Updates #3802
Change-Id: If3b5fe42e7dd7858dcce02a3a24a5e59736815a2
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 6f5b91c94c
... which had a git rebase mistake where the wrong commit message was used)
This updates the fix from #4562 to pick the proxy based on the request
scheme.
Updates #4395, #2605, #4562
Signed-off-by: James Tucker <james@tailscale.com>
(cherry picked from commit 96fec4b969)
Currently we try to use `https://` when we see `https_host`, however
that doesn't work and results in errors like `Received error: fetch
control key: Get "https://controlplane.tailscale.com/key?v=32":
proxyconnect tcp: tls: first record does not look like a TLS handshake`
This indiciates that we are trying to do a HTTPS request to a HTTP
server. Googling suggests that the standard is to use `http` regardless
of `https` or `http` proxy
Updates #4395, #2605
Signed-off-by: Maisem Ali <maisem@tailscale.com>
(cherry picked from commit eff6a404a6)
Just because we get an HTTP upgrade response over port 80, don't
assume we'll be able to do bi-di Noise over it. There might be a MITM
corp proxy or anti-virus/firewall interfering. Do a bit more work to
validate the connection before proceeding to give up on the TLS port
443 dial.
Updates #4557 (probably fixes)
Change-Id: I0e1bcc195af21ad3d360ffe79daead730dfd86f1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 1237000efe)
The connections returned from SystemDial are automatically closed when
there is a major link change.
Also plumb through the dialer to the noise client so that connections
are auto-reset when moving from cellular to WiFi etc.
Updates #3363
Signed-off-by: Maisem Ali <maisem@tailscale.com>
(cherry picked from commit 5a1ef1bbb9)
Setting keepalive ensures that idle connections will eventually be
closed. In userspace mode, any application configured TCP keepalive is
effectively swallowed by the host kernel, and is not easy to detect.
Failure to close connections when a peer tailscaled goes offline or
restarts may result in an otherwise indefinite connection for any
protocol endpoint that does not initiate new traffic.
This patch does not take any new opinion on a sensible default for the
keepalive timers, though as noted in the TODO, doing so likely deserves
further consideration.
Update #4522
Signed-off-by: James Tucker <james@tailscale.com>
(cherry picked from commit 1aa75b1c9e)
In debugging #4541, I noticed this log print was always empty.
The value printed was always zero at this point.
Updates #4541
Change-Id: I0eef60c32717c293c1c853879446be65d9b2cef6
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit adcb7e59d2)
Still a little wonky, though. See the tcsetattr error and inability to
hit Ctrl-D, for instance:
bradfitz@laptop ~ % tailscale.app ssh foo@bar
tcsetattr: Operation not permitted
# Authentication checked with Tailscale SSH.
# Time since last authentication: 1h13m22s
foo@bar:~$ ^D
^D
^D
Updates #4518
Updates #4529
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 50eb8c5add)
Tested three macOS Tailscale daemons:
- App Store (Network Extension)
- Standalone (macsys)
- tailscaled
And two types of local IPC each:
- IPN
- HTTP
And two CLI modes:
- sandboxed (running the GUI binary as the CLI; normal way)
- open source CLI hitting GUI (with #4525)
Bonus: simplifies the code.
Fixestailscale/corp#4559
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 21413392cf)
One current theory (among other things) on battery consumption is that
magicsock is resorting to using the IPv6 over LTE even on WiFi.
One thing that could explain this is that we do not get link change updates
for the LTE modem as we ignore them in this list.
This commit makes us not ignore changes to `pdp_ip` as a test.
Updates #3363
Signed-off-by: Maisem Ali <maisem@tailscale.com>
(cherry picked from commit 80ba161c40)
There was a typo in the check it was doing `!ok` instead of `ok`, this
restructures it a bit to read better.
Fixes#4506
Signed-off-by: Maisem Ali <maisem@tailscale.com>
(cherry picked from commit bbca2c78cb)