You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@icebladerage it appears that your host does not have conntrack installed, which is typically present on most Linux systems these days.
Can you try sudo apt install conntrack and see if that allows tailscale set --stateful-filtering=true to work?
Installed and set. So far so good. If I get time, I will install a blank popos and see if that is a default, as I cannot' recall ever messing with that on this install.
Thanks for confirming! Please reopen this issue if you find that a fresh install has the same problem. We currently assume that conntrack is installed by default in most distros.
What is the issue?
Upgrading to 1.66.x causes Tailscale to stop controlling DNS without setting stateful-filtering to false.
The endpoint in question does not function as a subnet router or exit node. Docker is not installed.
As soon as tailscale upgrades, this is logged:
May 9 23:53:21 machine tailscaled[223811]: health("overall"): error: router: adding [-o tailscale0 -m conntrack ! --ctstate ESTABLISHED,RELATED -j DROP] in filter/ts-forward: running [/usr/sbin/iptables -t filter -I ts-forward 4 -o tailscale0 -m conntrack ! --ctstate ESTABLISHED,RELATED -j DROP --wait]: exit status 2: iptables v1.8.7 (nf_tables): Couldn't load match `conntrack':No such file or directory
This does not occur in 1.64.0. In order for this to work in 1.66.x, tailscale needs the stateful-filtering=false flag set.
Steps to reproduce
Upgrade tailscale to 1.66 or 1.66.1
Are there any recent changes that introduced the issue?
No response
OS
Linux
OS version
PopOS 22.04
Tailscale version
1.64.0-1.66.x
Other software
No response
Bug report
No response
The text was updated successfully, but these errors were encountered: