diff --git a/derp/derp_server.go b/derp/derp_server.go index a032a4731..eb4528e72 100644 --- a/derp/derp_server.go +++ b/derp/derp_server.go @@ -1955,12 +1955,37 @@ func (s *Server) ConsistencyCheck() error { s.curClients.Value(), len(s.clients))) } + + if s.verifyClientsLocalTailscaled { + if err := s.checkVerifyClientsLocalTailscaled(); err != nil { + errs = append(errs, err.Error()) + } + } + if len(errs) == 0 { return nil } return errors.New(strings.Join(errs, ", ")) } +// checkVerifyClientsLocalTailscaled checks that a verifyClients call can be made successfully for the derper hosts own node key. +func (s *Server) checkVerifyClientsLocalTailscaled() error { + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + status, err := localClient.StatusWithoutPeers(ctx) + if err != nil { + return fmt.Errorf("localClient.Status: %w", err) + } + info := &clientInfo{ + IsProber: true, + } + clientIP := netip.IPv6Loopback() + if err := s.verifyClient(ctx, status.Self.PublicKey, info, clientIP); err != nil { + return fmt.Errorf("verifyClient for self nodekey: %w", err) + } + return nil +} + const minTimeBetweenLogs = 2 * time.Second // BytesSentRecv records the number of bytes that have been sent since the last traffic check