archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

client/web: restrict using an exit node on a couple more platforms

Browse Source 
Completed testing of the new UI on the existing platforms that use
it. From testing, QNAP, Unraid, and Home Assistant (in addition to
Synology) all do not play well with using an exit node. For now,
we're disabling this setting from the UI. CLI should be updated to
also disallow selection of an exit node from these platforms.
All platforms still allow for advertising as an exit node.

Co-authored-by: Will Norris <will@tailscale.com>

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
pull/10561/head
Sonia Appasamy 12 months ago committed by Sonia Appasamy
parent fc69301fd1
commit bc9b9e8f69
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File

18
client/web/web.go
Unescape Escape View File

@ -739,14 +739,15 @@ func (s *Server) serveGetNodeData(w http.ResponseWriter, r *http.Request) {
} }
func availableFeatures() map[string]bool { func availableFeatures() map[string]bool {
env := hostinfo.GetEnvType()
features := map[string]bool{ features := map[string]bool{
"advertise-exit-node": true, // available on all platforms "advertise-exit-node": true, // available on all platforms
"advertise-routes": true, // available on all platforms "advertise-routes": true, // available on all platforms
"use-exit-node": distro.Get() != distro.Synology, // see https://github.com/tailscale/tailscale/issues/1995 "use-exit-node": canUseExitNode(env) == nil,
"ssh": envknob.CanRunTailscaleSSH() == nil, "ssh": envknob.CanRunTailscaleSSH() == nil,
"auto-update": version.IsUnstableBuild() && clientupdate.CanAutoUpdate(), "auto-update": version.IsUnstableBuild() && clientupdate.CanAutoUpdate(),
} }
if hostinfo.GetEnvType() == hostinfo.HomeAssistantAddOn { if env == hostinfo.HomeAssistantAddOn {
// Setting SSH on Home Assistant causes trouble on startup // Setting SSH on Home Assistant causes trouble on startup
// (since the flag is not being passed to `tailscale up`). // (since the flag is not being passed to `tailscale up`).
// Although Tailscale SSH does work here, // Although Tailscale SSH does work here,
@ -756,6 +757,19 @@ func availableFeatures() map[string]bool {
return features return features
} }
func canUseExitNode(env hostinfo.EnvType) error {
switch dist := distro.Get(); dist {
case distro.Synology, // see https://github.com/tailscale/tailscale/issues/1995
distro.QNAP,
distro.Unraid:
return fmt.Errorf("Tailscale exit nodes cannot be used on %s.", dist)
}
if env == hostinfo.HomeAssistantAddOn {
return errors.New("Tailscale exit nodes cannot be used on Home Assistant.")
}
return nil
}
// aclsAllowAccess returns whether tailnet ACLs (as expressed in the provided filter rules) // aclsAllowAccess returns whether tailnet ACLs (as expressed in the provided filter rules)
// permit any devices to access the local web client. // permit any devices to access the local web client.
// This does not currently check whether a specific device can connect, just any device. // This does not currently check whether a specific device can connect, just any device.

Write Preview
Loading…
Cancel
Save