Headscale - An open source, self-hosted implementation of the Tailscale control server

Overview

Headscale

Join the chat at https://gitter.im/headscale-dev/community ci

An open source, self-hosted implementation of the Tailscale coordination server.

Overview

Tailscale is a modern VPN built on top of Wireguard. It works like an overlay network between the computers of your networks - using all kinds of NAT traversal sorcery.

Everything in Tailscale is Open Source, except the GUI clients for proprietary OS (Windows and macOS/iOS), and the 'coordination/control server'.

The control server works as an exchange point of Wireguard public keys for the nodes in the Tailscale network. It also assigns the IP addresses of the clients, creates the boundaries between each user, enables sharing machines between users, and exposes the advertised routes of your nodes.

Headscale implements this coordination server.

Status

  • Base functionality (nodes can communicate with each other)
  • Node registration through the web flow
  • Network changes are relied to the nodes
  • Namespace support (~equivalent to multi-user in Tailscale.com)
  • Routing (advertise & accept, including exit nodes)
  • Node registration via pre-auth keys (including reusable keys, and ephemeral node support)
  • JSON-formatted output
  • ACLs
  • Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10)
  • DNS (passing DNS servers to nodes)
  • Share nodes between users namespaces
  • MagicDNS / Smart DNS

Roadmap 🤷

Suggestions/PRs welcomed!

Running it

  1. Download the Headscale binary https://github.com/juanfont/headscale/releases, and place it somewhere in your PATH or use the docker container
docker pull headscale/headscale:x.x.x
  1. (Optional, you can also use SQLite) Get yourself a PostgreSQL DB running
docker run --name headscale -e POSTGRES_DB=headscale -e \
  POSTGRES_USER=foo -e POSTGRES_PASSWORD=bar -p 5432:5432 -d postgres
  1. Set some stuff up (headscale Wireguard keys & the config.json file)
wg genkey > private.key
wg pubkey < private.key > public.key  # not needed

# Postgres
cp config.json.postgres.example config.json
# or
# SQLite
cp config.json.sqlite.example config.json
  1. Create a namespace (a namespace is a 'tailnet', a group of Tailscale nodes that can talk to each other)
headscale namespaces create myfirstnamespace

or docker:

docker run -v ./private.key:/private.key -v ./config.json:/config.json headscale/headscale:x.x.x headscale namespace create myfirstnamespace
  1. Run the server
headscale serve

or docker:

docker run -v $(pwd)/private.key:/private.key -v $(pwd)/config.json:/config.json -v $(pwd)/derb.yaml:/derb.yaml -p 127.0.0.1:8080:8080 headscale/headscale:x.x.x headscale serve
  1. If you used tailscale.com before in your nodes, make sure you clear the tailscaled data folder
systemctl stop tailscaled
rm -fr /var/lib/tailscale
systemctl start tailscaled 
  1. Add your first machine
tailscale up -login-server YOUR_HEADSCALE_URL
  1. Navigate to the URL you will get with tailscale up, where you'll find your machine key.

  2. In the server, register your machine to a namespace with the CLI

headscale -n myfirstnamespace node register YOURMACHINEKEY

or docker:

docker run -v ./private.key:/private.key -v ./config.json:/config.json headscale/headscale:x.x.x headscale -n myfirstnamespace node register YOURMACHINEKEY

Alternatively, you can use Auth Keys to register your machines:

  1. Create an authkey
    headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h

or docker:

docker run -v ./private.key:/private.key -v ./config.json:/config.json headscale/headscale:x.x.x headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
  1. Use the authkey from your machine to register it
    tailscale up -login-server YOUR_HEADSCALE_URL --authkey YOURAUTHKEY

If you create an authkey with the --ephemeral flag, that key will create ephemeral nodes. This implies that --reusable is true.

Please bear in mind that all the commands from headscale support adding -o json or -o json-line to get a nicely JSON-formatted output.

Configuration reference

Headscale's configuration file is named config.json or config.yaml. Headscale will look for it in /etc/headscale, ~/.headscale and finally the directory from where the Headscale binary is executed.

    "server_url": "http://192.168.1.12:8080",
    "listen_addr": "0.0.0.0:8080",
    "ip_prefix": "100.64.0.0/10"

server_url is the external URL via which Headscale is reachable. listen_addr is the IP address and port the Headscale program should listen on. ip_prefix is the IP prefix (range) in which IP addresses for nodes will be allocated (default 100.64.0.0/10, e.g., 192.168.4.0/24, 10.0.0.0/8)

    "log_level": "debug"

log_level can be used to set the Log level for Headscale, it defaults to debug, and the available levels are: trace, debug, info, warn and error.

    "private_key_path": "private.key",

private_key_path is the path to the Wireguard private key. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.

    "derp_map_path": "derp.yaml",

derp_map_path is the path to the DERP map file. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.

    "ephemeral_node_inactivity_timeout": "30m",

ephemeral_node_inactivity_timeout is the timeout after which inactive ephemeral node records will be deleted from the database. The default is 30 minutes. This value must be higher than 65 seconds (the keepalive timeout for the HTTP long poll is 60 seconds, plus a few seconds to avoid race conditions).

    "db_host": "localhost",
    "db_port": 5432,
    "db_name": "headscale",
    "db_user": "foo",
    "db_pass": "bar",

The fields starting with db_ are used for the PostgreSQL connection information.

Running the service via TLS (optional)

    "tls_cert_path": ""
    "tls_key_path": ""

Headscale can be configured to expose its web service via TLS. To configure the certificate and key file manually, set the tls_cert_path and tls_cert_path configuration parameters. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.

    "tls_letsencrypt_hostname": "",
    "tls_letsencrypt_listen": ":http",
    "tls_letsencrypt_cache_dir": ".cache",
    "tls_letsencrypt_challenge_type": "HTTP-01",

To get a certificate automatically via Let's Encrypt, set tls_letsencrypt_hostname to the desired certificate hostname. This name must resolve to the IP address(es) Headscale is reachable on (i.e., it must correspond to the server_url configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in tls_letsencrypt_cache_dir. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from. The certificate will automatically be renewed as needed.

Challenge type HTTP-01

The default challenge type HTTP-01 requires that Headscale is reachable on port 80 for the Let's Encrypt automated validation, in addition to whatever port is configured in listen_addr. By default, Headscale listens on port 80 on all local IPs for Let's Encrypt automated validation.

If you need to change the ip and/or port used by Headscale for the Let's Encrypt validation process, set tls_letsencrypt_listen to the appropriate value. This can be handy if you are running Headscale as a non-root user (or can't run setcap). Keep in mind, however, that Let's Encrypt will only connect to port 80 for the validation callback, so if you change tls_letsencrypt_listen you will also need to configure something else (e.g. a firewall rule) to forward the traffic from port 80 to the ip:port combination specified in tls_letsencrypt_listen.

Challenge type TLS-ALPN-01

Alternatively, tls_letsencrypt_challenge_type can be set to TLS-ALPN-01. In this configuration, Headscale listens on the ip:port combination defined in listen_addr. Let's Encrypt will only connect to port 443 for the validation callback, so if listen_addr is not set to port 443, something else (e.g. a firewall rule) will be required to forward the traffic from port 443 to the ip:port combination specified in listen_addr.

Policy ACLs

Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment.

For instance, instead of referring to users when defining groups you must use namespaces (which are the equivalent to user/logins in Tailscale.com).

Please check https://tailscale.com/kb/1018/acls/, and ./tests/acls/ in this repo for working examples.

Disclaimer

  1. We have nothing to do with Tailscale, or Tailscale Inc.
  2. The purpose of writing this was to learn how Tailscale works.

More on Tailscale

Issues
  • Using distroless base image for Docker

    Using distroless base image for Docker

    Thanks for making Headscale!

    I have a proposed improvement to the Docker image, switching the base image of the final container from Ubuntu to a "distroless" image, using images from https://github.com/GoogleContainerTools/distroless

    If you've never heard of "distroless" images, that page contains a bunch of details on the benefits, but the TL;DR is that these images do not contain a full OS but rather just enough to run the application (ca-certificates, glibc, tzdata, and just a couple more things). By using a "distroless" image, the container is much smaller (they claim they're 2% of the size of a Debian base image) and it's safer, as there's a significantly smaller attack surface. Plus, "distroless" images are updated much less frequently so keeping the base image up-to-date (and include security fixes) is much simpler.

    I've confirmed this builds and the headscale binary runs. I haven't performed full E2E tests however just yet.

    PS: I've also removed the stage bufbuild/buf:1.0.0-rc6 which seemed unused

    opened by ItalyPaleAle 23
  • Error while register node

    Error while register node

    I've setup headscale(v0.3.3) on my Ubuntu 18.04 VM. This is my config.json:

    {
        "server_url": "http://127.0.0.1:8000",
        "listen_addr": "0.0.0.0:8000",
        "private_key_path": "/etc/wireguard/privatekey",
        "derp_map_path": "derp.yaml",
        "ephemeral_node_inactivity_timeout": "30m",
        "db_type": "postgres",
        "db_host": "localhost",
        "db_port": 5432,
        "db_name": "headscale",
        "db_user": "headscale",
        "db_pass": "BZv1XGkrC7dlzjudJy0J",
        "tls_letsencrypt_hostname": "",
        "tls_letsencrypt_cache_dir": ".cache",
        "tls_letsencrypt_challenge_type": "HTTP-01",
        "tls_cert_path": "",
        "tls_key_path": "",
        "acl_policy_path": ""
    }
    

    And I've created a namespace.

    When I try to register a node from another vm, I got an output key and I manual registered on my headscale vm: image

    But nothing changed on my tailscale vm. screenshot below:

    image

    No success response

    opened by momaek 23
  • Nodes connected to headscale fail to see each other if headscale is fronted by nginx

    Nodes connected to headscale fail to see each other if headscale is fronted by nginx

    Descriptions

    Machines manage to authenticate to headscale, see each other's existence in tailscale status, but cannot ping each other. They are able to discover and ping each other fine when using tailscale infrastructure, or when talking to headscale directly, without nginx in the way.

    Situation

    Two machines running OpenBSD-current, tailscale 1.10.2, headscale 0.3.4

    • one named headscale is running headscale with postgres, tailscale, nginx in front of headscale for TLS termination; has public IP, tailscale told to listen on specific port and that port opened on firewall
    • one named innernet-test is behind NAT (aggressive). Runs only tailscaled

    Configuration

    headscale

    {
        "server_url": "https://headscale.viq.vc:443",
        "listen_addr": "0.0.0.0:8000",
        "private_key_path": "/etc/headscale/private.key",
        "derp_map_path": "/etc/headscale/derp.yaml",
        "ephemeral_node_inactivity_timeout": "30m",
        "db_type": "postgres",
        "db_host": "localhost",
        "db_port": 5432,
        "db_name": "headscale",
        "db_user": "headscale",
        "db_pass": "XXX",
        "tls_letsencrypt_hostname": "",
        "tls_letsencrypt_cache_dir": "/var/headscale/.cache",
        "tls_letsencrypt_challenge_type": "TLS-ALPN-01",
        "tls_cert_path": "",
        "tls_key_path": "",
        "acl_policy_path": ""
    }
    

    nginx

    # cat /etc/nginx/nginx.conf  | grep -v \# | grep -v ^$
    worker_processes  1;
    worker_rlimit_nofile 1024;
    events {
        worker_connections  800;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        index         index.html index.htm;
        keepalive_timeout  65;
        server_tokens off;
        server {
            listen       80;
            listen       [::]:80;
            server_name  headscale.viq.vc;
            root         /var/www/htdocs;
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root  /var/www/htdocs;
            }
            location ^~ /.well-known/acme-challenge/ {
                    alias /var/www/acme/;
                    default_type "text/plain";
                    allow all;
            }
            location = /.well-known/acme-challenge/ {
                    return 404;
            }
        }
        server {
            listen       443 ssl;
            server_name  headscale.viq.vc;
            ssl_certificate      /etc/ssl/headscale.viq.vc.fullchain.pem;
            ssl_certificate_key  /etc/ssl/private/headscale.viq.vc.key;
            ssl_session_timeout  5m;
            ssl_session_cache    shared:SSL:1m;
            ssl_ciphers  HIGH:!aNULL:!MD5:!RC4;
            ssl_prefer_server_ciphers   on;
            location / {
                    proxy_read_timeout 180;
                    proxy_http_version 1.1;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_pass http://127.0.0.1:8000;
            }
        }
    }
    

    Logs

    Part 1

    Attaching machines to headscale

    nginx

    51.75.32.29 - - [17/Jul/2021:17:03:35 +0200] "GET /key HTTP/1.1" 200 64 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:35 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839 HTTP/1.1" 200 326 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:36 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1303 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:36 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1293 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:36 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1293 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:36 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1293 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:36 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1293 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:17 +0200] "GET /key HTTP/1.1" 200 64 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:17 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317 HTTP/1.1" 200 326 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:17 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1748 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:18 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1737 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:18 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1737 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:18 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1737 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:06:13 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 499 0 "-" "Go-http-client/1.1"
    

