The easiest, most secure way to use WireGuard and 2FA http://git.waynecole.info/tailscale/atom?h=knyar%2Fnetmapdiff2 2025-07-15T19:29:07Z 2025-07-15T19:29:07Z Jordan Whited jordan@tailscale.com 2025-07-15T19:29:07Z urn:sha1:d65c0fd2d04a49fb11964cf0457df499a0e6e366 Updates tailscale/corp#27502 Updates tailscale/corp#30051 Signed-off-by: Jordan Whited <jordan@tailscale.com> 2025-06-27T01:39:47Z Jordan Whited jordan@tailscale.com 2025-06-27T01:39:47Z urn:sha1:b2bf7e988e110e2a7245ac67792f666e1cd114f1 Updates tailscale/corp#27502 Signed-off-by: Jordan Whited <jordan@tailscale.com> 2024-07-10T16:57:28Z Lee Briggs lee@leebriggs.co.uk 2024-07-10T01:47:46Z urn:sha1:b546a6e758a9e0f7f44dd926d2cf539232426aab Load Balancers often have more than one ingress IP, so allowing us to add multiple means we can offer multiple options. Updates #12578 Change-Id: I4aa49a698d457627d2f7011796d665c67d4c7952 Signed-off-by: Lee Briggs <lee@leebriggs.co.uk> 2024-07-08T14:59:40Z Brad Fitzpatrick bradfitz@tailscale.com 2024-07-08T14:21:21Z urn:sha1:42dac7c5c2598c27918528daa4405fbb79e5f0f5 For testing. Lee wants to play with 'AWS Global Accelerator Custom Routing with Amazon Elastic Kubernetes Service'. If this works well enough, we can promote it. Updates #12578 Change-Id: I5018347ed46c15c9709910717d27305d0aedf8f4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2024-07-07T02:50:53Z Brad Fitzpatrick bradfitz@tailscale.com 2024-07-07T02:29:58Z urn:sha1:d2fef01206cd7a96d684f9c69ba9e767de824ab4 The DERP Return Path Optimization (DRPO) is over four years old (and on by default for over two) and we haven't had problems, so time to remove the emergency shutoff code (controlknob) which we've never used. The controlknobs are only meant for new features, to mitigate risk. But we don't want to keep them forever, as they kinda pollute the code. Updates #150 Change-Id: If021bc8fd1b51006d8bddd1ffab639bb1abb0ad1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2023-12-22T01:40:03Z Andrew Lytvynov awly@tailscale.com 2023-12-22T01:40:03Z urn:sha1:2716250ee823f21c984e2989c596bc2aaa495613 And enable U1000 check in staticcheck. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com> 2023-09-21T11:17:12Z Val valerie@tailscale.com 2023-09-18T19:21:46Z urn:sha1:95635857dc23d442fb43d0cabc13ad73486492cf Replace CanPMTUD() with ShouldPMTUD() to check if peer path MTU discovery should be enabled, in preparation for adding support for enabling/disabling peer MTU dynamically. Updated #311 Signed-off-by: Val <valerie@tailscale.com> 2023-09-21T11:17:12Z Val valerie@tailscale.com 2023-09-13T14:18:35Z urn:sha1:055f3fd843cecd531c821d7608e855bd8cc4317e Make the debugknob variable name for enabling peer path MTU discovery match the env variable name. Updates #311 Signed-off-by: Val <valerie@tailscale.com> 2023-09-11T19:43:47Z Brad Fitzpatrick bradfitz@tailscale.com 2023-09-11T17:13:00Z urn:sha1:d050700a3bfade74d00b559d07b7656d0fa4adf7 In prep for incremental netmap update plumbing (#1909), make peerMap also keyed by NodeID, as all the netmap node mutations passed around later will be keyed by NodeID. In the process, also: * add envknob.InDevMode, as a signal that we can panic more aggressively in unexpected cases. * pull two moderately large blocks of code in Conn.SetNetworkMap out into their own methods * convert a few more sets from maps to set.Set Updates #1909 Change-Id: I7acdd64452ba58e9d554140ee7a8760f9043f961 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2023-08-11T08:34:51Z salman aljammaz salman@tailscale.com 2023-08-11T08:34:51Z urn:sha1:99e06d3544b6d48dc0482b76f63f58f4841a6d25 This sets the Don't Fragment flag, for now behind the TS_DEBUG_ENABLE_PMTUD envknob. Updates #311. Signed-off-by: Val <valerie@tailscale.com> Signed-off-by: salman <salman@tailscale.com>