tailscale icon indicating copy to clipboard operation
tailscale copied to clipboard
verified publisher icon tailscale

IPv4 Connectivity issues from Google Cloud Run due to 169.254. address

Open hatstand opened this issue 4 months ago • 1 comments

What is the issue?

A direct connection cannot be established by Tailscale between a Google Cloud Run instance (2nd gen) and an ipv4-only peer.

tailscale ping to an ipv6 peer results in a direct connection whereas an ipv4 peer uses DERP or a peer relay.

I think this is due to Tailscale discarding the IPv4 address as it's a link-local unicast address, e.g., 169.254.8.1 in my case.

Output of tailscale netcheck (europe-north1):

2025/12/02 17:39:32 portmap: monitor: monitor_linux: AF_NETLINK RTMGRP failed, falling back to polling

Report:
        * Time: 2025-12-02T17:39:39.475980582Z
        * UDP: true
        * IPv4: (no addr found)
        * IPv6: yes, [2600:1900:0:2c03::e00]:14085
        * MappingVariesByDestIP:
        * PortMapping:
        * CaptivePortal: false
        * Nearest DERP: Helsinki
        * DERP latency:
                - hel: 500.2ms (Helsinki)
                - nyc: 700.2ms (New York City)
                - lhr: 700.2ms (London)
                - dfw: 700.2ms (Dallas)
                - waw: 700.3ms (Warsaw)
                - blr: 900.4ms (Bangalore)
                - sin: 900.4ms (Singapore)
                - nue: 900.4ms (Nuremberg)
                - sea: 900.4ms (Seattle)
                - fra: 900.5ms (Frankfurt)
                - lax: 900.5ms (Los Angeles)
                - sao: 900.6ms (São Paulo)
                - hnl: 900.7ms (Honolulu)
                - tor: 900.7ms (Toronto)
                - iad: 900.9ms (Ashburn)
                - par: 999.6ms (Paris)
                - den: 999.6ms (Denver)
                - tok: 999.7ms (Tokyo)
                - jnb: 999.8ms (Johannesburg)
                - ams: 1.1991s (Amsterdam)
                - ord: 1.1991s (Chicago)
                - dbi: 1.1992s (Dubai)
                - nai: 1.1992s (Nairobi)
                - mad: 1.1993s (Madrid)
                - mia: 1.1996s (Miami)
                - hkg: 1.4991s (Hong Kong)
                - syd: 1.4992s (Sydney)
                - sfo: 1.7s    (San Francisco)

This is probably a similar issue to https://github.com/tailscale/tailscale/issues/7134 and it appears Google Cloud Run is already special cased somewhat for ipv6 https://github.com/tailscale/tailscale/blob/2755f3843c6f5d91d3f54e57091c531bd18170d5/net/interfaces/interfaces.go#L140

Steps to reproduce

No response

Are there any recent changes that introduced the issue?

No response

OS

Linux

OS version

Alpine 3.22.2

Tailscale version

1.90.9

Other software

No response

Bug report

BUG-df0e90f2f8f7cf87d81bf55626b6adfc7d3ad294d08a993d527e904802f14d7f-20251202174805Z-276c3a58c4f27935

hatstand avatar Dec 02 '25 17:12 hatstand

Seeing similar issue on Cloud Run with assigned link-local IP causing magicsock: last netcheck reported send error. Rebinding. (https://github.com/tailscale/tailscale/issues/16755) when running SOCKS5 proxy on Cloud Run

brianmidjordan avatar Dec 05 '25 16:12 brianmidjordan