DeveloperDragon
DeveloperDragon
Have checked into this, it seems the user connecting to the subnet needs 'access' to the device/user the subnet is on. Cannot ping when acl is ```yaml acls: - action:...
Related netmap when not working ```json { "PacketFilter": [ { "IPProto": [ 6, 17, 1, 58 ], "Srcs": [ "100.64.0.1/32", "fd7a:115c:a1e0::1/128" ], "Dsts": [ { "Net": "10.0.0.0/16", "Ports": { "First":...
Some options to improve this: - Add more tests for reducing filter rules, then amend the function so it passes - Support `autogroup:internet`
https://github.com/juanfont/headscale/blob/7a920ee701f6c1cc5152075bfcd7dae6f6d604c6/hscontrol/policy/acls.go#L262 I believe expanded and routeableIP might have to be switched here
> > https://github.com/juanfont/headscale/blob/7a920ee701f6c1cc5152075bfcd7dae6f6d604c6/hscontrol/policy/acls.go#L262 > > > > I believe expanded and routeableIP might have to be switched here > > Can't we just check if a node is considered an...
https://github.com/tailscale/tailscale/blob/5595b61b96aac4558525d4fc56362dd36cc42616/control/controlclient/direct.go#L478-L489 There seem to be only two cases. 1. When the old key is expired 2. When login is interactive, e.g. when using OIDC, we also regenerate the key
@anton-livewyer latest stable version is 0.22.3, is this reproducable in that version?
> I'll also mention that this seems to occur after we restart our headscale deployment in kubernetes. I imagine that any brief overlap between pod uptimes may be the cause...
> We're currently switching to using a Statefulset instead of a Deployment (should've done that in the first place) to address the overlap. > > Postgres is a good idea,...
@jwischka Have you made sure you are not hitting your file descriptor limits. If `ulimit -n` is still 1024, (awfully close to double when your issues start to arise) try...