tailscale

Commit Graph

Author	SHA1	Message	Date
Mihai Parparita	6d48a54b3d	version: make IsSandboxedMacOS handle the IPNExtension binary too It was previously only invoked from the CLI, which only runs from the main .app. However, starting with #6022 we also invoke it from the network extension. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Maisem Ali	235309adc4	all: store NL keys per profile This moves the NetworkLock key from a dedicated StateKey to be part of the persist.Persist struct. This struct is stored as part for ipn.Prefs and is also the place where we store the NodeKey. It also moves the ChonkDir from "/tka" to "/tka-profile/<profile-id>". The rename was intentional to be able to delete the "/tka" dir if it exists. This means that we will have a unique key per profile, and a unique directory per profile. Note: `tailscale logout` will delete the entire profile, including any keys. It currently does not delete the ChonkDir. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
License Updater	751f866f01	licenses: update win/apple licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Maisem Ali	fe81ee62d7	ipn/ipnlocal: do controlclient.Shutdown in a different goroutine We do not need to wait for it to complete. And we might have to call Shutdown from callback from the controlclient which might already be holding a lock that Shutdown requires. Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Denton Gentry	e0cadc5496	cmd/tailscale: access QNAP via localhost QNAP 5.x works much better if we let Apache proxy tailscale web, which means the URLs can no longer be relative since apache sends us an internal URL. Access QNAP authentication via http://localhost:8080/ as documented in https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf Signed-off-by: Denton Gentry <dgentry@tailscale.com>	2 years ago
Brad Fitzpatrick	1950e56478	tsnet: add Server.ControlURL option As requested in #6250 from @majst01. Change-Id: Ia4bc5c4ebc98cd67d07328a1a42b87574261ddde Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	f81351fdef	portlist: fix data race Maisem spotted the bug. The initial getList call in NewPoller wasn't making a clone (only the Run loop's getList calls). Fixes #6314 Change-Id: I8ab8799fcccea8e799140340d0ff88a825bb6ff0 Co-authored-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	42855d219b	ipn/ipnlocal: fix checks for node-key presence in TKA logic Found by tests in another repo. TKA code wasn't always checking enough to be sure a node-key was set for the current state. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Mihai Parparita	0cc65b4bbe	ipn/localapi: add LocalAPI endpoints for profile switching Exposes a REST-y API for interacting with the profile switching introduced in #6022. Updates #713 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Tom DNetto	3271daf7a3	cmd/tailscale,ipn: support disablement args in lock cli, implement disable * Support specifiying disablement values in lock init command * Support specifying rotation key in lock sign command * Implement lock disable command * Implement disablement-kdf command Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	fb392e34b5	net/tshttpproxy: don't ignore env-based HTTP proxies after system lookups fail There was a mechanism in tshttpproxy to note that a Windows proxy lookup failed and to stop hitting it so often. But that turns out to fire a lot (no PAC file configured at all results in a proxy lookup), so after the first proxy lookup, we were enabling the "omg something's wrong, stop looking up proxies" bit for awhile, which was then also preventing the normal Go environment-based proxy lookups from working. This at least fixes environment-based proxies. Plenty of other Windows-specific proxy work remains (using WinHttpGetIEProxyConfigForCurrentUser instead of just PAC files, ignoring certain types of errors, etc), but this should fix the regression reported in #4811. Updates #4811 Change-Id: I665e1891897d58e290163bda5ca51a22a017c5f9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	96e1582298	cmd/tailscale/cli: add debug 2021 --verbose flag Change-Id: Ic93c2a8451518755fb44b5c35272d9b9353fe4d4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	a255a08ea6	tailcfg: bump capver for ingress Updates tailscale/corp#7515 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	13bee8e91c	cmd/tailscale/cli: update serve debug set command after FUS profile change The key