Headscale - An open source, self-hosted implementation of the Tailscale control server

Overview

Headscale

Join the chat at https://gitter.im/headscale-dev/community ci

An open source, self-hosted implementation of the Tailscale coordination server.

Overview

Tailscale is a modern VPN built on top of Wireguard. It works like an overlay network between the computers of your networks - using all kinds of NAT traversal sorcery.

Everything in Tailscale is Open Source, except the GUI clients for proprietary OS (Windows and macOS/iOS), and the 'coordination/control server'.

The control server works as an exchange point of Wireguard public keys for the nodes in the Tailscale network. It also assigns the IP addresses of the clients, creates the boundaries between each user, enables sharing machines between users, and exposes the advertised routes of your nodes.

Headscale implements this coordination server.

Status

  • Base functionality (nodes can communicate with each other)
  • Node registration through the web flow
  • Network changes are relied to the nodes
  • Namespace support (~equivalent to multi-user in Tailscale.com)
  • Routing (advertise & accept, including exit nodes)
  • Node registration via pre-auth keys (including reusable keys, and ephemeral node support)
  • JSON-formatted output
  • ACLs
  • Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10)
  • DNS (passing DNS servers to nodes)
  • Share nodes between users namespaces
  • MagicDNS / Smart DNS

Roadmap 🤷

Suggestions/PRs welcomed!

Running it

  1. Download the Headscale binary https://github.com/juanfont/headscale/releases, and place it somewhere in your PATH or use the docker container
docker pull headscale/headscale:x.x.x
  1. (Optional, you can also use SQLite) Get yourself a PostgreSQL DB running
docker run --name headscale -e POSTGRES_DB=headscale -e \
  POSTGRES_USER=foo -e POSTGRES_PASSWORD=bar -p 5432:5432 -d postgres
  1. Set some stuff up (headscale Wireguard keys & the config.json file)
wg genkey > private.key
wg pubkey < private.key > public.key  # not needed

# Postgres
cp config.json.postgres.example config.json
# or
# SQLite
cp config.json.sqlite.example config.json
  1. Create a namespace (a namespace is a 'tailnet', a group of Tailscale nodes that can talk to each other)
headscale namespaces create myfirstnamespace

or docker:

docker run -v ./private.key:/private.key -v ./config.json:/config.json headscale/headscale:x.x.x headscale namespace create myfirstnamespace
  1. Run the server
headscale serve

or docker:

docker run -v $(pwd)/private.key:/private.key -v $(pwd)/config.json:/config.json -v $(pwd)/derb.yaml:/derb.yaml -p 127.0.0.1:8080:8080 headscale/headscale:x.x.x headscale serve
  1. If you used tailscale.com before in your nodes, make sure you clear the tailscaled data folder
systemctl stop tailscaled
rm -fr /var/lib/tailscale
systemctl start tailscaled 
  1. Add your first machine
tailscale up -login-server YOUR_HEADSCALE_URL
  1. Navigate to the URL you will get with tailscale up, where you'll find your machine key.

  2. In the server, register your machine to a namespace with the CLI

headscale -n myfirstnamespace node register YOURMACHINEKEY

or docker:

docker run -v ./private.key:/private.key -v ./config.json:/config.json headscale/headscale:x.x.x headscale -n myfirstnamespace node register YOURMACHINEKEY

Alternatively, you can use Auth Keys to register your machines:

  1. Create an authkey
    headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h

or docker:

docker run -v ./private.key:/private.key -v ./config.json:/config.json headscale/headscale:x.x.x headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
  1. Use the authkey from your machine to register it
    tailscale up -login-server YOUR_HEADSCALE_URL --authkey YOURAUTHKEY

If you create an authkey with the --ephemeral flag, that key will create ephemeral nodes. This implies that --reusable is true.

Please bear in mind that all the commands from headscale support adding -o json or -o json-line to get a nicely JSON-formatted output.

Configuration reference

Headscale's configuration file is named config.json or config.yaml. Headscale will look for it in /etc/headscale, ~/.headscale and finally the directory from where the Headscale binary is executed.

    "server_url": "http://192.168.1.12:8080",
    "listen_addr": "0.0.0.0:8080",
    "ip_prefix": "100.64.0.0/10"

server_url is the external URL via which Headscale is reachable. listen_addr is the IP address and port the Headscale program should listen on. ip_prefix is the IP prefix (range) in which IP addresses for nodes will be allocated (default 100.64.0.0/10, e.g., 192.168.4.0/24, 10.0.0.0/8)

    "log_level": "debug"

log_level can be used to set the Log level for Headscale, it defaults to debug, and the available levels are: trace, debug, info, warn and error.

    "private_key_path": "private.key",

private_key_path is the path to the Wireguard private key. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.

    "derp_map_path": "derp.yaml",

derp_map_path is the path to the DERP map file. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.

    "ephemeral_node_inactivity_timeout": "30m",

ephemeral_node_inactivity_timeout is the timeout after which inactive ephemeral node records will be deleted from the database. The default is 30 minutes. This value must be higher than 65 seconds (the keepalive timeout for the HTTP long poll is 60 seconds, plus a few seconds to avoid race conditions).

    "db_host": "localhost",
    "db_port": 5432,
    "db_name": "headscale",
    "db_user": "foo",
    "db_pass": "bar",

The fields starting with db_ are used for the PostgreSQL connection information.

Running the service via TLS (optional)

    "tls_cert_path": ""
    "tls_key_path": ""

Headscale can be configured to expose its web service via TLS. To configure the certificate and key file manually, set the tls_cert_path and tls_cert_path configuration parameters. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.

    "tls_letsencrypt_hostname": "",
    "tls_letsencrypt_listen": ":http",
    "tls_letsencrypt_cache_dir": ".cache",
    "tls_letsencrypt_challenge_type": "HTTP-01",

To get a certificate automatically via Let's Encrypt, set tls_letsencrypt_hostname to the desired certificate hostname. This name must resolve to the IP address(es) Headscale is reachable on (i.e., it must correspond to the server_url configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in tls_letsencrypt_cache_dir. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from. The certificate will automatically be renewed as needed.

Challenge type HTTP-01

The default challenge type HTTP-01 requires that Headscale is reachable on port 80 for the Let's Encrypt automated validation, in addition to whatever port is configured in listen_addr. By default, Headscale listens on port 80 on all local IPs for Let's Encrypt automated validation.

If you need to change the ip and/or port used by Headscale for the Let's Encrypt validation process, set tls_letsencrypt_listen to the appropriate value. This can be handy if you are running Headscale as a non-root user (or can't run setcap). Keep in mind, however, that Let's Encrypt will only connect to port 80 for the validation callback, so if you change tls_letsencrypt_listen you will also need to configure something else (e.g. a firewall rule) to forward the traffic from port 80 to the ip:port combination specified in tls_letsencrypt_listen.

Challenge type TLS-ALPN-01

Alternatively, tls_letsencrypt_challenge_type can be set to TLS-ALPN-01. In this configuration, Headscale listens on the ip:port combination defined in listen_addr. Let's Encrypt will only connect to port 443 for the validation callback, so if listen_addr is not set to port 443, something else (e.g. a firewall rule) will be required to forward the traffic from port 443 to the ip:port combination specified in listen_addr.

Policy ACLs

Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment.

For instance, instead of referring to users when defining groups you must use namespaces (which are the equivalent to user/logins in Tailscale.com).

Please check https://tailscale.com/kb/1018/acls/, and ./tests/acls/ in this repo for working examples.

Disclaimer

  1. We have nothing to do with Tailscale, or Tailscale Inc.
  2. The purpose of writing this was to learn how Tailscale works.

More on Tailscale

Comments
  • Using distroless base image for Docker

    Using distroless base image for Docker

    Thanks for making Headscale!

    I have a proposed improvement to the Docker image, switching the base image of the final container from Ubuntu to a "distroless" image, using images from https://github.com/GoogleContainerTools/distroless

    If you've never heard of "distroless" images, that page contains a bunch of details on the benefits, but the TL;DR is that these images do not contain a full OS but rather just enough to run the application (ca-certificates, glibc, tzdata, and just a couple more things). By using a "distroless" image, the container is much smaller (they claim they're 2% of the size of a Debian base image) and it's safer, as there's a significantly smaller attack surface. Plus, "distroless" images are updated much less frequently so keeping the base image up-to-date (and include security fixes) is much simpler.

    I've confirmed this builds and the headscale binary runs. I haven't performed full E2E tests however just yet.

    PS: I've also removed the stage bufbuild/buf:1.0.0-rc6 which seemed unused

    opened by ItalyPaleAle 23
  • Error while register node

    Error while register node

    I've setup headscale(v0.3.3) on my Ubuntu 18.04 VM. This is my config.json:

    {
        "server_url": "http://127.0.0.1:8000",
        "listen_addr": "0.0.0.0:8000",
        "private_key_path": "/etc/wireguard/privatekey",
        "derp_map_path": "derp.yaml",
        "ephemeral_node_inactivity_timeout": "30m",
        "db_type": "postgres",
        "db_host": "localhost",
        "db_port": 5432,
        "db_name": "headscale",
        "db_user": "headscale",
        "db_pass": "BZv1XGkrC7dlzjudJy0J",
        "tls_letsencrypt_hostname": "",
        "tls_letsencrypt_cache_dir": ".cache",
        "tls_letsencrypt_challenge_type": "HTTP-01",
        "tls_cert_path": "",
        "tls_key_path": "",
        "acl_policy_path": ""
    }
    

    And I've created a namespace.

    When I try to register a node from another vm, I got an output key and I manual registered on my headscale vm: image

    But nothing changed on my tailscale vm. screenshot below:

    image

    No success response

    opened by momaek 23
  • Nodes connected to headscale fail to see each other if headscale is fronted by nginx

    Nodes connected to headscale fail to see each other if headscale is fronted by nginx

    Descriptions

    Machines manage to authenticate to headscale, see each other's existence in tailscale status, but cannot ping each other. They are able to discover and ping each other fine when using tailscale infrastructure, or when talking to headscale directly, without nginx in the way.

    Situation

    Two machines running OpenBSD-current, tailscale 1.10.2, headscale 0.3.4

    • one named headscale is running headscale with postgres, tailscale, nginx in front of headscale for TLS termination; has public IP, tailscale told to listen on specific port and that port opened on firewall
    • one named innernet-test is behind NAT (aggressive). Runs only tailscaled

    Configuration

    headscale

    {
        "server_url": "https://headscale.viq.vc:443",
        "listen_addr": "0.0.0.0:8000",
        "private_key_path": "/etc/headscale/private.key",
        "derp_map_path": "/etc/headscale/derp.yaml",
        "ephemeral_node_inactivity_timeout": "30m",
        "db_type": "postgres",
        "db_host": "localhost",
        "db_port": 5432,
        "db_name": "headscale",
        "db_user": "headscale",
        "db_pass": "XXX",
        "tls_letsencrypt_hostname": "",
        "tls_letsencrypt_cache_dir": "/var/headscale/.cache",
        "tls_letsencrypt_challenge_type": "TLS-ALPN-01",
        "tls_cert_path": "",
        "tls_key_path": "",
        "acl_policy_path": ""
    }
    

    nginx

    # cat /etc/nginx/nginx.conf  | grep -v \# | grep -v ^$
    worker_processes  1;
    worker_rlimit_nofile 1024;
    events {
        worker_connections  800;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        index         index.html index.htm;
        keepalive_timeout  65;
        server_tokens off;
        server {
            listen       80;
            listen       [::]:80;
            server_name  headscale.viq.vc;
            root         /var/www/htdocs;
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root  /var/www/htdocs;
            }
            location ^~ /.well-known/acme-challenge/ {
                    alias /var/www/acme/;
                    default_type "text/plain";
                    allow all;
            }
            location = /.well-known/acme-challenge/ {
                    return 404;
            }
        }
        server {
            listen       443 ssl;
            server_name  headscale.viq.vc;
            ssl_certificate      /etc/ssl/headscale.viq.vc.fullchain.pem;
            ssl_certificate_key  /etc/ssl/private/headscale.viq.vc.key;
            ssl_session_timeout  5m;
            ssl_session_cache    shared:SSL:1m;
            ssl_ciphers  HIGH:!aNULL:!MD5:!RC4;
            ssl_prefer_server_ciphers   on;
            location / {
                    proxy_read_timeout 180;
                    proxy_http_version 1.1;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_pass http://127.0.0.1:8000;
            }
        }
    }
    

    Logs

    Part 1

    Attaching machines to headscale

    nginx

    51.75.32.29 - - [17/Jul/2021:17:03:35 +0200] "GET /key HTTP/1.1" 200 64 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:35 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839 HTTP/1.1" 200 326 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:36 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1303 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:36 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1293 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:36 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1293 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:36 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1293 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:03:36 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1293 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:17 +0200] "GET /key HTTP/1.1" 200 64 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:17 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317 HTTP/1.1" 200 326 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:17 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1748 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:18 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1737 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:18 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1737 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:04:18 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1737 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:06:13 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 499 0 "-" "Go-http-client/1.1"
    

