mirror/openwrt-packages
1
0
Fork 0
mirror of https://git.openwrt.org/feed/packages.git synced 2024-06-17 12:53:54 +02:00
Code Releases Activity
ccde8d18a1
openwrt-packages/net/tailscale/files/tailscale.init
Tyler Young ccde8d18a1 tailscale: set nftables as default 
This changes the default firewall method used by Tailscale to nftables.
The 'autodetection' mode is only supported by arm64 and amd64 for now[1].
This causes mips devices to not do proper detection and incorrectly default back to
iptables.

I added a fw_mode variable to the tailscale.conf file that could be
set to iptables for easy conversion for someone still using iptables.
I was able to test on an older mips device and my current aarch64
without issues.

Also a few readme updates to bring it up to the current status.

1. dc7aa98b76/util/linuxfw/linuxfw_unsupported.go (L4C58-L4C58)

Signed-off-by: Tyler Young <git@yfh.addy.io>
2023-09-15 09:49:47 +08:00

48 lines
1.3 KiB
Bash
Raw Blame History

#!/bin/sh /etc/rc.common
# Copyright 2020 Google LLC.
# Copyright (C) 2021 CZ.NIC z.s.p.o. (https://www.nic.cz/)
# SPDX-License-Identifier: Apache-2.0
USE_PROCD=1
START=80
start_service() {
local state_file
local port
local std_err std_out
config_load tailscale
config_get_bool std_out "settings" log_stdout 1
config_get_bool std_err "settings" log_stderr 1
config_get port "settings" port 41641
config_get state_file "settings" state_file /etc/tailscale/tailscaled.state
config_get fw_mode "settings" fw_mode nftables
/usr/sbin/tailscaled --cleanup
procd_open_instance
procd_set_param command /usr/sbin/tailscaled
# Starting with v1.48.1 ENV variable is required to enable use of iptables / nftables.
# Use nftables by default - can be changed to 'iptables' in tailscale config
procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode"
# Set the port to listen on for incoming VPN packets.
# Remote nodes will automatically be informed about the new port number,
# but you might want to configure this in order to set external firewall
# settings.
procd_append_param command --port "$port"
procd_append_param command --state "$state_file"
procd_set_param respawn
procd_set_param stdout "$std_out"
procd_set_param stderr "$std_err"
procd_close_instance
}
stop_service() {
/usr/sbin/tailscaled --cleanup
}
View Git Blame Copy Permalink