mirror of
https://github.com/coolsnowwolf/packages
synced 2025-01-09 09:07:30 +08:00
tailscale: update to 1.64.2 (#797)
This commit is contained in:
parent
85d58da7f2
commit
a1f46daeac
@ -8,12 +8,12 @@
|
|||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=tailscale
|
PKG_NAME:=tailscale
|
||||||
PKG_VERSION:=1.44.3
|
PKG_VERSION:=1.64.2
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
PKG_SOURCE:=tailscale-$(PKG_VERSION).tar.gz
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||||
PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)?
|
PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)?
|
||||||
PKG_HASH:=9d0cdccf103d3613ea4671e7092a18e9b7a471f30b4d92defb001510262e48d5
|
PKG_HASH:=e5e46f6b6b716b2c4696dce0b92dc2e36f02b06b7ad9f055042a820ad61b2a47
|
||||||
|
|
||||||
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
|
PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
|
||||||
PKG_LICENSE:=BSD-3-Clause
|
PKG_LICENSE:=BSD-3-Clause
|
||||||
@ -25,33 +25,22 @@ PKG_BUILD_PARALLEL:=1
|
|||||||
PKG_USE_MIPS16:=0
|
PKG_USE_MIPS16:=0
|
||||||
|
|
||||||
GO_PKG:=\
|
GO_PKG:=\
|
||||||
tailscale.com/cmd/tailscale \
|
|
||||||
tailscale.com/cmd/tailscaled
|
tailscale.com/cmd/tailscaled
|
||||||
GO_PKG_LDFLAGS:=-X 'tailscale.com/version.Long=$(PKG_VERSION)-$(PKG_RELEASE) (OpenWrt)'
|
GO_PKG_LDFLAGS:=-X 'tailscale.com/version.longStamp=$(PKG_VERSION)-$(PKG_RELEASE) (OpenWrt)'
|
||||||
GO_PKG_LDFLAGS_X:=tailscale.com/version.Short=$(PKG_VERSION)
|
GO_PKG_LDFLAGS_X:=tailscale.com/version.shortStamp=$(PKG_VERSION)
|
||||||
|
GO_PKG_TAGS:=ts_include_cli
|
||||||
|
|
||||||
include $(INCLUDE_DIR)/package.mk
|
include $(INCLUDE_DIR)/package.mk
|
||||||
include ../../lang/golang/golang-package.mk
|
include ../../lang/golang/golang-package.mk
|
||||||
|
|
||||||
define Package/tailscale/Default
|
define Package/tailscale
|
||||||
SECTION:=net
|
SECTION:=net
|
||||||
CATEGORY:=Network
|
CATEGORY:=Network
|
||||||
SUBMENU:=VPN
|
SUBMENU:=VPN
|
||||||
TITLE:=Zero config VPN
|
TITLE:=Zero config VPN
|
||||||
URL:=https://tailscale.com
|
URL:=https://tailscale.com
|
||||||
DEPENDS:=$(GO_ARCH_DEPENDS)
|
DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle +kmod-tun
|
||||||
endef
|
PROVIDES:=tailscaled
|
||||||
|
|
||||||
define Package/tailscaled
|
|
||||||
$(call Package/tailscale/Default)
|
|
||||||
TITLE+= (daemon)
|
|
||||||
DEPENDS+= +ca-bundle +kmod-tun
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/tailscale
|
|
||||||
$(call Package/tailscale/Default)
|
|
||||||
TITLE+= (utility)
|
|
||||||
DEPENDS+= +tailscaled
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/tailscale/description
|
define Package/tailscale/description
|
||||||
@ -59,45 +48,17 @@ define Package/tailscale/description
|
|||||||
and cloud instances. Even when separated by firewalls or subnets.
|
and cloud instances. Even when separated by firewalls or subnets.
|
||||||
endef
|
endef
|
||||||
|
|
||||||
Package/tailscaled/description:=$(Package/tailscale/description)
|
define Package/tailscale/conffiles
|
||||||
|
|
||||||
define Package/tailscaled/conffiles
|
|
||||||
/etc/config/tailscale
|
/etc/config/tailscale
|
||||||
endef
|
/etc/tailscale/
|
||||||
|
|
||||||
GO_IPTABLES_VERSION:=0.6.0
|
|
||||||
GO_IPTABLES_FILE:=$(PKG_NAME)-go-iptables-$(GO_IPTABLES_VERSION).tar.gz
|
|
||||||
|
|
||||||
define Download/go-iptables
|
|
||||||
URL:=https://codeload.github.com/coreos/go-iptables/tar.gz/v$(GO_IPTABLES_VERSION)?