    headscale & tailscaled

    headscale machine
    2021-07-17T15:01:27.335Z headscale newsyslog[86153]: logfile turned over
    2021-07-17T15:01:52.997Z headscale headscale[61967]: [GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
    2021-07-17T15:01:53.000Z headscale headscale[61967]: 
    2021-07-17T15:01:53.011Z headscale headscale[61967]: [GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
    2021-07-17T15:01:53.012Z headscale headscale[61967]:  - using env:      export GIN_MODE=release
    2021-07-17T15:01:53.012Z headscale headscale[61967]:  - using code:     gin.SetMode(gin.ReleaseMode)
    2021-07-17T15:01:53.012Z headscale headscale[61967]: 
    2021-07-17T15:01:53.019Z headscale headscale[61967]: [GIN-debug] GET    /key                      --> github.com/juanfont/headscale.(*Headscale).KeyHandler-fm (3 handlers)
    2021-07-17T15:01:53.023Z headscale headscale[61967]: [GIN-debug] GET    /register                 --> github.com/juanfont/headscale.(*Headscale).RegisterWebAPI-fm (3 handlers)
    2021-07-17T15:01:53.026Z headscale headscale[61967]: [GIN-debug] POST   /machine/:id/map          --> github.com/juanfont/headscale.(*Headscale).PollNetMapHandler-fm (3 handlers)
    2021-07-17T15:01:53.029Z headscale headscale[61967]: [GIN-debug] POST   /machine/:id              --> github.com/juanfont/headscale.(*Headscale).RegistrationHandler-fm (3 handlers)
    2021-07-17T15:01:53.032Z headscale headscale[61967]: 2021/07/17 17:01:53 WARNING: listening without TLS but ServerURL does not start with http://
    2021-07-17T15:01:53.036Z headscale headscale[61967]: [GIN-debug] Listening and serving HTTP on 0.0.0.0:8000
    2021-07-17T15:02:43.035Z headscale tailscaled[14930]: 2021/07/17 17:02:43 logtail started
    2021-07-17T15:02:43.041Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Program starting: vdate.20210603, Go 1.16.6: []string{"/usr/local/bin/tailscaled", "-port", "22502"}
    2021-07-17T15:02:43.050Z headscale tailscaled[14930]: 2021/07/17 17:02:43 LogID: 684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573
    2021-07-17T15:02:43.057Z headscale tailscaled[14930]: 2021/07/17 17:02:43 logpolicy: using system state directory "/var/db/tailscale"
    2021-07-17T15:02:43.061Z headscale tailscaled[14930]: logpolicy.Read /var/db/tailscale/tailscaled.log.conf: open /var/db/tailscale/tailscaled.log.conf: no such file or directory
    2021-07-17T15:02:43.065Z headscale tailscaled[14930]: 2021/07/17 17:02:43 wgengine.NewUserspaceEngine(tun "tun") ...
    2021-07-17T15:02:43.069Z headscale tailscaled[14930]: 2021/07/17 17:02:43 dns: using dns.directManager
    2021-07-17T15:02:43.079Z headscale tailscaled[14930]: 2021/07/17 17:02:43 link state: interfaces.State{defaultRoute=TODO ifs={vio0:[51.75.32.29/32]} v4=true v6=false}
    2021-07-17T15:02:43.090Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Creating wireguard device...
    2021-07-17T15:02:43.098Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Bringing wireguard device up...
    2021-07-17T15:02:43.103Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Bringing router up...
    2021-07-17T15:02:43.107Z headscale tailscaled[14930]: 2021/07/17 17:02:43 external route: up
    2021-07-17T15:02:43.111Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Clearing router settings...
    2021-07-17T15:02:43.116Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Starting link monitor...
    2021-07-17T15:02:43.120Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Starting magicsock...
    2021-07-17T15:02:43.145Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Engine created.
    2021-07-17T15:02:43.155Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Listening on /var/run/tailscale/tailscaled.sock
    2021-07-17T15:02:43.161Z headscale tailscaled[14930]: 2021/07/17 17:02:43 netmap packet filter: (not ready yet)
    2021-07-17T15:02:43.170Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Start
    2021-07-17T15:02:43.173Z headscale tailscaled[14930]: 2021/07/17 17:02:43 using backend prefs
    2021-07-17T15:02:43.176Z headscale tailscaled[14930]: 2021/07/17 17:02:43 created empty state for "_daemon": Prefs{ra=true dns=true want=false Persist=nil}
    2021-07-17T15:02:43.179Z headscale tailscaled[14930]: 2021/07/17 17:02:43 got initial portlist info in 0s
    2021-07-17T15:02:43.183Z headscale tailscaled[14930]: 2021/07/17 17:02:43 magicsock: disco key = d:110593ae14096bdd
    2021-07-17T15:02:43.186Z headscale tailscaled[14930]: 2021/07/17 17:02:43 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573","OS":"openbsd","Hostname":"headscale","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":80},{"Proto":"tcp","Port":443},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:02:43.190Z headscale tailscaled[14930]: 2021/07/17 17:02:43 control: authRoutine: state:new; goal=nil paused=false
    2021-07-17T15:02:43.194Z headscale tailscaled[14930]: 2021/07/17 17:02:43 control: mapRoutine: state:new
    2021-07-17T15:02:43.197Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Backend: logs: be:684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573 fe:
    2021-07-17T15:02:43.201Z headscale tailscaled[14930]: 2021/07/17 17:02:43 Switching ipn state NoState -> NeedsLogin (WantRunning=false, nm=false)
    2021-07-17T15:02:43.204Z headscale tailscaled[14930]: 2021/07/17 17:02:43 blockEngineUpdates(true)
    2021-07-17T15:02:43.207Z headscale tailscaled[14930]: 2021/07/17 17:02:43 wgengine: Reconfig: configuring userspace wireguard config (with 0/0 peers)
    2021-07-17T15:02:43.211Z headscale tailscaled[14930]: 2021/07/17 17:02:43 wgengine: Reconfig: configuring router
    2021-07-17T15:02:43.215Z headscale tailscaled[14930]: 2021/07/17 17:02:43 wgengine: Reconfig: configuring DNS
    2021-07-17T15:02:43.218Z headscale tailscaled[14930]: 2021/07/17 17:02:43 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[]}
    2021-07-17T15:02:43.222Z headscale tailscaled[14930]: 2021/07/17 17:02:43 dns: Resolvercfg: {Routes:map[] Hosts:map[] LocalDomains:[]}
    2021-07-17T15:02:43.226Z headscale tailscaled[14930]: 2021/07/17 17:02:43 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:02:43.232Z headscale tailscaled[14930]: 2021/07/17 17:02:43 health("overall"): error: state=NeedsLogin, wantRunning=false
    2021-07-17T15:02:43.282Z headscale tailscaled[14930]: 2021/07/17 17:02:43 logtail: dialed "log.tailscale.io:443" in 226ms
    2021-07-17T15:03:35.805Z headscale tailscaled[14930]: 2021/07/17 17:03:35 Start
    2021-07-17T15:03:35.810Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: client.Shutdown()
    2021-07-17T15:03:35.810Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: client.Shutdown: inSendStatus=0
    2021-07-17T15:03:35.810Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: authRoutine: state:new; goal=nil paused=false
    2021-07-17T15:03:35.810Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: context done.
    2021-07-17T15:03:35.812Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: state:new
    2021-07-17T15:03:35.812Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: quit
    2021-07-17T15:03:35.812Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: Client.Shutdown done.
    2021-07-17T15:03:35.813Z headscale tailscaled[14930]: 2021/07/17 17:03:35 using backend prefs
    2021-07-17T15:03:35.814Z headscale tailscaled[14930]: 2021/07/17 17:03:35 created empty state for "_daemon": Prefs{ra=true dns=true want=false Persist=nil}
    2021-07-17T15:03:35.814Z headscale tailscaled[14930]: 2021/07/17 17:03:35 generating new machine key
    2021-07-17T15:03:35.822Z headscale tailscaled[14930]: 2021/07/17 17:03:35 machine key written to store
    2021-07-17T15:03:35.826Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573","OS":"openbsd","Hostname":"headscale","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":80},{"Proto":"tcp","Port":443},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:03:35.829Z headscale tailscaled[14930]: 2021/07/17 17:03:35 Backend: logs: be:684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573 fe:
    2021-07-17T15:03:35.832Z headscale tailscaled[14930]: 2021/07/17 17:03:35 Switching ipn state NoState -> NeedsLogin (WantRunning=true, nm=false)
    2021-07-17T15:03:35.833Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: authRoutine: state:new; goal=nil paused=false
    2021-07-17T15:03:35.841Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: state:new
    2021-07-17T15:03:35.842Z headscale tailscaled[14930]: 2021/07/17 17:03:35 blockEngineUpdates(true)
    2021-07-17T15:03:35.842Z headscale tailscaled[14930]: 2021/07/17 17:03:35 Reconfig(down): no changes made to Engine config
    2021-07-17T15:03:35.845Z headscale tailscaled[14930]: 2021/07/17 17:03:35 StartLoginInteractive: url=false
    2021-07-17T15:03:35.850Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: client.Login(false, 2)
    2021-07-17T15:03:35.852Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: authRoutine: state:new; wantLoggedIn=true
    2021-07-17T15:03:35.859Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: direct.TryLogin(token=false, flags=2)
    2021-07-17T15:03:35.872Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: LoginInteractive -> regen=true
    2021-07-17T15:03:35.878Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: doLogin(regen=true, hasUrl=false)
    2021-07-17T15:03:35.927Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:35 | 200 |     367.532\M-B\M-5s |     51.75.32.29 | GET      "/key"
    2021-07-17T15:03:35.934Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: Generating a new nodekey.
    2021-07-17T15:03:35.939Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: RegisterReq: onode=[AAAAA] node=[WwgZK] fup=false
    2021-07-17T15:03:35.952Z headscale headscale[61967]: 2021/07/17 17:03:35 New Machine!
    2021-07-17T15:03:35.971Z headscale headscale[61967]: 2021/07/17 17:03:35 [headscale] Successfully authenticated via AuthKey
    2021-07-17T15:03:35.972Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:35 | 200 |   25.342504ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839"
    2021-07-17T15:03:35.985Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
    2021-07-17T15:03:35.988Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: No AuthURL
    2021-07-17T15:03:35.988Z headscale tailscaled[14930]: 2021/07/17 17:03:35 blockEngineUpdates(false)
    2021-07-17T15:03:35.988Z headscale tailscaled[14930]: 2021/07/17 17:03:35 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:03:35.995Z headscale tailscaled[14930]: 2021/07/17 17:03:35 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:03:35.995Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:03:35.999Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: new map needed while idle.
    2021-07-17T15:03:35.999Z headscale tailscaled[14930]: 2021/07/17 17:03:35 control: mapRoutine: state:authenticated
    2021-07-17T15:03:36.033Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.037Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:03:36.041Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:36 | 200 |   28.951678ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:03:36.049Z headscale tailscaled[14930]: 2021/07/17 17:03:36 active login: viqWORKS
    2021-07-17T15:03:36.054Z headscale tailscaled[14930]: 2021/07/17 17:03:36 netmap packet filter: [[TCP UDP ICMPv4 ICMPv6][0.0.0.0/0,::/0]=>[0.0.0.0/0:*,::/0:*]]
    2021-07-17T15:03:36.064Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Switching ipn state NeedsLogin -> Starting (WantRunning=true, nm=true)
    2021-07-17T15:03:36.069Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: SetPrivateKey called (init)
    2021-07-17T15:03:36.073Z headscale tailscaled[14930]: 2021/07/17 17:03:36 wgengine: Reconfig: configuring userspace wireguard config (with 0/0 peers)
    2021-07-17T15:03:36.073Z headscale tailscaled[14930]: 2021/07/17 17:03:36 wgengine: Reconfig: configuring router
    2021-07-17T15:03:36.136Z headscale tailscaled[14930]: 2021/07/17 17:03:36 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:03:36.145Z headscale tailscaled[14930]: 2021/07/17 17:03:36 wgengine: Reconfig: configuring DNS
    2021-07-17T15:03:36.148Z headscale tailscaled[14930]: 2021/07/17 17:03:36 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[headscale.:[100.99.59.105]]}
    2021-07-17T15:03:36.148Z headscale tailscaled[14930]: 2021/07/17 17:03:36 dns: Resolvercfg: {Routes:map[] Hosts:map[headscale.:[100.99.59.105]] LocalDomains:[]}
    2021-07-17T15:03:36.148Z headscale tailscaled[14930]: 2021/07/17 17:03:36 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:03:36.150Z headscale tailscaled[14930]: 2021/07/17 17:03:36 peerapi: serving on http://100.99.59.105:39599
    2021-07-17T15:03:36.157Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Received error: PollNetMap: EOF
    2021-07-17T15:03:36.159Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: backoff: 5 msec
    2021-07-17T15:03:36.160Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573","OS":"openbsd","Hostname":"headscale","GoArch":"amd64","Services":[{"Proto":"peerapi4","Port":39599}]}
    2021-07-17T15:03:36.162Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: state:authenticated
    2021-07-17T15:03:36.212Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.215Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:03:36.218Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:36 | 200 |   48.737118ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:03:36.224Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: state:authenticated
    2021-07-17T15:03:36.227Z headscale tailscaled[14930]: 2021/07/17 17:03:36 [RATELIMIT] format("control: mapRoutine: %s")
    2021-07-17T15:03:36.260Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.264Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:03:36.268Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:36 | 200 |   25.277085ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:03:36.276Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Received error: PollNetMap: EOF
    2021-07-17T15:03:36.276Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: backoff: 36 msec
    2021-07-17T15:03:36.337Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.340Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:03:36.343Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:36 | 200 |   21.983377ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:03:36.355Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Received error: PollNetMap: EOF
    2021-07-17T15:03:36.357Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: backoff: 45 msec
    2021-07-17T15:03:36.423Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.426Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:03:36.426Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:03:36 | 200 |   12.453532ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:03:36.437Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Received error: PollNetMap: EOF
    2021-07-17T15:03:36.442Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: mapRoutine: backoff: 88 msec
    2021-07-17T15:03:36.442Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: home is now derp-4 (fra)
    2021-07-17T15:03:36.445Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: endpoints changed: 51.75.32.29:22502 (stun)
    2021-07-17T15:03:36.451Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: client.newEndpoints(0, [51.75.32.29:22502])
    2021-07-17T15:03:36.455Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:03:36.458Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:03:36.462Z headscale tailscaled[14930]: 2021/07/17 17:03:36 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
    2021-07-17T15:03:36.462Z headscale tailscaled[14930]: 2021/07/17 17:03:36 control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false udp=true derp=#4 portmap= link=""}
    2021-07-17T15:03:36.462Z headscale tailscaled[14930]: 2021/07/17 17:03:36 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:03:36.467Z headscale tailscaled[14930]: 2021/07/17 17:03:36 derphttp.Client.Connect: connecting to derp-4 (fra)
    2021-07-17T15:03:36.549Z headscale tailscaled[14930]: 2021/07/17 17:03:36 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:03:36.553Z headscale tailscaled[14930]: 2021/07/17 17:03:36 health("overall"): ok
    2021-07-17T15:03:36.564Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] ReadOnly=false   OmitPeers=false    Stream=true
    2021-07-17T15:03:36.567Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Client is ready to access the tailnet
    2021-07-17T15:03:36.567Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Sending initial map
    2021-07-17T15:03:36.567Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Notifying peers
    2021-07-17T15:03:36.570Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Sending data (1507 bytes)
    2021-07-17T15:03:36.579Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Sending keepalive
    2021-07-17T15:03:36.581Z headscale headscale[61967]: 2021/07/17 17:03:36 [headscale] Sending data (75 bytes)
    2021-07-17T15:03:43.185Z headscale tailscaled[14930]: 2021/07/17 17:03:43 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=TODO ifs={tun0:[100.99.59.105/32] vio0:[51.75.32.29/32]} v4=true v6=false}
    2021-07-17T15:03:43.214Z headscale tailscaled[14930]: 2021/07/17 17:03:43 magicsock: closing connection to derp-4 (rebind), age 7s
    2021-07-17T15:03:43.219Z headscale tailscaled[14930]: 2021/07/17 17:03:43 magicsock: 0 active derp conns
    2021-07-17T15:03:43.229Z headscale tailscaled[14930]: 2021/07/17 17:03:43 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:03:43.233Z headscale tailscaled[14930]: 2021/07/17 17:03:43 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:03:43.233Z headscale tailscaled[14930]: 2021/07/17 17:03:43 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:03:43.233Z headscale tailscaled[14930]: 2021/07/17 17:03:43 health("overall"): error: not connected to home DERP region 4
    2021-07-17T15:03:43.233Z headscale tailscaled[14930]: 2021/07/17 17:03:43 derphttp.Client.Recv: connecting to derp-4 (fra)
    2021-07-17T15:03:43.307Z headscale tailscaled[14930]: 2021/07/17 17:03:43 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:03:43.310Z headscale tailscaled[14930]: 2021/07/17 17:03:43 health("overall"): ok
    2021-07-17T15:03:43.445Z headscale tailscaled[14930]: 2021/07/17 17:03:43 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:04:17.862Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:17 | 200 |     465.137\M-B\M-5s |     51.75.32.28 | GET      "/key"
    2021-07-17T15:04:17.876Z headscale headscale[61967]: 2021/07/17 17:04:17 New Machine!
    2021-07-17T15:04:17.889Z headscale headscale[61967]: 2021/07/17 17:04:17 [innernet-test] Successfully authenticated via AuthKey
    2021-07-17T15:04:17.892Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:17 | 200 |   17.280435ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317"
    2021-07-17T15:04:17.921Z headscale headscale[61967]: 2021/07/17 17:04:17 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:04:17.925Z headscale headscale[61967]: 2021/07/17 17:04:17 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:04:17.925Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:17 | 200 |   20.194041ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:04:18.095Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:04:18.101Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:04:18.101Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:18 | 200 |   16.963453ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:04:18.138Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:04:18.145Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:04:18.151Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:18 | 200 |   33.569286ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:04:18.234Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:04:18.241Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:04:18.241Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:04:18 | 200 |   18.543764ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:04:18.366Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] ReadOnly=false   OmitPeers=false    Stream=true
    2021-07-17T15:04:18.371Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Client is ready to access the tailnet
    2021-07-17T15:04:18.373Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Sending initial map
    2021-07-17T15:04:18.373Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Notifying peers
    2021-07-17T15:04:18.373Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Notifying peer headscale (100.99.59.105/32)
    2021-07-17T15:04:18.374Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Sending data (1825 bytes)
    2021-07-17T15:04:18.390Z headscale headscale[61967]: 2021/07/17 17:04:18 [headscale] Received a request for update
    2021-07-17T15:04:18.397Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Sending keepalive
    2021-07-17T15:04:18.438Z headscale headscale[61967]: 2021/07/17 17:04:18 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:04:36.593Z headscale headscale[61967]: 2021/07/17 17:04:36 [headscale] Sending keepalive
    2021-07-17T15:04:36.597Z headscale headscale[61967]: 2021/07/17 17:04:36 [headscale] Sending data (75 bytes)
    2021-07-17T15:04:43.193Z headscale tailscaled[14930]: 2021/07/17 17:04:43 health("overall"): error: not in map poll
    2021-07-17T15:05:18.416Z headscale headscale[61967]: 2021/07/17 17:05:18 [innernet-test] Sending keepalive
    2021-07-17T15:05:18.423Z headscale headscale[61967]: 2021/07/17 17:05:18 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:05:36.612Z headscale headscale[61967]: 2021/07/17 17:05:36 [headscale] Sending keepalive
    2021-07-17T15:05:36.617Z headscale headscale[61967]: 2021/07/17 17:05:36 [headscale] Sending data (75 bytes)
    2021-07-17T15:06:13.804Z headscale tailscaled[14930]: 2021/07/17 17:06:13 tailscaled got signal terminated; shutting down
    2021-07-17T15:06:13.808Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: client.Shutdown()
    2021-07-17T15:06:13.812Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: client.Shutdown: inSendStatus=0
    2021-07-17T15:06:13.813Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:06:13.822Z headscale headscale[61967]: 2021/07/17 17:06:13 [headscale] The client has closed the connection
    2021-07-17T15:06:13.825Z headscale tailscaled[14930]: 2021/07/17 17:06:13 [RATELIMIT] format("control: mapRoutine: %s") (3 dropped)
    2021-07-17T15:06:13.832Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: mapRoutine: state:authenticated
    2021-07-17T15:06:13.845Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: mapRoutine: quit
    2021-07-17T15:06:13.849Z headscale tailscaled[14930]: 2021/07/17 17:06:13 control: Client.Shutdown done.
    2021-07-17T15:06:13.849Z headscale tailscaled[14930]: 2021/07/17 17:06:13 magicsock: closing connection to derp-4 (conn-close), age 2m31s
    2021-07-17T15:06:13.849Z headscale tailscaled[14930]: 2021/07/17 17:06:13 magicsock: 0 active derp conns
    2021-07-17T15:06:13.855Z headscale tailscaled[14930]: 2021/07/17 17:06:13 external route: down
    2021-07-17T15:06:13.859Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:06:13 | 200 |         2m37s |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:06:13.862Z headscale tailscaled[14930]: 2021/07/17 17:06:13 wgengine status error: engine closing; no status
    2021-07-17T15:06:13.972Z headscale tailscaled[14930]: 2021/07/17 17:06:13 flushing log.
    2021-07-17T15:06:13.976Z headscale tailscaled[14930]: 2021/07/17 17:06:13 logger closing down
    2021-07-17T15:06:14.037Z headscale tailscaled[14930]: 2021/07/17 17:06:14 logtail: dialed "log.tailscale.io:443" in 216ms
    2021-07-17T15:06:15.215Z headscale headscale[61967]: 2021/07/17 17:06:15 [innernet-test] The client has closed the connection
    2021-07-17T15:06:15.236Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:06:15 | 200 |         1m56s |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    
    innernet-test machine
    2021-07-17T09:00:01.585Z innernet-test newsyslog[60243]: logfile turned over
    2021-07-17T15:04:06.770Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 logtail started
    2021-07-17T15:04:06.770Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Program starting: vdate.20210603, Go 1.16.6: []string{"/usr/local/bin/tailscaled"}
    2021-07-17T15:04:06.770Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 LogID: ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618
    2021-07-17T15:04:06.770Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 logpolicy: using system state directory "/var/db/tailscale"
    2021-07-17T15:04:06.772Z innernet-test tailscaled[74184]: logpolicy.Read /var/db/tailscale/tailscaled.log.conf: open /var/db/tailscale/tailscaled.log.conf: no such file or directory
    2021-07-17T15:04:06.772Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 wgengine.NewUserspaceEngine(tun "tun") ...
    2021-07-17T15:04:06.782Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 dns: using dns.directManager
    2021-07-17T15:04:06.784Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 link state: interfaces.State{defaultRoute=TODO ifs={vio0:[192.168.135.48/24]} v4=true v6=false}
    2021-07-17T15:04:06.787Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Creating wireguard device...
    2021-07-17T15:04:06.788Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Bringing wireguard device up...
    2021-07-17T15:04:06.790Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Bringing router up...
    2021-07-17T15:04:06.809Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 external route: up
    2021-07-17T15:04:06.886Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Clearing router settings...
    2021-07-17T15:04:06.888Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Starting link monitor...
    2021-07-17T15:04:06.890Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Starting magicsock...
    2021-07-17T15:04:06.892Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Engine created.
    2021-07-17T15:04:06.899Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Listening on /var/run/tailscale/tailscaled.sock
    2021-07-17T15:04:06.952Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 netmap packet filter: (not ready yet)
    2021-07-17T15:04:06.952Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Start
    2021-07-17T15:04:06.953Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 using backend prefs
    2021-07-17T15:04:06.956Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 created empty state for "_daemon": Prefs{ra=true dns=true want=false Persist=nil}
    2021-07-17T15:04:06.956Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 got initial portlist info in 0s
    2021-07-17T15:04:06.956Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 magicsock: disco key = d:95f0a6e02bfcbb80
    2021-07-17T15:04:06.960Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618","OS":"openbsd","Hostname":"innernet-test","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:04:06.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Backend: logs: be:ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618 fe:
    2021-07-17T15:04:06.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 Switching ipn state NoState -> NeedsLogin (WantRunning=false, nm=false)
    2021-07-17T15:04:06.965Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 blockEngineUpdates(true)
    2021-07-17T15:04:06.966Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 wgengine: Reconfig: configuring userspace wireguard config (with 0/0 peers)
    2021-07-17T15:04:06.966Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 wgengine: Reconfig: configuring router
    2021-07-17T15:04:06.966Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 wgengine: Reconfig: configuring DNS
    2021-07-17T15:04:06.966Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[]}
    2021-07-17T15:04:06.967Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 dns: Resolvercfg: {Routes:map[] Hosts:map[] LocalDomains:[]}
    2021-07-17T15:04:06.967Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:04:06.968Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 control: authRoutine: state:new; goal=nil paused=false
    2021-07-17T15:04:06.968Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 control: mapRoutine: state:new
    2021-07-17T15:04:06.968Z innernet-test tailscaled[74184]: 2021/07/17 17:04:06 health("overall"): error: state=NeedsLogin, wantRunning=false
    2021-07-17T15:04:07.267Z innernet-test tailscaled[74184]: 2021/07/17 17:04:07 logtail: dialed "log.tailscale.io:443" in 380ms
    2021-07-17T15:04:17.572Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 Start
    2021-07-17T15:04:17.573Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: client.Shutdown()
    2021-07-17T15:04:17.573Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: client.Shutdown: inSendStatus=0
    2021-07-17T15:04:17.574Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: authRoutine: state:new; goal=nil paused=false
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: context done.
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: state:new
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: quit
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: Client.Shutdown done.
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 using backend prefs
    2021-07-17T15:04:17.575Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 created empty state for "_daemon": Prefs{ra=true dns=true want=false Persist=nil}
    2021-07-17T15:04:17.583Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 generating new machine key
    2021-07-17T15:04:17.586Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 machine key written to store
    2021-07-17T15:04:17.587Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618","OS":"openbsd","Hostname":"innernet-test","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:04:17.588Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 Backend: logs: be:ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618 fe:
    2021-07-17T15:04:17.588Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 Switching ipn state NoState -> NeedsLogin (WantRunning=true, nm=false)
    2021-07-17T15:04:17.590Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 blockEngineUpdates(true)
    2021-07-17T15:04:17.591Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 StartLoginInteractive: url=false
    2021-07-17T15:04:17.591Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: client.Login(false, 2)
    2021-07-17T15:04:17.591Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: authRoutine: state:new; wantLoggedIn=true
    2021-07-17T15:04:17.592Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: direct.TryLogin(token=false, flags=2)
    2021-07-17T15:04:17.592Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: LoginInteractive -> regen=true
    2021-07-17T15:04:17.592Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: doLogin(regen=true, hasUrl=false)
    2021-07-17T15:04:17.595Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: state:authenticating
    2021-07-17T15:04:17.866Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: Generating a new nodekey.
    2021-07-17T15:04:17.867Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: RegisterReq: onode=[AAAAA] node=[QzY2R] fup=false
    2021-07-17T15:04:17.894Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
    2021-07-17T15:04:17.895Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: No AuthURL
    2021-07-17T15:04:17.895Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 blockEngineUpdates(false)
    2021-07-17T15:04:17.896Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:04:17.896Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:04:17.897Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:04:17.897Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: new map needed while idle.
    2021-07-17T15:04:17.897Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 control: mapRoutine: state:authenticated
    2021-07-17T15:04:17.936Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 active login: viqWORKS
    2021-07-17T15:04:17.941Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 netmap packet filter: [[TCP UDP ICMPv4 ICMPv6][0.0.0.0/0,::/0]=>[0.0.0.0/0:*,::/0:*]]
    2021-07-17T15:04:17.948Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:04:17.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 Switching ipn state NeedsLogin -> Starting (WantRunning=true, nm=true)
    2021-07-17T15:04:17.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 magicsock: SetPrivateKey called (init)
    2021-07-17T15:04:17.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 wgengine: Reconfig: configuring userspace wireguard config (with 0/1 peers)
    2021-07-17T15:04:17.961Z innernet-test tailscaled[74184]: 2021/07/17 17:04:17 wgengine: Reconfig: configuring router
    2021-07-17T15:04:18.040Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 wgengine: Reconfig: configuring DNS
    2021-07-17T15:04:18.040Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]]}
