New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add DERP generate_204 endpoint for captive portal detection. #1600
base: main
Are you sure you want to change the base?
Conversation
Is there a way we can have an integration test for this? |
@tomtom5152 Could you rebase this? |
Sorry, only just seen this as been having to put my attentions elsewhere. I don't have time to rebase currently, but I see there was some force push just. I also looked at adding tests but couldn't figure out how best to do this with the current repo structure. If you've got any hints I |
hmm, I wonder if I have seen an error message referring to the generate_204 endpoint when running
I would appreciate if you have a go, if not, at somepoint I might have time, but that could be weeks to months these days. I greatly appreciate this addition, but it is a feature that is hard to debug if it is wrong, so I am extra conservative for these kind of things. |
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
I've added a testcase as I've described for endpoint, it is currently failing, and I have not had time to investigate, feel free to take a look @tomtom5152. cc @TotoTheDragon since we talked about this the other day. |
The DERP report looks as follows: {
"Info": [
"Region 999 == \"headscale\""
],
"Warnings": [
"Having only a single DERP region (i.e. removing the default Tailscale-provided regions) is a single point of failure and could hamper connectivity",
"Error making request to the captive portal check \"http://headscale/generate_204\"; is port 80 blocked?"
],
"Errors": [
"Error connecting to node \"headscale\" @ \"headscale:80\" over IPv4: dial tcp4: lookup headscale on 100.100.100.100:53: no such host",
"Error connecting to node \"headscale\" @ \"headscale:80\" over IPv6: dial tcp6: lookup headscale on 100.100.100.100:53: no such host"
]
} I recon we might need to listen specifically on port 80 for that endpoint. |
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
I am not sure if the tailscale client actually uses this. But within DERPNode, there is a field called CanPort80. Maybe we should look into setting that field? |
It sounds useful, but searching the clients code it doesnt look like it is used. |
When connecting to a DERP server the client makes a request to
/generate_204
endpoint with the headerX-Tailscale-Challenge
. In order to pass the captive portal test, the server must provider a 204 NoContent response withX-Tailscale-Response
set.The source for this simple endpoint was taken directly from Derper source at the time of commit