headscale icon indicating copy to clipboard operation
headscale copied to clipboard
verified publisher icon juanfont

[Feature] Support for OneCGNATRoute network policy option

Open sricci82 opened this issue 1 year ago • 0 comments

Use case

Force the tailscale client to add /32 routes on MacOS systems.

Description

By default the tailscale client will:

  • Add a per-peer /32 route on windows and linux systems
  • Add a route to whole 100.64/10 on MacOS systems (apparently to accomodate a known issue with chromium-based browsers on this platform)

The latter unfortunately creates problems on some setups, so it's sometimes desiderable to change that behaviour. Tailscale itself allows to tune this by the means of "OneCGNATRoute" network policy option, please see: https://tailscale.com/kb/1337/acl-syntax#onecgnatroute

I tried myself inserting that option in the headscale acl file to no avail, so I suppose it's not currently supported. It would be a great addition, at least for me :-)

Thank you all for your great work !

Contribution

  • [ ] I can write the design doc for this feature
  • [ ] I can contribute this feature

How can it be implemented?

No response

sricci82 avatar Sep 02 '24 10:09 sricci82