    headscale & tailscaled

    headscale machine
    2021-07-17T15:01:27.335Z headscale newsyslog[86153]: logfile turned over
    2021-07-17T15:01:52.997Z headscale headscale[61967]: [GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
    2021-07-17T15:01:53.000Z headscale headscale[61967]: 
    2021-07-17T15:01:53.011Z headscale headscale[61967]: [GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
    2021-07-17T15:01:53.012Z headscale headscale[61967]:  - using env:      export GIN_MODE=release
    2021-07-17T15:01:53.012Z headscale headscale[61967]:  - using code:     gin.SetMode(gin.ReleaseMode)
    2021-07-17T15:01:53.012Z headscale headscale[61967]: 
    2021-07-17T15:01:53.019Z headscale headscale[61967]: [GIN-debug] GET    /key                      --> github.com/juanfont/headscale.(*Headscale).KeyHandler-fm (3 handlers)
    2021-07-17T15:01:53.023Z headscale headscale[61967]: [GIN-debug] GET    /register                 --> github.com/juanfont/headscale.(*Headscale).RegisterWebAPI-fm (3 handlers)
    2021-07-17T15:01:53.026Z headscale headscale[61967]: [GIN-debug] POST   /machine/:id/map          --> github.com/juanfont/headscale.(*Headscale).PollNetMapHandler-fm (3 handlers)
    2021-07-17T15:01:53.029Z headscale headscale[61967]: [GIN-debug] POST   /machine/:id              --> github.com/juanfont/headscale.(*Headscale).RegistrationHandler-fm (3 handlers)
    2021-07-17T15:01:53.032Z headscale headscale[61967]: 2021/07/17 17:01:53 WARNING: listening without TLS but ServerURL does not start with http://
    2021-07-17T15:01:53.036Z headscale headscale[61967]: [GIN-debug] Listening and serving HTTP on 0.0.0.0:8000
    2021-07-17T15:02:43.035Z headscale tailscaled[14930]: 2021/07/17 17:02:43 logtail started
    2021-07-17T15:02:43.041Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Program starting: vdate.20210603, Go 1.16.6: []string{"/usr/local/bin/tailscaled", "-port", "22502"}
    2021-07-17T15:02:43.050Z headscale tailscaled[14930]: 2021/07/17 17:02:43 LogID: 684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573
    2021-07-17T15:02:43.057Z headscale tailscaled[14930]: 2021/07/17 17:02:43 logpolicy: using system state directory "/var/db/tailscale"
    2021-07-17T15:02:43.061Z headscale tailscaled[14930]: logpolicy.Read /var/db/tailscale/tailscaled.log.conf: open /var/db/tailscale/tailscaled.log.conf: no such file or directory
    2021-07-17T15:02:43.065Z headscale tailscaled[14930]: 2021/07/17 17:02:43 wgengine.NewUserspaceEngine(tun "tun") ...
    2021-07-17T15:02:43.069Z headscale tailscaled[14930]: 2021/07/17 17:02:43 dns: using dns.directManager
    2021-07-17T15:02:43.079Z headscale tailscaled[14930]: 2021/07/17 17:02:43 link state: interfaces.State{defaultRoute=TODO ifs={vio0:[51.75.32.29/32]} v4=true v6=false}
    2021-07-17T15:02:43.090Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Creating wireguard device...
    2021-07-17T15:02:43.098Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Bringing wireguard device up...
    2021-07-17T15:02:43.103Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Bringing router up...
    2021-07-17T15:02:43.107Z headscale tailscaled[14930]: 2021/07/17 17:02:43 external route: up
    2021-07-17T15:02:43.111Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Clearing router settings...
    2021-07-17T15:02:43.116Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Starting link monitor...
    2021-07-17T15:02:43.120Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Starting magicsock...
    2021-07-17T15:02:43.145Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Engine created.
    2021-07-17T15:02:43.155Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Listening on /var/run/tailscale/tailscaled.sock
    2021-07-17T15:02:43.161Z headscale tailscaled[14930]: 2021/07/17 17:02:43 netmap packet filter: (not ready yet)
    2021-07-17T15:02:43.170Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Start
    2021-07-17T15:02:43.173Z headscale tailscaled[14930]: 2021/07/17 17:02:43 using backend prefs
    2021-07-17T15:02:43.176Z headscale tailscaled[14930]: 2021/07/17 17:02:43 created empty state for "_daemon": Prefs{ra=true dns=true want=false Persist=nil}
    2021-07-17T15:02:43.179Z headscale tailscaled[14930]: 2021/07/17 17:02:43 got initial portlist info in 0s
    2021-07-17T15:02:43.183Z headscale tailscaled[14930]: 2021/07/17 17:02:43 magicsock: disco key = d:110593ae14096bdd
    2021-07-17T15:02:43.186Z headscale tailscaled[14930]: 2021/07/17 17:02:43 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573","OS":"openbsd","Hostname":"headscale","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":80},{"Proto":"tcp","Port":443},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:02:43.190Z headscale tailscaled[14930]: 2021/07/17 17:02:43 control: authRoutine: state:new; goal=nil paused=false
    2021-07-17T15:02:43.194Z headscale tailscaled[14930]: 2021/07/17 17:02:43 control: mapRoutine: state:new
    2021-07-17T15:02:43.197Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Backend: logs: be:684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573 fe:
    2021-07-17T15:02:43.201Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Switching ipn state NoState -> NeedsLogin (WantRunning=false, nm=false)
    2021-07-17T15:02:43.204Z headscale tailscaled[14930]: 2021/07/17 17:02:43 blockEngineUpdates(true)
    2021-07-17T15:02:43.207Z headscale tailscaled[14930]: 2021/07/17 17:02:43 wgengine: Reconfig: configuring userspace wireguard config (with 0/0 peers)
    2021-07-17T15:02:43.211Z headscale tailscaled[14930]: 2021/07/17 17:02:43 wgengine: Reconfig: configuring router
    2021-07-17T15:02:43.215Z headscale tailscaled[14930]: 2021/07/17 17:02:43 wgengine: Reconfig: configuring DNS
    2021-07-17T15:02:43.218Z headscale tailscaled[14930]: 2021/07/17 17:02:43 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[]}
    2021-07-17T15:02:43.222Z headscale tailscaled[14930]: 2021/07/17 17:02:43 dns: Resolvercfg: {Routes:map[] Hosts:map[] LocalDomains:[]}
    2021-07-17T15:02:43.226Z headscale tailscaled[14930]: 2021/07/17 17:02:43 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:02:43.232Z headscale tailscaled[14930]: 2021/07/17 17:02:43 health("overall"): error: state=NeedsLogin, wantRunning=false
    2021-07-17T15:02:43.282Z headscale tailscaled[14930]: 2021/07/17 17:02:43 logtail: dialed "log.tailscale.io:443" in 226ms
    2021-07-17T15:03:35.805Z headscale tailscaled[14930]: 2021/07/17 17:03:35 Start
    2021-07-17T15:03:35.810Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: client.Shutdown()
    2021-07-17T15:03:35.810Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: client.Shutdown: inSendStatus=0
    2021-07-17T15:03:35.810Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: authRoutine: state:new; goal=nil paused=false
    2021-07-17T15:03:35.810Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: context done.
    2021-07-17T15:03:35.812Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: state:new
    2021-07-17T15:03:35.812Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: quit
    2021-07-17T15:03:35.812Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: Client.Shutdown done.
    2021-07-17T15:03:35.813Z headscale tailscaled[14930]: 2021/07/17 17:03:35 using backend prefs
    2021-07-17T15:03:35.814Z headscale tailscaled[14930]: 2021/07/17 17:03:35 created empty state for "_daemon": Prefs{ra=true dns=true want=false Persist=nil}
    2021-07-17T15:03:35.814Z headscale tailscaled[14930]: 2021/07/17 17:03:35 generating new machine key
    2021-07-17T15:03:35.822Z headscale tailscaled[14930]: 2021/07/17 17:03:35 machine key written to store
    2021-07-17T15:03:35.826Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573","OS":"openbsd","Hostname":"headscale","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":80},{"Proto":"tcp","Port":443},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:03:35.829Z headscale tailscaled[14930]: 2021/07/17 17:03:35 Backend: logs: be:684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573 fe:
    2021-07-17T15:03:35.832Z headscale tailscaled[14930]: 2021/07/17 17:03:35 Switching ipn state NoState -> NeedsLogin (WantRunning=true, nm=false)
    2021-07-17T15:03:35.833Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: authRoutine: state:new; goal=nil paused=false
    2021-07-17T15:03:35.841Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: state:new
    2021-07-17T15:03:35.842Z headscale tailscaled[14930]: 2021/07/17 17:03:35 blockEngineUpdates(true)
    2021-07-17T15:03:35.842Z headscale tailscaled[14930]: 2021/07/17 17:03:35 Reconfig(down): no changes made to Engine config
    2021-07-17T15:03:35.845Z headscale tailscaled[14930]: 2021/07/17 17:03:35 StartLoginInteractive: url=false
    2021-07-17T15:03:35.850Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: client.Login(false, 2)
    2021-07-17T15:03:35.852Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: authRoutine: state:new; wantLoggedIn=true
    2021-07-17T15:03:35.859Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: direct.TryLogin(token=false, flags=2)
    2021-07-17T15:03:35.872Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: LoginInteractive -> regen=true
    2021-07-17T15:03:35.878Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: doLogin(regen=true, hasUrl=false)
    2021-07-17T15:03:35.927Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:35 | 200 |     367.532\M-B\M-5s |     51.75.32.29 | GET      "/key"
    2021-07-17T15:03:35.934Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: Generating a new nodekey.
    2021-07-17T15:03:35.939Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: RegisterReq: onode=[AAAAA] node=[WwgZK] fup=false
    2021-07-17T15:03:35.952Z headscale headscale[61967]: 2021/07/17 17:03:35 New Machine!
    2021-07-17T15:03:35.971Z headscale headscale[61967]: 2021/07/17 17:03:35 [headscale] Successfully authenticated via AuthKey
    2021-07-17T15:03:35.972Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:35 | 200 |   25.342504ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839"
    2021-07-17T15:03:35.985Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
    2021-07-17T15:03:35.988Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: No AuthURL
    2021-07-17T15:03:35.988Z headscale tailscaled[14930]: 2021/07/17 17:03:35 blockEngineUpdates(false)
    2021-07-17T15:03:35.988Z headscale tailscaled[14930]: 2021/07/17 17:03:35 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:03:35.995Z headscale tailscaled[14930]: 2021/07/17 17:03:35 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:03:35.995Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:03:35.999Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: new map needed while idle.
    2021-07-17T15:03:35.999Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: state:authenticated
    2021-07-17T15:03:36.033Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.037Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:03:36.041Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:36 | 200 |   28.951678ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:03:36.049Z headscale tailscaled[14930]: 2021/07/17 17:03:36 active login: viqWORKS
    2021-07-17T15:03:36.054Z headscale tailscaled[14930]: 2021/07/17 17:03:36 netmap packet filter: [[TCP UDP ICMPv4 ICMPv6][0.0.0.0/0,::/0]=>[0.0.0.0/0:*,::/0:*]]
    2021-07-17T15:03:36.064Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Switching ipn state NeedsLogin -> Starting (WantRunning=true, nm=true)
    2021-07-17T15:03:36.069Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: SetPrivateKey called (init)
    2021-07-17T15:03:36.073Z headscale tailscaled[14930]: 2021/07/17 17:03:36 wgengine: Reconfig: configuring userspace wireguard config (with 0/0 peers)
    2021-07-17T15:03:36.073Z headscale tailscaled[14930]: 2021/07/17 17:03:36 wgengine: Reconfig: configuring router
    2021-07-17T15:03:36.136Z headscale tailscaled[14930]: 2021/07/17 17:03:36 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:03:36.145Z headscale tailscaled[14930]: 2021/07/17 17:03:36 wgengine: Reconfig: configuring DNS
    2021-07-17T15:03:36.148Z headscale tailscaled[14930]: 2021/07/17 17:03:36 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[headscale.:[100.99.59.105]]}
    2021-07-17T15:03:36.148Z headscale tailscaled[14930]: 2021/07/17 17:03:36 dns: Resolvercfg: {Routes:map[] Hosts:map[headscale.:[100.99.59.105]] LocalDomains:[]}
    2021-07-17T15:03:36.148Z headscale tailscaled[14930]: 2021/07/17 17:03:36 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:03:36.150Z headscale tailscaled[14930]: 2021/07/17 17:03:36 peerapi: serving on http://100.99.59.105:39599
    2021-07-17T15:03:36.157Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Received error: PollNetMap: EOF
    2021-07-17T15:03:36.159Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: backoff: 5 msec
    2021-07-17T15:03:36.160Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573","OS":"openbsd","Hostname":"headscale","GoArch":"amd64","Services":[{"Proto":"peerapi4","Port":39599}]}
    2021-07-17T15:03:36.162Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: state:authenticated
    2021-07-17T15:03:36.212Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.215Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:03:36.218Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:36 | 200 |   48.737118ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:03:36.224Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: state:authenticated
    2021-07-17T15:03:36.227Z headscale tailscaled[14930]: 2021/07/17 17:03:36 [RATELIMIT] format("control: mapRoutine: %s")
    2021-07-17T15:03:36.260Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.264Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:03:36.268Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:36 | 200 |   25.277085ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:03:36.276Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Received error: PollNetMap: EOF
    2021-07-17T15:03:36.276Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: backoff: 36 msec
    2021-07-17T15:03:36.337Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.340Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:03:36.343Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:36 | 200 |   21.983377ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:03:36.355Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Received error: PollNetMap: EOF
    2021-07-17T15:03:36.357Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: backoff: 45 msec
    2021-07-17T15:03:36.423Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.426Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:03:36.426Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:36 | 200 |   12.453532ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:03:36.437Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Received error: PollNetMap: EOF
    2021-07-17T15:03:36.442Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: backoff: 88 msec
    2021-07-17T15:03:36.442Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: home is now derp-4 (fra)
    2021-07-17T15:03:36.445Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: endpoints changed: 51.75.32.29:22502 (stun)
    2021-07-17T15:03:36.451Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: client.newEndpoints(0, [51.75.32.29:22502])
    2021-07-17T15:03:36.455Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:03:36.458Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:03:36.462Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
    2021-07-17T15:03:36.462Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false udp=true derp=#4 portmap= link=""}
    2021-07-17T15:03:36.462Z headscale tailscaled[14930]: 2021/07/17 17:03:36 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:03:36.467Z headscale tailscaled[14930]: 2021/07/17 17:03:36 derphttp.Client.Connect: connecting to derp-4 (fra)
    2021-07-17T15:03:36.549Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:03:36.553Z headscale tailscaled[14930]: 2021/07/17 17:03:36 health("overall"): ok
    2021-07-17T15:03:36.564Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=false   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.567Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is ready to access the tailnet
    2021-07-17T15:03:36.567Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Sending initial map
    2021-07-17T15:03:36.567Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Notifying peers
    2021-07-17T15:03:36.570Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Sending data (1507 bytes)
    2021-07-17T15:03:36.579Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Sending keepalive
    2021-07-17T15:03:36.581Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Sending data (75 bytes)
    2021-07-17T15:03:43.185Z headscale tailscaled[14930]: 2021/07/17 17:03:43 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=TODO ifs={tun0:[100.99.59.105/32] vio0:[51.75.32.29/32]} v4=true v6=false}
    2021-07-17T15:03:43.214Z headscale tailscaled[14930]: 2021/07/17 17:03:43 magicsock: closing connection to derp-4 (rebind), age 7s
    2021-07-17T15:03:43.219Z headscale tailscaled[14930]: 2021/07/17 17:03:43 magicsock: 0 active derp conns
    2021-07-17T15:03:43.229Z headscale tailscaled[14930]: 2021/07/17 17:03:43 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:03:43.233Z headscale tailscaled[14930]: 2021/07/17 17:03:43 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:03:43.233Z headscale tailscaled[14930]: 2021/07/17 17:03:43 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:03:43.233Z headscale tailscaled[14930]: 2021/07/17 17:03:43 health("overall"): error: not connected to home DERP region 4
    2021-07-17T15:03:43.233Z headscale tailscaled[14930]: 2021/07/17 17:03:43 derphttp.Client.Recv: connecting to derp-4 (fra)
    2021-07-17T15:03:43.307Z headscale tailscaled[14930]: 2021/07/17 17:03:43 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:03:43.310Z headscale tailscaled[14930]: 2021/07/17 17:03:43 health("overall"): ok
    2021-07-17T15:03:43.445Z headscale tailscaled[14930]: 2021/07/17 17:03:43 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:04:17.862Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:17 | 200 |     465.137\M-B\M-5s |     51.75.32.28 | GET      "/key"
    2021-07-17T15:04:17.876Z headscale headscale[61967]: 2021/07/17 17:04:17 New Machine!
    2021-07-17T15:04:17.889Z headscale headscale[61967]: 2021/07/17 17:04:17 [innernet-test] Successfully authenticated via AuthKey
    2021-07-17T15:04:17.892Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:17 | 200 |   17.280435ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317"
    2021-07-17T15:04:17.921Z headscale headscale[61967]: 2021/07/17 17:04:17 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:04:17.925Z headscale headscale[61967]: 2021/07/17 17:04:17 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:04:17.925Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:17 | 200 |   20.194041ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:04:18.095Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:04:18.101Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:04:18.101Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:18 | 200 |   16.963453ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:04:18.138Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:04:18.145Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:04:18.151Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:18 | 200 |   33.569286ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:04:18.234Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:04:18.241Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:04:18.241Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:18 | 200 |   18.543764ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:04:18.366Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] ReadOnly=false   OmitPeers=false    Stream=true
    2021-07-17T15:04:18.371Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Client is ready to access the tailnet
    2021-07-17T15:04:18.373Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Sending initial map
    2021-07-17T15:04:18.373Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Notifying peers
    2021-07-17T15:04:18.373Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Notifying peer headscale (100.99.59.105/32)
    2021-07-17T15:04:18.374Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Sending data (1825 bytes)
    2021-07-17T15:04:18.390Z headscale headscale[61967]: 2021/07/17 17:04:18 [headscale] Received a request for update
    2021-07-17T15:04:18.397Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Sending keepalive
    2021-07-17T15:04:18.438Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:04:36.593Z headscale headscale[61967]: 2021/07/17 17:04:36 [headscale] Sending keepalive
    2021-07-17T15:04:36.597Z headscale headscale[61967]: 2021/07/17 17:04:36 [headscale] Sending data (75 bytes)
    2021-07-17T15:04:43.193Z headscale tailscaled[14930]: 2021/07/17 17:04:43 health("overall"): error: not in map poll
    2021-07-17T15:05:18.416Z headscale headscale[61967]: 2021/07/17 17:05:18 [innernet-test] Sending keepalive
    2021-07-17T15:05:18.423Z headscale headscale[61967]: 2021/07/17 17:05:18 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:05:36.612Z headscale headscale[61967]: 2021/07/17 17:05:36 [headscale] Sending keepalive
    2021-07-17T15:05:36.617Z headscale headscale[61967]: 2021/07/17 17:05:36 [headscale] Sending data (75 bytes)
    2021-07-17T15:06:13.804Z headscale tailscaled[14930]: 2021/07/17 17:06:13 tailscaled got signal terminated; shutting down
    2021-07-17T15:06:13.808Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: client.Shutdown()
    2021-07-17T15:06:13.812Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: client.Shutdown: inSendStatus=0
    2021-07-17T15:06:13.813Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:06:13.822Z headscale headscale[61967]: 2021/07/17 17:06:13 [headscale] The client has closed the connection
    2021-07-17T15:06:13.825Z headscale tailscaled[14930]: 2021/07/17 17:06:13 [RATELIMIT] format("control: mapRoutine: %s") (3 dropped)
    2021-07-17T15:06:13.832Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: mapRoutine: state:authenticated
    2021-07-17T15:06:13.845Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: mapRoutine: quit
    2021-07-17T15:06:13.849Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: Client.Shutdown done.
    2021-07-17T15:06:13.849Z headscale tailscaled[14930]: 2021/07/17 17:06:13 magicsock: closing connection to derp-4 (conn-close), age 2m31s
    2021-07-17T15:06:13.849Z headscale tailscaled[14930]: 2021/07/17 17:06:13 magicsock: 0 active derp conns
    2021-07-17T15:06:13.855Z headscale tailscaled[14930]: 2021/07/17 17:06:13 external route: down
    2021-07-17T15:06:13.859Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:06:13 | 200 |         2m37s |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:06:13.862Z headscale tailscaled[14930]: 2021/07/17 17:06:13 wgengine status error: engine closing; no status
    2021-07-17T15:06:13.972Z headscale tailscaled[14930]: 2021/07/17 17:06:13 flushing log.
    2021-07-17T15:06:13.976Z headscale tailscaled[14930]: 2021/07/17 17:06:13 logger closing down
    2021-07-17T15:06:14.037Z headscale tailscaled[14930]: 2021/07/17 17:06:14 logtail: dialed "log.tailscale.io:443" in 216ms
    2021-07-17T15:06:15.215Z headscale headscale[61967]: 2021/07/17 17:06:15 [innernet-test] The client has closed the connection
    2021-07-17T15:06:15.236Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:06:15 | 200 |         1m56s |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    
    innernet-test machine
    2021-07-17T09:00:01.585Z innernet-test newsyslog[60243]: logfile turned over
    2021-07-17T15:04:06.770Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 logtail started
    2021-07-17T15:04:06.770Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Program starting: vdate.20210603, Go 1.16.6: []string{"/usr/local/bin/tailscaled"}
    2021-07-17T15:04:06.770Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 LogID: ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618
    2021-07-17T15:04:06.770Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 logpolicy: using system state directory "/var/db/tailscale"
    2021-07-17T15:04:06.772Z innernet-test tailscaled[74184]: logpolicy.Read /var/db/tailscale/tailscaled.log.conf: open /var/db/tailscale/tailscaled.log.conf: no such file or directory
    2021-07-17T15:04:06.772Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 wgengine.NewUserspaceEngine(tun "tun") ...
    2021-07-17T15:04:06.782Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 dns: using dns.directManager
    2021-07-17T15:04:06.784Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 link state: interfaces.State{defaultRoute=TODO ifs={vio0:[192.168.135.48/24]} v4=true v6=false}
    2021-07-17T15:04:06.787Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Creating wireguard device...
    2021-07-17T15:04:06.788Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Bringing wireguard device up...
    2021-07-17T15:04:06.790Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Bringing router up...
    2021-07-17T15:04:06.809Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 external route: up
    2021-07-17T15:04:06.886Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Clearing router settings...
    2021-07-17T15:04:06.888Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Starting link monitor...
    2021-07-17T15:04:06.890Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Starting magicsock...
    2021-07-17T15:04:06.892Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Engine created.
    2021-07-17T15:04:06.899Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Listening on /var/run/tailscale/tailscaled.sock
    2021-07-17T15:04:06.952Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 netmap packet filter: (not ready yet)
    2021-07-17T15:04:06.952Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Start
    2021-07-17T15:04:06.953Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 using backend prefs
    2021-07-17T15:04:06.956Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 created empty state for "_daemon": Prefs{ra=true dns=true want=false Persist=nil}
    2021-07-17T15:04:06.956Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 got initial portlist info in 0s
    2021-07-17T15:04:06.956Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 magicsock: disco key = d:95f0a6e02bfcbb80
    2021-07-17T15:04:06.960Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618","OS":"openbsd","Hostname":"innernet-test","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:04:06.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Backend: logs: be:ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618 fe:
    2021-07-17T15:04:06.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Switching ipn state NoState -> NeedsLogin (WantRunning=false, nm=false)
    2021-07-17T15:04:06.965Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 blockEngineUpdates(true)
    2021-07-17T15:04:06.966Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 wgengine: Reconfig: configuring userspace wireguard config (with 0/0 peers)
    2021-07-17T15:04:06.966Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 wgengine: Reconfig: configuring router
    2021-07-17T15:04:06.966Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 wgengine: Reconfig: configuring DNS
    2021-07-17T15:04:06.966Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[]}
    2021-07-17T15:04:06.967Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 dns: Resolvercfg: {Routes:map[] Hosts:map[] LocalDomains:[]}
    2021-07-17T15:04:06.967Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:04:06.968Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 control: authRoutine: state:new; goal=nil paused=false
    2021-07-17T15:04:06.968Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 control: mapRoutine: state:new
    2021-07-17T15:04:06.968Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 health("overall"): error: state=NeedsLogin, wantRunning=false
    2021-07-17T15:04:07.267Z innernet-test tailscaled[74184]: 2021/07/17 17:04:07 logtail: dialed "log.tailscale.io:443" in 380ms
    2021-07-17T15:04:17.572Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 Start
    2021-07-17T15:04:17.573Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: client.Shutdown()
    2021-07-17T15:04:17.573Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: client.Shutdown: inSendStatus=0
    2021-07-17T15:04:17.574Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: authRoutine: state:new; goal=nil paused=false
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: context done.
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: state:new
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: quit
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: Client.Shutdown done.
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 using backend prefs
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 created empty state for "_daemon": Prefs{ra=true dns=true want=false Persist=nil}
    2021-07-17T15:04:17.583Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 generating new machine key
    2021-07-17T15:04:17.586Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 machine key written to store
    2021-07-17T15:04:17.587Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618","OS":"openbsd","Hostname":"innernet-test","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:04:17.588Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 Backend: logs: be:ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618 fe:
    2021-07-17T15:04:17.588Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 Switching ipn state NoState -> NeedsLogin (WantRunning=true, nm=false)
    2021-07-17T15:04:17.590Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 blockEngineUpdates(true)
    2021-07-17T15:04:17.591Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 StartLoginInteractive: url=false
    2021-07-17T15:04:17.591Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: client.Login(false, 2)
    2021-07-17T15:04:17.591Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: authRoutine: state:new; wantLoggedIn=true
    2021-07-17T15:04:17.592Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: direct.TryLogin(token=false, flags=2)
    2021-07-17T15:04:17.592Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: LoginInteractive -> regen=true
    2021-07-17T15:04:17.592Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: doLogin(regen=true, hasUrl=false)
    2021-07-17T15:04:17.595Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: state:authenticating
    2021-07-17T15:04:17.866Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: Generating a new nodekey.
    2021-07-17T15:04:17.867Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: RegisterReq: onode=[AAAAA] node=[QzY2R] fup=false
    2021-07-17T15:04:17.894Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
    2021-07-17T15:04:17.895Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: No AuthURL
    2021-07-17T15:04:17.895Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 blockEngineUpdates(false)
    2021-07-17T15:04:17.896Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:04:17.896Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:04:17.897Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:04:17.897Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: new map needed while idle.
    2021-07-17T15:04:17.897Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: state:authenticated
    2021-07-17T15:04:17.936Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 active login: viqWORKS
    2021-07-17T15:04:17.941Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 netmap packet filter: [[TCP UDP ICMPv4 ICMPv6][0.0.0.0/0,::/0]=>[0.0.0.0/0:*,::/0:*]]
    2021-07-17T15:04:17.948Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:04:17.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 Switching ipn state NeedsLogin -> Starting (WantRunning=true, nm=true)
    2021-07-17T15:04:17.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 magicsock: SetPrivateKey called (init)
    2021-07-17T15:04:17.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 wgengine: Reconfig: configuring userspace wireguard config (with 0/1 peers)
    2021-07-17T15:04:17.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 wgengine: Reconfig: configuring router
    2021-07-17T15:04:18.040Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 wgengine: Reconfig: configuring DNS
    2021-07-17T15:04:18.040Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]]}
    2021-07-17T15:04:18.041Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 dns: Resolvercfg: {Routes:map[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]] LocalDomains:[]}
    2021-07-17T15:04:18.041Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:04:18.045Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 peerapi: serving on http://100.87.15.215:47775
    2021-07-17T15:04:18.054Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 Received error: PollNetMap: EOF
    2021-07-17T15:04:18.058Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618","OS":"openbsd","Hostname":"innernet-test","GoArch":"amd64","Services":[{"Proto":"peerapi4","Port":47775}]}
    2021-07-17T15:04:18.062Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: mapRoutine: backoff: 8 msec
    2021-07-17T15:04:18.075Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: mapRoutine: state:authenticated
    2021-07-17T15:04:18.112Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: mapRoutine: state:authenticated
    2021-07-17T15:04:18.112Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 [RATELIMIT] format("control: mapRoutine: %s")
    2021-07-17T15:04:18.163Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 Received error: PollNetMap: EOF
    2021-07-17T15:04:18.163Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: mapRoutine: backoff: 43 msec
    2021-07-17T15:04:18.244Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 Received error: PollNetMap: EOF
    2021-07-17T15:04:18.245Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: mapRoutine: backoff: 102 msec
    2021-07-17T15:04:18.246Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 magicsock: home is now derp-4 (fra)
    2021-07-17T15:04:18.247Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 magicsock: endpoints changed: 51.75.32.28:53006 (stun), 192.168.135.48:23368 (local)
    2021-07-17T15:04:18.247Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: client.newEndpoints(0, [51.75.32.28:53006 192.168.135.48:23368])
    2021-07-17T15:04:18.249Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:04:18.249Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:04:18.250Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
    2021-07-17T15:04:18.250Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: NetInfo: NetInfo{varies=true hairpin=false ipv6=false udp=true derp=#4 portmap= link=""}
    2021-07-17T15:04:18.251Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:04:18.251Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 derphttp.Client.Connect: connecting to derp-4 (fra)
    2021-07-17T15:04:18.330Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:04:18.331Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 health("overall"): ok
    2021-07-17T15:04:26.910Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=TODO ifs={tun0:[100.87.15.215/32] vio0:[192.168.135.48/24]} v4=true v6=false}
    2021-07-17T15:04:26.910Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 magicsock: closing connection to derp-4 (rebind), age 9s
    2021-07-17T15:04:26.913Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 magicsock: 0 active derp conns
    2021-07-17T15:04:26.918Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:04:26.921Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:04:26.924Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:04:26.925Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 health("overall"): error: not connected to home DERP region 4
    2021-07-17T15:04:26.925Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 derphttp.Client.Recv: connecting to derp-4 (fra)
    2021-07-17T15:04:27.000Z innernet-test tailscaled[74184]: 2021/07/17 17:04:27 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:04:27.000Z innernet-test tailscaled[74184]: 2021/07/17 17:04:27 health("overall"): ok
    2021-07-17T15:04:27.178Z innernet-test tailscaled[74184]: 2021/07/17 17:04:27 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:05:06.970Z innernet-test tailscaled[74184]: 2021/07/17 17:05:06 health("overall"): error: not in map poll
    2021-07-17T15:06:15.215Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 Received error: PollNetMap: Post "https://headscale.viq.vc/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map": EOF
    2021-07-17T15:06:15.215Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 control: mapRoutine: backoff: 87 msec
    2021-07-17T15:06:15.306Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 [RATELIMIT] format("control: mapRoutine: %s") (2 dropped)
    2021-07-17T15:06:15.306Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 control: mapRoutine: state:authenticated
    2021-07-17T15:06:15.312Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 trying bootstrapDNS("derp9.tailscale.com", "207.148.3.137") for "headscale.viq.vc" ...
    2021-07-17T15:06:15.748Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 trying bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" ...
    2021-07-17T15:06:15.749Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" error: Get "https://derp1.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2604:a880:400:d1::828:b001]:443: connect: no route to host
    2021-07-17T15:06:15.749Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 trying bootstrapDNS("derp8.tailscale.com", "167.71.139.179") for "headscale.viq.vc" ...
    2021-07-17T15:06:15.847Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 trying bootstrapDNS("derp4.tailscale.com", "2a03:b0c0:3:e0::36e:9001") for "headscale.viq.vc" ...
    2021-07-17T15:06:15.848Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 bootstrapDNS("derp4.tailscale.com", "2a03:b0c0:3:e0::36e:9001") for "headscale.viq.vc" error: Get "https://derp4.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2a03:b0c0:3:e0::36e:9001]:443: connect: no route to host
    2021-07-17T15:06:15.848Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 trying bootstrapDNS("derp7.tailscale.com", "167.179.89.145") for "headscale.viq.vc" ...
    2021-07-17T15:06:16.672Z innernet-test tailscaled[74184]: 2021/07/17 17:06:16 trying bootstrapDNS("derp3.tailscale.com", "2400:6180:0:d1::67d:8001") for "headscale.viq.vc" ...
    2021-07-17T15:06:16.673Z innernet-test tailscaled[74184]: 2021/07/17 17:06:16 bootstrapDNS("derp3.tailscale.com", "2400:6180:0:d1::67d:8001") for "headscale.viq.vc" error: Get "https://derp3.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2400:6180:0:d1::67d:8001]:443: connect: no route to host
    2021-07-17T15:06:16.674Z innernet-test tailscaled[74184]: 2021/07/17 17:06:16 Received error: PollNetMap: Post "https://headscale.viq.vc/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map": dial tcp 51.75.32.29:443: connect: connection refused
    2021-07-17T15:06:16.674Z innernet-test tailscaled[74184]: 2021/07/17 17:06:16 control: mapRoutine: backoff: 366 msec
    2021-07-17T15:06:17.056Z innernet-test tailscaled[74184]: 2021/07/17 17:06:17 control: mapRoutine: state:authenticated
    2021-07-17T15:06:17.064Z innernet-test tailscaled[74184]: 2021/07/17 17:06:17 trying bootstrapDNS("derp10.tailscale.com", "137.220.36.168") for "headscale.viq.vc" ...
    2021-07-17T15:06:17.611Z innernet-test tailscaled[74184]: 2021/07/17 17:06:17 trying bootstrapDNS("derp9.tailscale.com", "2001:19f0:6401:1d9c:5400:2ff:feef:bb82") for "headscale.viq.vc" ...
    2021-07-17T15:06:17.612Z innernet-test tailscaled[74184]: 2021/07/17 17:06:17 bootstrapDNS("derp9.tailscale.com", "2001:19f0:6401:1d9c:5400:2ff:feef:bb82") for "headscale.viq.vc" error: Get "https://derp9.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2001:19f0:6401:1d9c:5400:2ff:feef:bb82]:443: connect: no route to host
    2021-07-17T15:06:17.613Z innernet-test tailscaled[74184]: 2021/07/17 17:06:17 trying bootstrapDNS("derp6.tailscale.com", "68.183.90.120") for "headscale.viq.vc" ...
    2021-07-17T15:06:18.133Z innernet-test tailscaled[74184]: 2021/07/17 17:06:18 trying bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" ...
    2021-07-17T15:06:18.134Z innernet-test tailscaled[74184]: 2021/07/17 17:06:18 bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" error: Get "https://derp1.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2604:a880:400:d1::828:b001]:443: connect: no route to host
    2021-07-17T15:06:18.134Z innernet-test tailscaled[74184]: 2021/07/17 17:06:18 trying bootstrapDNS("derp5.tailscale.com", "103.43.75.49") for "headscale.viq.vc" ...
    2021-07-17T15:06:19.020Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 trying bootstrapDNS("derp10.tailscale.com", "2001:19f0:8001:2d9:5400:2ff:feef:bbb1") for "headscale.viq.vc" ...
    2021-07-17T15:06:19.021Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 bootstrapDNS("derp10.tailscale.com", "2001:19f0:8001:2d9:5400:2ff:feef:bbb1") for "headscale.viq.vc" error: Get "https://derp10.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2001:19f0:8001:2d9:5400:2ff:feef:bbb1]:443: connect: no route to host
    2021-07-17T15:06:19.021Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 Received error: PollNetMap: Post "https://headscale.viq.vc/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map": dial tcp 51.75.32.29:443: connect: connection refused
    2021-07-17T15:06:19.022Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 control: mapRoutine: backoff: 230 msec
    2021-07-17T15:06:19.266Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 control: mapRoutine: state:authenticated
    2021-07-17T15:06:19.269Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 trying bootstrapDNS("derp6.tailscale.com", "68.183.90.120") for "headscale.viq.vc" ...
    2021-07-17T15:06:19.817Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 trying bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "headscale.viq.vc" ...
    2021-07-17T15:06:19.818Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "headscale.viq.vc" error: Get "https://derp7.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2401:c080:1000:467f:5400:2ff:feee:22aa]:443: connect: no route to host
    2021-07-17T15:06:19.818Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 trying bootstrapDNS("derp9.tailscale.com", "207.148.3.137") for "headscale.viq.vc" ...
    2021-07-17T15:06:20.310Z innernet-test tailscaled[74184]: 2021/07/17 17:06:20 trying bootstrapDNS("derp10.tailscale.com", "2001:19f0:8001:2d9:5400:2ff:feef:bbb1") for "headscale.viq.vc" ...
    2021-07-17T15:06:20.311Z innernet-test tailscaled[74184]: 2021/07/17 17:06:20 bootstrapDNS("derp10.tailscale.com", "2001:19f0:8001:2d9:5400:2ff:feef:bbb1") for "headscale.viq.vc" error: Get "https://derp10.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2001:19f0:8001:2d9:5400:2ff:feef:bbb1]:443: connect: no route to host
    2021-07-17T15:06:20.312Z innernet-test tailscaled[74184]: 2021/07/17 17:06:20 trying bootstrapDNS("derp11.tailscale.com", "18.230.97.74") for "headscale.viq.vc" ...
    2021-07-17T15:06:21.051Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 trying bootstrapDNS("derp6.tailscale.com", "2400:6180:100:d0::982:d001") for "headscale.viq.vc" ...
    2021-07-17T15:06:21.052Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 bootstrapDNS("derp6.tailscale.com", "2400:6180:100:d0::982:d001") for "headscale.viq.vc" error: Get "https://derp6.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2400:6180:100:d0::982:d001]:443: connect: no route to host
    2021-07-17T15:06:21.060Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 Received error: PollNetMap: Post "https://headscale.viq.vc/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map": dial tcp 51.75.32.29:443: connect: connection refused
    2021-07-17T15:06:21.062Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 control: mapRoutine: backoff: 344 msec
    2021-07-17T15:06:21.412Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 control: mapRoutine: state:authenticated
    2021-07-17T15:06:21.417Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 trying bootstrapDNS("derp5.tailscale.com", "103.43.75.49") for "headscale.viq.vc" ...
    2021-07-17T15:06:22.316Z innernet-test tailscaled[74184]: 2021/07/17 17:06:22 trying bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "headscale.viq.vc" ...
    2021-07-17T15:06:22.316Z innernet-test tailscaled[74184]: 2021/07/17 17:06:22 bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "headscale.viq.vc" error: Get "https://derp7.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2401:c080:1000:467f:5400:2ff:feee:22aa]:443: connect: no route to host
    2021-07-17T15:06:22.317Z innernet-test tailscaled[74184]: 2021/07/17 17:06:22 trying bootstrapDNS("derp7.tailscale.com", "167.179.89.145") for "headscale.viq.vc" ...
    2021-07-17T15:06:23.144Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 trying bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" ...
    2021-07-17T15:06:23.145Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" error: Get "https://derp1.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2604:a880:400:d1::828:b001]:443: connect: no route to host
    2021-07-17T15:06:23.146Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 trying bootstrapDNS("derp11.tailscale.com", "18.230.97.74") for "headscale.viq.vc" ...
    2021-07-17T15:06:23.913Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 trying bootstrapDNS("derp6.tailscale.com", "2400:6180:100:d0::982:d001") for "headscale.viq.vc" ...
    2021-07-17T15:06:23.914Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 bootstrapDNS("derp6.tailscale.com", "2400:6180:100:d0::982:d001") for "headscale.viq.vc" error: Get "https://derp6.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2400:6180:100:d0::982:d001]:443: connect: no route to host
    2021-07-17T15:06:23.915Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 Received error: PollNetMap: Post "https://headscale.viq.vc/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map": dial tcp 51.75.32.29:443: connect: connection refused
    2021-07-17T15:06:23.916Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 control: mapRoutine: backoff: 901 msec
    2021-07-17T15:06:24.836Z innernet-test tailscaled[74184]: 2021/07/17 17:06:24 control: mapRoutine: state:authenticated
    2021-07-17T15:06:24.840Z innernet-test tailscaled[74184]: 2021/07/17 17:06:24 trying bootstrapDNS("derp7.tailscale.com", "167.179.89.145") for "headscale.viq.vc" ...
    2021-07-17T15:06:25.666Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 trying bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" ...
    2021-07-17T15:06:25.674Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" error: Get "https://derp1.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2604:a880:400:d1::828:b001]:443: connect: no route to host
    2021-07-17T15:06:25.674Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 trying bootstrapDNS("derp10.tailscale.com", "137.220.36.168") for "headscale.viq.vc" ...
    2021-07-17T15:06:25.787Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 tailscaled got signal terminated; shutting down
    2021-07-17T15:06:25.795Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: client.Shutdown()
    2021-07-17T15:06:25.799Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: client.Shutdown: inSendStatus=0
    2021-07-17T15:06:25.807Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:06:25.807Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 bootstrapDNS("derp10.tailscale.com", "137.220.36.168") for "headscale.viq.vc" error: Get "https://derp10.tailscale.com/bootstrap-dns?q=headscale.viq.vc": context canceled
    2021-07-17T15:06:25.807Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: mapRoutine: state:authenticated
    2021-07-17T15:06:25.807Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: mapRoutine: quit
    2021-07-17T15:06:25.807Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: Client.Shutdown done.
    2021-07-17T15:06:25.808Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 magicsock: closing connection to derp-4 (conn-close), age 1m59s
    2021-07-17T15:06:25.809Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 magicsock: 0 active derp conns
    2021-07-17T15:06:25.834Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 external route: down
    2021-07-17T15:06:25.835Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 wgengine status error: engine closing; no status
    2021-07-17T15:06:25.937Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 flushing log.
    2021-07-17T15:06:25.937Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 logger closing down
    2021-07-17T15:12:27.865Z innernet-test ntpd[57974]: adjusting clock frequency by 0.607733 to 2.555048ppm
    

