tailcfg, ipn/ipnlocal: add debug flag to enable one-big-CGNAT/10 route

To experiment with avoiding Chrome ERR_NETWORK_CHANGED errors on route
changes.

Updates #3102

Change-Id: I339da14c684fdac45ac261566aa21bf2198672ff
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
pull/4234/merge
Brad Fitzpatrick 3 years ago committed by Brad Fitzpatrick
parent 52d32c94d8
commit df9ce972c7

@ -1957,6 +1957,7 @@ func (b *LocalBackend) authReconfig() {
nm := b.netMap
hasPAC := b.prevIfState.HasPAC()
disableSubnetsIfPAC := nm != nil && nm.Debug != nil && nm.Debug.DisableSubnetsIfPAC.EqualBool(true)
oneCGNATRoute := nm != nil && nm.Debug != nil && nm.Debug.OneCGNATRoute.EqualBool(true)
b.mu.Unlock()
if blocked {
@ -2001,7 +2002,7 @@ func (b *LocalBackend) authReconfig() {
return
}
rcfg := b.routerConfig(cfg, prefs)
rcfg := b.routerConfig(cfg, prefs, oneCGNATRoute)
dcfg := dnsConfigForNetmap(nm, prefs, b.logf, version.OS())
err = b.e.Reconfig(cfg, rcfg, dcfg, nm.Debug)
@ -2412,13 +2413,17 @@ func ipPrefixLess(ri, rj netaddr.IPPrefix) bool {
}
// routerConfig produces a router.Config from a wireguard config and IPN prefs.
func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs *ipn.Prefs) *router.Config {
func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs *ipn.Prefs, oneCGNATRoute bool) *router.Config {
singleRouteThreshold := 10_000
if oneCGNATRoute {
singleRouteThreshold = 1
}
rs := &router.Config{
LocalAddrs: unmapIPPrefixes(cfg.Addresses),
SubnetRoutes: unmapIPPrefixes(prefs.AdvertiseRoutes),
SNATSubnetRoutes: !prefs.NoSNAT,
NetfilterMode: prefs.NetfilterMode,
Routes: peerRoutes(cfg.Peers, 10_000),
Routes: peerRoutes(cfg.Peers, singleRouteThreshold),
}
if distro.Get() == distro.Synology {

@ -1377,6 +1377,10 @@ type Debug struct {
// fixed port.
RandomizeClientPort bool `json:",omitempty"`
// OneCGNATRoute controls whether the client should prefer to make one
// big CGNAT /10 route rather than a /32 per peer.
OneCGNATRoute opt.Bool `json:",omitempty"`
// DisableUPnP is whether the client will attempt to perform a UPnP portmapping.
// By default, we want to enable it to see if it works on more clients.
//

Loading…
Cancel
Save