From 954064bdfe3972bca4e26d6ebe0f59a05a82e8a3 Mon Sep 17 00:00:00 2001
From: David Anderson <danderson@tailscale.com>
Date: Wed, 1 Sep 2021 15:29:06 -0700
Subject: [PATCH] wgengine/wgcfg/nmcfg: don't configure peers who can't DERP or
 disco.

Fixes #2770

Signed-off-by: David Anderson <danderson@tailscale.com>
---
 wgengine/wgcfg/nmcfg/nmcfg.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wgengine/wgcfg/nmcfg/nmcfg.go b/wgengine/wgcfg/nmcfg/nmcfg.go
index 5fec0be04..c498413e1 100644
--- a/wgengine/wgcfg/nmcfg/nmcfg.go
+++ b/wgengine/wgcfg/nmcfg/nmcfg.go
@@ -69,6 +69,12 @@ func WGCfg(nm *netmap.NetworkMap, logf logger.Logf, flags netmap.WGConfigFlags,
 		if controlclient.Debug.OnlyDisco && peer.DiscoKey.IsZero() {
 			continue
 		}
+		if peer.DiscoKey.IsZero() && peer.DERP == "" {
+			// Peer predates both DERP and active discovery, we cannot
+			// communicate with it.
+			logf("[v1] wgcfg: skipped peer %s, doesn't offer DERP or disco", peer.Key.ShortString())
+			continue
+		}
 		cfg.Peers = append(cfg.Peers, wgcfg.Peer{
 			PublicKey: wgkey.Key(peer.Key),
 			DiscoKey:  peer.DiscoKey,