    At this point daemons were stopped. Situation at this point: tailscale status on innernet-test shows both machines, on headscale shows only itself. headscale -n viqWORKS nodes list shows both machines.

    Part 2

    At this point I'm rotating logs, starting daemons, and will run status and ping

    headscale# tailscale status
    100.99.59.105   headscale            viqWORKS     openbsd -
    100.87.15.215   innernet-test        viqWORKS     openbsd -
    headscale# tailscale ping 100.87.15.215
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    no reply
    headscale# tailscale status             
    100.99.59.105   headscale            viqWORKS     openbsd -
    100.87.15.215   innernet-test        viqWORKS     openbsd active; relay "fra", tx 2960 rx 0
    
    innernet-test# tailscale status 
    100.87.15.215   innernet-test        viqWORKS     openbsd -
    100.99.59.105   headscale            viqWORKS     openbsd active; relay "lhr", tx 4256 rx 5328
    innernet-test# tailscale ping 100.99.59.105
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    no reply
    innernet-test# tailscale status             
    100.87.15.215   innernet-test        viqWORKS     openbsd -
    100.99.59.105   headscale            viqWORKS     openbsd active; relay "lhr", tx 5140 rx 6512
    

    Logs

    headscale machine

    nginx
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "GET /key HTTP/1.1" 200 64 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839 HTTP/1.1" 200 326 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1776 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "GET /key HTTP/1.1" 200 64 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317 HTTP/1.1" 200 326 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1769 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:15 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    
    headscale & tailscaled
    2021-07-17T15:22:55.316Z headscale newsyslog[33456]: logfile turned over
    2021-07-17T15:23:56.173Z headscale tailscaled[2483]: 2021/07/17 17:23:56 logtail started
    2021-07-17T15:23:56.190Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Program starting: vdate.20210603, Go 1.16.6: []string{"/usr/local/bin/tailscaled", "-port", "22502"}
    2021-07-17T15:23:56.195Z headscale tailscaled[2483]: 2021/07/17 17:23:56 LogID: 684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573
    2021-07-17T15:23:56.199Z headscale tailscaled[2483]: 2021/07/17 17:23:56 logpolicy: using system state directory "/var/db/tailscale"
    2021-07-17T15:23:56.203Z headscale tailscaled[2483]: 2021/07/17 17:23:56 wgengine.NewUserspaceEngine(tun "tun") ...
    2021-07-17T15:23:56.214Z headscale tailscaled[2483]: 2021/07/17 17:23:56 dns: using dns.directManager
    2021-07-17T15:23:56.228Z headscale tailscaled[2483]: 2021/07/17 17:23:56 link state: interfaces.State{defaultRoute=TODO ifs={vio0:[51.75.32.29/32]} v4=true v6=false}
    2021-07-17T15:23:56.233Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Creating wireguard device...
    2021-07-17T15:23:56.236Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Bringing wireguard device up...
    2021-07-17T15:23:56.239Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Bringing router up...
    2021-07-17T15:23:56.261Z headscale tailscaled[2483]: 2021/07/17 17:23:56 external route: up
    2021-07-17T15:23:56.266Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Clearing router settings...
    2021-07-17T15:23:56.271Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Starting link monitor...
    2021-07-17T15:23:56.274Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Starting magicsock...
    2021-07-17T15:23:56.279Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Engine created.
    2021-07-17T15:23:56.287Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Listening on /var/run/tailscale/tailscaled.sock
    2021-07-17T15:23:56.320Z headscale tailscaled[2483]: 2021/07/17 17:23:56 netmap packet filter: (not ready yet)
    2021-07-17T15:23:56.324Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Start
    2021-07-17T15:23:56.328Z headscale tailscaled[2483]: 2021/07/17 17:23:56 using backend prefs
    2021-07-17T15:23:56.331Z headscale tailscaled[2483]: 2021/07/17 17:23:56 backend prefs for "_daemon": Prefs{ra=false dns=true want=true url="https://headscale.viq.vc" Persist{lm=, o=, n=[WwgZK] u=""}}
    2021-07-17T15:23:56.401Z headscale tailscaled[2483]: 2021/07/17 17:23:56 got initial portlist info in 2ms
    2021-07-17T15:23:56.406Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: disco key = d:d52bb11973f8889b
    2021-07-17T15:23:56.410Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573","OS":"openbsd","Hostname":"headscale","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":80},{"Proto":"tcp","Port":443},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:23:56.418Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Backend: logs: be:684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573 fe:
    2021-07-17T15:23:56.427Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: client.Login(false, 0)
    2021-07-17T15:23:56.434Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: authRoutine: state:new; wantLoggedIn=true
    2021-07-17T15:23:56.440Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: direct.TryLogin(token=false, flags=0)
    2021-07-17T15:23:56.446Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: doLogin(regen=false, hasUrl=false)
    2021-07-17T15:23:56.450Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: state:authenticating
    2021-07-17T15:23:56.491Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |       69.22\M-B\M-5s |     51.75.32.29 | GET      "/key"
    2021-07-17T15:23:56.499Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: RegisterReq: onode=[AAAAA] node=[WwgZK] fup=false
    2021-07-17T15:23:56.511Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] Client is registered and we have the current NodeKey. All clear to /map
    2021-07-17T15:23:56.516Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |    9.532241ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839"
    2021-07-17T15:23:56.525Z headscale tailscaled[2483]: 2021/07/17 17:23:56 logtail: dialed "log.tailscale.io:443" in 294ms
    2021-07-17T15:23:56.531Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
    2021-07-17T15:23:56.544Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: No AuthURL
    2021-07-17T15:23:56.555Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:23:56.559Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:23:56.559Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |   19.689704ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:23:56.571Z headscale tailscaled[2483]: 2021/07/17 17:23:56 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:23:56.579Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:23:56.587Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: new map needed while idle.
    2021-07-17T15:23:56.597Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: state:authenticated
    2021-07-17T15:23:56.602Z headscale tailscaled[2483]: 2021/07/17 17:23:56 active login: viqWORKS
    2021-07-17T15:23:56.611Z headscale tailscaled[2483]: 2021/07/17 17:23:56 netmap packet filter: [[TCP UDP ICMPv4 ICMPv6][0.0.0.0/0,::/0]=>[0.0.0.0/0:*,::/0:*]]
    2021-07-17T15:23:56.624Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Switching ipn state NoState -> Starting (WantRunning=true, nm=true)
    2021-07-17T15:23:56.630Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: SetPrivateKey called (init)
    2021-07-17T15:23:56.635Z headscale tailscaled[2483]: 2021/07/17 17:23:56 wgengine: Reconfig: configuring userspace wireguard config (with 0/1 peers)
    2021-07-17T15:23:56.639Z headscale tailscaled[2483]: 2021/07/17 17:23:56 wgengine: Reconfig: configuring router
    2021-07-17T15:23:56.643Z headscale tailscaled[2483]: 2021/07/17 17:23:56 health("overall"): error: state=Starting, wantRunning=true
    2021-07-17T15:23:56.647Z headscale tailscaled[2483]: 2021/07/17 17:23:56 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:23:56.674Z headscale tailscaled[2483]: 2021/07/17 17:23:56 wgengine: Reconfig: configuring DNS
    2021-07-17T15:23:56.679Z headscale tailscaled[2483]: 2021/07/17 17:23:56 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]]}
    2021-07-17T15:23:56.686Z headscale tailscaled[2483]: 2021/07/17 17:23:56 dns: Resolvercfg: {Routes:map[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]] LocalDomains:[]}
    2021-07-17T15:23:56.690Z headscale tailscaled[2483]: 2021/07/17 17:23:56 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:23:56.695Z headscale tailscaled[2483]: 2021/07/17 17:23:56 peerapi: serving on http://100.99.59.105:39599
    2021-07-17T15:23:56.702Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Received error: PollNetMap: EOF
    2021-07-17T15:23:56.708Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: backoff: 10 msec
    2021-07-17T15:23:56.714Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573","OS":"openbsd","Hostname":"headscale","GoArch":"amd64","Services":[{"Proto":"peerapi4","Port":39599}]}
    2021-07-17T15:23:56.730Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: state:authenticated
    2021-07-17T15:23:56.754Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:23:56.759Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:23:56.759Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |   18.575769ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:23:56.813Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: state:authenticated
    2021-07-17T15:23:56.829Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:23:56.831Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:23:56.831Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |   10.318743ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:23:56.861Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Received error: PollNetMap: EOF
    2021-07-17T15:23:56.866Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: backoff: 27 msec
    2021-07-17T15:23:56.910Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: state:authenticated
    2021-07-17T15:23:56.922Z headscale tailscaled[2483]: 2021/07/17 17:23:56 [RATELIMIT] format("control: mapRoutine: %s")
    2021-07-17T15:23:56.936Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:23:56.939Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:23:56.939Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |   21.678717ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:23:56.958Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Received error: PollNetMap: EOF
    2021-07-17T15:23:56.964Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: backoff: 58 msec
    2021-07-17T15:23:56.968Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: home is now derp-8 (lhr)
    2021-07-17T15:23:56.972Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: endpoints changed: 51.75.32.29:22502 (stun)
    2021-07-17T15:23:56.976Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: client.newEndpoints(0, [51.75.32.29:22502])
    2021-07-17T15:23:56.981Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: adding connection to derp-8 for home-keep-alive
    2021-07-17T15:23:56.984Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: 1 active derp conns: derp-8=cr0s,wr0s
    2021-07-17T15:23:56.988Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
    2021-07-17T15:23:56.990Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false udp=true derp=#8 portmap= link=""}
    2021-07-17T15:23:56.992Z headscale tailscaled[2483]: 2021/07/17 17:23:56 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:23:56.995Z headscale tailscaled[2483]: 2021/07/17 17:23:56 derphttp.Client.Connect: connecting to derp-8 (lhr)
    2021-07-17T15:23:57.037Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] ReadOnly=false   OmitPeers=false    Stream=true
    2021-07-17T15:23:57.043Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Client is ready to access the tailnet
    2021-07-17T15:23:57.043Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Sending initial map
    2021-07-17T15:23:57.043Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Notifying peers
    2021-07-17T15:23:57.049Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Peer innernet-test does not appear to be polling
    2021-07-17T15:23:57.050Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Sending data (1833 bytes)
    2021-07-17T15:23:57.066Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Sending keepalive
    2021-07-17T15:23:57.080Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:23:57.109Z headscale tailscaled[2483]: 2021/07/17 17:23:57 magicsock: home is now derp-4 (fra)
    2021-07-17T15:23:57.111Z headscale tailscaled[2483]: 2021/07/17 17:23:57 control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false udp=true derp=#4 portmap= link=""}
    2021-07-17T15:23:57.115Z headscale tailscaled[2483]: 2021/07/17 17:23:57 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:23:57.120Z headscale tailscaled[2483]: 2021/07/17 17:23:57 magicsock: 2 active derp conns: derp-4=cr0s,wr0s derp-8=cr143ms,wr143ms
    2021-07-17T15:23:57.122Z headscale tailscaled[2483]: 2021/07/17 17:23:57 derphttp.Client.Recv: connecting to derp-4 (fra)
    2021-07-17T15:23:57.150Z headscale tailscaled[2483]: 2021/07/17 17:23:57 magicsock: derp-8 connected; connGen=1
    2021-07-17T15:23:57.206Z headscale tailscaled[2483]: 2021/07/17 17:23:57 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:23:57.209Z headscale tailscaled[2483]: 2021/07/17 17:23:57 health("overall"): ok
    2021-07-17T15:24:06.314Z headscale tailscaled[2483]: 2021/07/17 17:24:06 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=TODO ifs={tun0:[100.99.59.105/32] vio0:[51.75.32.29/32]} v4=true v6=false}
    2021-07-17T15:24:06.331Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: closing connection to derp-8 (rebind), age 9s
    2021-07-17T15:24:06.343Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: closing connection to derp-4 (rebind), age 9s
    2021-07-17T15:24:06.343Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: 0 active derp conns
    2021-07-17T15:24:06.354Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:24:06.355Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:24:06.356Z headscale tailscaled[2483]: 2021/07/17 17:24:06 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:06.356Z headscale tailscaled[2483]: 2021/07/17 17:24:06 health("overall"): error: not connected to home DERP region 4
    2021-07-17T15:24:06.356Z headscale tailscaled[2483]: 2021/07/17 17:24:06 derphttp.Client.Recv: connecting to derp-4 (fra)
    2021-07-17T15:24:06.428Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:24:06.430Z headscale tailscaled[2483]: 2021/07/17 17:24:06 health("overall"): ok
    2021-07-17T15:24:06.573Z headscale tailscaled[2483]: 2021/07/17 17:24:06 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:14.579Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |        66.5\M-B\M-5s |     51.75.32.28 | GET      "/key"
    2021-07-17T15:24:14.596Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] Client is registered and we have the current NodeKey. All clear to /map
    2021-07-17T15:24:14.601Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |   10.785271ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317"
    2021-07-17T15:24:14.629Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:24:14.635Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:24:14.635Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |   17.089359ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:24:14.859Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:24:14.863Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:24:14.863Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |   19.440787ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:24:14.886Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:24:14.889Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:24:14.889Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |    11.74931ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:24:14.964Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:24:14.968Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:24:14.968Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |   15.699249ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:24:15.085Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:24:15.091Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:24:15.091Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:15 | 200 |   15.791005ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:24:15.117Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] ReadOnly=false   OmitPeers=false    Stream=true
    2021-07-17T15:24:15.122Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Client is ready to access the tailnet
    2021-07-17T15:24:15.122Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Sending initial map
    2021-07-17T15:24:15.122Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Notifying peers
    2021-07-17T15:24:15.125Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Notifying peer headscale (100.99.59.105/32)
    2021-07-17T15:24:15.130Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Sending data (1835 bytes)
    2021-07-17T15:24:15.138Z headscale headscale[61967]: 2021/07/17 17:24:15 [headscale] Received a request for update
    2021-07-17T15:24:15.148Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Sending keepalive
    2021-07-17T15:24:15.159Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:24:34.511Z headscale tailscaled[2483]: 2021/07/17 17:24:34 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:24:34.519Z headscale tailscaled[2483]: 2021/07/17 17:24:34 wgengine: idle peer d:95f0a6e02bfcbb80 now active, reconfiguring wireguard
    2021-07-17T15:24:34.519Z headscale tailscaled[2483]: 2021/07/17 17:24:34 wgengine: Reconfig: configuring userspace wireguard config (with 1/1 peers)
    2021-07-17T15:24:34.519Z headscale tailscaled[2483]: 2021/07/17 17:24:34 magicsock: ParseEndpoint: key=[QzY2R]: disco=d:95f0a6e02bfcbb80 ipps=
    2021-07-17T15:24:34.536Z headscale tailscaled[2483]: 2021/07/17 17:24:34 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:24:34.541Z headscale tailscaled[2483]: 2021/07/17 17:24:34 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:34.654Z headscale tailscaled[2483]: 2021/07/17 17:24:34 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:24:39.532Z headscale tailscaled[2483]: 2021/07/17 17:24:39 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:24:44.535Z headscale tailscaled[2483]: 2021/07/17 17:24:44 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:24:49.547Z headscale tailscaled[2483]: 2021/07/17 17:24:49 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:24:54.556Z headscale tailscaled[2483]: 2021/07/17 17:24:54 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:24:56.339Z headscale tailscaled[2483]: 2021/07/17 17:24:56 health("overall"): error: not in map poll
    2021-07-17T15:24:57.081Z headscale headscale[61967]: 2021/07/17 17:24:57 [headscale] Sending keepalive
    2021-07-17T15:24:57.085Z headscale headscale[61967]: 2021/07/17 17:24:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:24:59.565Z headscale tailscaled[2483]: 2021/07/17 17:24:59 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:25:04.577Z headscale tailscaled[2483]: 2021/07/17 17:25:04 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:25:05.353Z headscale tailscaled[2483]: 2021/07/17 17:25:05 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:25:05.360Z headscale tailscaled[2483]: 2021/07/17 17:25:05 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:25:05.473Z headscale tailscaled[2483]: 2021/07/17 17:25:05 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:25:09.604Z headscale tailscaled[2483]: 2021/07/17 17:25:09 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:25:14.623Z headscale tailscaled[2483]: 2021/07/17 17:25:14 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:25:15.166Z headscale headscale[61967]: 2021/07/17 17:25:15 [innernet-test] Sending keepalive
    2021-07-17T15:25:15.173Z headscale headscale[61967]: 2021/07/17 17:25:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:25:19.635Z headscale tailscaled[2483]: 2021/07/17 17:25:19 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:25:35.983Z headscale tailscaled[2483]: 2021/07/17 17:25:35 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:25:35.988Z headscale tailscaled[2483]: 2021/07/17 17:25:35 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:25:36.095Z headscale tailscaled[2483]: 2021/07/17 17:25:36 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:25:57.091Z headscale headscale[61967]: 2021/07/17 17:25:57 [headscale] Sending keepalive
    2021-07-17T15:25:57.095Z headscale headscale[61967]: 2021/07/17 17:25:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:26:06.584Z headscale tailscaled[2483]: 2021/07/17 17:26:06 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:26:06.589Z headscale tailscaled[2483]: 2021/07/17 17:26:06 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:26:06.696Z headscale tailscaled[2483]: 2021/07/17 17:26:06 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:26:15.186Z headscale headscale[61967]: 2021/07/17 17:26:15 [innernet-test] Sending keepalive
    2021-07-17T15:26:15.192Z headscale headscale[61967]: 2021/07/17 17:26:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:26:35.170Z headscale tailscaled[2483]: 2021/07/17 17:26:35 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:26:35.179Z headscale tailscaled[2483]: 2021/07/17 17:26:35 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:26:35.280Z headscale tailscaled[2483]: 2021/07/17 17:26:35 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:26:57.101Z headscale headscale[61967]: 2021/07/17 17:26:57 [headscale] Sending keepalive
    2021-07-17T15:26:57.104Z headscale headscale[61967]: 2021/07/17 17:26:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:27:07.302Z headscale tailscaled[2483]: 2021/07/17 17:27:07 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:27:07.306Z headscale tailscaled[2483]: 2021/07/17 17:27:07 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:27:07.412Z headscale tailscaled[2483]: 2021/07/17 17:27:07 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:27:15.206Z headscale headscale[61967]: 2021/07/17 17:27:15 [innernet-test] Sending keepalive
    2021-07-17T15:27:15.211Z headscale headscale[61967]: 2021/07/17 17:27:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:27:38.782Z headscale tailscaled[2483]: 2021/07/17 17:27:38 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:27:38.786Z headscale tailscaled[2483]: 2021/07/17 17:27:38 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:27:38.893Z headscale tailscaled[2483]: 2021/07/17 17:27:38 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:27:57.121Z headscale headscale[61967]: 2021/07/17 17:27:57 [headscale] Sending keepalive
    2021-07-17T15:27:57.123Z headscale headscale[61967]: 2021/07/17 17:27:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:28:09.582Z headscale tailscaled[2483]: 2021/07/17 17:28:09 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:28:09.587Z headscale tailscaled[2483]: 2021/07/17 17:28:09 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:28:09.693Z headscale tailscaled[2483]: 2021/07/17 17:28:09 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:28:15.226Z headscale headscale[61967]: 2021/07/17 17:28:15 [innernet-test] Sending keepalive
    2021-07-17T15:28:15.231Z headscale headscale[61967]: 2021/07/17 17:28:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:28:37.820Z headscale tailscaled[2483]: 2021/07/17 17:28:37 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:28:37.829Z headscale tailscaled[2483]: 2021/07/17 17:28:37 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:28:37.932Z headscale tailscaled[2483]: 2021/07/17 17:28:37 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:28:57.131Z headscale headscale[61967]: 2021/07/17 17:28:57 [headscale] Sending keepalive
    2021-07-17T15:28:57.133Z headscale headscale[61967]: 2021/07/17 17:28:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:29:05.593Z headscale tailscaled[2483]: 2021/07/17 17:29:05 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:29:05.598Z headscale tailscaled[2483]: 2021/07/17 17:29:05 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:29:05.892Z headscale tailscaled[2483]: 2021/07/17 17:29:05 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:29:05.895Z headscale tailscaled[2483]: 2021/07/17 17:29:05 control: NetInfo: NetInfo{varies=false hairpin=true ipv6=false udp=true derp=#4 portmap= link=""}
    2021-07-17T15:29:15.249Z headscale headscale[61967]: 2021/07/17 17:29:15 [innernet-test] Sending keepalive
    2021-07-17T15:29:15.256Z headscale headscale[61967]: 2021/07/17 17:29:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:29:36.412Z headscale tailscaled[2483]: 2021/07/17 17:29:36 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:29:36.416Z headscale tailscaled[2483]: 2021/07/17 17:29:36 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:29:36.523Z headscale tailscaled[2483]: 2021/07/17 17:29:36 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:29:57.141Z headscale headscale[61967]: 2021/07/17 17:29:57 [headscale] Sending keepalive
    2021-07-17T15:29:57.144Z headscale headscale[61967]: 2021/07/17 17:29:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:30:07.232Z headscale tailscaled[2483]: 2021/07/17 17:30:07 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:30:07.235Z headscale tailscaled[2483]: 2021/07/17 17:30:07 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:30:07.347Z headscale tailscaled[2483]: 2021/07/17 17:30:07 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:30:15.265Z headscale headscale[61967]: 2021/07/17 17:30:15 [innernet-test] Sending keepalive
    2021-07-17T15:30:15.270Z headscale headscale[61967]: 2021/07/17 17:30:15 [innernet-test] Sending data (75 bytes)
    