    2021-07-17T15:04:18.041Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 dns: Resolvercfg: {Routes:map[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]] LocalDomains:[]}
    2021-07-17T15:04:18.041Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:04:18.045Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 peerapi: serving on http://100.87.15.215:47775
    2021-07-17T15:04:18.054Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 Received error: PollNetMap: EOF
    2021-07-17T15:04:18.058Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618","OS":"openbsd","Hostname":"innernet-test","GoArch":"amd64","Services":[{"Proto":"peerapi4","Port":47775}]}
    2021-07-17T15:04:18.062Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: mapRoutine: backoff: 8 msec
    2021-07-17T15:04:18.075Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: mapRoutine: state:authenticated
    2021-07-17T15:04:18.112Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: mapRoutine: state:authenticated
    2021-07-17T15:04:18.112Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 [RATELIMIT] format("control: mapRoutine: %s")
    2021-07-17T15:04:18.163Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 Received error: PollNetMap: EOF
    2021-07-17T15:04:18.163Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: mapRoutine: backoff: 43 msec
    2021-07-17T15:04:18.244Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 Received error: PollNetMap: EOF
    2021-07-17T15:04:18.245Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: mapRoutine: backoff: 102 msec
    2021-07-17T15:04:18.246Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 magicsock: home is now derp-4 (fra)
    2021-07-17T15:04:18.247Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 magicsock: endpoints changed: 51.75.32.28:53006 (stun), 192.168.135.48:23368 (local)
    2021-07-17T15:04:18.247Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: client.newEndpoints(0, [51.75.32.28:53006 192.168.135.48:23368])
    2021-07-17T15:04:18.249Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:04:18.249Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:04:18.250Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
    2021-07-17T15:04:18.250Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 control: NetInfo: NetInfo{varies=true hairpin=false ipv6=false udp=true derp=#4 portmap= link=""}
    2021-07-17T15:04:18.251Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:04:18.251Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 derphttp.Client.Connect: connecting to derp-4 (fra)
    2021-07-17T15:04:18.330Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:04:18.331Z innernet-test tailscaled[74184]: 2021/07/17 17:04:18 health("overall"): ok
    2021-07-17T15:04:26.910Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=TODO ifs={tun0:[100.87.15.215/32] vio0:[192.168.135.48/24]} v4=true v6=false}
    2021-07-17T15:04:26.910Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 magicsock: closing connection to derp-4 (rebind), age 9s
    2021-07-17T15:04:26.913Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 magicsock: 0 active derp conns
    2021-07-17T15:04:26.918Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:04:26.921Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:04:26.924Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:04:26.925Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 health("overall"): error: not connected to home DERP region 4
    2021-07-17T15:04:26.925Z innernet-test tailscaled[74184]: 2021/07/17 17:04:26 derphttp.Client.Recv: connecting to derp-4 (fra)
    2021-07-17T15:04:27.000Z innernet-test tailscaled[74184]: 2021/07/17 17:04:27 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:04:27.000Z innernet-test tailscaled[74184]: 2021/07/17 17:04:27 health("overall"): ok
    2021-07-17T15:04:27.178Z innernet-test tailscaled[74184]: 2021/07/17 17:04:27 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:05:06.970Z innernet-test tailscaled[74184]: 2021/07/17 17:05:06 health("overall"): error: not in map poll
    2021-07-17T15:06:15.215Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 Received error: PollNetMap: Post "https://headscale.viq.vc/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map": EOF
    2021-07-17T15:06:15.215Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 control: mapRoutine: backoff: 87 msec
    2021-07-17T15:06:15.306Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 [RATELIMIT] format("control: mapRoutine: %s") (2 dropped)
    2021-07-17T15:06:15.306Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 control: mapRoutine: state:authenticated
    2021-07-17T15:06:15.312Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 trying bootstrapDNS("derp9.tailscale.com", "207.148.3.137") for "headscale.viq.vc" ...
    2021-07-17T15:06:15.748Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 trying bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" ...
    2021-07-17T15:06:15.749Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" error: Get "https://derp1.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2604:a880:400:d1::828:b001]:443: connect: no route to host
    2021-07-17T15:06:15.749Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 trying bootstrapDNS("derp8.tailscale.com", "167.71.139.179") for "headscale.viq.vc" ...
    2021-07-17T15:06:15.847Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 trying bootstrapDNS("derp4.tailscale.com", "2a03:b0c0:3:e0::36e:9001") for "headscale.viq.vc" ...
    2021-07-17T15:06:15.848Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 bootstrapDNS("derp4.tailscale.com", "2a03:b0c0:3:e0::36e:9001") for "headscale.viq.vc" error: Get "https://derp4.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2a03:b0c0:3:e0::36e:9001]:443: connect: no route to host
    2021-07-17T15:06:15.848Z innernet-test tailscaled[74184]: 2021/07/17 17:06:15 trying bootstrapDNS("derp7.tailscale.com", "167.179.89.145") for "headscale.viq.vc" ...
    2021-07-17T15:06:16.672Z innernet-test tailscaled[74184]: 2021/07/17 17:06:16 trying bootstrapDNS("derp3.tailscale.com", "2400:6180:0:d1::67d:8001") for "headscale.viq.vc" ...
    2021-07-17T15:06:16.673Z innernet-test tailscaled[74184]: 2021/07/17 17:06:16 bootstrapDNS("derp3.tailscale.com", "2400:6180:0:d1::67d:8001") for "headscale.viq.vc" error: Get "https://derp3.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2400:6180:0:d1::67d:8001]:443: connect: no route to host
    2021-07-17T15:06:16.674Z innernet-test tailscaled[74184]: 2021/07/17 17:06:16 Received error: PollNetMap: Post "https://headscale.viq.vc/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map": dial tcp 51.75.32.29:443: connect: connection refused
    2021-07-17T15:06:16.674Z innernet-test tailscaled[74184]: 2021/07/17 17:06:16 control: mapRoutine: backoff: 366 msec
    2021-07-17T15:06:17.056Z innernet-test tailscaled[74184]: 2021/07/17 17:06:17 control: mapRoutine: state:authenticated
    2021-07-17T15:06:17.064Z innernet-test tailscaled[74184]: 2021/07/17 17:06:17 trying bootstrapDNS("derp10.tailscale.com", "137.220.36.168") for "headscale.viq.vc" ...
    2021-07-17T15:06:17.611Z innernet-test tailscaled[74184]: 2021/07/17 17:06:17 trying bootstrapDNS("derp9.tailscale.com", "2001:19f0:6401:1d9c:5400:2ff:feef:bb82") for "headscale.viq.vc" ...
    2021-07-17T15:06:17.612Z innernet-test tailscaled[74184]: 2021/07/17 17:06:17 bootstrapDNS("derp9.tailscale.com", "2001:19f0:6401:1d9c:5400:2ff:feef:bb82") for "headscale.viq.vc" error: Get "https://derp9.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2001:19f0:6401:1d9c:5400:2ff:feef:bb82]:443: connect: no route to host
    2021-07-17T15:06:17.613Z innernet-test tailscaled[74184]: 2021/07/17 17:06:17 trying bootstrapDNS("derp6.tailscale.com", "68.183.90.120") for "headscale.viq.vc" ...
    2021-07-17T15:06:18.133Z innernet-test tailscaled[74184]: 2021/07/17 17:06:18 trying bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" ...
    2021-07-17T15:06:18.134Z innernet-test tailscaled[74184]: 2021/07/17 17:06:18 bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" error: Get "https://derp1.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2604:a880:400:d1::828:b001]:443: connect: no route to host
    2021-07-17T15:06:18.134Z innernet-test tailscaled[74184]: 2021/07/17 17:06:18 trying bootstrapDNS("derp5.tailscale.com", "103.43.75.49") for "headscale.viq.vc" ...
    2021-07-17T15:06:19.020Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 trying bootstrapDNS("derp10.tailscale.com", "2001:19f0:8001:2d9:5400:2ff:feef:bbb1") for "headscale.viq.vc" ...
    2021-07-17T15:06:19.021Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 bootstrapDNS("derp10.tailscale.com", "2001:19f0:8001:2d9:5400:2ff:feef:bbb1") for "headscale.viq.vc" error: Get "https://derp10.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2001:19f0:8001:2d9:5400:2ff:feef:bbb1]:443: connect: no route to host
    2021-07-17T15:06:19.021Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 Received error: PollNetMap: Post "https://headscale.viq.vc/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map": dial tcp 51.75.32.29:443: connect: connection refused
    2021-07-17T15:06:19.022Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 control: mapRoutine: backoff: 230 msec
    2021-07-17T15:06:19.266Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 control: mapRoutine: state:authenticated
    2021-07-17T15:06:19.269Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 trying bootstrapDNS("derp6.tailscale.com", "68.183.90.120") for "headscale.viq.vc" ...
    2021-07-17T15:06:19.817Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 trying bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "headscale.viq.vc" ...
    2021-07-17T15:06:19.818Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "headscale.viq.vc" error: Get "https://derp7.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2401:c080:1000:467f:5400:2ff:feee:22aa]:443: connect: no route to host
    2021-07-17T15:06:19.818Z innernet-test tailscaled[74184]: 2021/07/17 17:06:19 trying bootstrapDNS("derp9.tailscale.com", "207.148.3.137") for "headscale.viq.vc" ...
    2021-07-17T15:06:20.310Z innernet-test tailscaled[74184]: 2021/07/17 17:06:20 trying bootstrapDNS("derp10.tailscale.com", "2001:19f0:8001:2d9:5400:2ff:feef:bbb1") for "headscale.viq.vc" ...
    2021-07-17T15:06:20.311Z innernet-test tailscaled[74184]: 2021/07/17 17:06:20 bootstrapDNS("derp10.tailscale.com", "2001:19f0:8001:2d9:5400:2ff:feef:bbb1") for "headscale.viq.vc" error: Get "https://derp10.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2001:19f0:8001:2d9:5400:2ff:feef:bbb1]:443: connect: no route to host
    2021-07-17T15:06:20.312Z innernet-test tailscaled[74184]: 2021/07/17 17:06:20 trying bootstrapDNS("derp11.tailscale.com", "18.230.97.74") for "headscale.viq.vc" ...
    2021-07-17T15:06:21.051Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 trying bootstrapDNS("derp6.tailscale.com", "2400:6180:100:d0::982:d001") for "headscale.viq.vc" ...
    2021-07-17T15:06:21.052Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 bootstrapDNS("derp6.tailscale.com", "2400:6180:100:d0::982:d001") for "headscale.viq.vc" error: Get "https://derp6.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2400:6180:100:d0::982:d001]:443: connect: no route to host
    2021-07-17T15:06:21.060Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 Received error: PollNetMap: Post "https://headscale.viq.vc/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map": dial tcp 51.75.32.29:443: connect: connection refused
    2021-07-17T15:06:21.062Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 control: mapRoutine: backoff: 344 msec
    2021-07-17T15:06:21.412Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 control: mapRoutine: state:authenticated
    2021-07-17T15:06:21.417Z innernet-test tailscaled[74184]: 2021/07/17 17:06:21 trying bootstrapDNS("derp5.tailscale.com", "103.43.75.49") for "headscale.viq.vc" ...
    2021-07-17T15:06:22.316Z innernet-test tailscaled[74184]: 2021/07/17 17:06:22 trying bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "headscale.viq.vc" ...
    2021-07-17T15:06:22.316Z innernet-test tailscaled[74184]: 2021/07/17 17:06:22 bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "headscale.viq.vc" error: Get "https://derp7.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2401:c080:1000:467f:5400:2ff:feee:22aa]:443: connect: no route to host
    2021-07-17T15:06:22.317Z innernet-test tailscaled[74184]: 2021/07/17 17:06:22 trying bootstrapDNS("derp7.tailscale.com", "167.179.89.145") for "headscale.viq.vc" ...
    2021-07-17T15:06:23.144Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 trying bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" ...
    2021-07-17T15:06:23.145Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" error: Get "https://derp1.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2604:a880:400:d1::828:b001]:443: connect: no route to host
    2021-07-17T15:06:23.146Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 trying bootstrapDNS("derp11.tailscale.com", "18.230.97.74") for "headscale.viq.vc" ...
    2021-07-17T15:06:23.913Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 trying bootstrapDNS("derp6.tailscale.com", "2400:6180:100:d0::982:d001") for "headscale.viq.vc" ...
    2021-07-17T15:06:23.914Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 bootstrapDNS("derp6.tailscale.com", "2400:6180:100:d0::982:d001") for "headscale.viq.vc" error: Get "https://derp6.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2400:6180:100:d0::982:d001]:443: connect: no route to host
    2021-07-17T15:06:23.915Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 Received error: PollNetMap: Post "https://headscale.viq.vc/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map": dial tcp 51.75.32.29:443: connect: connection refused
    2021-07-17T15:06:23.916Z innernet-test tailscaled[74184]: 2021/07/17 17:06:23 control: mapRoutine: backoff: 901 msec
    2021-07-17T15:06:24.836Z innernet-test tailscaled[74184]: 2021/07/17 17:06:24 control: mapRoutine: state:authenticated
    2021-07-17T15:06:24.840Z innernet-test tailscaled[74184]: 2021/07/17 17:06:24 trying bootstrapDNS("derp7.tailscale.com", "167.179.89.145") for "headscale.viq.vc" ...
    2021-07-17T15:06:25.666Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 trying bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" ...
    2021-07-17T15:06:25.674Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 bootstrapDNS("derp1.tailscale.com", "2604:a880:400:d1::828:b001") for "headscale.viq.vc" error: Get "https://derp1.tailscale.com/bootstrap-dns?q=headscale.viq.vc": dial tcp [2604:a880:400:d1::828:b001]:443: connect: no route to host
    2021-07-17T15:06:25.674Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 trying bootstrapDNS("derp10.tailscale.com", "137.220.36.168") for "headscale.viq.vc" ...
    2021-07-17T15:06:25.787Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 tailscaled got signal terminated; shutting down
    2021-07-17T15:06:25.795Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: client.Shutdown()
    2021-07-17T15:06:25.799Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: client.Shutdown: inSendStatus=0
    2021-07-17T15:06:25.807Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:06:25.807Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 bootstrapDNS("derp10.tailscale.com", "137.220.36.168") for "headscale.viq.vc" error: Get "https://derp10.tailscale.com/bootstrap-dns?q=headscale.viq.vc": context canceled
    2021-07-17T15:06:25.807Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: mapRoutine: state:authenticated
    2021-07-17T15:06:25.807Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: mapRoutine: quit
    2021-07-17T15:06:25.807Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 control: Client.Shutdown done.
    2021-07-17T15:06:25.808Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 magicsock: closing connection to derp-4 (conn-close), age 1m59s
    2021-07-17T15:06:25.809Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 magicsock: 0 active derp conns
    2021-07-17T15:06:25.834Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 external route: down
    2021-07-17T15:06:25.835Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 wgengine status error: engine closing; no status
    2021-07-17T15:06:25.937Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 flushing log.
    2021-07-17T15:06:25.937Z innernet-test tailscaled[74184]: 2021/07/17 17:06:25 logger closing down
    2021-07-17T15:12:27.865Z innernet-test ntpd[57974]: adjusting clock frequency by 0.607733 to 2.555048ppm
    

    At this point daemons were stopped. Situation at this point: tailscale status on innernet-test shows both machines, on headscale shows only itself. headscale -n viqWORKS nodes list shows both machines.

    Part 2

    At this point I'm rotating logs, starting daemons, and will run status and ping

    headscale# tailscale status
    100.99.59.105   headscale            viqWORKS     openbsd -
    100.87.15.215   innernet-test        viqWORKS     openbsd -
    headscale# tailscale ping 100.87.15.215
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    no reply
    headscale# tailscale status             
    100.99.59.105   headscale            viqWORKS     openbsd -
    100.87.15.215   innernet-test        viqWORKS     openbsd active; relay "fra", tx 2960 rx 0
    
    innernet-test# tailscale status 
    100.87.15.215   innernet-test        viqWORKS     openbsd -
    100.99.59.105   headscale            viqWORKS     openbsd active; relay "lhr", tx 4256 rx 5328
    innernet-test# tailscale ping 100.99.59.105
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    timeout waiting for ping reply
    no reply
    innernet-test# tailscale status             
    100.87.15.215   innernet-test        viqWORKS     openbsd -
    100.99.59.105   headscale            viqWORKS     openbsd active; relay "lhr", tx 5140 rx 6512
    

    Logs

    headscale machine

    nginx
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "GET /key HTTP/1.1" 200 64 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839 HTTP/1.1" 200 326 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1776 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.29 - - [17/Jul/2021:17:23:56 +0200] "POST /machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "GET /key HTTP/1.1" 200 64 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317 HTTP/1.1" 200 326 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1769 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:14 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    51.75.32.28 - - [17/Jul/2021:17:24:15 +0200] "POST /machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map HTTP/1.1" 200 1758 "-" "Go-http-client/1.1"
    
    headscale & tailscaled
    2021-07-17T15:22:55.316Z headscale newsyslog[33456]: logfile turned over
    2021-07-17T15:23:56.173Z headscale tailscaled[2483]: 2021/07/17 17:23:56 logtail started
    2021-07-17T15:23:56.190Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Program starting: vdate.20210603, Go 1.16.6: []string{"/usr/local/bin/tailscaled", "-port", "22502"}
    2021-07-17T15:23:56.195Z headscale tailscaled[2483]: 2021/07/17 17:23:56 LogID: 684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573
    2021-07-17T15:23:56.199Z headscale tailscaled[2483]: 2021/07/17 17:23:56 logpolicy: using system state directory "/var/db/tailscale"
    2021-07-17T15:23:56.203Z headscale tailscaled[2483]: 2021/07/17 17:23:56 wgengine.NewUserspaceEngine(tun "tun") ...
    2021-07-17T15:23:56.214Z headscale tailscaled[2483]: 2021/07/17 17:23:56 dns: using dns.directManager
    2021-07-17T15:23:56.228Z headscale tailscaled[2483]: 2021/07/17 17:23:56 link state: interfaces.State{defaultRoute=TODO ifs={vio0:[51.75.32.29/32]} v4=true v6=false}
    2021-07-17T15:23:56.233Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Creating wireguard device...
    2021-07-17T15:23:56.236Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Bringing wireguard device up...
    2021-07-17T15:23:56.239Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Bringing router up...
    2021-07-17T15:23:56.261Z headscale tailscaled[2483]: 2021/07/17 17:23:56 external route: up
    2021-07-17T15:23:56.266Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Clearing router settings...
    2021-07-17T15:23:56.271Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Starting link monitor...
    2021-07-17T15:23:56.274Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Starting magicsock...
    2021-07-17T15:23:56.279Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Engine created.
    2021-07-17T15:23:56.287Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Listening on /var/run/tailscale/tailscaled.sock
    2021-07-17T15:23:56.320Z headscale tailscaled[2483]: 2021/07/17 17:23:56 netmap packet filter: (not ready yet)
    2021-07-17T15:23:56.324Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Start
    2021-07-17T15:23:56.328Z headscale tailscaled[2483]: 2021/07/17 17:23:56 using backend prefs
    2021-07-17T15:23:56.331Z headscale tailscaled[2483]: 2021/07/17 17:23:56 backend prefs for "_daemon": Prefs{ra=false dns=true want=true url="https://headscale.viq.vc" Persist{lm=, o=, n=[WwgZK] u=""}}
    2021-07-17T15:23:56.401Z headscale tailscaled[2483]: 2021/07/17 17:23:56 got initial portlist info in 2ms
    2021-07-17T15:23:56.406Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: disco key = d:d52bb11973f8889b
    2021-07-17T15:23:56.410Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573","OS":"openbsd","Hostname":"headscale","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":80},{"Proto":"tcp","Port":443},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:23:56.418Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Backend: logs: be:684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573 fe:
    2021-07-17T15:23:56.427Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: client.Login(false, 0)
    2021-07-17T15:23:56.434Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: authRoutine: state:new; wantLoggedIn=true
    2021-07-17T15:23:56.440Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: direct.TryLogin(token=false, flags=0)
    2021-07-17T15:23:56.446Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: doLogin(regen=false, hasUrl=false)
    2021-07-17T15:23:56.450Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: state:authenticating
    2021-07-17T15:23:56.491Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |       69.22\M-B\M-5s |     51.75.32.29 | GET      "/key"
    2021-07-17T15:23:56.499Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: RegisterReq: onode=[AAAAA] node=[WwgZK] fup=false
    2021-07-17T15:23:56.511Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] Client is registered and we have the current NodeKey. All clear to /map
    2021-07-17T15:23:56.516Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |    9.532241ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839"
    2021-07-17T15:23:56.525Z headscale tailscaled[2483]: 2021/07/17 17:23:56 logtail: dialed "log.tailscale.io:443" in 294ms
    2021-07-17T15:23:56.531Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
    2021-07-17T15:23:56.544Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: No AuthURL
    2021-07-17T15:23:56.555Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:23:56.559Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:23:56.559Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |   19.689704ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:23:56.571Z headscale tailscaled[2483]: 2021/07/17 17:23:56 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:23:56.579Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:23:56.587Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: new map needed while idle.
    2021-07-17T15:23:56.597Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: state:authenticated
    2021-07-17T15:23:56.602Z headscale tailscaled[2483]: 2021/07/17 17:23:56 active login: viqWORKS
    2021-07-17T15:23:56.611Z headscale tailscaled[2483]: 2021/07/17 17:23:56 netmap packet filter: [[TCP UDP ICMPv4 ICMPv6][0.0.0.0/0,::/0]=>[0.0.0.0/0:*,::/0:*]]
    2021-07-17T15:23:56.624Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Switching ipn state NoState -> Starting (WantRunning=true, nm=true)
    2021-07-17T15:23:56.630Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: SetPrivateKey called (init)
    2021-07-17T15:23:56.635Z headscale tailscaled[2483]: 2021/07/17 17:23:56 wgengine: Reconfig: configuring userspace wireguard config (with 0/1 peers)
    2021-07-17T15:23:56.639Z headscale tailscaled[2483]: 2021/07/17 17:23:56 wgengine: Reconfig: configuring router
    2021-07-17T15:23:56.643Z headscale tailscaled[2483]: 2021/07/17 17:23:56 health("overall"): error: state=Starting, wantRunning=true
    2021-07-17T15:23:56.647Z headscale tailscaled[2483]: 2021/07/17 17:23:56 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:23:56.674Z headscale tailscaled[2483]: 2021/07/17 17:23:56 wgengine: Reconfig: configuring DNS
    2021-07-17T15:23:56.679Z headscale tailscaled[2483]: 2021/07/17 17:23:56 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]]}
    2021-07-17T15:23:56.686Z headscale tailscaled[2483]: 2021/07/17 17:23:56 dns: Resolvercfg: {Routes:map[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]] LocalDomains:[]}
    2021-07-17T15:23:56.690Z headscale tailscaled[2483]: 2021/07/17 17:23:56 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:23:56.695Z headscale tailscaled[2483]: 2021/07/17 17:23:56 peerapi: serving on http://100.99.59.105:39599
    2021-07-17T15:23:56.702Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Received error: PollNetMap: EOF
    2021-07-17T15:23:56.708Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: backoff: 10 msec
    2021-07-17T15:23:56.714Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"684e0fca0c5f487084b120b5dbe9bd2711ccffd8987b1fd88ed91205a4e2b573","OS":"openbsd","Hostname":"headscale","GoArch":"amd64","Services":[{"Proto":"peerapi4","Port":39599}]}
    2021-07-17T15:23:56.730Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: state:authenticated
    2021-07-17T15:23:56.754Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:23:56.759Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:23:56.759Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |   18.575769ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:23:56.813Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: state:authenticated
    2021-07-17T15:23:56.829Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:23:56.831Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:23:56.831Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |   10.318743ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:23:56.861Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Received error: PollNetMap: EOF
    2021-07-17T15:23:56.866Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: backoff: 27 msec
    2021-07-17T15:23:56.910Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: state:authenticated
    2021-07-17T15:23:56.922Z headscale tailscaled[2483]: 2021/07/17 17:23:56 [RATELIMIT] format("control: mapRoutine: %s")
    2021-07-17T15:23:56.936Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:23:56.939Z headscale headscale[61967]: 2021/07/17 17:23:56 [headscale] Client is starting up. Asking for DERP map
    2021-07-17T15:23:56.939Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:23:56 | 200 |   21.678717ms |     51.75.32.29 | POST     "/machine/8c9e29df0f628d41d480e8951331f1d5d621b47d3019214e3db0c1eac661f839/map"
    2021-07-17T15:23:56.958Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Received error: PollNetMap: EOF
    2021-07-17T15:23:56.964Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: mapRoutine: backoff: 58 msec
    2021-07-17T15:23:56.968Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: home is now derp-8 (lhr)
    2021-07-17T15:23:56.972Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: endpoints changed: 51.75.32.29:22502 (stun)
    2021-07-17T15:23:56.976Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: client.newEndpoints(0, [51.75.32.29:22502])
    2021-07-17T15:23:56.981Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: adding connection to derp-8 for home-keep-alive
    2021-07-17T15:23:56.984Z headscale tailscaled[2483]: 2021/07/17 17:23:56 magicsock: 1 active derp conns: derp-8=cr0s,wr0s
    2021-07-17T15:23:56.988Z headscale tailscaled[2483]: 2021/07/17 17:23:56 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
    2021-07-17T15:23:56.990Z headscale tailscaled[2483]: 2021/07/17 17:23:56 control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false udp=true derp=#8 portmap= link=""}
    2021-07-17T15:23:56.992Z headscale tailscaled[2483]: 2021/07/17 17:23:56 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:23:56.995Z headscale tailscaled[2483]: 2021/07/17 17:23:56 derphttp.Client.Connect: connecting to derp-8 (lhr)
    2021-07-17T15:23:57.037Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] ReadOnly=false   OmitPeers=false    Stream=true
    2021-07-17T15:23:57.043Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Client is ready to access the tailnet
    2021-07-17T15:23:57.043Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Sending initial map
    2021-07-17T15:23:57.043Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Notifying peers
    2021-07-17T15:23:57.049Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Peer innernet-test does not appear to be polling
    2021-07-17T15:23:57.050Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Sending data (1833 bytes)
    2021-07-17T15:23:57.066Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Sending keepalive
    2021-07-17T15:23:57.080Z headscale headscale[61967]: 2021/07/17 17:23:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:23:57.109Z headscale tailscaled[2483]: 2021/07/17 17:23:57 magicsock: home is now derp-4 (fra)
    2021-07-17T15:23:57.111Z headscale tailscaled[2483]: 2021/07/17 17:23:57 control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false udp=true derp=#4 portmap= link=""}
    2021-07-17T15:23:57.115Z headscale tailscaled[2483]: 2021/07/17 17:23:57 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:23:57.120Z headscale tailscaled[2483]: 2021/07/17 17:23:57 magicsock: 2 active derp conns: derp-4=cr0s,wr0s derp-8=cr143ms,wr143ms
    2021-07-17T15:23:57.122Z headscale tailscaled[2483]: 2021/07/17 17:23:57 derphttp.Client.Recv: connecting to derp-4 (fra)
    2021-07-17T15:23:57.150Z headscale tailscaled[2483]: 2021/07/17 17:23:57 magicsock: derp-8 connected; connGen=1
    2021-07-17T15:23:57.206Z headscale tailscaled[2483]: 2021/07/17 17:23:57 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:23:57.209Z headscale tailscaled[2483]: 2021/07/17 17:23:57 health("overall"): ok
    2021-07-17T15:24:06.314Z headscale tailscaled[2483]: 2021/07/17 17:24:06 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=TODO ifs={tun0:[100.99.59.105/32] vio0:[51.75.32.29/32]} v4=true v6=false}
    2021-07-17T15:24:06.331Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: closing connection to derp-8 (rebind), age 9s
    2021-07-17T15:24:06.343Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: closing connection to derp-4 (rebind), age 9s
    2021-07-17T15:24:06.343Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: 0 active derp conns
    2021-07-17T15:24:06.354Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:24:06.355Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:24:06.356Z headscale tailscaled[2483]: 2021/07/17 17:24:06 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:06.356Z headscale tailscaled[2483]: 2021/07/17 17:24:06 health("overall"): error: not connected to home DERP region 4
    2021-07-17T15:24:06.356Z headscale tailscaled[2483]: 2021/07/17 17:24:06 derphttp.Client.Recv: connecting to derp-4 (fra)
    2021-07-17T15:24:06.428Z headscale tailscaled[2483]: 2021/07/17 17:24:06 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:24:06.430Z headscale tailscaled[2483]: 2021/07/17 17:24:06 health("overall"): ok
    2021-07-17T15:24:06.573Z headscale tailscaled[2483]: 2021/07/17 17:24:06 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:14.579Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |        66.5\M-B\M-5s |     51.75.32.28 | GET      "/key"
    2021-07-17T15:24:14.596Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] Client is registered and we have the current NodeKey. All clear to /map
    2021-07-17T15:24:14.601Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |   10.785271ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317"
    2021-07-17T15:24:14.629Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:24:14.635Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:24:14.635Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |   17.089359ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:24:14.859Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:24:14.863Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:24:14.863Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |   19.440787ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:24:14.886Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:24:14.889Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:24:14.889Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |    11.74931ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:24:14.964Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:24:14.968Z headscale headscale[61967]: 2021/07/17 17:24:14 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:24:14.968Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:14 | 200 |   15.699249ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:24:15.085Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] ReadOnly=true   OmitPeers=false    Stream=true
    2021-07-17T15:24:15.091Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Client is starting up. Asking for DERP map
    2021-07-17T15:24:15.091Z headscale headscale[61967]: [GIN] 2021/07/17 - 17:24:15 | 200 |   15.791005ms |     51.75.32.28 | POST     "/machine/6594a17c9e61cd05571e10493228fe16277608228fa94b5f72764840333d8317/map"
    2021-07-17T15:24:15.117Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] ReadOnly=false   OmitPeers=false    Stream=true
    2021-07-17T15:24:15.122Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Client is ready to access the tailnet
    2021-07-17T15:24:15.122Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Sending initial map
    2021-07-17T15:24:15.122Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Notifying peers
    2021-07-17T15:24:15.125Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Notifying peer headscale (100.99.59.105/32)
    2021-07-17T15:24:15.130Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Sending data (1835 bytes)
    2021-07-17T15:24:15.138Z headscale headscale[61967]: 2021/07/17 17:24:15 [headscale] Received a request for update
    2021-07-17T15:24:15.148Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Sending keepalive
    2021-07-17T15:24:15.159Z headscale headscale[61967]: 2021/07/17 17:24:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:24:34.511Z headscale tailscaled[2483]: 2021/07/17 17:24:34 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:24:34.519Z headscale tailscaled[2483]: 2021/07/17 17:24:34 wgengine: idle peer d:95f0a6e02bfcbb80 now active, reconfiguring wireguard
    2021-07-17T15:24:34.519Z headscale tailscaled[2483]: 2021/07/17 17:24:34 wgengine: Reconfig: configuring userspace wireguard config (with 1/1 peers)
    2021-07-17T15:24:34.519Z headscale tailscaled[2483]: 2021/07/17 17:24:34 magicsock: ParseEndpoint: key=[QzY2R]: disco=d:95f0a6e02bfcbb80 ipps=
    2021-07-17T15:24:34.536Z headscale tailscaled[2483]: 2021/07/17 17:24:34 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:24:34.541Z headscale tailscaled[2483]: 2021/07/17 17:24:34 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:34.654Z headscale tailscaled[2483]: 2021/07/17 17:24:34 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:24:39.532Z headscale tailscaled[2483]: 2021/07/17 17:24:39 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:24:44.535Z headscale tailscaled[2483]: 2021/07/17 17:24:44 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:24:49.547Z headscale tailscaled[2483]: 2021/07/17 17:24:49 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:24:54.556Z headscale tailscaled[2483]: 2021/07/17 17:24:54 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:24:56.339Z headscale tailscaled[2483]: 2021/07/17 17:24:56 health("overall"): error: not in map poll
    2021-07-17T15:24:57.081Z headscale headscale[61967]: 2021/07/17 17:24:57 [headscale] Sending keepalive
    2021-07-17T15:24:57.085Z headscale headscale[61967]: 2021/07/17 17:24:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:24:59.565Z headscale tailscaled[2483]: 2021/07/17 17:24:59 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:25:04.577Z headscale tailscaled[2483]: 2021/07/17 17:25:04 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:25:05.353Z headscale tailscaled[2483]: 2021/07/17 17:25:05 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:25:05.360Z headscale tailscaled[2483]: 2021/07/17 17:25:05 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:25:05.473Z headscale tailscaled[2483]: 2021/07/17 17:25:05 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:25:09.604Z headscale tailscaled[2483]: 2021/07/17 17:25:09 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:25:14.623Z headscale tailscaled[2483]: 2021/07/17 17:25:14 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:25:15.166Z headscale headscale[61967]: 2021/07/17 17:25:15 [innernet-test] Sending keepalive
    2021-07-17T15:25:15.173Z headscale headscale[61967]: 2021/07/17 17:25:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:25:19.635Z headscale tailscaled[2483]: 2021/07/17 17:25:19 ping(100.87.15.215): sending disco ping to [QzY2R] innernet-test ...
    2021-07-17T15:25:35.983Z headscale tailscaled[2483]: 2021/07/17 17:25:35 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:25:35.988Z headscale tailscaled[2483]: 2021/07/17 17:25:35 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:25:36.095Z headscale tailscaled[2483]: 2021/07/17 17:25:36 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:25:57.091Z headscale headscale[61967]: 2021/07/17 17:25:57 [headscale] Sending keepalive
    2021-07-17T15:25:57.095Z headscale headscale[61967]: 2021/07/17 17:25:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:26:06.584Z headscale tailscaled[2483]: 2021/07/17 17:26:06 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:26:06.589Z headscale tailscaled[2483]: 2021/07/17 17:26:06 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:26:06.696Z headscale tailscaled[2483]: 2021/07/17 17:26:06 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:26:15.186Z headscale headscale[61967]: 2021/07/17 17:26:15 [innernet-test] Sending keepalive
    2021-07-17T15:26:15.192Z headscale headscale[61967]: 2021/07/17 17:26:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:26:35.170Z headscale tailscaled[2483]: 2021/07/17 17:26:35 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:26:35.179Z headscale tailscaled[2483]: 2021/07/17 17:26:35 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:26:35.280Z headscale tailscaled[2483]: 2021/07/17 17:26:35 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:26:57.101Z headscale headscale[61967]: 2021/07/17 17:26:57 [headscale] Sending keepalive
    2021-07-17T15:26:57.104Z headscale headscale[61967]: 2021/07/17 17:26:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:27:07.302Z headscale tailscaled[2483]: 2021/07/17 17:27:07 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:27:07.306Z headscale tailscaled[2483]: 2021/07/17 17:27:07 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:27:07.412Z headscale tailscaled[2483]: 2021/07/17 17:27:07 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:27:15.206Z headscale headscale[61967]: 2021/07/17 17:27:15 [innernet-test] Sending keepalive
    2021-07-17T15:27:15.211Z headscale headscale[61967]: 2021/07/17 17:27:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:27:38.782Z headscale tailscaled[2483]: 2021/07/17 17:27:38 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:27:38.786Z headscale tailscaled[2483]: 2021/07/17 17:27:38 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:27:38.893Z headscale tailscaled[2483]: 2021/07/17 17:27:38 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:27:57.121Z headscale headscale[61967]: 2021/07/17 17:27:57 [headscale] Sending keepalive
    2021-07-17T15:27:57.123Z headscale headscale[61967]: 2021/07/17 17:27:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:28:09.582Z headscale tailscaled[2483]: 2021/07/17 17:28:09 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:28:09.587Z headscale tailscaled[2483]: 2021/07/17 17:28:09 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:28:09.693Z headscale tailscaled[2483]: 2021/07/17 17:28:09 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:28:15.226Z headscale headscale[61967]: 2021/07/17 17:28:15 [innernet-test] Sending keepalive
    2021-07-17T15:28:15.231Z headscale headscale[61967]: 2021/07/17 17:28:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:28:37.820Z headscale tailscaled[2483]: 2021/07/17 17:28:37 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:28:37.829Z headscale tailscaled[2483]: 2021/07/17 17:28:37 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:28:37.932Z headscale tailscaled[2483]: 2021/07/17 17:28:37 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:28:57.131Z headscale headscale[61967]: 2021/07/17 17:28:57 [headscale] Sending keepalive
    2021-07-17T15:28:57.133Z headscale headscale[61967]: 2021/07/17 17:28:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:29:05.593Z headscale tailscaled[2483]: 2021/07/17 17:29:05 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:29:05.598Z headscale tailscaled[2483]: 2021/07/17 17:29:05 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:29:05.892Z headscale tailscaled[2483]: 2021/07/17 17:29:05 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:29:05.895Z headscale tailscaled[2483]: 2021/07/17 17:29:05 control: NetInfo: NetInfo{varies=false hairpin=true ipv6=false udp=true derp=#4 portmap= link=""}
    2021-07-17T15:29:15.249Z headscale headscale[61967]: 2021/07/17 17:29:15 [innernet-test] Sending keepalive
    2021-07-17T15:29:15.256Z headscale headscale[61967]: 2021/07/17 17:29:15 [innernet-test] Sending data (75 bytes)
    2021-07-17T15:29:36.412Z headscale tailscaled[2483]: 2021/07/17 17:29:36 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:29:36.416Z headscale tailscaled[2483]: 2021/07/17 17:29:36 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:29:36.523Z headscale tailscaled[2483]: 2021/07/17 17:29:36 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:29:57.141Z headscale headscale[61967]: 2021/07/17 17:29:57 [headscale] Sending keepalive
    2021-07-17T15:29:57.144Z headscale headscale[61967]: 2021/07/17 17:29:57 [headscale] Sending data (75 bytes)
    2021-07-17T15:30:07.232Z headscale tailscaled[2483]: 2021/07/17 17:30:07 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:30:07.235Z headscale tailscaled[2483]: 2021/07/17 17:30:07 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:30:07.347Z headscale tailscaled[2483]: 2021/07/17 17:30:07 magicsock: STUN done; sending call-me-maybe to d:95f0a6e02bfcbb80 [QzY2R]
    2021-07-17T15:30:15.265Z headscale headscale[61967]: 2021/07/17 17:30:15 [innernet-test] Sending keepalive
    2021-07-17T15:30:15.270Z headscale headscale[61967]: 2021/07/17 17:30:15 [innernet-test] Sending data (75 bytes)
    

