tailscale icon indicating copy to clipboard operation
tailscale copied to clipboard
verified publisher icon tailscale

Inaccessible DERP when using https_proxy

Open dolceAlka opened this issue 1 year ago • 3 comments

What is the issue?

Tested on both fedora 40 and macos sonoma, that when proxying through socks5 using the https_proxy variable, DERP servers are not reachable and shows "not connected to HOME derp region ".

Tailscale netcheck works perfectly fine probably because it uses icmp (guess), but for some reason, proxying https over devices that can communicate with derp by themselves is broken.

Breaks NAT-port negotation as well, so devices with no port forwarding break

Steps to reproduce

do a socks5 proxy with ssh and add the local port to the https_proxy variable under your installation's environment file

Are there any recent changes that introduced the issue?

No response

OS

Linux, macOS

OS version

Fedora 40, Sonoma

Tailscale version

1.68.1

Other software

No response

Bug report

No response

dolceAlka avatar Jun 28 '24 09:06 dolceAlka

Theory that derp nodes are seeing client IP of the proxy device instead and that's where it fails on NAT, but doesn't explain why just using DERP fails

dolceAlka avatar Jun 28 '24 10:06 dolceAlka

Please provide a bug report identifier.

agottardo avatar Jun 28 '24 15:06 agottardo

BUG-aa405f804928d74aab5a62884a0201c860450a07d083c15cb8815c5439a7cc9f-20240628155212Z-1ab46e8f72113cf4

dolceAlka avatar Jun 28 '24 15:06 dolceAlka