    innernet-test

    tailscaled
    2021-07-17T15:24:14.050Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 logtail started
    2021-07-17T15:24:14.072Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Program starting: vdate.20210603, Go 1.16.6: []string{"/usr/local/bin/tailscaled"}
    2021-07-17T15:24:14.074Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 LogID: ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618
    2021-07-17T15:24:14.077Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 logpolicy: using system state directory "/var/db/tailscale"
    2021-07-17T15:24:14.082Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 wgengine.NewUserspaceEngine(tun "tun") ...
    2021-07-17T15:24:14.087Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 dns: using dns.directManager
    2021-07-17T15:24:14.089Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 link state: interfaces.State{defaultRoute=TODO ifs={vio0:[192.168.135.48/24]} v4=true v6=false}
    2021-07-17T15:24:14.094Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Creating wireguard device...
    2021-07-17T15:24:14.101Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Bringing wireguard device up...
    2021-07-17T15:24:14.104Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Bringing router up...
    2021-07-17T15:24:14.132Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 external route: up
    2021-07-17T15:24:14.136Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Clearing router settings...
    2021-07-17T15:24:14.138Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Starting link monitor...
    2021-07-17T15:24:14.141Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Starting magicsock...
    2021-07-17T15:24:14.143Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Engine created.
    2021-07-17T15:24:14.152Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Listening on /var/run/tailscale/tailscaled.sock
    2021-07-17T15:24:14.181Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 netmap packet filter: (not ready yet)
    2021-07-17T15:24:14.183Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Start
    2021-07-17T15:24:14.185Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 using backend prefs
    2021-07-17T15:24:14.186Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 backend prefs for "_daemon": Prefs{ra=false dns=true want=true url="https://headscale.viq.vc" Persist{lm=, o=, n=[QzY2R] u=""}}
    2021-07-17T15:24:14.186Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 got initial portlist info in 0s
    2021-07-17T15:24:14.189Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 magicsock: disco key = d:4ee08d2740640e2e
    2021-07-17T15:24:14.190Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618","OS":"openbsd","Hostname":"innernet-test","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:24:14.190Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Backend: logs: be:ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618 fe:
    2021-07-17T15:24:14.191Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: client.Login(false, 0)
    2021-07-17T15:24:14.191Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: authRoutine: state:new; wantLoggedIn=true
    2021-07-17T15:24:14.199Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: direct.TryLogin(token=false, flags=0)
    2021-07-17T15:24:14.200Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: doLogin(regen=false, hasUrl=false)
    2021-07-17T15:24:14.200Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: state:authenticating
    2021-07-17T15:24:14.445Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 logtail: dialed "log.tailscale.io:443" in 371ms
    2021-07-17T15:24:14.587Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: RegisterReq: onode=[AAAAA] node=[QzY2R] fup=false
    2021-07-17T15:24:14.608Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
    2021-07-17T15:24:14.608Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: No AuthURL
    2021-07-17T15:24:14.609Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:24:14.609Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:24:14.613Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: new map needed while idle.
    2021-07-17T15:24:14.613Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: state:authenticated
    2021-07-17T15:24:14.653Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 active login: viqWORKS
    2021-07-17T15:24:14.664Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 netmap packet filter: [[TCP UDP ICMPv4 ICMPv6][0.0.0.0/0,::/0]=>[0.0.0.0/0:*,::/0:*]]
    2021-07-17T15:24:14.675Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Switching ipn state NoState -> Starting (WantRunning=true, nm=true)
    2021-07-17T15:24:14.675Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 magicsock: SetPrivateKey called (init)
    2021-07-17T15:24:14.675Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 wgengine: Reconfig: configuring userspace wireguard config (with 0/1 peers)
    2021-07-17T15:24:14.675Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 wgengine: Reconfig: configuring router
    2021-07-17T15:24:14.719Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 health("overall"): error: state=Starting, wantRunning=true
    2021-07-17T15:24:14.739Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:14.803Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 wgengine: Reconfig: configuring DNS
    2021-07-17T15:24:14.803Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]]}
    2021-07-17T15:24:14.807Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 dns: Resolvercfg: {Routes:map[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]] LocalDomains:[]}
    2021-07-17T15:24:14.810Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:24:14.810Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 peerapi: serving on http://100.87.15.215:47775
    2021-07-17T15:24:14.814Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Received error: PollNetMap: EOF
    2021-07-17T15:24:14.816Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: backoff: 14 msec
    2021-07-17T15:24:14.820Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618","OS":"openbsd","Hostname":"innernet-test","GoArch":"amd64","Services":[{"Proto":"peerapi4","Port":47775}]}
    2021-07-17T15:24:14.839Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: state:authenticated
    2021-07-17T15:24:14.872Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: state:authenticated
    2021-07-17T15:24:14.899Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Received error: PollNetMap: EOF
    2021-07-17T15:24:14.901Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: backoff: 34 msec
    2021-07-17T15:24:14.944Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: state:authenticated
    2021-07-17T15:24:14.945Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 [RATELIMIT] format("control: mapRoutine: %s")
    2021-07-17T15:24:14.979Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Received error: PollNetMap: EOF
    2021-07-17T15:24:14.979Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: backoff: 82 msec
    2021-07-17T15:24:15.080Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: home is now derp-4 (fra)
    2021-07-17T15:24:15.081Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: endpoints changed: 51.75.32.28:57997 (stun), 192.168.135.48:22735 (local)
    2021-07-17T15:24:15.082Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 control: client.newEndpoints(0, [51.75.32.28:57997 192.168.135.48:22735])
    2021-07-17T15:24:15.084Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:24:15.084Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:24:15.092Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
    2021-07-17T15:24:15.093Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 control: NetInfo: NetInfo{varies=true hairpin=false ipv6=false udp=true derp=#4 portmap= link=""}
    2021-07-17T15:24:15.102Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:15.102Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 derphttp.Client.Connect: connecting to derp-4 (fra)
    2021-07-17T15:24:15.165Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:24:15.165Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 health("overall"): ok
    2021-07-17T15:24:15.211Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: endpoints changed: 51.75.32.28:61715 (stun), 192.168.135.48:22735 (local)
    2021-07-17T15:24:15.211Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 control: client.newEndpoints(0, [51.75.32.28:61715 192.168.135.48:22735])
    2021-07-17T15:24:24.163Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=TODO ifs={tun0:[100.87.15.215/32] vio0:[192.168.135.48/24]} v4=true v6=false}
    2021-07-17T15:24:24.164Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 magicsock: closing connection to derp-4 (rebind), age 9s
    2021-07-17T15:24:24.164Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 magicsock: 0 active derp conns
    2021-07-17T15:24:24.171Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:24:24.171Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:24:24.172Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:24.172Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 health("overall"): error: not connected to home DERP region 4
    2021-07-17T15:24:24.173Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 derphttp.Client.Recv: connecting to derp-4 (fra)
    2021-07-17T15:24:24.258Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:24:24.258Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 health("overall"): ok
    2021-07-17T15:24:24.423Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:34.561Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 health("overall"): error: not in map poll
    2021-07-17T15:24:34.561Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 wgengine: idle peer d:d52bb11973f8889b now active, reconfiguring wireguard
    2021-07-17T15:24:34.563Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 wgengine: Reconfig: configuring userspace wireguard config (with 1/1 peers)
    2021-07-17T15:24:34.574Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 magicsock: ParseEndpoint: key=[WwgZK]: disco=d:d52bb11973f8889b ipps=
    2021-07-17T15:24:34.585Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 magicsock: adding connection to derp-8 for [WwgZK]
    2021-07-17T15:24:34.592Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 magicsock: 2 active derp conns: derp-4=cr10s,wr10s derp-8=cr0s,wr0s
    2021-07-17T15:24:34.596Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 magicsock: DERP packet received from idle peer [WwgZK]; created=true
    2021-07-17T15:24:34.600Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 derphttp.Client.Recv: connecting to derp-8 (lhr)
    2021-07-17T15:24:34.722Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 magicsock: derp-8 connected; connGen=1
    2021-07-17T15:24:55.224Z innernet-test tailscaled[56712]: 2021/07/17 17:24:55 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:24:55.226Z innernet-test tailscaled[56712]: 2021/07/17 17:24:55 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:55.336Z innernet-test tailscaled[56712]: 2021/07/17 17:24:55 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:25:25.673Z innernet-test tailscaled[56712]: 2021/07/17 17:25:25 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:25:25.675Z innernet-test tailscaled[56712]: 2021/07/17 17:25:25 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:25:25.784Z innernet-test tailscaled[56712]: 2021/07/17 17:25:25 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:25:56.512Z innernet-test tailscaled[56712]: 2021/07/17 17:25:56 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:25:56.514Z innernet-test tailscaled[56712]: 2021/07/17 17:25:56 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:25:56.624Z innernet-test tailscaled[56712]: 2021/07/17 17:25:56 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:26:29.231Z innernet-test tailscaled[56712]: 2021/07/17 17:26:29 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:26:29.237Z innernet-test tailscaled[56712]: 2021/07/17 17:26:29 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:26:29.342Z innernet-test tailscaled[56712]: 2021/07/17 17:26:29 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:26:46.745Z innernet-test tailscaled[56712]: 2021/07/17 17:26:46 [WwgZK] - Failed to create response message: handshake initiation must be consumed first
    2021-07-17T15:26:57.093Z innernet-test tailscaled[56712]: 2021/07/17 17:26:57 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:26:57.097Z innernet-test tailscaled[56712]: 2021/07/17 17:26:57 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:26:57.209Z innernet-test tailscaled[56712]: 2021/07/17 17:26:57 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:27:28.405Z innernet-test tailscaled[56712]: 2021/07/17 17:27:28 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:27:28.407Z innernet-test tailscaled[56712]: 2021/07/17 17:27:28 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:27:28.517Z innernet-test tailscaled[56712]: 2021/07/17 17:27:28 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:27:59.395Z innernet-test tailscaled[56712]: 2021/07/17 17:27:59 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:27:59.397Z innernet-test tailscaled[56712]: 2021/07/17 17:27:59 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:27:59.506Z innernet-test tailscaled[56712]: 2021/07/17 17:27:59 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:28:01.999Z innernet-test tailscaled[56712]: 2021/07/17 17:28:01 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:07.023Z innernet-test tailscaled[56712]: 2021/07/17 17:28:07 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:12.031Z innernet-test tailscaled[56712]: 2021/07/17 17:28:12 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:17.042Z innernet-test tailscaled[56712]: 2021/07/17 17:28:17 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:22.062Z innernet-test tailscaled[56712]: 2021/07/17 17:28:22 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:27.082Z innernet-test tailscaled[56712]: 2021/07/17 17:28:27 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:32.020Z innernet-test tailscaled[56712]: 2021/07/17 17:28:32 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:28:32.027Z innernet-test tailscaled[56712]: 2021/07/17 17:28:32 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:28:32.101Z innernet-test tailscaled[56712]: 2021/07/17 17:28:32 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:32.133Z innernet-test tailscaled[56712]: 2021/07/17 17:28:32 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:28:37.112Z innernet-test tailscaled[56712]: 2021/07/17 17:28:37 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:42.121Z innernet-test tailscaled[56712]: 2021/07/17 17:28:42 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:47.143Z innernet-test tailscaled[56712]: 2021/07/17 17:28:47 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:29:00.440Z innernet-test tailscaled[56712]: 2021/07/17 17:29:00 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:29:00.442Z innernet-test tailscaled[56712]: 2021/07/17 17:29:00 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:29:00.555Z innernet-test tailscaled[56712]: 2021/07/17 17:29:00 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:29:31.404Z innernet-test tailscaled[56712]: 2021/07/17 17:29:31 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:29:31.406Z innernet-test tailscaled[56712]: 2021/07/17 17:29:31 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:29:31.711Z innernet-test tailscaled[56712]: 2021/07/17 17:29:31 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:30:02.153Z innernet-test tailscaled[56712]: 2021/07/17 17:30:02 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:30:02.155Z innernet-test tailscaled[56712]: 2021/07/17 17:30:02 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:30:02.302Z innernet-test tailscaled[56712]: 2021/07/17 17:30:02 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:30:30.730Z innernet-test tailscaled[56712]: 2021/07/17 17:30:30 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:30:30.738Z innernet-test tailscaled[56712]: 2021/07/17 17:30:30 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:30:30.850Z innernet-test tailscaled[56712]: 2021/07/17 17:30:30 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:30:58.208Z innernet-test tailscaled[56712]: 2021/07/17 17:30:58 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:30:58.210Z innernet-test tailscaled[56712]: 2021/07/17 17:30:58 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:30:58.324Z innernet-test tailscaled[56712]: 2021/07/17 17:30:58 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    
    opened by viq 22
  • Mobile clients

    Mobile clients

    Tailscale has clients for linux, Windows, macOS, Android and iOS. Linux, Windows and macOS can be told to connect to a headscale server. I'm not aware of a way to do that on Android or iOS.

    Can the (open source) android client be compiled with another server or be patched to allow server selection? What about iOS?

    opened by ptman 21
  • Support for IPv6 prefixes in namespaces

    Support for IPv6 prefixes in namespaces

    I'm sending an MR to initiate a discussion about this initial implementation.

