From 69be54c7b65421af5cf23ce17288e1a11d73fcf9 Mon Sep 17 00:00:00 2001 From: Andrea Gottardo Date: Thu, 26 Sep 2024 10:28:10 -0700 Subject: [PATCH] net/captivedetection: exclude ipsec interfaces from captive portal detection (#13598) Updates tailscale/tailscale#1634 Logs from some iOS users indicate that we're pointlessly performing captive portal detection on certain interfaces named ipsec*. These are tunnels with the cellular carrier that do not offer Internet access, and are only used to provide internet calling functionality (VoLTE / VoWiFi). ``` attempting to do captive portal detection on interface ipsec1 attempting to do captive portal detection on interface ipsec6 ``` This PR excludes interfaces with the `ipsec` prefix from captive portal detection. Signed-off-by: Andrea Gottardo --- net/captivedetection/captivedetection.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/captivedetection/captivedetection.go b/net/captivedetection/captivedetection.go index e0a4b0a25..c99fdd44f 100644 --- a/net/captivedetection/captivedetection.go +++ b/net/captivedetection/captivedetection.go @@ -112,7 +112,7 @@ func (d *Detector) detectCaptivePortalWithGOOS(ctx context.Context, netMon *netm // interfaces on iOS and Android, respectively, and would be needlessly battery-draining. func interfaceNameDoesNotNeedCaptiveDetection(ifName string, goos string) bool { ifName = strings.ToLower(ifName) - excludedPrefixes := []string{"tailscale", "tun", "tap", "docker", "kube", "wg"} + excludedPrefixes := []string{"tailscale", "tun", "tap", "docker", "kube", "wg", "ipsec"} if goos == "windows" { excludedPrefixes = append(excludedPrefixes, "loopback", "tunnel", "ppp", "isatap", "teredo", "6to4") } else if goos == "darwin" || goos == "ios" {