|
|
||||||
URL_FILE:=$(GO_IPTABLES_FILE)
|
|
||||||
FILE:=$(GO_IPTABLES_FILE)
|
|
||||||
HASH:=a784cc17fcb17879f073eae47bc4c2e899f59f6906dac5a0aa7a9cc9f95ea66d
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Build/Prepare
|
|
||||||
$(PKG_UNPACK)
|
|
||||||
[ ! -d ./src/ ] || $(CP) ./src/. $(PKG_BUILD_DIR)
|
|
||||||
$(eval $(call Download,go-iptables))
|
|
||||||
( \
|
|
||||||
mkdir -p $(PKG_BUILD_DIR)/patched/ ; \
|
|
||||||
gzip -dc $(DL_DIR)/$(GO_IPTABLES_FILE) | $(HOST_TAR) -C $(PKG_BUILD_DIR)/patched $(TAR_OPTIONS) ; \
|
|
||||||
mv $(PKG_BUILD_DIR)/patched/go-iptables-$(GO_IPTABLES_VERSION) $(PKG_BUILD_DIR)/patched/go-iptables ; \
|
|
||||||
)
|
|
||||||
$(Build/Patch)
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/tailscale/install
|
define Package/tailscale/install
|
||||||
$(INSTALL_DIR) $(1)/usr/sbin
|
|
||||||
$(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/tailscale $(1)/usr/sbin
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/tailscaled/install
|
|
||||||
$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config
|
$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config
|
||||||
$(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/tailscaled $(1)/usr/sbin
|
$(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/tailscaled $(1)/usr/sbin
|
||||||
$(INSTALL_BIN) ./files/tailscale.init $(1)/etc/init.d/tailscale
|
$(LN) tailscaled $(1)/usr/sbin/tailscale
|
||||||
$(INSTALL_DATA) ./files/tailscale.conf $(1)/etc/config/tailscale
|
$(INSTALL_BIN) ./files//tailscale.init $(1)/etc/init.d/tailscale
|
||||||
|
$(INSTALL_DATA) ./files//tailscale.conf $(1)/etc/config/tailscale
|
||||||
endef
|
endef
|
||||||
|
|
||||||
$(eval $(call BuildPackage,tailscale))
|
$(eval $(call BuildPackage,tailscale))
|
||||||
$(eval $(call BuildPackage,tailscaled))
|
|
||||||
|
@ -8,6 +8,8 @@ To install them run
|
|||||||
```
|
```
|
||||||
opkg install tailscale tailscaled
|
opkg install tailscale tailscaled
|
||||||
```
|
```
|
||||||
|
> [!NOTE]
|
||||||
|
> By default this package will use nftables. If you wish to use iptables, the config file `/etc/config/tailscale` can be modfied, changing the line `fw_mode 'nftables'` to `fw_mode 'iptables'`. You can then run `/etc/init.d/tailscale restart` to restart tailscale using your chosen method
|
||||||
|
|
||||||
## First setup
|
## First setup
|
||||||
|
|
||||||
@ -25,9 +27,4 @@ Run command and finish device registration with the given URL.
|
|||||||
tailscale up
|
tailscale up
|
||||||
```
|
```
|
||||||
|
|
||||||
If you are running with nftables, it is not supported by tailscale,
|
See the [OpenWrt wiki](https://openwrt.org/docs/guide-user/services/vpn/tailscale/start) for more detailed setup instructions
|
||||||
so disable it and configure firewall by yourself and add argument
|
|
||||||
--netfilter-mode off
|
|
||||||
to tailscale up command to disable iptables use.
|
|
||||||
|
|
||||||
After that, you should see your router in tailscale admin page.
|
|
||||||
|
@ -3,3 +3,5 @@ config settings 'settings'
|
|||||||
option log_stdout '1'
|
option log_stdout '1'
|
||||||
option port '41641'
|
option port '41641'
|
||||||
option state_file '/etc/tailscale/tailscaled.state'
|
option state_file '/etc/tailscale/tailscaled.state'
|
||||||
|
# default to using nftables - change below to 'iptables' if still using iptables
|
||||||
|
option fw_mode 'iptables'