    I have found that specifying an IPv6 prefix for ip_prefix caused the Headscale server to crash, because getAvailableIP assumed an IPv4 address by calling As4().

    While I was at it, I also tidied up address generation a bit, because the comment within was inaccurate (a network/broadcast address is one where the host parts of the address are all zero/one bits, not ones that end with eights consecutive zero/one bits), and if I interpret the netaddr API reference correctly, IsZero() and IsLoopback() should never return true for the same address, so I assume the use of && probably had been a typo here.

    I also found that machine.go also assumed an IPv4 representation and sent /32 routes to nodes, which tailscaled refused to use, even though tailscale ping managed to resolve the correct destination node.

    These changes were enough to ICMPv6 ping working both against namespace addresses, as well as advertised IPv6 routes. As far as I can see, the changes did not break any of the established tests that use IPv4, but I have not yet added any IPv6 specific test coverage - If I read the code correctly, there is a single unit under test preconfigured with an IPv4 prefix, and I'm not sure about the optimal way to handle the situation.

    I have also separately tested with the default IPv4 prefix as well and things seem to still work that way. I'm not sure why yet, but I was only able to access IPv4 advertised routes when I also used an IPv4 prefix for the namespace, and only able to access IPv6 advertised routes with an IPv6 prefix configured for the namespace. Accessing IPv4 advertised routes from an IPv6 prefix or the other way around does not seem to work, and I have yet to perceive any error messages anywhere, so far I can only observe the lack of packets.

    opened by enoperm 20
  • Docker releases appear out of sync with the code releases?

    Docker releases appear out of sync with the code releases?

    Issue description

    The tags used for docker releases appear out of sync with the code releases?

    0.12 was released a month ago according to docker, and it is not clear how they relate to the code releases?

    Is there a docker release for 0.12.0-beta2, or I presume those other docker tags should be ignored?

    To Reproduce

    The docker releases I am referring to are these -> https://hub.docker.com/r/headscale/headscale/tags

    Thanks for any clarification 👍🏻

    bug 
    opened by mannp 19
  • Rework the CLI to use gRPC

    Rework the CLI to use gRPC

    First, apologise for the massive PR, I got a bit carried away. (A lot of the code is generated, and is a separate commit)

    This PR moves the rest of the user facing CLI (all commands but serve) to use gRPC to communicate with the server.

    This means that the PR has "three layers".

    1. It adds protobuf definitions and generate types and rpc based on this
    2. Then it implements the "service" interface provided by gRPC
    3. And then we move all the commands to use the new interface.
    4. Bonus layer: I have added integration tests for the CLI (execute command and read out result) for every command.

    In between these steps, there is a lot of code cleanup and streamlining of functions to better fit the new interface. I have also made an attempt on standardising and cleaning up where we had several different ways to get information.

    This means that we now have:

    • A CLI that communicates over rpc
      • which means we can run it from everywhere when we add authentication
    • A Web API generated from the same spec, supporting the same as gRPC (currently disabled, due to missing auth)
    • Integration tests for the CLI, should help us find direct and detect underlying issues changes can cause.

    What I still would like to tackle (before release): The cli takes quite inconsistent parameters: database id, machine key, name + namespace. I think we should discuss to standardise on one main approach.

    opened by kradalby 19
  • create namespace error : ephemeral_node_inactivity_timeout

    create namespace error : ephemeral_node_inactivity_timeout

    download headscale binary from latest release and try to create my first namespace , but headscale return some error messages like

    2021-12-07 09:58:25 [[email protected] Downloads]$ ./headscale_0.11.0_linux_amd64 namespaces create em
    An updated version of Headscale has been found (0.12.0-beta1 vs. your current v0.11.0). Check it out https://github.com/juanfont/headscale/releases
    2021/12/07 09:58:36 Error initializing: ephemeral_node_inactivity_timeout () is set too low, must be more than 1m5s
    

    any suggestions??

    opened by changchichung 16
  • Make /metrics listen on a different address

    Make /metrics listen on a different address

    • [x] read the CONTRIBUTING guidelines
    • [x] raised a GitHub issue or discussed it on the projects chat beforehand
    • [x] added unit tests
    • [x] added integration tests
    • [x] updated documentation if needed
    • [x] updated CHANGELOG.md

    Addresses #343

    opened by reynico 15
  • Improvements on the ACLs and bug fixing

    Improvements on the ACLs and bug fixing

    • [x] read the CONTRIBUTING guidelines
    • [x] raised a GitHub issue or discussed it on the projects chat beforehand
    • [x] added unit tests
    • [] added integration tests
    • [x] updated documentation if needed
    • [x] updated CHANGELOG.md

    This PR is a first implementation of what has been discussed on #311 It should be reviewed commit by commit since last commits are linting modifications and changes quite much some part of the code that I didn't touch.

    All subject discussed in PR #311 are not implemented here. I think all those modifications should be splitted in multiple PRs.

    If this PR is too big, some commits could be moved outside of this PR it's related but just fixes some bugs on the ACLs parsing behavior.

    opened by restanrm 12
  • Changing the log level doesn't appear to change the actual log level

    Changing the log level doesn't appear to change the actual log level

    Bug description

    Changing the log level doesn't appear to change the actual log level coming from headscale server.

    log_level: info or log_level: debug, the level of output remains the same

    To Reproduce

    Add or change the log level (line 158 in the example config) to log_level: info

    Context info

    • Version of headscale used: 0.15
    • Version of tailscale client: 1.22.0
    • OS (e.g. Linux, Mac, Cygwin, WSL, etc.) and version: NixOS Unstable
    • Kernel version: 5.16.12
    • The relevant config parameters you used: log_level: info
    • Log output
    2022-03-21T10:56:00Z DBG Sending update request func=scheduledPollWorker machine=nixos-m
    2022-03-21T10:56:00Z DBG There has been updates since the last successful update to nixos-m handler=PollNetMapStream last_state_change=1647860157 last_successful_update=1647860150 machine=nixos-m
    
    bug 
    opened by mannp 11
  • Implement TS2021 protocol in headscale

    Implement TS2021 protocol in headscale

    This PR adds full support for TS2021, the new control protocol of Tailscale. For reference, see https://github.com/juanfont/headscale/issues/526.

    T2021 prefers to run over http, to avoid double encryption. Currently, any port is supported for http. However, for https only tcp/443 works. https://github.com/tailscale/tailscale/pull/4323 is open in upstream to change that.

    opened by juanfont 0
  • Add ability to connect to PostgreSQL via unix socket

    Add ability to connect to PostgreSQL via unix socket

    This is related to #733

    • [x] read the CONTRIBUTING guidelines
    • [x] raised a GitHub issue or discussed it on the projects chat beforehand
    • [ ] added unit tests
    • [ ] added integration tests
    • [ ] updated documentation if needed
    • [x] updated CHANGELOG.md
    opened by vtrf 2
  • connect postgres through a unix socket

    connect postgres through a unix socket

    Feature request

    Ability to connect to postgresql through a unix socket.

    Right now we can't do this because of this piece of code hardcodes the port option on the connection string: https://github.com/juanfont/headscale/blob/09cd7ba304ec8a9cd683b9ab02ad39899d2128d2/app.go#L131-L134

    Resulting on this error:

    Error initializing error="cannot parse `host=/run/postgresql port=0 dbname=headscale user=headscale password=xxxxx sslmode=disable`: invalid port (outside range)"
    

    When using unix sockets we need at minimum this connection string: user=$USER dbname=$DBNAME host=$SOCKET

    enhancement 
    opened by vtrf 0
  • Api tls on and off function and single/multiple allowed access netmask or ip

    Api tls on and off function and single/multiple allowed access netmask or ip

    This is a controversial issue. It is requested to support the switch of TLS remote cli invocation, and to set the network segment that the api controller can access. The headscale front end is provided with certificate services by nginx, and the server of the internal isolated network calls the headscale server api. This control server is not connected to the external network, so request to add tls off and on switch.

    enhancement 
    opened by LOVEChen 0
  • Implement long poll for interactive login

    Implement long poll for interactive login

    When using interactive login (i.e., the web + CLI or OIDC) for client registration, clients expect the control server to enter in a long poll until the client gets registered. This is shown in the mock control server tailscale has for testing https://github.com/tailscale/tailscale/blob/v1.28.0/tstest/integration/testcontrol/testcontrol.go#L451

    If this long polling is not followed (or, as we are doing, an immediate response is given), the client will immediately retry... ad infinitum - hammering headscale with requests.

    This is what is happening in #603 and #706.

    The long-term solution is to implement some basic long poll here, that holds the request until the registration occurs (or the client closed the connection).

    enhancement 
    opened by juanfont 1
  • Support `disableIPv4` network policy option

    Support `disableIPv4` network policy option

    Feature request

    Support the disableIPv4 network policy option in Headscale which "prevents assigning IPv4 addresses to tailscale nodes".

    This is required to support nodes which have a local IPv4 underlay network that conflicts with Tailscale's hard-coded 100.64.0.0/10 IPv4 overlay network.

    References:

    • Tailscale KB: https://tailscale.com/kb/1018/acls/#network-policy-options
    • Tailscale Issue tracker: https://github.com/tailscale/tailscale/issues/1381
    enhancement 
    opened by cwegener 4
Releases(v0.16.2)
  • v0.16.2(Aug 14, 2022)

    Changelog

    • 8c13f64 Changed missing path
    • a7efc22 Fix expired node registration URL
    • 5b14caf Fixed another recurrence of MachineKey
    • 7fb2f83 Merge branch 'main' into fix-machinekey-oidc
    • 09cd7ba Merge pull request #725 from juanfont/switch-to-db-d
    • ee8f381 Merge pull request #735 from juanfont/fix-expired-url
    • c19e1a4 Merge pull request #736 from juanfont/update-contributors
    • e29ac8a Merge pull request #737 from juanfont/fix-machinekey-oidc
    • 90bb6ea Minor formatting changes
    • d56b409 docs(README): update contributors
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(382 bytes)
    headscale_0.16.2_darwin_amd64(25.05 MB)
    headscale_0.16.2_darwin_arm64(24.68 MB)
    headscale_0.16.2_linux_amd64(22.88 MB)
    headscale_0.16.2_linux_arm64(22.06 MB)
  • v0.16.1(Aug 12, 2022)

    Changelog

    • e1e3feb Add a sleep to reduce the impact of #727
    • e950b3b Add method to fetch by nodekey
    • d586b9d Added comment clarifying registration API
    • 77bf1e8 Added missing dot in comment
    • 9a01e3d Bump tailscale to 1.28.0
    • 091b05f Change build os
    • 030d726 Fixed comment for linting
    • fb3b2e6 Improve protocol implementation for client registration (fixes #706)
    • a611306 Improved logs in integration tests
    • 0a29492 Increase swap size in integration tests
    • 913a94d Merge branch 'main' into android-readme
    • d7e8db7 Merge branch 'main' into export-errors
    • aa2b927 Merge branch 'main' into export-errors
    • 0506e68 Merge branch 'main' into export-errors
    • abae078 Merge branch 'main' into feature/db-health-check
    • 2ab2b86 Merge branch 'main' into fix-duplicate-tags-returned-by-api
    • fc65ded Merge branch 'main' into oidc-refactoring
    • 8a9fe1d Merge branch 'main' into oidc-refactoring
    • 0f6f0c3 Merge branch 'main' into prepare-cl-0.17.0
    • 393aae0 Merge branch 'main' into switch-to-db-d
    • 8e56d8b Merge branch 'main' into switch-to-db-d
    • d9ab98e Merge branch 'main' into topic/speedup-build
    • 9826b51 Merge branch 'main' into topic/speedup-build
    • e93529e Merge branch 'main' into typofix
    • 4f725ba Merge branch 'main' into update-runc-dependencies
    • 2d83c70 Merge pull request #670 from iSchluff/feature/db-health-check
    • f9c4d57 Merge pull request #680 from ohdearaugustin/topic/speedup-build
    • 3a09189 Merge pull request #685 from GrigoriyMikhalkin/oidc-refactoring
    • b75a113 Merge pull request #688 from juanfont/prepare-cl-0.17.0
    • 32a8f06 Merge pull request #689 from restanrm/fix-duplicate-tags-returned-by-api
    • 9d584bb Merge pull request #692 from juanfont/update-runc-dependencies
    • ade4e23 Merge pull request #698 from GrigoriyMikhalkin/export-errors
    • abf478c Merge pull request #703 from nnsee/android-readme
    • 6c84459 Merge pull request #707 from restanrm/fix-bug-in-excludecorrectlytaggednodes
    • 0eb3b23 Merge pull request #708 from juanfont/revert-680-topic/speedup-build
    • b32f986 Merge pull request #710 from juanfont/cosmetic-changes-integration
    • 01e5be3 Merge pull request #711 from sophware/typofix
    • 2c9dbe1 Merge pull request #713 from juanfont/update-buf-lint
    • a03a995 Merge pull request #720 from juanfont/replace-ioutil
    • dbf0e20 Merge pull request #722 from juanfont/bump-versions-20220810
    • 73cd428 Merge pull request #729 from juanfont/fix-reuse-of-ns
    • 110b01b Merge remote-tracking branch 'origin/main' into fix-bug-in-excludecorrectlytaggednodes
    • 0bb205d Merge remote-tracking branch 'origin/main' into fix-bug-in-excludecorrectlytaggednodes
    • 1e7b57e Minor fix to linting issue introduced in #707
    • 693f59b Prepare changelog structure for 0.17.0
    • 21ae31e Reduce number of containers in integration tests (for testing)
    • e91c378 Replace machine key with node key in preparation for Noise in auth related stuff
    • 2d88704 Replaced legacy ioutil usage
    • 577eede Restore the number of containers
    • 54e381c Revert "Topic/speedup build"
    • b01d392 Run integrtation tests in different steps in Github Actions
    • 34d2611 Speedup docker container build
    • d548f5d Splitted integration tests in Makefile
    • 804d703 Switch to nodekey in urls
    • e7148b8 Temporarily disable unstable branch
    • f01a334 Update api.go
    • 739e11e Update api.go
    • a261e27 Update api.go
    • a9b9a29 Update changelog
    • 75af83b Update checksum for nix
    • b344524 Update runc dependencies to fix security notification
    • d6fa5c9 Update setup action for proto lint
    • f8958d4 Update xsync library (helps in #704)
    • 84f6609 Updated CHangelog and flake
    • 70807e4 Updated base dependencies
    • 2785588 Updated versions for taiscale
    • f898613 Use tags to split the integration tests
    • 10d566c add details on how to use the android app
    • 79688e6 chore(all): apply formater
    • 00d2a44 decompose OIDCCallback method
    • 911e6ba exported API errors
    • babf947 fix(acl): fix issue with groups in excludeCorretlyTaggedNodes
    • c90e862 fix(grpc): add more checks for tag validation
    • c46a34e fix(machine): remove duplicate in forcedTags
    • 6f4d5a5 fixed linting errors
    • cc1343d fixed typo in ErrCannotDecryptResponse name
    • c6aaa37 ping db in health check
    • a1e7e77 refactor OIDC callback aux functions
    • 2254ac2 typo fixed from advertised to advertise
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(382 bytes)
    headscale_0.16.1_darwin_amd64(25.05 MB)
    headscale_0.16.1_darwin_arm64(24.68 MB)
    headscale_0.16.1_linux_amd64(22.88 MB)
    headscale_0.16.1_linux_arm64(22.06 MB)
  • v0.16.0(Jul 25, 2022)

    BREAKING

    • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
    • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639
    • Fix nodes being shown as 'offline' in tailscale status #648
    • Improve shutdown behaviour #651
    • Drop Gin as web framework in Headscale 648 677
    • Make tailnet node updates check interval configurable #675
    • Fix regression with HTTP API #684
    • nodes ls now print both Hostname and Name(Issue #647 PR #687)
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(382 bytes)
    headscale_0.16.0_darwin_amd64(24.92 MB)
    headscale_0.16.0_darwin_arm64(24.54 MB)
    headscale_0.16.0_linux_amd64(22.76 MB)
    headscale_0.16.0_linux_arm64(21.93 MB)
  • v0.16.0-beta7(Jul 22, 2022)

    BREAKING

    • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
    • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639
    • Fix nodes being shown as 'offline' in tailscale status #648
    • Improve shutdown behaviour #651
    • Drop Gin as web framework in Headscale 648 677
    • Make tailnet node updates check interval configurable #675
    • Fix regression with HTTP API #684
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta7_darwin_amd64(24.92 MB)
    headscale_0.16.0-beta7_darwin_arm64(24.54 MB)
    headscale_0.16.0-beta7_linux_amd64(22.76 MB)
    headscale_0.16.0-beta7_linux_arm64(21.93 MB)
  • v0.16.0-beta6(Jul 12, 2022)

    Changelog

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
    • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639
    • Fix nodes being shown as 'offline' in tailscale status #648
    • Improve shutdown behaviour #651
    • Drop Gin as web framework in Headscale 648
    • Make tailnet node updates check interval configurable #675
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta6_darwin_amd64(26.94 MB)
    headscale_0.16.0-beta6_darwin_arm64(26.54 MB)
    headscale_0.16.0-beta6_linux_amd64(24.62 MB)
    headscale_0.16.0-beta6_linux_arm64(23.68 MB)
  • v0.16.0-beta5(Jun 26, 2022)

    CHANGELOG

    0.16.0 (2022-xx-xx)

    BREAKING

    • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
    • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639
    • Fix nodes being shown as 'offline' in tailscale status #648
    • Improve shutdown behaviour #651
    • Drop Gin as web framework in Headscale 648

    Changelog

    • b0b919e Added more logging to derp server
    • 082fbea Added mux dependency
    • 00885df Fix implicit memory aliasing in for loop (lint 8/n)
    • 5e9004c Fix issues in the poll loop
    • 8551b0d Fixed issue when in linting rampage
    • 73c16ff Fixed issue with the method used to send data
    • 116bef2 Fixed wrong copy paste in Header
    • 657fb20 Flush buffered data on polling
    • c02819a Ignore new dump file
    • 10cd87e Lint fixes 1/n
    • a913d1b Lint fixes 2/n
    • c859bea Lint fixes 3/n
    • 03ced0e Lint fixes 4/n
    • c810b24 Lint fixes 5/n
    • fa91ece Lint fixes 6/n
    • ffcc728 Lint fixes 7/n
    • 625e45b Merge branch 'abandon-gin' of https://github.com/juanfont/headscale into abandon-gin
    • 8e63b53 Merge branch 'abandon-gin' of https://github.com/juanfont/headscale into abandon-gin
    • 294975b Merge branch 'main' into abandon-gin
    • 050782a Merge branch 'main' into abandon-gin
    • bb4a958 Merge branch 'main' into abandon-gin
    • f2f4c3f Merge branch 'main' into fix-segfault-when-not-runner
    • 647972c Merge branch 'main' into fix-segfault-when-not-runner
    • 9707b1f Merge branch 'main' into fix/db-shutdown
    • 2215e17 Merge branch 'main' into fix/dns-name-panic
    • 0bd39b2 Merge branch 'main' into ignore-integtest-dump
    • bfa9ed8 Merge branch 'main' into show-nodes-online
    • d2d1f92 Merge pull request #641 from juanfont/update-contributors
    • 157db30 Merge pull request #642 from kradalby/ignore-integtest-dump
    • 8dda441 Merge pull request #643 from iSchluff/fix/dns-name-panic
    • e3f99d6 Merge pull request #646 from juanfont/update-contributors
    • 3ae3405 Merge pull request #648 from juanfont/show-nodes-online
    • d559e23 Merge pull request #651 from iSchluff/fix/db-shutdown
    • 6da4396 Merge pull request #654 from ChibangLW/main
    • 4a200c3 Merge pull request #656 from juanfont/abandon-gin
    • 7604c0f Merge pull request #658 from juanfont/fix-segfault-when-not-runner
    • 2464c92 Merge pull request #665 from juanfont/update-contributors
    • e611063 Migrate platform config out of Gin
    • dec5134 Minor status change
    • c8378e8 Quick fix to segfault on CLI when Headscale is not running (fix #652)
    • d5e331a Remove Gin from OIDC callback
    • 367da0f Remove Gin from simple endpoints for TS2019
    • 396c3ec Remove Gin from the OIDC handlers
    • dedeb4c Remove Gin from the Registration handler
    • 6c9c9a4 Remove gin from DERP server
    • 53e5c05 Remove gin from the poll handlers
    • 66fffd6 Send Online field of tailcfg.Node based on LastSeen
    • d89fb68 Switch to use gorilla's mux as muxer
    • 4637400 Update CHANGELOG.md
    • 0fa943e Update CHANGELOG.md
    • 72d1d26 Update cmd/headscale/cli/utils.go
    • 34f489b Update cmd/headscale/cli/utils.go
    • 51b8c65 Updated changelog
    • 1e4678c Updated changelog
    • 39b58f7 Use a signal to close the longpolls on shutdown
    • d404ba1 Use request context to close when client disconnects
    • 735440d add timeout for http shutdown, add db disconnect
    • d4a550b chore: add version to binary in containers
    • 89b7fa6 chore: fix lint
    • 8d94621 chore: use docker-meta version
    • 7ae3834 docs(README): update contributors
    • 28a3a5b docs(README): update contributors
    • 360488a docs(README): update contributors
    • 8f31ed5 fix occasional panic on registration
    • 8111b0a update changelog
    • 58c336e updated nix flake go.sum
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta5_darwin_amd64(26.94 MB)
    headscale_0.16.0-beta5_darwin_arm64(26.54 MB)
    headscale_0.16.0-beta5_linux_amd64(24.62 MB)
    headscale_0.16.0-beta5_linux_arm64(23.68 MB)
  • v0.16.0-beta4(Jun 12, 2022)

    0.16.0 (2022-xx-xx)

    BREAKING

    • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
    • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639