changed, but also we have a localapi method to set it anyway, so use that. Updates tailscale/corp#7515 Change-Id: Ia08ea2509f0bdd9b59e4c5de53aacf9a7d7eda36 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	7c285fe7ee	ipn/ipnlocal: fix error message typo in ingress peerapi handler Updates tailscale/corp#7515 Change-Id: I81edd7d9f8958eef61be71d3d34e545cd3347008 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	3114eacbb8	ipn/ipnlocal: don't warn about serve listener failing on IPv6-less machines Fixes #6303 Change-Id: Ie1ce12938f68dfa0533246bbe3b9d7f3e749a243 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	90bd74fc05	net/dns: add a health warning when Linux /etc/resolv.conf is overwritten Change-Id: I925b4d904bc7ed920bc5afee11e6dcb2ffc2fbfd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	3f8e185003	health: add Warnable, move ownership of warnable items to callers The health package was turning into a rando dumping ground. Make a new Warnable type instead that callers can request an instance of, and then Set it locally in their code without the health package being aware of all the things that are warnable. (For plenty of things the health package will want to know details of how Tailscale works so it can better prioritize/suppress errors, but lots of the warnings are pretty leaf-y and unrelated) This just moves two of the health warnings. Can probably move more later. Change-Id: I51e50e46eb633f4e96ced503d3b18a1891de1452 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
License Updater	b1a6d8e2b1	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Brad Fitzpatrick	001f482aca	net/dns: make "direct" mode on Linux warn on resolv.conf fights Run an inotify goroutine and watch if another program takes over /etc/inotify.conf. Log if so. For now this only logs. In the future I want to wire it up into the health system to warn (visible in "tailscale status", etc) about the situation, with a short URL to more info about how you should really be using systemd-resolved if you want programs to not fight over your DNS files on Linux. Updates #4254 etc etc Change-Id: I86ad9125717d266d0e3822d4d847d88da6a0daaa Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	b87cb2c4a5	ipn/ipnlocal: call restart backend on user changes This makes it so that the backend also restarts when users change, otherwise an extra call to Start was required. Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	8e85227059	cmd/tailscale/cli: [set] handle selectively modifying routes/exit node Noticed this while debugging something else, we would reset all routes if either `--advertise-exit-node` or `--advertise-routes` were set. This handles correctly updating them. Also added tests. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	26d1fc867e	ipn/ipnlocal: delete profile on logout Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	0544d6ed04	cmd/tailscale/cli: continue fleshing out serve CLI tests The serve CLI doesn't exist yet, but we want nice tests for it when it does exist. Updates tailscale/corp#7515 Change-Id: Ib4c73d606242c4228f87410bbfd29bec52ca6c60 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	b5ac9172fd	cmd/tailscale/cli: move earlier shell test to its own files (I should've done this to start with.) Updates tailscale/corp#7515 Change-Id: I7fb88cf95772790fd415ecf28fc52bde95507641 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	9e70daad6f	ipn/ipnlocal: make TKA tests not have side effects It left the envknob turned on which meant that running all the tests in the package had different behavior than running just any one test. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	29bc021dcd	cmd/tailscale/cli: add outline of serve CLI tests Updates tailscale/corp#7515 Change-Id: Ib3956d4756bdcea0da89238a3c520ce8ac8004ec Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
shayne	74e892cbc2	ipn/ipnlocal: listen to serve ports on netmap addrs (#6282 ) Updates tailscale/corp#7515 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	2 years ago
