From 76c30e014d7bdcac3b854d06dc09d4932f6e31cd Mon Sep 17 00:00:00 2001 From: Irbe Krumina Date: Thu, 16 May 2024 13:11:30 -0400 Subject: [PATCH] cmd/containerboot: warn when an ingress proxy with an IPv4 tailnet address is being created for an IPv6 backend(s) (#12159) Updates tailscale/tailscale#12156 Signed-off-by: Irbe Krumina --- cmd/containerboot/main.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cmd/containerboot/main.go b/cmd/containerboot/main.go index abeb85d09..55264f130 100644 --- a/cmd/containerboot/main.go +++ b/cmd/containerboot/main.go @@ -961,16 +961,23 @@ func installIngressForwardingRule(ctx context.Context, dstStr string, tsIPs []ne return err } var local netip.Addr + proxyHasIPv4Address := false for _, pfx := range tsIPs { if !pfx.IsSingleIP() { continue } + if pfx.Addr().Is4() { + proxyHasIPv4Address = true + } if pfx.Addr().Is4() != dst.Is4() { continue } local = pfx.Addr() break } + if proxyHasIPv4Address && dst.Is6() { + log.Printf("Warning: proxy backend ClusterIP is an IPv6 address and the proxy has a IPv4 tailnet address. You might need to disable IPv4 address allocation for the proxy for forwarding to work. See https://github.com/tailscale/tailscale/issues/12156") + } if !local.IsValid() { return fmt.Errorf("no tailscale IP matching family of %s found in %v", dstStr, tsIPs) }