    Changelog

    • bfb58de Add 1.26 to tests
    • fd3a1c1 Add a default to ephemeral_node_inactivity_timeout
    • 76195bb Add warn if configuration could not be found
    • 95824ac MOve ephemeral inactivity config check to all the other config check
    • 7bd07e3 Merge branch 'main' into ephemeral-error-msg
    • f2a8bfe Merge branch 'main' into test-126
    • a058f17 Merge branch 'main' into test-126
    • cb88b16 Merge pull request #630 from kradalby/test-126
    • e0ef601 Merge pull request #636 from huskyii/fix_issue635
    • 6afd492 Merge pull request #638 from kradalby/update-nodes-derp
    • 8918156 Merge pull request #639 from kradalby/ephemeral-error-msg
    • 8650328 Remove debug output, it runs before we disable it
    • 8d58894 Tailscale 1.26 uses dnstype pointer
    • 257c025 Update build system
    • c95bce4 Update changelog
    • 50bdf9d Update vendor sha
    • 43fa7f9 Upgrade tailscale lib to 1.26
    • a050158 Use new update state logic for derp maps
    • 9c5d485 fix issue 635
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta4_darwin_amd64(26.84 MB)
    headscale_0.16.0-beta4_darwin_arm64(26.44 MB)
    headscale_0.16.0-beta4_linux_amd64(24.52 MB)
    headscale_0.16.0-beta4_linux_arm64(23.62 MB)
  • v0.16.0-beta3(Jun 11, 2022)

    0.16.0 (2022-xx-xx)

    BREAKING

    • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624

    Changelog

    • 2be16b5 1) fix typo 2) another hard coded version
    • 39f03b8 Added ACL test file
    • 19b9688 Added missing file
    • 7e6291c Change Set state change function to filter instead of single namespace
    • 8287ba2 Do not lint the protocol magic numbers
    • 8744eee ExecuteCommand set HEADSCALE_LOG_LEVEL to disabled
    • ab1aac9 Improve ACLs by adding protocol parsing support
    • cdf41bd Merge branch 'acl-syntax-fixes' of https://github.com/juanfont/headscale into acl-syntax-fixes
    • 06e22bf Merge branch 'juanfont:main' into doc_openbsd
    • 7cd0f5e Merge branch 'main' into acl-syntax-fixes
    • 80ad1db Merge branch 'main' into acl-syntax-fixes
    • de0e2bf Merge branch 'main' into doc_openbsd
    • fdefe46 Merge branch 'main' into enhance_cli_config
    • bcb04d3 Merge branch 'main' into enhance_cli_config
    • ab35baa Merge branch 'main' into feature/configure-randomize-port
    • 02cc6bc Merge branch 'main' into feature/configure-randomize-port
    • 3f7749c Merge branch 'main' into feature/configure-randomize-port
    • 586c541 Merge pull request #611 from huskyii/doc_openbsd
    • efca3da Merge pull request #612 from huskyii/enhance_cli_config
    • 54acee6 Merge pull request #615 from demiflat/fix_typo
    • 8fed47a Merge pull request #616 from juanfont/update-contributors
    • 883bb92 Merge pull request #618 from juanfont/acl-syntax-fixes
    • e918ea8 Merge pull request #619 from majst01/simplify-split
    • a4b4fc8 Merge pull request #624 from iSchluff/feature/configure-randomize-port
    • f93cf4b Merge pull request #628 from kradalby/acl-update-nodes
    • 06bbeea Merge pull request #632 from juanfont/update-contributors
    • 3e35300 Migrate ACLs syntax to new Tailscale format
    • 3d7be5b Minor rename
    • 9ff09b7 Update Changelog
    • 6faf2d6 Update integration dump tests
    • c47354b Update internal docs to the new syntax
    • 5bc1189 Update internal docs with protocol usage
    • 0c2648c Update the nodes after we have reloaded the ACL policy with sighup
    • 818d26b Updated changelog
    • 735a6aa Use const for IANA protcol numbers
    • 569f3ca Use constants in tests
    • 86ce0e0 Use strings.Cut to simplify logic
    • 34be108 add ability to set randomizeClientPort
    • 0c5a402 add changelog
    • ce13596 add integration test for headscale -c
    • 75a0155 add openbsd doc
    • 0363e58 cli.LoadConfig accepts config file now
    • e5f26f8 docs(README): update contributors
    • 17d4968 docs(README): update contributors
    • c8a14cc fix prettier
    • 1de29fd fix rcd link
    • a4e05d4 fix typo for GGO->CGO
    • 402a29e impl heascale -c to specify config file
    • 0b4b530 remove the hardcoded version(suggested by @kradalby)
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta3_darwin_amd64(26.65 MB)
    headscale_0.16.0-beta3_darwin_arm64(26.24 MB)
    headscale_0.16.0-beta3_linux_amd64(24.37 MB)
    headscale_0.16.0-beta3_linux_arm64(23.43 MB)
  • v0.16.0-beta2(Jun 5, 2022)

    Changelog

    • 24c9530 Add loglevel and disable update to config struct
    • af89180 Make get config load the config, use config in main method
    • 1b29673 Merge branch 'main' into config-rework
    • b0acbed Merge pull request #608 from kradalby/config-rework
    • c3db5ed Merge remote-tracking branch 'upstream/main' into config-rework
    • 35722cd Move FilePerm function from cli to headscale
    • aee8aa1 Move TLS config into its own struct
    • 1ea8bb7 Move all read config logic to config.go
    • 533ecee Move config struct to its own file
    • 90f6be0 Rename one char var
    • 78ed610 Switch config to pointer
    • 5514a86 Update headscale read config tests
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta2_darwin_amd64(26.63 MB)
    headscale_0.16.0-beta2_darwin_arm64(26.22 MB)
    headscale_0.16.0-beta2_linux_amd64(24.35 MB)
    headscale_0.16.0-beta2_linux_arm64(23.43 MB)
  • v0.16.0-beta1(Jun 4, 2022)

    0.16.0 (2022-xx-xx)

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601

    Changelog

    • 9901d6b Ability to clear nickname
    • 9d4822b Actually set up nix
    • 7f66d91 Add config test
    • 9254aff Add direnv and nix output to gitignore
    • 91e5cbd Add direnv flake support
    • c24de59 Add example commands for docker
    • 5de9de1 Add flake build file
    • 177c21b Add helper function to create a unique givenname
    • 9b393eb Add integration cli tests for rename command
    • f78deae Add new tailscale to integration tests
    • 70274d5 Add nix to runn on lint and integration
    • a6570d3 Add option to build docker image
    • 7cc58af Allow more configuration over the OIDC flow.
    • 62808cb Bubble error up to user for rename
    • caf79f6 Change nickname to givenname in proto
    • 3272feb Change publish interface
    • 59a1a85 Change to a go generics set implementation, no more casting :tada:
    • 52cc3bc Check all errors for db.Save
    • a09633e Check errors of more database calls
    • be2487f Clarified systemd friendly path
    • 63641a7 Correct pkgs call
    • ff5f31b Disable logtail for clients
    • 843e2bd Do not setLastStateChangeToNow every 5 seconds
    • 7e286c5 Docker docs enhancements
    • d68d7d5 Docs/ACLs: Add a network diagram to help explain ACLs
    • bff9036 Docs/ACLs: Add router examples with subnets
    • 8b08c2a Docs/ACLs: Namespaces are created automatically
    • b9f0fab Docs/ACLs: Wording, add intermediary router example
    • 2653c2f Drop arm32 (armhf) for linux and add Darwin arm64
    • 6e08241 Exit Headscale if ACL policy file cannot be parsed
    • 7ef8cd8 Fix comment
    • a19af04 Fix errors introduced by merge
    • 6dccfee Fix forced Tags with legitimate tagOwners
    • ac5ad42 Fix integration nix
    • 62d774b Fix key name about derp port
    • 52fd13b Fix labels cardinality error when registering unknown pre-auth key
    • df7d5fa Fix lint
    • 3e078f0 Fix logtail config function name
    • 73f1c06 Fix long line
    • 5ecfbba Fix pointer in machine save call
    • 8cee31d Fix prettier
    • f4873d9 Fix rename cli error
    • 4f3f054 Fix some issues in testing with new hostname handling
    • 98e98a8 Fix wrong metrics port in docs
    • 01d9a2f Fixed linting issues
    • 6b79679 Generate from proto
    • 5fa3016 Generate unique givennames for hosts joining (and debug added)
    • a992840 Give UpdateMachine a more meaningful name
    • 0b4f59b Improve signal handling
    • 24e4787 Make ACL policy part of the config struct
    • 5bfae22 Make config get function global
    • 802eb93 Make sure givenname is set for preauthkeys
    • bc1909f Merge branch 'feat-list-tags-of-machines' of github.com:restanrm/headscale into feat-list-tags-of-machines
    • 2edb542 Merge branch 'main' into acls-doc
    • 79fc74c Merge branch 'main' into acls-doc
    • 47bbb85 Merge branch 'main' into acls-doc
    • 699aa5c Merge branch 'main' into add-arm64-darwin-drop-32
    • a1837a4 Merge branch 'main' into db-error-handling
    • 6f6fb4d Merge branch 'main' into db-error-handling
    • 0676aa1 Merge branch 'main' into db-error-handling
    • 57c81e4 Merge branch 'main' into exit-if-acl-wrong
    • a28eebf Merge branch 'main' into feat-list-tags-of-machines
    • 3a90079 Merge branch 'main' into feat-list-tags-of-machines
    • c9efd5c Merge branch 'main' into feat-list-tags-of-machines
    • ea7bcff Merge branch 'main' into feat-list-tags-of-machines
    • d195847 Merge branch 'main' into fix-discord-invite
    • 8f6952a Merge branch 'main' into flake-build-env
    • cd9807a Merge branch 'main' into flake-build-env
    • 11ccae8 Merge branch 'main' into flake-build-env
    • 5c285af Merge branch 'main' into flake-build-env
    • 9a60eea Merge branch 'main' into flake-build-env
    • d43fec7 Merge branch 'main' into flake-build-env
    • c8aa653 Merge branch 'main' into main
    • 8845938 Merge branch 'main' into main
    • b028a7d Merge branch 'main' into main
    • 93682ab Merge branch 'main' into makefile-improvements
    • 3abdc87 Merge branch 'main' into makefile-improvements
    • 25c674e Merge branch 'main' into parse-duration-improv
    • 21268f7 Merge branch 'main' into patch-1
    • db930af Merge branch 'main' into patch-1
    • 886e95c Merge branch 'main' into patch-1
    • b60727b Merge branch 'main' into patch-1
    • 11da743 Merge branch 'main' into patch-2
    • 613dc61 Merge branch 'main' into remove-buf-installation
    • f7edea5 Merge branch 'main' into rename-fixess
    • d11279e Merge branch 'main' into rename-fixess
    • 9175aca Merge branch 'main' into rename-fixess
    • 7f7cd73 Merge branch 'main' into rename-fixess
    • 6eac504 Merge branch 'main' into rename-fixess
    • 679cf7c Merge branch 'main' into signals-reload-acl
    • f1db2d0 Merge branch 'main' into signals-reload-acl
    • dd3f24b Merge branch 'main' into suggest-english
    • ffa570e Merge branch 'main' into suggest-english
    • 57536b0 Merge branch 'main' into suggest-english
    • e631c6f Merge master
    • ef497ca Merge pull request #2 from juanfont/fix-rename-integration-tests
    • e80954b Merge pull request #482 from kradalby/flake-build-env
    • 546ddd2 Merge pull request #510 from reynico/acls-doc
    • 9a632c1 Merge pull request #518 from juanfont/update-contributors
    • b5aace6 Merge pull request #519 from hdhoang/pak-counter
    • 32522cb Merge pull request #521 from Niek/patch-1
    • 23be13b Merge pull request #528 from juanfont/update-contributors
    • 235a902 Merge pull request #531 from juanfont/suggest-english
    • c07dd3f Merge pull request #534 from nning/main
    • bc63c57 Merge pull request #537 from reynico/exit-if-acl-wrong
    • a14f50e Merge pull request #538 from artemklevtsov/patch-1
    • 5d67ed0 Merge pull request #540 from yangchuansheng/dev
    • a92f6ab Merge pull request #541 from juanfont/update-contributors
    • 367f848 Merge pull request #542 from mpldr/issue-342-send-on-closed-channel
    • 556ca5f Merge pull request #544 from mpldr/makefile-improvements
    • 6eeee8e Merge pull request #545 from mpldr/fix-discord-invite
    • f9e2ce2 Merge pull request #551 from mpldr/patch-1
    • 96ae78f Merge pull request #553 from kradalby/fix-discord-link
    • 2dfd8a9 Merge pull request #556 from juanfont/update-contributors
    • 970dea5 Merge pull request #557 from mpldr/remove-buf-installation
    • 747d64c Merge pull request #558 from restanrm/feat-list-tags-of-machines
    • 28efd92 Merge pull request #559 from kradalby/update-deps
    • be25bbc Merge pull request #560 from kradalby/rename-fixess
    • fd452d5 Merge pull request #565 from apognu/dev/oidc-custom-config
    • 96e2955 Merge pull request #566 from juanfont/fix-spurious-updates
    • 02a78e5 Merge pull request #568 from juanfont/reduce-containers-int-tests
    • ddb87af Merge pull request #569 from Kazauwa/362-add-move-command
    • 3fbfc5a Merge pull request #570 from juanfont/update-contributors
    • d6e1d10 Merge pull request #573 from deonthomasgy/patch-1
    • 91b95ff Merge pull request #574 from deonthomasgy/main
    • 41cd0d3 Merge pull request #576 from juanfont/update-contributors
    • 0d31ea0 Merge pull request #578 from samson4649/main
    • 0f532aa Merge pull request #590 from pvinis/patch-1
    • 914431b Merge pull request #591 from pvinis/patch-2
    • e596d82 Merge pull request #593 from juanfont/update-contributors
    • 583f6ee Merge pull request #594 from juanfont/update-contributors
    • 405de9e Merge pull request #595 from juanfont/update-contributors
    • 848727a Merge pull request #596 from kradalby/disable-logcatcher
    • 19b6405 Merge pull request #597 from kradalby/db-error-handling
    • d26e220 Merge pull request #598 from kradalby/parse-duration-improv
    • b472e5a Merge pull request #599 from kradalby/parse-duration-improv
    • 0797148 Merge pull request #601 from kradalby/signals-reload-acl
    • b1ba7ba Merge pull request #602 from iSchluff/fix/forced-tags-with-tagOwner
    • 7b7244d Merge pull request #607 from juanfont/update-contributors
    • 39f6fde Merge pull request #609 from kradalby/add-arm64-darwin-drop-32
    • adb55bc Merge pull request #610 from huskyii/fix_pie_build
    • a2fb5b2 Merge remote-tracking branch 'origin/main' into feat-list-tags-of-machines
    • 72c1eda Merge remote-tracking branch 'origin/main' into feat-list-tags-of-machines
    • 06c928b Migrate name and nickname fields
    • 36dca35 Move Abspath function to headscale utils
    • 8504d0d Move todo to correct file
    • 663e838 Nickname support
    • 466d03d Nixify integration test
    • 60ee046 Normalize nickname before saving to database
    • 4ffd3ea Override golangci-lint to use go 1.17
    • 5403f21 Reduce the number of containers in integration tests
    • 15f8cb5 Remove hacky go tool install
    • 0612927 Rename abspath function to describe what it does
    • 6e27680 Rename name -> hostname, nickname -> givenname
    • 4aae917 Require GivenName to be unique
    • db8db02 Resolve merge
    • e51e6f4 Resolve merge conflict
    • 9ebeb3d Retreive hostnames from headscale, now that they are random
    • dbc1d98 Revert golines
    • 03cccd6 Reword FQDN normalize errors to not only cover namespaces
    • 62f4c20 Run binary build with nix
    • 003c190 Run tests with nix
    • 0003e30 Suggest English as lingua franca
    • 2feed18 Support reloading ACLs with SIGHUP
    • 77ceeaf Test magic dns with the correct urls
    • 266aac9 Update CHANGELOG
    • 3d93cf9 Update changelog
    • 1486adb Update changelog
    • 6f32b80 Update changelog
    • c332437 Update changelog
    • 79704dc Update command with new fields
    • 580c72b Update discord link so it does not grant temp memberships
    • 7dae780 Update docs/running-headscale-container.md
    • 6d296a1 Update docs/running-headscale-container.md
    • 1e7d7e5 Update go sha for flake
    • fc502e1 Update golines and fix go mod checksum
    • 3a3fc0a Update headscale checksum
    • 124d8a3 Update readme with nix notes
    • 7bb87a7 Update vendor sha
    • cb0899b Update vendor shar
    • 03659c4 Updated changelog
    • b8e4aee Upgrade golines
    • 2dacf83 Upgrade tailscale dep
    • 4d2949b Upgrade tailscale dep
    • 6d41279 Upgrade to go 1.18
    • d860270 Use Prometheus duration parser (support days and weeks)
    • 6b1482d Use config object instead of viper for policy path
    • 14994cb Use new logic and fields for dns
    • 4a9d3be Use new names to resolve magic dns
    • 5316dd9 Use new nix stable (22.05)
    • a443255 Validate isOutdated against all namespaces
    • a0c465c Wire up setting to enable/disable logtail
    • bc055ed add command for moving node between namespaces
    • 41a8c14 add information on how to create a headscale user
    • e279224 add integrations tests
    • 47c72a4 add rpc method for moving node
    • 4e686f8 add unit test
    • 1b3a7bb apply styling fixes
    • b9ea83f check that new command does not break nodes list output
    • 98f54c9 chore: apply format and lint
    • 4435a4f chore: apply lint recommendations
    • 2c448d4 chore: apply linting
    • 4fcc5e2 chore: fmt for grpc file
    • 09836cd chore: update vendorSha after update of go.mod and go.sum
    • 17d6624 chore: fix lint
    • 6ba68d1 correctly update machine namespace
    • 9cdaa97 docs(README): update contributors
    • f7f722a docs(README): update contributors
    • 00535a2 docs(README): update contributors
    • 6c903d2 docs(README): update contributors
    • 31bdba7 docs(README): update contributors
    • c8ed1f0 docs(README): update contributors
    • 8758ee1 docs(README): update contributors
    • 5e44266 docs(README): update contributors
    • bec35b4 docs(README): update contributors
    • 571ce2b docs(README): update contributors
    • 9993f51 docs(README): update contributors
    • 6dd9e93 expanded arguments in useradd to be easier to understand for beginners
    • cd1d107 feat(acls): add support for forced tags
    • 9de9bc2 feat(cli): add tag subcommand to add and remove tags
    • 02f68eb feat: add forcedTags field and update proto
    • 852dc0f feat: add golangci-lint in nix develop
    • 31c0062 feat: add integration tests for tag support
    • db1528b feat: add invalid and valid tags to grpc response
    • 89a1a56 feat: add unit tests and fmt
    • 587bdc7 feat: add valid and invalid fields
    • 62cfd60 feat: add validation of tags
    • 209d003 feat: handle insert into database error
    • 63d9205 feat: improve nodes list with inputs from @deonthomasgy
    • 4651c44 feat: print tags in nodes list
    • fdbc965 feat: return error if validation is failed
    • 31debf7 feat: rewrite proto to only update tags of machine
    • ea9aaa6 feat: update functions to use set command
    • 25f1dcf feat: update generated files
    • cc9eeda feat: updating cli to match the set command
    • 3d8dc9d fix discord invite
    • a806694 fix gosum merge
    • 163e5c2 fix trace log message
    • 68417cc fix(go): add missing updated files
    • b2ae9b6 fix: Remove days from expiry option value examples
    • fec8cda fix: fix linting issue on my computer
    • 1158210 fix: flake.nex update sha256
    • dc8c20e fix: handle empty aclPolicy for integration tests
    • 16f9691 fix: ignore emptyPolicy errors for db insertion
    • c4e69fe fix: ignore exhaust linter
    • b511295 fix: integration tests result
    • b9fee36 fix: linting
    • 49ec994 fix: loop over result machines instead of startup machines
    • f53bb63 fix: move tag command to subcommand of nodes
    • 3d30244 fix: order error in the tests
    • 0445f40 fix: pin version of golangci-lint in GA
    • 02ae7a0 fix: pin version of golangci-lint to match dev config
    • ad4401a fix: remove debug code
    • 522e892 fix: remove unknown linters:
    • 9f08212 fix: remove version pinning for golangci-lint it does not work
    • 844ad15 fix: revert previous commit and add exclusion of linter
    • fcdc292 fix: update tag in db if acl is enabled
    • 8601dd1 fixed CGO disabling
    • 8be9e96 fixed issue #360
    • 22dd61d fixed the issue of sending on closed channel
    • ed46491 fixed typo
    • 835828f link fix
    • fa7ef3d make linter happy
    • c26280c modified code to satisfy golangci-lint and added integration test
    • 5fa9875 move populate to after when given_name exist
    • 6ed79b7 order Ip Address, IPv4 first, cleanup
    • b4f5ed6 order ip address output, IPv4 first
    • 8061abe refact: use generics for contains functions
    • 3023323 remove necessary buf installation
    • 12d8f0f remove redundant lines of code, fix response when output is not plain text
    • 7ce0bd0 removed leading whitespace
    • 1f43c39 replaced version-at-commit script with git-describe call
    • ecf5259 resolve merge conflict
    • c312f8b set up Makefile for reproducible builds
    • 06d8568 set version based on git rev
    • 2201ec8 some GOOS do not support pie build, detect in makefile and fall back to non-pie build
    • fff1011 typo
    • 62c780a update changelog
    • 86dfc91 update readme
    • a23035a update rest of deps
    • 9f03a01 updated changelog
    • 614c003 updated changelog
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta1_darwin_amd64(26.63 MB)
    headscale_0.16.0-beta1_darwin_arm64(26.22 MB)
    headscale_0.16.0-beta1_linux_amd64(24.35 MB)
    headscale_0.16.0-beta1_linux_arm64(23.43 MB)
  • v0.15.0(Mar 20, 2022)

    0.15.0 (2022-03-20)

    Note: Take a backup of your database before upgrading.

