+		// it's an invalid candidate mapping.
+		if nr.MappingVariesByDestIP.EqualBool(true) && c.pconnPort != 0 {
+			if ip, _, err := net.SplitHostPort(nr.GlobalV4); err == nil {
+				addAddr(net.JoinHostPort(ip, strconv.Itoa(int(c.pconnPort))), "port_in")
+			}
+		}
 	}
 	if nr.GlobalV6 != "" {
 		addAddr(nr.GlobalV6, "stun")