diff --git a/net/tailscale/Makefile b/net/tailscale/Makefile index e15b54aa17..6dd8fb7aa3 100644 --- a/net/tailscale/Makefile +++ b/net/tailscale/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tailscale -PKG_VERSION:=1.32.3 +PKG_VERSION:=1.36.0 PKG_RELEASE:=1 PKG_SOURCE:=tailscale-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=4cf88a1d754240ce71b29d3a65ca480091ad9c614ac99c541cef6fdaf0585dd4 +PKG_HASH:=25b293a7e65d7b962f0c56454d66fa56c89c3aa995467218f24efa335b924c76 PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=BSD-3-Clause @@ -61,24 +61,44 @@ endef Package/tailscaled/description:=$(Package/tailscale/description) +define Package/tailscaled/conffiles +/etc/config/tailscale +/etc/tailscale/tailscaled.state +endef + +GO_IPTABLES_VERSION:=0.6.0 +GO_IPTABLES_FILE:=$(PKG_NAME)-go-iptables-$(GO_IPTABLES_VERSION).tar.gz + +define Download/go-iptables + URL:=https://codeload.github.com/coreos/go-iptables/tar.gz/v$(GO_IPTABLES_VERSION)? + URL_FILE:=$(GO_IPTABLES_FILE) + FILE:=$(GO_IPTABLES_FILE) + HASH:=a784cc17fcb17879f073eae47bc4c2e899f59f6906dac5a0aa7a9cc9f95ea66d +endef + +define Build/Prepare + $(PKG_UNPACK) + [ ! -d ./src/ ] || $(CP) ./src/. $(PKG_BUILD_DIR) + $(eval $(call Download,go-iptables)) + ( \ + mkdir -p $(PKG_BUILD_DIR)/patched/ ; \ + gzip -dc $(DL_DIR)/$(GO_IPTABLES_FILE) | $(HOST_TAR) -C $(PKG_BUILD_DIR)/patched $(TAR_OPTIONS) ; \ + mv $(PKG_BUILD_DIR)/patched/go-iptables-$(GO_IPTABLES_VERSION) $(PKG_BUILD_DIR)/patched/go-iptables ; \ + ) + $(Build/Patch) +endef + define Package/tailscale/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/tailscale $(1)/usr/sbin endef define Package/tailscaled/install - $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config $(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/tailscaled $(1)/usr/sbin - $(INSTALL_DIR) $(1)/etc/init.d/ $(INSTALL_BIN) ./files//tailscale.init $(1)/etc/init.d/tailscale - $(INSTALL_DIR) $(1)/etc/config/ $(INSTALL_DATA) ./files//tailscale.conf $(1)/etc/config/tailscale endef -define Package/tailscaled/conffiles -/etc/config/tailscale -/etc/tailscale/tailscaled.state -endef - $(eval $(call BuildPackage,tailscale)) $(eval $(call BuildPackage,tailscaled)) diff --git a/net/tailscale/README.md b/net/tailscale/README.md index d3b58e7cea..eaffa57d7a 100644 --- a/net/tailscale/README.md +++ b/net/tailscale/README.md @@ -25,4 +25,9 @@ Run command and finish device registration with the given URL. tailscale up ``` +If you are running with nftables, it is not supported by tailscale, +so disable it and configure firewall by yourself and add argument +--netfilter-mode off +to tailscale up command to disable iptables use. + After that, you should see your router in tailscale admin page. diff --git a/net/tailscale/patches/010-fake_iptables.patch b/net/tailscale/patches/010-fake_iptables.patch new file mode 100644 index 0000000000..07e14fbf5b --- /dev/null +++ b/net/tailscale/patches/010-fake_iptables.patch @@ -0,0 +1,53 @@ +--- a/go.mod ++++ b/go.mod +@@ -2,6 +2,8 @@ module tailscale.com + + go 1.19 + ++replace github.com/coreos/go-iptables => ./patched/go-iptables ++ + require ( + filippo.io/mkcert v1.4.3 + github.com/Microsoft/go-winio v0.6.0 +--- a/patched/go-iptables/iptables/iptables.go ++++ b/patched/go-iptables/iptables/iptables.go +@@ -149,12 +149,39 @@ func New(opts ...option) (*IPTables, err + return ipt, nil + } + ++func NewFake(opts ...option) (*IPTables, error) { ++ ++ ipt := &IPTables{ ++ path: "/bin/false", ++ proto: ProtocolIPv4, ++ hasCheck: false, ++ hasWait: false, ++ waitSupportSecond: false, ++ hasRandomFully: false, ++ v1: 0, ++ v2: 0, ++ v3: 0, ++ mode: "legacy", ++ timeout: 0, ++ } ++ ++ for _, opt := range opts { ++ opt(ipt) ++ } ++ ++ return ipt, nil ++} ++ + // New creates a new IPTables for the given proto. + // The proto will determine which command is used, either "iptables" or "ip6tables". + func NewWithProtocol(proto Protocol) (*IPTables, error) { + return New(IPFamily(proto), Timeout(0)) + } + ++func NewFakeWithProtocol(proto Protocol) (*IPTables, error) { ++ return NewFake(IPFamily(proto), Timeout(0)) ++} ++ + // Proto returns the protocol used by this IPTables. + func (ipt *IPTables) Proto() Protocol { + return ipt.proto diff --git a/net/tailscale/patches/020-tailscaled_fake_iptables.patch b/net/tailscale/patches/020-tailscaled_fake_iptables.patch new file mode 100644 index 0000000000..2180080cad --- /dev/null +++ b/net/tailscale/patches/020-tailscaled_fake_iptables.patch @@ -0,0 +1,32 @@ +--- a/wgengine/router/router_linux.go ++++ b/wgengine/router/router_linux.go +@@ -129,7 +129,7 @@ func newUserspaceRouter(logf logger.Logf + + ipt4, err := iptables.NewWithProtocol(iptables.ProtocolIPv4) + if err != nil { +- return nil, err ++ ipt4, err = iptables.NewFakeWithProtocol(iptables.ProtocolIPv4) + } + + v6err := checkIPv6(logf) +@@ -148,7 +148,7 @@ func newUserspaceRouter(logf logger.Logf + // if unavailable. We want that to be a non-fatal error. + ipt6, err = iptables.NewWithProtocol(iptables.ProtocolIPv6) + if err != nil { +- return nil, err ++ ipt6, err = iptables.NewFakeWithProtocol(iptables.ProtocolIPv6) + } + } + +@@ -1635,11 +1635,6 @@ func checkIPv6(logf logger.Logf) error { + return fmt.Errorf("kernel doesn't support IPv6 policy routing: %w", err) + } + +- // Some distros ship ip6tables separately from iptables. +- if _, err := exec.LookPath("ip6tables"); err != nil { +- return err +- } +- + return nil + } + diff --git a/net/tailscale/patches/030-default_to_netfilter_off.patch b/net/tailscale/patches/030-default_to_netfilter_off.patch new file mode 100644 index 0000000000..90c78fe697 --- /dev/null +++ b/net/tailscale/patches/030-default_to_netfilter_off.patch @@ -0,0 +1,11 @@ +--- a/cmd/tailscale/cli/up.go ++++ b/cmd/tailscale/cli/up.go +@@ -143,7 +143,7 @@ func defaultNetfilterMode() string { + if distro.Get() == distro.Synology { + return "off" + } +- return "on" ++ return "off" + } + + type upArgsT struct { diff --git a/net/tailscale/test.sh b/net/tailscale/test.sh old mode 100644 new mode 100755 index f50de6fc0e..0130d49290 --- a/net/tailscale/test.sh +++ b/net/tailscale/test.sh @@ -1,8 +1,10 @@ #!/bin/sh -if command -v tailscale; then - tailscale version | grep "$2" || exit 1 -fi -if command -v tailscaled; then - tailscaled -version | grep "$2" -fi +case "$1" in + tailscale) + tailscale version | grep "$2" + ;; + tailscaled) + tailscaled -version | grep "$2" + ;; +esac