    BREAKING

    • Boundaries between Namespaces has been removed and all nodes can communicate by default #357
      • To limit access between nodes, use ACLs.
    • /metrics is now a configurable host:port endpoint: #344. You must update your config.yaml file to include:
      metrics_listen_addr: 127.0.0.1:9090
      

    Features

    • Add support for writing ACL files with YAML #359
    • Users can now use emails in ACL's groups #372
    • Add shorthand aliases for commands and subcommands #376
    • Add /windows endpoint for Windows configuration instructions + registry file download #392
    • Added embedded DERP (and STUN) server into Headscale #388

    Changes

    • Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession #346
    • Simplify the code behind registration of machines #366
      • Nodes are now only written to database if they are registrated successfully
    • Fix a limitation in the ACLs that prevented users to write rules with * as source #374
    • Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine #371
    • Apply normalization function to FQDN on hostnames when hosts registers and retrieve informations #363
    • Fix a bug that prevented the use of tailscale logout with OIDC #508
    • Added Tailscale repo HEAD and unstable releases channel to the integration tests targets #513

    Commits

    • 749c929 Add Tailscale unstable channel and repo HEAD to integration tests
    • 631cf58 Added date for 0.15.0 in changelog
    • a8a683d Added default values in Dockerfile.tailscale
    • db9ba17 Added missing file
    • a645565 Added missing package
    • 98ac88d Changed comment position
    • af6a47f Changelog updated
    • f42868f Docker requires lowercase for the container names
    • 0165b89 Fixed paths
    • b8aad54 Make STUN run by default when embedded DERP is enabled
    • 2e66872 Make STUN server mandatory if DERP embedded is enabled
    • d21e9d2 Merge branch 'main' into feat-add-debug-log
    • 739653f Merge branch 'main' into feat-add-debug-log
    • b65bd5b Merge branch 'main' into fix-machine-registration-expired
    • c29af96 Merge branch 'main' into main
    • 4068a7b Merge branch 'main' into main
    • cd2914a Merge branch 'main' into mandatory-stun
    • d13338a Merge branch 'main' into mandatory-stun
    • 94d9105 Merge branch 'main' into unstable-integration-tests
    • 53b62f3 Merge pull request #499 from juanfont/mandatory-stun
    • 68403cb Merge pull request #505 from y0ngb1n/fix-docs-metrics-endpoint
    • 1c9b1c0 Merge pull request #507 from juanfont/update-contributors
    • e85b971 Merge pull request #509 from kradalby/go118
    • 304109a Merge pull request #511 from restanrm/fix-machine-registration-expired
    • daae2fe Merge pull request #512 from restanrm/feat-add-debug-log
    • 8a2c0e8 Merge pull request #513 from juanfont/unstable-integration-tests
    • c850307 Merge pull request #514 from aofei/main
    • 150ae18 Merge pull request #517 from juanfont/changelog-prep-0.15
    • a1caa5b Minor improvements on logging
    • d5ce7d7 Prettier
    • 8f5875e Reorg errors
    • 4522865 Update CHANGELOG.md to include future 0.16.0
    • b781446 Upgrade to go 1.18
    • 882c0c3 chore(changelog): update changelog
    • ade9552 docs(README): update contributors
    • 2e04abf feat(oidc): add debug log
    • 61ebb71 fix(oidc): Reset expiry for reauthentication
    • 1eafe96 fix: possible panic in Headscale.scheduledDERPMapUpdateWorker
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(379 bytes)
    headscale_0.15.0_darwin_amd64(26.27 MB)
    headscale_0.15.0_linux_amd64(24.05 MB)
    headscale_0.15.0_linux_arm(22.87 MB)
    headscale_0.15.0_linux_arm64(23.18 MB)
  • v0.15.0-beta6(Mar 16, 2022)

  • v0.15.0-beta5(Mar 10, 2022)

    Changelog

    • 397b6fc Merge branch 'main' into docs-acl-modifications
    • dd219d0 Merge branch 'main' into docs-acl-modifications
    • 62d7fae Merge pull request #311 from restanrm/docs-acl-modifications
    • 0abfbdc Merge pull request #495 from appbricks/appbricks/main-bug-fix
    • 8b5e8b7 Refresh expired machine on re-auth - closes #489
    • c364c2a chore(acl-proposals): apply prettier
    • 86b329d chore(docs): create proposals directory
    • e540679 docs(acl-proposals): integrate comments
    • 85cf443 docs(acls): Issues with ACL and proposition
    • 0426212 docs(acls): add example use case
    • 55d746d docs(acls-proposal): wording comment
    • 7bdd774 fix(acl): add missing internal namespace communications
    • af081e9 fixed lint errors
    • 082a852 fixed linting recommendation
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.15.0-beta5_darwin_amd64(26.73 MB)
    headscale_0.15.0-beta5_linux_amd64(24.48 MB)
    headscale_0.15.0-beta5_linux_arm(21.75 MB)
    headscale_0.15.0-beta5_linux_arm64(23.93 MB)
  • v0.15.0-beta4(Mar 8, 2022)

    Changelog

    • 897d480 Add an embedded DERP server to Headscale
    • e9eb90f Added integration tests for the embedded DERP server
    • 9d43f58 Added missing deps
    • 05df8e9 Added missing file
    • 992efbd Added missing private TLS key
    • e1fcf0d Added more version
    • b803240 Added new line for prettier
    • cc0c88a Added small integration test for stun
    • 607c1eb Be consistent with uppercase DERP
    • b3fa66d Check for DERP in test
    • a27b386 Clarified expiration dates
    • df37d1a Do not offer the option to be DERP insecure
    • b742379 Do not use the term embedded
    • 09d78c7 Even more stuff moved to common
    • 6aeaff4 Fix checkboxes in PR template
    • e78c002 Fix minor issue
    • dc909ba Improved logging on startup
    • de2ea83 Linting here and there
    • eb06054 Make DERP Region configurable
    • eb50015 Make STUN server configurable
    • 580db9b Mention that STUN is UDP
    • bdbf620 Merge branch 'embedded-derp' of https://github.com/juanfont/headscale into embedded-derp
    • 15ed713 Merge branch 'embedded-derp' of https://github.com/juanfont/headscale into embedded-derp
    • b41d899 Merge branch 'embedded-derp' of https://github.com/juanfont/headscale into embedded-derp
    • 237f7f1 Merge branch 'main' into embedded-derp
    • 23cde84 Merge branch 'main' into embedded-derp
    • dd26cbd Merge branch 'main' into embedded-derp
    • e5d22b8 Merge branch 'main' into embedded-derp
    • dcf3ea5 Merge branch 'main' into fix-magic-dns-and-uppercase-letters
    • e54c508 Merge branch 'main' into main
    • e799307 Merge branch 'main' into windows-endpoint
    • 54c3e00 Merge local DERP server region with other configured DERP sources
    • 71a6269 Merge pull request #379 from juanfont/kradalby-patch-1
    • 75ca91b Merge pull request #380 from juanfont/update-contributors
    • b72a8aa Merge pull request #381 from juanfont/update-contributors
    • f2ea6fb Merge pull request #384 from restanrm/fix-issue-with-empty-namespace-and-acl-evaluation
    • b0ae324 Merge pull request #387 from restanrm/fix-magic-dns-and-uppercase-letters
    • 941e9d9 Merge pull request #388 from juanfont/embedded-derp
    • e3ff87b Merge pull request #389 from e-zk/main
    • 0720473 Merge pull request #392 from e-zk/windows-endpoint
    • 60655c5 Merge pull request #393 from juanfont/update-contributors
    • 435ee36 Merge pull request #394 from juanfont/renovateaction/dockerfiles
    • b85dd7a Merge pull request #484 from juanfont/prtemplate-fix
    • 48cec3c Merge pull request #486 from e-zk/main
    • 6087e1c Merge pull request #488 from juanfont/update-contributors
    • 22d2443 Move more stuff to common
    • 03452a8 Prettied
    • 88378c2 Rename the file to derp_server.go for coherence
    • 758b1ba Renamed configuration items of the DERP server
    • f9c0597 Second contributor attempt
    • b47de07 Update Dockerfile.tailscale
    • 05c5e22 Updated CHANGELOG and README
    • 70910c4 Working /bootstrap-dns DERP helper
    • 1114449 change: update name of method to check and normalize Domain name
    • 35efd8f chore(deps): update dependency docker.io/golang to v1.17.8
    • 2b68c90 chore: update changelog
    • c47fb1a docs(README): update contributors
    • e208ccc docs(README): update contributors
    • a70669f docs(README): update contributors
    • e301d0d docs(README): update contributors
    • 4a49528 feat(acls): add some logs and skip error
    • 6cc8bbc feat(api): add normalisation at machine register step
    • 12a50ac feat(windows): add /windows endpoint for Windows configuration
    • b342cf0 feat(windows): cleanup /apple endpoint
    • d69dada feat(windows): rename apple_mobileconfig.go => platform_config.go
    • 6f172a6 fix(acls): remove dead error code
    • 44a5372 fix(poll): Normalize hostname
    • 41efe98 fix: apply fmt and fix missing name changes
    • f19c048 fix: change normalization function name
    • c06689d fix: make register html/template consistent with other html
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.15.0-beta4_darwin_amd64(26.73 MB)
    headscale_0.15.0-beta4_linux_amd64(24.48 MB)
    headscale_0.15.0-beta4_linux_arm(21.75 MB)
    headscale_0.15.0-beta4_linux_arm64(23.93 MB)
  • v0.15.0-beta3(Mar 2, 2022)

    Changelog

    • dcc46af Changelog: add breaking change
    • e3bcc88 Linter: make linter happy
    • d55c79e Merge branch 'main' into metrics-listen
    • b615006 Merge branch 'main' into metrics-listen
    • 6126d6d Merge branch 'main' into metrics-listen
    • d27f2bc Merge branch 'main' into metrics-listen
    • aa3eb51 Merge pull request #344 from reynico/metrics-listen
    • 9a61725 Metrics: Disable toggle. Set default port to 9090
    • 45d5ab3 metrics/cfg: add a new entry for the Prometheus listen address
    • 14e4988 metrics/kustomize: update Kustomize examples
    • fbc1843 metrics/tests: update tests
    • d5fd7a5 metrics: add a new router and listener for Prometheus' metrics endpoint
    • 06e6c29 metrics: make metrics endpoint toggleable
    • a9122c3 prometheus: replace default port by a port between the recommended prometheus range
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.15.0-beta3_darwin_amd64(26.34 MB)
    headscale_0.15.0-beta3_linux_amd64(24.16 MB)
    headscale_0.15.0-beta3_linux_arm(21.50 MB)
    headscale_0.15.0-beta3_linux_arm64(23.68 MB)
  • v0.15.0-beta2(Mar 2, 2022)

    Changelog

    • 8a3a0b6 Add YAML support to ACLs
    • c159eb7 Add basic test of yaml parsing
    • 1f8c7f4 Add comment
    • e0b9a31 Add note to config example
    • 1caa6f5 Add todo for JSON datatype
    • 2b6a517 Allow upstream delete continue on failure
    • 82cb6b9 Cleanup some unreachable code
    • 5157f35 Fix apple profile issue being generated with escaped characters
    • ecc2643 Fix excessive replace
    • 35616eb Fix oidc error were namespace isnt created #365
    • fd1e4a1 Generalise registration for openid
    • acb9458 Generalise registration for pre auth keys
    • c58ce6f Generalise the registration method to DRY stuff up
    • 50053e6 Ignore complexity linter
    • 54cc3c0 Implement new machine register parameter
    • 7c99d96 Merge branch 'main' into feat/command-aliases
    • d34d617 Merge branch 'main' into registration-simplification
    • a9d4fa8 Merge branch 'main' into registration-simplification
    • e4d81bb Merge branch 'main' into registration-simplification
    • 9b10457 Merge branch 'main' into smarter-contribute-pipeline
    • 1246267 Merge branch 'main' into smarter-contribute-pipeline
    • 5730087 Merge branch 'main' into update-dependencies
    • 0551b34 Merge branch 'main' into update-dependencies
    • a0a56d4 Merge branch 'main' into use-specific-database-typess
    • 1058124 Merge branch 'main' into yaml-acls
    • 4c74043 Merge pull request #359 from kradalby/yaml-acls
    • eeded85 Merge pull request #366 from kradalby/registration-simplification
    • 4a9fd3a Merge pull request #368 from kradalby/apple-profile-fix
    • 94c5474 Merge pull request #369 from kradalby/update-dependencies
    • 9a8f605 Merge pull request #371 from kradalby/use-specific-database-typess
    • dec4ee5 Merge pull request #373 from restanrm/feat-email-in-acls
    • 0c0653d Merge pull request #375 from restanrm/fix-limitations-in-source-acls-rules
    • 63d8711 Merge pull request #376 from e-zk/feat/command-aliases
    • ccec534 Merge pull request #377 from juanfont/smarter-contribute-pipeline
    • ef422e6 Protect against expiry nil
    • 3790176 Reformat and add db backup note
    • e64bee7 Regenerate proto
    • 469551b Register new machines needing callback in memory
    • 16b21e8 Remove all references to Machine.Registered
    • a8649d8 Remove all references to Machine.Registered from tests
    • c80e364 Remove always nil error
    • 86ade72 Remove err check
    • 67d6c8f Remove oversensitive tracing output
    • c6b87de Remove poorly aged test
    • 5e92dda Remove redundant caches
    • e7bef56 Remove reference to registered in integration test
    • 5e1b129 Remove registered field from proto
    • 78251ce Remove registrated field
    • 8bef04d Remove sorted todo
    • 7c63412 Remove todo
    • 5b16901 Resolve merge conflict
    • 402a760 Reuse machine structure for parameters, named parameters
    • eea8e7b Update changelog
    • 0835bff Update changelog
    • d6f6939 Update changelog
    • caffbd8 Update cli registration with new method
    • 32ac690 Update contributors.yml
    • 1cb39d9 Update dependencies
    • ec4dc68 Use correct machinekey format for oidc reg
    • 6477e6a Use new machine types
    • 49cd761 Use new machine types in tests
    • 8a95fe5 Use specific types for all fields on machine (no datatypes.json)
    • a455a87 feat(acls): normalize the group name
    • aff6b84 feat(aliases): add 'gen' alias for 'generate' command
    • 052dbfe feat(aliases): add aliases for apikeys command
    • 5310f86 feat(aliases): add aliases for namespaces command
    • 21eee91 feat(aliases): add aliases for nodes command
    • 12b3b5f feat(aliases): add aliases for preauthkeys command
    • dbb2af0 feat(aliases): add aliases for route command
    • 361b4f7 fix(machine): allow to use * in ACL sources
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.15.0-beta2_darwin_amd64(26.33 MB)
    headscale_0.15.0-beta2_linux_amd64(24.15 MB)
    headscale_0.15.0-beta2_linux_arm(21.50 MB)
    headscale_0.15.0-beta2_linux_arm64(23.68 MB)
  • v0.15.0-beta1(Feb 25, 2022)

    Changelog

    • f7eeb97 Add timeout
    • fe2f75d Allow integration test to retry
    • 1e8f4db Drop shared node table
    • fb85c78 Fail integration tests fast
    • ebe59a5 Fix utils tests, use ipset datastructure
    • eda0a9f Lock allocation of IP address
    • 7e6e093 Merge branch 'integration-test-concurrent-join' of github.com:kradalby/headscale into integration-test-concurrent-join
    • 95453cb Merge branch 'main' into feat-oidc-login-as-namespace
    • aa50650 Merge branch 'main' into feat-oidc-login-as-namespace
    • 69f220f Merge branch 'main' into feat-oidc-login-as-namespace
    • 638a84a Merge branch 'main' into integration-test-concurrent-join
    • bae8ed3 Merge branch 'main' into make-namespace-to-users
    • 9c2c09f Merge branch 'main' into remove-shared
    • ec58979 Merge branch 'main' into remove-shared
    • 08c7076 Merge pull request #346 from kradalby/integration-test-concurrent-join
    • 3815986 Merge pull request #347 from kradalby/remove-shared
    • b1bd17f Merge pull request #350 from restanrm/feat-oidc-login-as-namespace
    • 8689a39 Merge pull request #357 from kradalby/make-namespace-to-users
    • b39faa1 Merge remote-tracking branch 'origin/main' into feat-oidc-login-as-namespace
    • 9ceac5c Remove CLI and tests for Shared node
    • e03b3d5 Remove boundries between namespaces
    • 4962335 Remove dependency on CGO
    • 6da2a19 Remove grpc share/unshare functions
    • 9d1752a Remove protobuf share/unshare
    • 9399754 Remove protobuf share/unshare generated go
    • 9687e67 Remove retry from integration tests
    • 9411ec4 Remove sharing class and tests
    • 4ca8181 Remove sharing from integration tests
    • 24a8e19 Remove sharing references across the code
    • 189e883 Resolve merge
    • 2fd36dd Resolve merge
    • 8dca405 Test if we can join headscale in parallell to speed up
    • d9e7f37 Uncomment previous test and update them for no boundries
    • f4c302f Uncomment tests that will failed in transition period
    • 47e8442 Update CHANGELOG.md
    • f9ce32f Update CHANGELOG.md
    • 2c70644 Update changelog
    • 6d699d3 Update changelog
    • 91b5055 Update readme and glossary to reflect features and goals
    • fe0b43e chore: update changelog
    • afd4a37 chore: update formating
    • 0461166 chore: update formatting
    • 45727db feat(namespace): add check function for namespace
    • 92ffac6 feat(namespace): add normalization function for namespace
    • 0191ea9 feat(oidc): bind email to namespace
    • 972bef1 feat: add length error if hostname too long
    • 4f1f235 feat: add strip_email_domain to normalization of namespace
    • 717250a feat: removing matchmap from headscale
    • 995731a fix(namespace): checknamespace name before actions
    • 7e4709c fix(namespace): remove name validation for destroy and get
    • cef0a2b fix(namespaces_test): fix missing namespace name
    • fcdbe7c fix(utils_test): fix namespace name
    • ae6a20e fix: add valid test identified by linter
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.15.0-beta1_darwin_amd64(26.14 MB)
    headscale_0.15.0-beta1_linux_amd64(23.96 MB)
    headscale_0.15.0-beta1_linux_arm(21.31 MB)
    headscale_0.15.0-beta1_linux_arm64(23.50 MB)
  • v0.14.0(Feb 24, 2022)

    UPCOMING BREAKING: From the next version (0.15.0), all machines will be able to communicate regardless of if they are in the same namespace. This means that the behaviour currently limited to ACLs will become default. From version 0.15.0, all limitation of communications must be done with ACLs.

    This is a part of aligning headscale's behaviour with Tailscale's upstream behaviour.

    BREAKING:

    • ACLs have been rewritten to align with the bevaviour Tailscale Control Panel provides. NOTE: This is only active if you use ACLs
      • Namespaces are now treated as Users
      • All machines can communicate with all machines by default
      • Tags should now work correctly and adding a host to Headscale should now reload the rules.
      • The documentation have a fictional example that should cover some use cases of the ACLs features

    Features:

    • Add support for configurable mTLS docs #297

    Changes:

    • Remove dependency on CGO (switch from CGO SQLite to pure Go) #346

    Changelog

    • daa75da Linting and updating tests
    • 9e619fc Making client authentication mode configurable
    • af25aa7 Merge branch 'configurable-mtls' of github.com:arch4ngel/headscale into configurable-mtls
    • 52db80a Merge branch 'configurable-mtls' of github.com:arch4ngel/headscale into configurable-mtls
    • 0609c97 Merge branch 'main' into configurable-mtls
    • afb67b6 Merge branch 'main' into configurable-mtls
    • 823cc49 Merge branch 'main' into configurable-mtls
    • 7bf2a91 Merge branch 'main' into configurable-mtls
    • 168b1bd Merge branch 'main' into configurable-mtls
    • 1b2fff4 Merge branch 'main' into configurable-mtls
    • f562ad5 Merge branch 'main' into configurable-mtls
    • 5596a0a Merge pull request #297 from arch4ngel/configurable-mtls
    • 8c33907 Sort lint
    • d44b2a7 adding default for tls_client_auth_mode
    • da5250e linting again
    • c98a559 linting/formatting
    • 310e7b1 making alternatives constants
    • 385dd9c refactoring
    • 5935b13 refining
    • 0c3fd16 refining and adding tests
    • b5a59d4 updating changelog and docs
    • 9de5c7f updating default
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(379 bytes)
    headscale_0.14.0_darwin_amd64(26.16 MB)
    headscale_0.14.0_linux_amd64(23.99 MB)
    headscale_0.14.0_linux_arm(21.37 MB)
    headscale_0.14.0_linux_arm64(23.50 MB)
  • v0.14.0-beta2(Feb 24, 2022)

    Changelog

    • 48c866b Added FreeBSD to the supported clients
    • 9eb705a Merge branch 'main' into patch-1
    • f0a7363 Merge branch 'main' into remove-cgo
    • 66a1200 Merge branch 'main' into topic/renovatebot
    • bb14bcd Merge branch 'main' into topic/renovatebot
    • 52db618 Merge branch 'main' into update-contributors
    • 5f375d6 Merge branch 'main' into update-contributors
    • 28c2bbe Merge branch 'main' into update-contributors
    • ed21757 Merge branch 'remove-cgo' of github.com:kradalby/headscale into remove-cgo
    • 1b87396 Merge pull request #333 from ohdearaugustin/topic/renovatebot
    • a86b33f Merge pull request #345 from juanfont/update-contributors
    • a37339f Merge pull request #348 from restanrm/remove-comment
    • c46dfd7 Merge pull request #349 from kradalby/remove-cgo
    • b0c7ebe Merge pull request #351 from pernila/patch-1
    • 67f5c32 Only allow one connection to sqlite
    • bfbcea3 Remove dependency on CGO
    • 686e45c Set all anti-cgo options and add comment
    • d4761da docs(README): update contributors
    • bbadeb5 docs(README): update contributors
    • f2f8d83 fix(machine): remove comment
    • 3db88d2 github/workflows: init renovatebot
    • a19550a prettier: renovatebot.yml
    • fe6d470 renovatebot: configure
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.14.0-beta2_darwin_amd64(26.16 MB)
    headscale_0.14.0-beta2_linux_amd64(23.99 MB)
    headscale_0.14.0-beta2_linux_arm(21.37 MB)
    headscale_0.14.0-beta2_linux_arm64(23.50 MB)
  • v0.13.0(Feb 18, 2022)

