Make STUN run by default when embedded DERP is enabled
This commit also allows to set an external STUN server, while running the embedded DERP server (without embedded STUN)
This commit is contained in:
parent
61440c42d3
commit
b8aad5451d
4 changed files with 21 additions and 12 deletions
5
app.go
5
app.go
|
@ -62,6 +62,7 @@ const (
|
||||||
errUnsupportedLetsEncryptChallengeType = Error(
|
errUnsupportedLetsEncryptChallengeType = Error(
|
||||||
"unknown value for Lets Encrypt challenge type",
|
"unknown value for Lets Encrypt challenge type",
|
||||||
)
|
)
|
||||||
|
errSTUNAddressNotSet = Error("STUN address not set")
|
||||||
|
|
||||||
DisabledClientAuth = "disabled"
|
DisabledClientAuth = "disabled"
|
||||||
RelaxedClientAuth = "relaxed"
|
RelaxedClientAuth = "relaxed"
|
||||||
|
@ -502,6 +503,10 @@ func (h *Headscale) Serve() error {
|
||||||
h.DERPMap = GetDERPMap(h.cfg.DERP)
|
h.DERPMap = GetDERPMap(h.cfg.DERP)
|
||||||
|
|
||||||
if h.cfg.DERP.ServerEnabled {
|
if h.cfg.DERP.ServerEnabled {
|
||||||
|
if h.cfg.DERP.STUNAddr == "" { // When embedded DERP is enabled we always need a STUN server address, embedded or external
|
||||||
|
return errSTUNAddressNotSet
|
||||||
|
}
|
||||||
|
|
||||||
h.DERPMap.Regions[h.DERPServer.region.RegionID] = &h.DERPServer.region
|
h.DERPMap.Regions[h.DERPServer.region.RegionID] = &h.DERPServer.region
|
||||||
if h.cfg.DERP.STUNEnabled {
|
if h.cfg.DERP.STUNEnabled {
|
||||||
go h.ServeSTUN()
|
go h.ServeSTUN()
|
||||||
|
|
|
@ -55,6 +55,9 @@ func LoadConfig(path string) error {
|
||||||
|
|
||||||
viper.SetDefault("dns_config", nil)
|
viper.SetDefault("dns_config", nil)
|
||||||
|
|
||||||
|
viper.SetDefault("derp.server.enabled", false)
|
||||||
|
viper.SetDefault("derp.server.stun.enabled", true)
|
||||||
|
|
||||||
viper.SetDefault("unix_socket", "/var/run/headscale.sock")
|
viper.SetDefault("unix_socket", "/var/run/headscale.sock")
|
||||||
viper.SetDefault("unix_socket_permission", "0o770")
|
viper.SetDefault("unix_socket_permission", "0o770")
|
||||||
|
|
||||||
|
|
|
@ -69,10 +69,13 @@ derp:
|
||||||
region_code: "headscale"
|
region_code: "headscale"
|
||||||
region_name: "Headscale Embedded DERP"
|
region_name: "Headscale Embedded DERP"
|
||||||
|
|
||||||
# If enabled, also listens in UDP at the configured address for STUN connections to help on NAT traversal
|
# Enabled by default when embedded DERP is enabled. Listens in UDP at the configured address for STUN connections
|
||||||
|
# to help on NAT traversal.
|
||||||
|
# If DERP is enabled, but STUN is disabled you still need to input an external STUN server in the listen_addr field.
|
||||||
|
#
|
||||||
# For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/
|
# For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/
|
||||||
stun:
|
stun:
|
||||||
enabled: false
|
enabled: true
|
||||||
listen_addr: "0.0.0.0:3478"
|
listen_addr: "0.0.0.0:3478"
|
||||||
|
|
||||||
# List of externally available DERP maps encoded in JSON
|
# List of externally available DERP maps encoded in JSON
|
||||||
|
|
|
@ -77,17 +77,15 @@ func (h *Headscale) generateRegionLocalDERP() (tailcfg.DERPRegion, error) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if h.cfg.DERP.STUNEnabled {
|
_, portSTUNStr, err := net.SplitHostPort(h.cfg.DERP.STUNAddr)
|
||||||
_, portStr, err := net.SplitHostPort(h.cfg.DERP.STUNAddr)
|
if err != nil {
|
||||||
if err != nil {
|
return tailcfg.DERPRegion{}, err
|
||||||
return tailcfg.DERPRegion{}, err
|
|
||||||
}
|
|
||||||
port, err := strconv.Atoi(portStr)
|
|
||||||
if err != nil {
|
|
||||||
return tailcfg.DERPRegion{}, err
|
|
||||||
}
|
|
||||||
localDERPregion.Nodes[0].STUNPort = port
|
|
||||||
}
|
}
|
||||||
|
portSTUN, err := strconv.Atoi(portSTUNStr)
|
||||||
|
if err != nil {
|
||||||
|
return tailcfg.DERPRegion{}, err
|
||||||
|
}
|
||||||
|
localDERPregion.Nodes[0].STUNPort = portSTUN
|
||||||
|
|
||||||
return localDERPregion, nil
|
return localDERPregion, nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue