From 2e6687209bd3334f96e1d105375085966beda808 Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Fri, 18 Mar 2022 12:58:00 +0100 Subject: [PATCH] Make STUN server mandatory if DERP embedded is enabled --- cmd/headscale/cli/utils.go | 8 +++++--- config-example.yaml | 10 ++++------ integration_test/etc_embedded_derp/config.yaml | 5 ++--- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/cmd/headscale/cli/utils.go b/cmd/headscale/cli/utils.go index eb26a83..768a971 100644 --- a/cmd/headscale/cli/utils.go +++ b/cmd/headscale/cli/utils.go @@ -124,8 +124,11 @@ func GetDERPConfig() headscale.DERPConfig { serverRegionID := viper.GetInt("derp.server.region_id") serverRegionCode := viper.GetString("derp.server.region_code") serverRegionName := viper.GetString("derp.server.region_name") - stunEnabled := viper.GetBool("derp.server.stun.enabled") - stunAddr := viper.GetString("derp.server.stun.listen_addr") + stunAddr := viper.GetString("derp.server.stun_listen_addr") + + if serverEnabled && stunAddr == "" { + log.Fatal().Msg("derp.server.stun_listen_addr must be set if derp.server.enabled is true") + } urlStrs := viper.GetStringSlice("derp.urls") @@ -152,7 +155,6 @@ func GetDERPConfig() headscale.DERPConfig { ServerRegionID: serverRegionID, ServerRegionCode: serverRegionCode, ServerRegionName: serverRegionName, - STUNEnabled: stunEnabled, STUNAddr: stunAddr, URLs: urls, Paths: paths, diff --git a/config-example.yaml b/config-example.yaml index 31d7a8a..430b82c 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -69,14 +69,12 @@ derp: region_code: "headscale" region_name: "Headscale Embedded DERP" - # Enabled by default when embedded DERP is enabled. Listens in UDP at the configured address for STUN connections - # to help on NAT traversal. - # If DERP is enabled, but STUN is disabled you still need to input an external STUN server in the listen_addr field. + + # Listens in UDP at the configured address for STUN connections to help on NAT traversal. + # When the embedded DERP server is enabled stun_listen_addr MUST be defined. # # For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/ - stun: - enabled: true - listen_addr: "0.0.0.0:3478" + stun_listen_addr: "0.0.0.0:3478" # List of externally available DERP maps encoded in JSON urls: diff --git a/integration_test/etc_embedded_derp/config.yaml b/integration_test/etc_embedded_derp/config.yaml index 1531d34..a8b57af 100644 --- a/integration_test/etc_embedded_derp/config.yaml +++ b/integration_test/etc_embedded_derp/config.yaml @@ -24,6 +24,5 @@ derp: region_id: 999 region_code: "headscale" region_name: "Headscale Embedded DERP" - stun: - enabled: true - listen_addr: "0.0.0.0:3478" + + stun_listen_addr: "0.0.0.0:3478"