diff --git a/app.go b/app.go index 851805d..6e37fcd 100644 --- a/app.go +++ b/app.go @@ -132,6 +132,7 @@ func NewHeadscale(cfg *Config) (*Headscale, error) { return nil, ErrFailedPrivateKey } + // TS2021 requires to have a different key from the legacy protocol. noisePrivateKey, err := readOrCreatePrivateKey(cfg.NoisePrivateKeyPath) if err != nil { return nil, ErrFailedNoisePrivateKey diff --git a/protocol_common.go b/protocol_common.go index 49c9138..3cce760 100644 --- a/protocol_common.go +++ b/protocol_common.go @@ -56,8 +56,8 @@ func (h *Headscale) KeyHandler( return } + // TS2021 (Tailscale v2 protocol) requires to have a different key if clientCapabilityVersion >= NoiseCapabilityVersion { - // Tailscale has a different key for the TS2021 protocol resp := tailcfg.OverTLSPublicKeyResponse{ LegacyPublicKey: h.privateKey.Public(), PublicKey: h.noisePrivateKey.Public(),