Merge pull request #624 from iSchluff/feature/configure-randomize-port
This commit is contained in:
commit
a4b4fc8b6c
7 changed files with 17 additions and 5 deletions
|
@ -28,6 +28,7 @@
|
||||||
- Add support for reloading ACLs with SIGHUP [#601](https://github.com/juanfont/headscale/pull/601)
|
- Add support for reloading ACLs with SIGHUP [#601](https://github.com/juanfont/headscale/pull/601)
|
||||||
- Use new ACL syntax [#618](https://github.com/juanfont/headscale/pull/618)
|
- Use new ACL syntax [#618](https://github.com/juanfont/headscale/pull/618)
|
||||||
- Add -c option to specify config file from command line [#285](https://github.com/juanfont/headscale/issues/285) [#612](https://github.com/juanfont/headscale/pull/601)
|
- Add -c option to specify config file from command line [#285](https://github.com/juanfont/headscale/issues/285) [#612](https://github.com/juanfont/headscale/pull/601)
|
||||||
|
- Add configuration option to allow Tailscale clients to use a random WireGuard port. [kb/1181/firewalls](https://tailscale.com/kb/1181/firewalls) [#624](https://github.com/juanfont/headscale/pull/624)
|
||||||
|
|
||||||
## 0.15.0 (2022-03-20)
|
## 0.15.0 (2022-03-20)
|
||||||
|
|
||||||
|
|
1
api.go
1
api.go
|
@ -280,6 +280,7 @@ func (h *Headscale) getMapResponse(
|
||||||
UserProfiles: profiles,
|
UserProfiles: profiles,
|
||||||
Debug: &tailcfg.Debug{
|
Debug: &tailcfg.Debug{
|
||||||
DisableLogTail: !h.cfg.LogTail.Enabled,
|
DisableLogTail: !h.cfg.LogTail.Enabled,
|
||||||
|
RandomizeClientPort: h.cfg.RandomizeClientPort,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -113,6 +113,7 @@ func (*Suite) TestConfigLoading(c *check.C) {
|
||||||
fs.FileMode(0o770),
|
fs.FileMode(0o770),
|
||||||
)
|
)
|
||||||
c.Assert(viper.GetBool("logtail.enabled"), check.Equals, false)
|
c.Assert(viper.GetBool("logtail.enabled"), check.Equals, false)
|
||||||
|
c.Assert(viper.GetBool("randomize_client_port"), check.Equals, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (*Suite) TestDNSConfigLoading(c *check.C) {
|
func (*Suite) TestDNSConfigLoading(c *check.C) {
|
||||||
|
|
|
@ -244,3 +244,8 @@ logtail:
|
||||||
# As there is currently no support for overriding the log server in headscale, this is
|
# As there is currently no support for overriding the log server in headscale, this is
|
||||||
# disabled by default. Enabling this will make your clients send logs to Tailscale Inc.
|
# disabled by default. Enabling this will make your clients send logs to Tailscale Inc.
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
# Enabling this option makes devices prefer a random port for WireGuard traffic over the
|
||||||
|
# default static port 41641. This option is intended as a workaround for some buggy
|
||||||
|
# firewall devices. See https://tailscale.com/kb/1181/firewalls/ for more information.
|
||||||
|
randomize_client_port: false
|
||||||
|
|
|
@ -55,6 +55,7 @@ type Config struct {
|
||||||
OIDC OIDCConfig
|
OIDC OIDCConfig
|
||||||
|
|
||||||
LogTail LogTailConfig
|
LogTail LogTailConfig
|
||||||
|
RandomizeClientPort bool
|
||||||
|
|
||||||
CLI CLIConfig
|
CLI CLIConfig
|
||||||
|
|
||||||
|
@ -157,6 +158,7 @@ func LoadConfig(path string, isFile bool) error {
|
||||||
viper.SetDefault("oidc.strip_email_domain", true)
|
viper.SetDefault("oidc.strip_email_domain", true)
|
||||||
|
|
||||||
viper.SetDefault("logtail.enabled", false)
|
viper.SetDefault("logtail.enabled", false)
|
||||||
|
viper.SetDefault("randomize_client_port", false)
|
||||||
|
|
||||||
if err := viper.ReadInConfig(); err != nil {
|
if err := viper.ReadInConfig(); err != nil {
|
||||||
return fmt.Errorf("fatal error reading config file: %w", err)
|
return fmt.Errorf("fatal error reading config file: %w", err)
|
||||||
|
@ -384,6 +386,7 @@ func GetHeadscaleConfig() (*Config, error) {
|
||||||
dnsConfig, baseDomain := GetDNSConfig()
|
dnsConfig, baseDomain := GetDNSConfig()
|
||||||
derpConfig := GetDERPConfig()
|
derpConfig := GetDERPConfig()
|
||||||
logConfig := GetLogTailConfig()
|
logConfig := GetLogTailConfig()
|
||||||
|
randomizeClientPort := viper.GetBool("randomize_client_port")
|
||||||
|
|
||||||
configuredPrefixes := viper.GetStringSlice("ip_prefixes")
|
configuredPrefixes := viper.GetStringSlice("ip_prefixes")
|
||||||
parsedPrefixes := make([]netaddr.IPPrefix, 0, len(configuredPrefixes)+1)
|
parsedPrefixes := make([]netaddr.IPPrefix, 0, len(configuredPrefixes)+1)
|
||||||
|
@ -490,6 +493,7 @@ func GetHeadscaleConfig() (*Config, error) {
|
||||||
},
|
},
|
||||||
|
|
||||||
LogTail: logConfig,
|
LogTail: logConfig,
|
||||||
|
RandomizeClientPort: randomizeClientPort,
|
||||||
|
|
||||||
CLI: CLIConfig{
|
CLI: CLIConfig{
|
||||||
Address: viper.GetString("cli.address"),
|
Address: viper.GetString("cli.address"),
|
||||||
|
|
|
@ -43,4 +43,4 @@ tls_letsencrypt_cache_dir: /var/www/.cache
|
||||||
tls_letsencrypt_challenge_type: HTTP-01
|
tls_letsencrypt_challenge_type: HTTP-01
|
||||||
unix_socket: /var/run/headscale.sock
|
unix_socket: /var/run/headscale.sock
|
||||||
unix_socket_permission: "0o770"
|
unix_socket_permission: "0o770"
|
||||||
|
randomize_client_port: false
|
||||||
|
|
|
@ -43,4 +43,4 @@ tls_letsencrypt_cache_dir: /var/www/.cache
|
||||||
tls_letsencrypt_challenge_type: HTTP-01
|
tls_letsencrypt_challenge_type: HTTP-01
|
||||||
unix_socket: /var/run/headscale.sock
|
unix_socket: /var/run/headscale.sock
|
||||||
unix_socket_permission: "0o770"
|
unix_socket_permission: "0o770"
|
||||||
|
randomize_client_port: false
|
||||||
|
|
Loading…
Reference in a new issue