    0.13.0 (2022-02-18):

    Features:

    • Add IPv6 support to the prefix assigned to namespaces
    • Add API Key support
      • Enable remote control of headscale via CLI docs
      • Enable HTTP API (beta, subject to change)

    Changes:

    • ip_prefix is now superseded by ip_prefixes in the configuration #208
    • Upgrade tailscale (1.20.4) and other dependencies to latest #314
    • fix swapped machine<->namespace labels in /metrics #312
    • remove key-value based update mechanism for namespace changes #316
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(379 bytes)
    headscale_0.13.0_darwin_amd64(22.45 MB)
    headscale_0.13.0_linux_amd64(21.76 MB)
    headscale_0.13.0_linux_arm(18.31 MB)
    headscale_0.13.0_linux_arm64(21.29 MB)
  • v0.13.0-beta3(Feb 15, 2022)

    Changelog

    • 9dc2058 Add api key data model and helpers
    • e8e573d Add apikeys command integration test
    • 1fd57a3 Add apikeys command to create, list and expire
    • d79ccfc Add comment on why grpc is on its own port, replace deprecated
    • fa197cc Add docs for remote access
    • d9aaa0b Add docs on how to set up Windows clients
    • 811d3d5 Add grpc_listen_addr config option
    • b4259fc Add helper function for colouring expiries
    • 0018a78 Add insecure option
    • dd8bae8 Add link from the docs readme
    • 70d82ea Add migration for new data model
    • 14b2354 Add note about running grpc behind a proxy and combining ports
    • f30ee3d Add note about support in readme
    • b8e9024 Add proto model for api key
    • 4841e16 Add remote control doc
    • 3393363 Add safe random hash generators
    • 9f80349 Add sponsorship button
    • 30a2ccd Add tls certs as creds for grpc
    • 4e54796 Allow gRPC server to run insecure
    • 59e4899 Change the http listener
    • 4078e75 Correct log message
    • f9137f3 Create helper functions around gRPC interface
    • 0b9dd19 Dockerfiles: update go version to 1.17.7
    • 2fbcc38 Emph trusted cert
    • 00c69ce Enable remote gRPC and HTTP API
    • 531298f Fix import
    • ead8b68 Fix lint
    • c3b68ad Fix lint
    • 7b607b3 Forgot to run Prettier
    • 05db1b7 Formatting and improving logs for config loading
    • a730f00 Formatting of DNS files
    • 8218ef9 Formatting of integration tests
    • a6e2238 Formatting of machine.go
    • b1a9b1a Generate code from proto
    • 1b47ddd Improve the windows client docs as per discord recommendations
    • 28c824a Merge branch 'main' into apiwork
    • 3bb4c28 Merge branch 'main' into apiwork
    • b2b2954 Merge branch 'main' into apiwork
    • 546b1e8 Merge branch 'main' into kv-worker-cleanup
    • 57f1da6 Merge branch 'main' into kv-worker-cleanup
    • 20991d6 Merge branch 'main' into patch-1
    • 3b54a68 Merge branch 'main' into sponsor
    • b721502 Merge branch 'main' into topic/specific-go-version
    • 8f40696 Merge branch 'main' into windows-client-docs
    • 50f0270 Merge branch 'main' into windows-client-docs2
    • 8c79165 Merge pull request #305 from lachy-2849/main
    • 7349738 Merge pull request #306 from kradalby/apiwork
    • c794f32 Merge pull request #312 from hdhoang/patch-1
    • 96f09e3 Merge pull request #313 from kradalby/windows-client-docs
    • c184547 Merge pull request #314 from kradalby/tailscale-204
    • 1b1aac1 Merge pull request #315 from kradalby/windows-client-docs2
    • 1869bff Merge pull request #316 from kradalby/kv-worker-cleanup
    • c9640b2 Merge pull request #317 from kradalby/sponsor
    • a3360b0 Merge pull request #321 from ohdearaugustin/topic/specific-go-version
    • 6e14fdf More reusable stuff in cli
    • 41fbe47 Note when running as another user in systemd
    • bb80b67 Remove RequestMapUpdates function
    • 315ff9d Remove insecure, only allow valid certs
    • 2bc8051 Remove kv-namespace-worker
    • e18078d Rename j
    • 56b6528 Run prettier
    • bfc6f6e Split grpc and http
    • 8853ccd Terminate tls immediatly, mux after
    • 537cd35 Try to add the grpc cert correctly
    • 2aba37d Try to support plaintext http2 after termination
    • bae7ba4 Update changelog
    • 6fa0903 Update changelog
    • 1d40de3 Update changelog
    • 58bfea4 Update examples and docs
    • 2357fb6 Upgrade all dependencies
    • ba8afdb Upgrade to tailscale 1.20.4
    • c73b57e Use undeprecated method for insecure
    • 66ff34c apply changelog
    • b2889bc github/workflows: set specific go version
    • 150652e poll: fix swapped machine<->namespace labels
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.13.0-beta3_darwin_amd64(22.45 MB)
    headscale_0.13.0-beta3_linux_amd64(21.76 MB)
    headscale_0.13.0-beta3_linux_arm(18.31 MB)
    headscale_0.13.0-beta3_linux_arm64(21.29 MB)
  • v0.13.0-beta2(Jan 31, 2022)

  • v0.13.0-beta1(Jan 30, 2022)

    Changelog

    • 8b40343 Add multiple IP prefixes support to ProtoBuf schema
    • 1a6e5d8 Add support for multiple IP prefixes
    • 7a86321 CHANGELOG: document breaking configuration change regarding multiple prefixes
    • 7ec8346 Do not assume IPv4 during Tailscale node construction
    • 46cdce0 Do not assume IPv4 during address generation
    • ed39b91 Dockerfiles: specify origin registry explicitly
    • 445c04b Fix lint
    • ad4e3a8 Format changelog
    • 6f6018b Merge branch 'main' into ipv6
    • eddd62e Merge branch 'main' into ipv6
    • 90fb9aa Merge branch 'main' into ipv6
    • 5b5ecd5 Merge pull request #208 from enoperm/ipv6
    • c0c3b7d Merge remote-tracking branch 'origin/main' into ipv6
    • a32175f PollNetMapHandler: refactor with chan lifetimes in mind
    • 3a3aecb Regenerate files based on ProtoBuf schema.
    • e66f8b0 cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config
    • bf7ee78 config-example: add configuration for a dual-stack tailnet
    • 115d0cb dns: IPv6 roots generation
    • 74f26d3 fixup! CHANGELOG: document breaking configuration change regarding multiple prefixes
    • 0a1db89 fixup! cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config
    • 45bcf39 fixup! fixup! cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config
    • d35fb8b integration-test: add IPv6 prefix to configuration
    • beb3e9a integration-test: taildrop test refactor
    • 78039f4 integration-test: use TUN devices, enable IPv6 addresses on local interfaces in containers
    • e2f8c69 integration-test: use tailscale ip to test dual-stack MagicDNS
    • 8f632e9 machine: isOutdated: handle machines without LastSuccefulUpdate set
    • 6220836 utils: extract GetIPPrefixEndpoints from anonymous function
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.13.0-beta1_darwin_amd64(22.04 MB)
    headscale_0.13.0-beta1_linux_amd64(21.38 MB)
    headscale_0.13.0-beta1_linux_arm(17.93 MB)
    headscale_0.13.0-beta1_linux_arm64(20.90 MB)
  • v0.12.4(Jan 30, 2022)

    Changes:

    Note: This version requires Go 1.17 to build

    • Make gRPC Unix Socket permissions configurable #292
    • Trim whitespace before reading Private Key from file #289
    • Add new command to generate a private key for headscale #290
    • Fixed issue where hosts deleted from control server may be written back to the database, as long as they are connected to the control server #278

    Generated changelog

    • Add new tailscale version to integration test by @kradalby in https://github.com/juanfont/headscale/pull/273
    • Fix doc typos by @jimt in https://github.com/juanfont/headscale/pull/276
    • Strip binary, update to go-1.17.6 by @majst01 in https://github.com/juanfont/headscale/pull/274
    • Fix missing return in PollNetMapHandler by @ryanfowler in https://github.com/juanfont/headscale/pull/282
    • Trim whitespace from privateKey before parsing by @kradalby in https://github.com/juanfont/headscale/pull/289
    • PollNetMapStream: do not create any rows during long-poll operation by @enoperm in https://github.com/juanfont/headscale/pull/278
    • Upgrade to latest tailscale by @kradalby in https://github.com/juanfont/headscale/pull/291
    • Add generate private-key command by @kradalby in https://github.com/juanfont/headscale/pull/290
    • Make Unix socket permissions configurable by @kradalby in https://github.com/juanfont/headscale/pull/292
    • Tag 0.12.4 in CHANGELOG by @kradalby in https://github.com/juanfont/headscale/pull/299

    New Contributors

    • @jimt made their first contribution in https://github.com/juanfont/headscale/pull/276
    • @majst01 made their first contribution in https://github.com/juanfont/headscale/pull/274
    • @ryanfowler made their first contribution in https://github.com/juanfont/headscale/pull/282
    • @enoperm made their first contribution in https://github.com/juanfont/headscale/pull/278

    Full Changelog: https://github.com/juanfont/headscale/compare/v0.12.3...v0.12.4

    Source code(tar.gz)
    Source code(zip)
    checksums.txt(379 bytes)
    headscale_0.12.4_darwin_amd64(22.03 MB)
    headscale_0.12.4_linux_amd64(21.37 MB)
    headscale_0.12.4_linux_arm(17.93 MB)
    headscale_0.12.4_linux_arm64(20.88 MB)
  • v0.12.3(Jan 13, 2022)

    Changelog

    • 1b6bad0 Add docker alpine image
    • e463283 Merge branch 'main' into minor-security-fixes
    • 99814b4 Merge pull request #270 from artemklevtsov/docker-alpine
    • 4105348 Merge pull request #271 from juanfont/minor-security-fixes
    • cf7effd Merge pull request #272 from juanfont/cl-0.12.3
    • 4660b26 Minor security updates in go.mod
    • 19effe7 Updated changelog for 0.12.3
    • 163ecb2 go.sum updated
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(379 bytes)
    headscale_0.12.3_darwin_amd64(21.93 MB)
    headscale_0.12.3_linux_amd64(21.27 MB)
    headscale_0.12.3_linux_arm(17.87 MB)
    headscale_0.12.3_linux_arm64(20.79 MB)
  • v0.12.2(Jan 11, 2022)

    Changelog

    • a75c5a4 Add eradme to examples
    • 8da029b Add missing links
    • 271cb71 Add more explaination and less redunancy with docs
    • 4b44aa2 Add note about outdated docs until we fix them
    • 81c6093 Add vertical line for breathing
    • 3de311b Fix docker release
    • cec236c Fix example config link
    • a11c6fd Fix formatting error in container doc
    • d9f52ef Fix typo
    • d971cf1 Improve Docker docs
    • 1d01103 Link to example config from docs
    • 86f36f9 Lowercase markdown docs
    • 4edc96d Make strongly strong
    • f78984f Merge pull request #258 from ohdearaugustin/fix-docker-release
    • 0bd4250 Merge pull request #261 from juanfont/kradalby-patch-2
    • 42bed58 Merge pull request #262 from kradalby/improve-docs
    • 45d331d Merge pull request #263 from JJGadgets/patch-1
    • be2a28d Merge pull request #267 from piec/patch-1
    • 26623d7 Merge pull request #268 from juanfont/prepare-0.12.2
    • 74fd5de Move kubernetes example under docs
    • 8d504c3 Move kubernetes to kustomize, since thats what it is
    • 80d196c Remove DNS file, it will be merged into example configuration
    • 5df1005 Remove outdated configuration page in favour of config-example
    • 3ce3ccb Reorder tls docs
    • f9e6722 Rewrite main documentation
    • 25b5eb8 Update tests to aline with new config example
    • e9cc60e Updated changelog for 0.12.2
    • 6b7c741 Use markdown numbering so github gets it
    • 8a07a63 Write disclaimer in kubernetes example
    • 897fa55 prettier: Docker docs
    • 11c86ac update case in readme
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(379 bytes)
    headscale_0.12.2_darwin_amd64(21.93 MB)
    headscale_0.12.2_linux_amd64(21.27 MB)
    headscale_0.12.2_linux_arm(17.87 MB)
    headscale_0.12.2_linux_arm64(20.79 MB)
  • v0.12.2-beta1(Jan 11, 2022)

    Changelog

    • a75c5a4 Add eradme to examples
    • 8da029b Add missing links
    • 271cb71 Add more explaination and less redunancy with docs
    • 4b44aa2 Add note about outdated docs until we fix them
    • 81c6093 Add vertical line for breathing
    • 3de311b Fix docker release
    • cec236c Fix example config link
    • a11c6fd Fix formatting error in container doc
    • d9f52ef Fix typo
    • d971cf1 Improve Docker docs
    • 1d01103 Link to example config from docs
    • 86f36f9 Lowercase markdown docs
    • 4edc96d Make strongly strong
    • f78984f Merge pull request #258 from ohdearaugustin/fix-docker-release
    • 0bd4250 Merge pull request #261 from juanfont/kradalby-patch-2
    • 42bed58 Merge pull request #262 from kradalby/improve-docs
    • 45d331d Merge pull request #263 from JJGadgets/patch-1
    • be2a28d Merge pull request #267 from piec/patch-1
    • 26623d7 Merge pull request #268 from juanfont/prepare-0.12.2
    • 74fd5de Move kubernetes example under docs
    • 8d504c3 Move kubernetes to kustomize, since thats what it is
    • 80d196c Remove DNS file, it will be merged into example configuration
    • 5df1005 Remove outdated configuration page in favour of config-example
    • 3ce3ccb Reorder tls docs
    • f9e6722 Rewrite main documentation
    • 25b5eb8 Update tests to aline with new config example
    • e9cc60e Updated changelog for 0.12.2
    • 6b7c741 Use markdown numbering so github gets it
    • 8a07a63 Write disclaimer in kubernetes example
    • 897fa55 prettier: Docker docs
    • 11c86ac update case in readme
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.12.2-beta1_darwin_amd64(21.93 MB)
    headscale_0.12.2-beta1_linux_amd64(21.27 MB)
    headscale_0.12.2-beta1_linux_arm(17.87 MB)
    headscale_0.12.2-beta1_linux_arm64(20.79 MB)
  • v0.12.1(Dec 25, 2021)

    Changelog

    0.12.1 (2021-12-24):

    (We are skipping 0.12.0 to correct a mishap done weeks ago with the version tagging)

    BREAKING:

    • Upgrade to Tailscale 1.18 #229
      • This change requires a new format for private key, private keys are now generated automatically:
        1. Delete your current key
        2. Restart headscale, a new key will be generated.
        3. Restart all Tailscale clients to fetch the new key

    Changes:

    • Unify configuration example #197
    • Add stricter linting and formatting #223

    Features:

    • Add gRPC and HTTP API (HTTP API is currently disabled) #204
    • Use gRPC between the CLI and the server #206, #212
    • Beta OpenID Connect support #126, #227
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(379 bytes)
    headscale_0.12.1_darwin_amd64(21.93 MB)
    headscale_0.12.1_linux_amd64(21.27 MB)
    headscale_0.12.1_linux_arm(17.87 MB)
    headscale_0.12.1_linux_arm64(20.79 MB)
  • v0.12.0-beta2(Dec 7, 2021)

  • v0.11.0(Oct 25, 2021)

    🔴 THIS RELEASE HAS BREAKING CHANGES

    Please have a look to /config-example.yaml to check how is DERP config now defined.

    Changelog

    0e902fe Add certificates to docker image so we can get derpmap from tailscale e836db1 Add config.yaml to gitignore 177f1ec Add helper functions for building derp maps from urls and file 4d3b638 Add note about main containing unreleased changes 746d403 Fix config and tests 1237e02 Merge branch 'config-simplification' of github.com:kradalby/headscale into config-simplification 389a8d4 Merge branch 'main' into derp-improvements 9f02899 Merge branch 'main' into patch-2 a46c8fe Merge branch 'main' into patch-2 c604659 Merge branch 'main' into update-contributors 81316ef Merge branch 'main' into update-contributors 9e2637d Merge pull request #192 from derelm/patch-2 1a8c921 Merge pull request #194 from juanfont/update-contributors 5aaffaa Merge pull request #196 from kradalby/derp-improvements 6d162ee Merge pull request #197 from kradalby/config-simplification e827759 Merge pull request #202 from juanfont/kradalby-patch-1 aa245c2 Remove derp.yaml, add selfhosted example aefbd66 Remove derpmap volume from integration tests b85adbc Remove the need for multiple config files 7da3d4b Resolve merge conflict 57f46de Split derp into its own config struct 4d4d0de Start adding comments to config 8853315 Update config-example.yaml a355769 Update derp-example.yaml 582eb57 Use the new derp map 5420347 docs(README): update contributors 75f3e1f docs(README): update contributors 88b32e4 fix typo d875cca move integration to yaml, add new derp configuration

    Source code(tar.gz)
    Source code(zip)
    checksums.txt(379 bytes)
    headscale_0.11.0_darwin_amd64(19.75 MB)
    headscale_0.11.0_linux_amd64(19.46 MB)
    headscale_0.11.0_linux_arm(15.31 MB)
    headscale_0.11.0_linux_arm64(17.79 MB)
Owner
Juan Font
Juan Font
Apache Traffic Control is an Open Source implementation of a Content Delivery Network

Apache Traffic Control Apache Traffic Control is an Open Source implementation of a Content Delivery Network. Documentation Intro CDN Basics Traffic C

The Apache Software Foundation 798 Aug 14, 2022
A memory-safe SSH server, focused on listening only on VPN networks such as Tailscale

Features Is tested to work with SCP Integrates well with systemd Quickstart Download binary for your architecture. We only support Linux. If you don't

function61.com 2 Jun 10, 2022
Provides agent and server plugins for SPIRE to allow Tailscale node attestation.

SPIRE Tailscale Plugin ⚠️ this node attestation plugin relies on a Tailscale OIDC id-token feature, which is marked as Work-in-Progress and may not be

Johan Siebens 9 May 22, 2022
The fastest way to create self-hosted exit-servers

inletsctl - the fastest way to create self-hosted exit-servers inletsctl automates the task of creating an exit-server (tunnel server) on public cloud

inlets 421 Aug 4, 2022
☁️ Cloud Torrent: a self-hosted remote torrent client

Cloud torrent is a a self-hosted remote torrent client, written in Go (golang). You start torrents remotely, which are downloaded as sets of files on

Jaime Pillora 5.3k Aug 8, 2022
Gogrok is a self hosted, easy to use alternative to ngrok. It uses SSH as a base protocol, using channels and existing functionality to tunnel requests to an endpoint.

gogrok A simple, easy to use ngrok alternative (self hosted!) The server and client can also be easily embedded into your applications, see the 'serve

Tyler Stuyfzand 5 Jun 15, 2022
Underpass - Self-hosted ngrok alternative.

Underpass Self-hosted ngrok alternative. Installation (CLI) brew install

Caleb Denio 48 Aug 3, 2022
Self-hosted and Easy-to-deploy Cloudflare based Dynamic DNS service for router

Self-hosted and Easy-to-deploy Cloudflare based Dynamic DNS service for router Contents Features Environment Variables Installation Heroku Docker (Run

Aseem Manna 4 May 30, 2022
Self-hosted reverse-proxy for F1 web viewer.

F1WebViewer-SelfHosted Self-hosted reverse-proxy for F1 web viewer and includes a web server at port 13331. You can also run this proxy on a server if

ieb 53 Aug 8, 2022
An open source Pusher server implementation compatible with Pusher client libraries written in Go

Try browsing the code on Sourcegraph! IPÊ An open source Pusher server implementation compatible with Pusher client libraries written in Go. Why I wro

Hava 0 Oct 15, 2021
Go Http Proxy with Authentication, Schedule Control, and Portal Control

goproxy Go Http Proxy with Authentication, Schedule Control, and Portal Control Why this tool? You may need to restrict my kids's youtube watch time i

Wu Shilin 2 Mar 27, 2022
A TCP proxy used to expose services onto a tailscale network without root. Ideal for container environments.

tailscale-sidecar This is barely tested software, I don't guarantee it works but please make an issue if you use it and find a bug. Pull requests are

Mark Pashmfouroush 88 Jul 30, 2022
Example of how to write reverse proxy in Go that runs on Cloud Run with Tailscale

Cloudrun Tailscale Reverse Proxy Setup Create a ephemeral key in Tailscale Set TAILSCALE_AUTHKEY in your Cloud Run environment variables Set TARGET_UR

ThreeComma.io 8 Jul 17, 2022
A pair of local reverse proxies (one in Windows, one in Linux) for Tailscale on WSL2

tailscale-wsl2 TL;DR Running two reverse proxies (one in Windows, one in the WSL2 Linux VM), the Windows Tailscale daemon can be accessed via WSL2: $

Danny Hermes 24 Jun 29, 2022
Cdn - CDN microservice to upload files to zachlatta.com that only accepts traffic from Tailscale IPs

cdn CDN microservice to upload files to zachlatta.com that only accepts traffic from Tailscale IPs. source code available at https://github.com/zachla

zach latta 2 Jun 26, 2022
Tscert - Minimal package for just the HTTPS cert fetching part of the Tailscale client API

tscert This is a stripped down version of the tailscale.com/client/tailscale Go

Tailscale 13 May 31, 2022
An unofficial GUI wrapper around the Tailscale CLI client.

Trayscale Trayscale is an unofficial GUI wrapper around the Tailscale CLI client, particularly for use on Linux, as no official Linux GUI client exist

null 14 Aug 9, 2022
Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core network solution.

Connecting the Next Billion People Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core

Magma 1.3k Aug 10, 2022
Project Kebe is the open-source Snap Store implementation.

Introduction Kebe intends to be a full replacement for the Snap Store. Quickstart Once you have an environment setup (for instance using https://githu

Free To Compute 24 Jul 5, 2022