Brad Fitzpatrick	cbc89830c4	tsnet: be stricter about arguments to Server.Listen Fixes #6201 Change-Id: I14b2b8ce9bee838344a3fad4f305c78ab775f72e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	08e110ebc5	cmd/tailscale: make "up", "status" warn if routes and --accept-routes off Example output: # Health check: # - Some peers are advertising routes but --accept-routes is false Also, move "tailscale status" health checks to the bottom, where they won't be lost in large netmaps. Updates #2053 Updates #6266 Change-Id: I5ae76a0cd69a452ce70063875cd7d974bfeb8f1a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	66b4a363bd	net/dns/resolver: add yet another 4via6 DNS form that's hopefully more robust $ dig +short @100.100.100.100 aaaa 10-2-5-3-via-7.foo-bar.ts.net fd7a:115c:a1e0:b1a:0:7:a02:503 $ dig +short @100.100.100.100 aaaa 10-2-5-3-via-7 fd7a:115c:a1e0:b1a:0:7:a02:503 $ ping 10-2-5-3-via-7 PING 10-2-5-3-via-7(fd7a:115c:a1e0:b1a:0:7:a02:503 (fd7a:115c:a1e0:b1a:0:7:a02:503)) 56 data bytes ... Change-Id: Ice8f954518a6a2fca8b2c04da7f31f61d78cdec4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
License Updater	e0cd9e9dec	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Brad Fitzpatrick	6aab4fb696	cmd/tailscale/cli: start making cert output support pkcs12 (p12) output If the --key-file output filename ends in ".pfx" or ".p12", use pkcs12 format. This might not be working entirely correctly yet but might be enough for others to help out or experiment. Updates #2928 Updates #5011 Change-Id: I62eb0eeaa293b9fd5e27b97b9bc476c23dd27cf6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	d585cbf02a	wgengine/router: [bsd/darwin] remove and readd routes on profile change Noticed when testing FUS on tailscale-on-macOS, that routing would break completely when switching between profiles. However, it would start working again when going back to the original profile tailscaled started with. Turns out that if we change the addrs on the interface we need to remove and readd all the routes. Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Tom DNetto	4c31183781	cmd/tailscale,ipn: minor fixes to tailscale lock commands * Fix broken add/remove key commands * Make lock status display whether the node is signed Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
License Updater	c60e444696	licenses: update win/apple licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Maisem Ali	ae18cd02c1	ipn: add AdvertisesExitNode and AdminPageURL accessors to PrefsView Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	6cc0036b40	ipn/ipnlocal: use updated prefs in tkaSyncIfNeeded Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	329a0a8406	client/tailscale: remove some json.Unmarshal repetition, add helper Change-Id: I73ece09895ad04c7d8c4a5673f9bd360be873b9f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	f00a49667d	control/controlclient: make Status.Persist a PersistView Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	4d330bac14	ipn/ipnlocal: add support for multiple user profiles Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	c9d6a9cb4d	ipn/ipnlocal: add optional TLS termination on proxied TCP connections Updates tailscale/corp#7515 Change-Id: Ib250fa20275971563adccfa72db48e0cec02b7a5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
shayne	56dfdbe190	repo: add .vscode/ to .gitignore (#6278 ) Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	2 years ago
Brad Fitzpatrick	f4a522fd67	client/tailscale: make a helper for json.Marshal'ed request bodies Change-Id: I59eb1643addf8793856089690407fb45053c8e4d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
License Updater	13cadeabcd	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Brad Fitzpatrick	69e4b8a359	client/tailscale: document ServeConfig accessors a bit more Updates tailscale/corp#7515 Change-Id: Iecae581e4b34ce70b2df531bc95c6c390a398c38 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Pat Maddox	9bf3ef4167	ssh/tailssh: add Tailscale SSH (server) support on FreeBSD Change-Id: I607194b6ef99205e777f3df93a74ffe1a2e0344c Signed-off-by: Pat Maddox <pat@ratiopbc.com>	2 years ago
shayne	e3a66e4d2f	ipn/localapi: introduce get/set config for serve (#6243 ) Updates tailscale/corp#7515 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	2 years ago
Brad Fitzpatrick	7b5866ac0a	ipn/ipnlocal: support serving files/directories too Updates tailscale/corp#7515 Change-Id: I7b4c924005274ba57763264313d70d2a0c55da30 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Denton Gentry	446057d613	scripts/installer.sh: add Nobara Linux. Fixes https://github.com/tailscale/tailscale/issues/5763 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	2 years ago

1 2 3 4 5 ...

4826 Commits (6d48a54b3d144e1850a51aa4c9abeed9ad43a6b6) All Branches Search

4826 Commits (6d48a54b3d144e1850a51aa4c9abeed9ad43a6b6)

All Branches