|
||||||
|
@ -17,12 +17,17 @@ start_service() {
|
|||||||
config_get_bool std_err "settings" log_stderr 1
|
config_get_bool std_err "settings" log_stderr 1
|
||||||
config_get port "settings" port 41641
|
config_get port "settings" port 41641
|
||||||
config_get state_file "settings" state_file /etc/tailscale/tailscaled.state
|
config_get state_file "settings" state_file /etc/tailscale/tailscaled.state
|
||||||
|
config_get fw_mode "settings" fw_mode iptables
|
||||||
|
|
||||||
/usr/sbin/tailscaled --cleanup
|
/usr/sbin/tailscaled --cleanup
|
||||||
|
|
||||||
procd_open_instance
|
procd_open_instance
|
||||||
procd_set_param command /usr/sbin/tailscaled
|
procd_set_param command /usr/sbin/tailscaled
|
||||||
|
|
||||||
|
# Starting with v1.48.1 ENV variable is required to enable use of iptables / nftables.
|
||||||
|
# Use nftables by default - can be changed to 'iptables' in tailscale config
|
||||||
|
procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode"
|
||||||
|
|
||||||
# Set the port to listen on for incoming VPN packets.
|
# Set the port to listen on for incoming VPN packets.
|
||||||
# Remote nodes will automatically be informed about the new port number,
|
# Remote nodes will automatically be informed about the new port number,
|
||||||
# but you might want to configure this in order to set external firewall
|
# but you might want to configure this in order to set external firewall
|
||||||
|
@ -1,53 +0,0 @@
|
|||||||
--- a/go.mod
|
|
||||||
+++ b/go.mod
|
|
||||||
@@ -2,6 +2,8 @@ module tailscale.com
|
|
||||||
|
|
||||||
go 1.19
|
|
||||||
|
|
||||||
+replace github.com/coreos/go-iptables => ./patched/go-iptables
|
|
||||||
+
|
|
||||||
require (
|
|
||||||
filippo.io/mkcert v1.4.3
|
|
||||||
github.com/Microsoft/go-winio v0.6.0
|
|
||||||
--- a/patched/go-iptables/iptables/iptables.go
|
|
||||||
+++ b/patched/go-iptables/iptables/iptables.go
|
|
||||||
@@ -149,12 +149,39 @@ func New(opts ...option) (*IPTables, err
|
|
||||||
return ipt, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
+func NewFake(opts ...option) (*IPTables, error) {
|
|
||||||
+
|
|
||||||
+ ipt := &IPTables{
|
|
||||||
+ path: "/bin/false",
|
|
||||||
+ proto: ProtocolIPv4,
|
|
||||||
+ hasCheck: false,
|
|
||||||
+ hasWait: false,
|
|
||||||
+ waitSupportSecond: false,
|
|
||||||
+ hasRandomFully: false,
|
|
||||||
+ v1: 0,
|
|
||||||
+ v2: 0,
|
|
||||||
+ v3: 0,
|
|
||||||
+ mode: "legacy",
|
|
||||||
+ timeout: 0,
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ for _, opt := range opts {
|
|
||||||
+ opt(ipt)
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return ipt, nil
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
// New creates a new IPTables for the given proto.
|
|
||||||
// The proto will determine which command is used, either "iptables" or "ip6tables".
|
|
||||||
func NewWithProtocol(proto Protocol) (*IPTables, error) {
|
|
||||||
return New(IPFamily(proto), Timeout(0))
|
|
||||||
}
|
|
||||||
|
|
||||||
+func NewFakeWithProtocol(proto Protocol) (*IPTables, error) {
|
|
||||||
+ return NewFake(IPFamily(proto), Timeout(0))
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
// Proto returns the protocol used by this IPTables.
|
|
||||||
func (ipt *IPTables) Proto() Protocol {
|
|
||||||
return ipt.proto
|
|
@ -1,32 +0,0 @@
|
|||||||
--- a/wgengine/router/router_linux.go
|
|
||||||
+++ b/wgengine/router/router_linux.go
|
|
||||||
@@ -129,7 +129,7 @@ func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Moni
|
|
||||||
|
|
||||||
ipt4, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
|
|
||||||
if err != nil {
|
|
||||||
- return nil, err
|
|
||||||
+ ipt4, err = iptables.NewFakeWithProtocol(iptables.ProtocolIPv4)
|
|
||||||
}
|
|
||||||
|
|
||||||
v6err := checkIPv6(logf)
|
|
||||||
@@ -148,7 +148,7 @@ func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Moni
|
|
||||||
// if unavailable. We want that to be a non-fatal error.
|
|
||||||
ipt6, err = iptables.NewWithProtocol(iptables.ProtocolIPv6)
|
|
||||||
if err != nil {
|
|
||||||
- return nil, err
|
|
||||||
+ ipt6, err = iptables.NewFakeWithProtocol(iptables.ProtocolIPv6)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1676,11 +1676,6 @@ func checkIPv6(logf logger.Logf) error {
|
|
||||||
return fmt.Errorf("kernel doesn't support IPv6 policy routing: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
- // Some distros ship ip6tables separately from iptables.
|
|
||||||
- if _, err := exec.LookPath("ip6tables"); err != nil {
|
|
||||||
- return err
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
--- a/cmd/tailscale/cli/up.go
|
|
||||||
+++ b/cmd/tailscale/cli/up.go
|
|
||||||
@@ -147,7 +147,7 @@ func defaultNetfilterMode() string {
|
|
||||||
if distro.Get() == distro.Synology {
|
|
||||||
return "off"
|
|
||||||
}
|
|
||||||
- return "on"
|
|
||||||
+ return "off"
|
|
||||||
}
|
|
||||||
|
|
||||||
type upArgsT struct {
|
|
Loading…
Reference in New Issue
Block a user