You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With this configuration, from 1 of my dev nodes, I test connection through an exit node :
I can connect to 10.21.1.33 tcp/80 (match with 5th rule)
but I can't connect to 10.20.1.113 tcp/8006 (match with 4th rule)
In the log of tailscale on dev nodes:
open-conn-track: flow TCP 100.64.0.5:43166 > 10.20.1.113:8006 rejected due to acl
If I change 4th rule to 10.20.1.0/24:8006 or 10.20.0.0/16:8006 instead of 10.20.1.0/25:8006, then the connection can be opened.
I tested with /32, /30 also didn't work, but /24, /16 are work
I also tried to replace 10.20.1.0/25 with host definition, but also didn't work
Expected Behavior
I can connect 10.20.1.113:8006 with one of these acl:
I tested with headscale version v0.22.3 and didn't see this problem, ACL can work as expected with /32 or /25 or /24
So I guess this is the new bug of v0.23.0-alpha9
Is this a support request?
Is there an existing issue for this?
Current Behavior
I've been working with headscale ACL for taiscale clients.
My current ACL file
With this configuration, from 1 of my dev nodes, I test connection through an exit node :
In the log of tailscale on dev nodes:
If I change 4th rule to 10.20.1.0/24:8006 or 10.20.0.0/16:8006 instead of 10.20.1.0/25:8006, then the connection can be opened.
I tested with /32, /30 also didn't work, but /24, /16 are work
I also tried to replace 10.20.1.0/25 with host definition, but also didn't work
Expected Behavior
I can connect 10.20.1.113:8006 with one of these acl:
Steps To Reproduce
Create ACL at headscale and test at tailscale
Environment
Runtime environment
Anything else?
No response
The text was updated successfully, but these errors were encountered: