Andrew Dunham

There's always the option of writing a custom `MarshalJSON` method on a wrapper type, like so: https://play.golang.org/p/3adteafwrAv The `strconv.FormatFloat` formatting is also slightly different from the AWS format though, so...

This is what it looks like on my local machine: ``` $ sudo curl -fsS --unix-socket /tmp/tailscaled.usermode.sock http://localhost/localapi/v0/check-ip-forwarding | jq -r .Warning IPv6 forwarding is disabled. Subnet routes and exit...

I'm no expert on this, but I think this may not be sufficient; we may want to actually run this on _all_ calls to `tailscale up`, not just when we're...

@danderson - I think this is me being bad at reading comprehension; strict `rp_filter` breaks clients, not exit nodes. Pushed a change to have this run on all calls to...

I'm pretty sure this is because this code here picks the default route (i.e. "to the internet") to bind to, rather than the route for a specific destination: https://github.com/tailscale/tailscale/blob/0607832397046fd0acb73daf8e00ef17b171a5c6/net/netns/netns_darwin_tailscaled.go#L35

@bradfitz - Any chance you can get an (appropriately-redacted, if necessary) dump of `netstat -nr` from the system in question?

When using the test dial plan in the commit, logs look like this when run with verbosity >= 2: ``` controlhttp: trying to dial "controlplane.tailscale.com" @ 13.0.0.1 controlhttp: waiting 0.50...

@bradfitz - This is ready for review; there's some leftover debug code marked with TODOs that I'll remove prior to merging.

@bradfitz - Rebased on `main` to pick up the changes from #5661

@bradfitz - this is ready for review; removed all of my "TODO"s that I had for testing.