    innernet-test

    tailscaled
    2021-07-17T15:24:14.050Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 logtail started
    2021-07-17T15:24:14.072Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Program starting: vdate.20210603, Go 1.16.6: []string{"/usr/local/bin/tailscaled"}
    2021-07-17T15:24:14.074Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 LogID: ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618
    2021-07-17T15:24:14.077Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 logpolicy: using system state directory "/var/db/tailscale"
    2021-07-17T15:24:14.082Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 wgengine.NewUserspaceEngine(tun "tun") ...
    2021-07-17T15:24:14.087Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 dns: using dns.directManager
    2021-07-17T15:24:14.089Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 link state: interfaces.State{defaultRoute=TODO ifs={vio0:[192.168.135.48/24]} v4=true v6=false}
    2021-07-17T15:24:14.094Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Creating wireguard device...
    2021-07-17T15:24:14.101Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Bringing wireguard device up...
    2021-07-17T15:24:14.104Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Bringing router up...
    2021-07-17T15:24:14.132Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 external route: up
    2021-07-17T15:24:14.136Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Clearing router settings...
    2021-07-17T15:24:14.138Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Starting link monitor...
    2021-07-17T15:24:14.141Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Starting magicsock...
    2021-07-17T15:24:14.143Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Engine created.
    2021-07-17T15:24:14.152Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Listening on /var/run/tailscale/tailscaled.sock
    2021-07-17T15:24:14.181Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 netmap packet filter: (not ready yet)
    2021-07-17T15:24:14.183Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Start
    2021-07-17T15:24:14.185Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 using backend prefs
    2021-07-17T15:24:14.186Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 backend prefs for "_daemon": Prefs{ra=false dns=true want=true url="https://headscale.viq.vc" Persist{lm=, o=, n=[QzY2R] u=""}}
    2021-07-17T15:24:14.186Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 got initial portlist info in 0s
    2021-07-17T15:24:14.189Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 magicsock: disco key = d:4ee08d2740640e2e
    2021-07-17T15:24:14.190Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618","OS":"openbsd","Hostname":"innernet-test","GoArch":"amd64","Services":[{"Proto":"tcp","Port":22},{"Proto":"tcp","Port":25},{"Proto":"tcp","Port":8000}]}
    2021-07-17T15:24:14.190Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Backend: logs: be:ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618 fe:
    2021-07-17T15:24:14.191Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: client.Login(false, 0)
    2021-07-17T15:24:14.191Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: authRoutine: state:new; wantLoggedIn=true
    2021-07-17T15:24:14.199Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: direct.TryLogin(token=false, flags=0)
    2021-07-17T15:24:14.200Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: doLogin(regen=false, hasUrl=false)
    2021-07-17T15:24:14.200Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: state:authenticating
    2021-07-17T15:24:14.445Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 logtail: dialed "log.tailscale.io:443" in 371ms
    2021-07-17T15:24:14.587Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: RegisterReq: onode=[AAAAA] node=[QzY2R] fup=false
    2021-07-17T15:24:14.608Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
    2021-07-17T15:24:14.608Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: No AuthURL
    2021-07-17T15:24:14.609Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 authReconfig: netmap not yet valid. Skipping.
    2021-07-17T15:24:14.609Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: authRoutine: state:authenticated; goal=nil paused=false
    2021-07-17T15:24:14.613Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: new map needed while idle.
    2021-07-17T15:24:14.613Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: state:authenticated
    2021-07-17T15:24:14.653Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 active login: viqWORKS
    2021-07-17T15:24:14.664Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 netmap packet filter: [[TCP UDP ICMPv4 ICMPv6][0.0.0.0/0,::/0]=>[0.0.0.0/0:*,::/0:*]]
    2021-07-17T15:24:14.675Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Switching ipn state NoState -> Starting (WantRunning=true, nm=true)
    2021-07-17T15:24:14.675Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 magicsock: SetPrivateKey called (init)
    2021-07-17T15:24:14.675Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 wgengine: Reconfig: configuring userspace wireguard config (with 0/1 peers)
    2021-07-17T15:24:14.675Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 wgengine: Reconfig: configuring router
    2021-07-17T15:24:14.719Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 health("overall"): error: state=Starting, wantRunning=true
    2021-07-17T15:24:14.739Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:14.803Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 wgengine: Reconfig: configuring DNS
    2021-07-17T15:24:14.803Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 dns: Set: {DefaultResolvers:[] Routes:map[] SearchDomains:[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]]}
    2021-07-17T15:24:14.807Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 dns: Resolvercfg: {Routes:map[] Hosts:map[headscale.:[100.99.59.105] innernet-test.:[100.87.15.215]] LocalDomains:[]}
    2021-07-17T15:24:14.810Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
    2021-07-17T15:24:14.810Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 peerapi: serving on http://100.87.15.215:47775
    2021-07-17T15:24:14.814Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Received error: PollNetMap: EOF
    2021-07-17T15:24:14.816Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: backoff: 14 msec
    2021-07-17T15:24:14.820Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: HostInfo: {"IPNVersion":"date.20210603","BackendLogID":"ee6414f1b608db52193ac3e35f185522bc0ce6528ee16a49bab8c6a8c2060618","OS":"openbsd","Hostname":"innernet-test","GoArch":"amd64","Services":[{"Proto":"peerapi4","Port":47775}]}
    2021-07-17T15:24:14.839Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: state:authenticated
    2021-07-17T15:24:14.872Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: state:authenticated
    2021-07-17T15:24:14.899Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Received error: PollNetMap: EOF
    2021-07-17T15:24:14.901Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: backoff: 34 msec
    2021-07-17T15:24:14.944Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: state:authenticated
    2021-07-17T15:24:14.945Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 [RATELIMIT] format("control: mapRoutine: %s")
    2021-07-17T15:24:14.979Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 Received error: PollNetMap: EOF
    2021-07-17T15:24:14.979Z innernet-test tailscaled[56712]: 2021/07/17 17:24:14 control: mapRoutine: backoff: 82 msec
    2021-07-17T15:24:15.080Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: home is now derp-4 (fra)
    2021-07-17T15:24:15.081Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: endpoints changed: 51.75.32.28:57997 (stun), 192.168.135.48:22735 (local)
    2021-07-17T15:24:15.082Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 control: client.newEndpoints(0, [51.75.32.28:57997 192.168.135.48:22735])
    2021-07-17T15:24:15.084Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:24:15.084Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:24:15.092Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
    2021-07-17T15:24:15.093Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 control: NetInfo: NetInfo{varies=true hairpin=false ipv6=false udp=true derp=#4 portmap= link=""}
    2021-07-17T15:24:15.102Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:15.102Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 derphttp.Client.Connect: connecting to derp-4 (fra)
    2021-07-17T15:24:15.165Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:24:15.165Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 health("overall"): ok
    2021-07-17T15:24:15.211Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 magicsock: endpoints changed: 51.75.32.28:61715 (stun), 192.168.135.48:22735 (local)
    2021-07-17T15:24:15.211Z innernet-test tailscaled[56712]: 2021/07/17 17:24:15 control: client.newEndpoints(0, [51.75.32.28:61715 192.168.135.48:22735])
    2021-07-17T15:24:24.163Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=TODO ifs={tun0:[100.87.15.215/32] vio0:[192.168.135.48/24]} v4=true v6=false}
    2021-07-17T15:24:24.164Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 magicsock: closing connection to derp-4 (rebind), age 9s
    2021-07-17T15:24:24.164Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 magicsock: 0 active derp conns
    2021-07-17T15:24:24.171Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 magicsock: adding connection to derp-4 for home-keep-alive
    2021-07-17T15:24:24.171Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
    2021-07-17T15:24:24.172Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:24.172Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 health("overall"): error: not connected to home DERP region 4
    2021-07-17T15:24:24.173Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 derphttp.Client.Recv: connecting to derp-4 (fra)
    2021-07-17T15:24:24.258Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 magicsock: derp-4 connected; connGen=1
    2021-07-17T15:24:24.258Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 health("overall"): ok
    2021-07-17T15:24:24.423Z innernet-test tailscaled[56712]: 2021/07/17 17:24:24 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:34.561Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 health("overall"): error: not in map poll
    2021-07-17T15:24:34.561Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 wgengine: idle peer d:d52bb11973f8889b now active, reconfiguring wireguard
    2021-07-17T15:24:34.563Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 wgengine: Reconfig: configuring userspace wireguard config (with 1/1 peers)
    2021-07-17T15:24:34.574Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 magicsock: ParseEndpoint: key=[WwgZK]: disco=d:d52bb11973f8889b ipps=
    2021-07-17T15:24:34.585Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 magicsock: adding connection to derp-8 for [WwgZK]
    2021-07-17T15:24:34.592Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 magicsock: 2 active derp conns: derp-4=cr10s,wr10s derp-8=cr0s,wr0s
    2021-07-17T15:24:34.596Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 magicsock: DERP packet received from idle peer [WwgZK]; created=true
    2021-07-17T15:24:34.600Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 derphttp.Client.Recv: connecting to derp-8 (lhr)
    2021-07-17T15:24:34.722Z innernet-test tailscaled[56712]: 2021/07/17 17:24:34 magicsock: derp-8 connected; connGen=1
    2021-07-17T15:24:55.224Z innernet-test tailscaled[56712]: 2021/07/17 17:24:55 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:24:55.226Z innernet-test tailscaled[56712]: 2021/07/17 17:24:55 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:24:55.336Z innernet-test tailscaled[56712]: 2021/07/17 17:24:55 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:25:25.673Z innernet-test tailscaled[56712]: 2021/07/17 17:25:25 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:25:25.675Z innernet-test tailscaled[56712]: 2021/07/17 17:25:25 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:25:25.784Z innernet-test tailscaled[56712]: 2021/07/17 17:25:25 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:25:56.512Z innernet-test tailscaled[56712]: 2021/07/17 17:25:56 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:25:56.514Z innernet-test tailscaled[56712]: 2021/07/17 17:25:56 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:25:56.624Z innernet-test tailscaled[56712]: 2021/07/17 17:25:56 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:26:29.231Z innernet-test tailscaled[56712]: 2021/07/17 17:26:29 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:26:29.237Z innernet-test tailscaled[56712]: 2021/07/17 17:26:29 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:26:29.342Z innernet-test tailscaled[56712]: 2021/07/17 17:26:29 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:26:46.745Z innernet-test tailscaled[56712]: 2021/07/17 17:26:46 [WwgZK] - Failed to create response message: handshake initiation must be consumed first
    2021-07-17T15:26:57.093Z innernet-test tailscaled[56712]: 2021/07/17 17:26:57 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:26:57.097Z innernet-test tailscaled[56712]: 2021/07/17 17:26:57 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:26:57.209Z innernet-test tailscaled[56712]: 2021/07/17 17:26:57 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:27:28.405Z innernet-test tailscaled[56712]: 2021/07/17 17:27:28 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:27:28.407Z innernet-test tailscaled[56712]: 2021/07/17 17:27:28 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:27:28.517Z innernet-test tailscaled[56712]: 2021/07/17 17:27:28 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:27:59.395Z innernet-test tailscaled[56712]: 2021/07/17 17:27:59 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:27:59.397Z innernet-test tailscaled[56712]: 2021/07/17 17:27:59 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:27:59.506Z innernet-test tailscaled[56712]: 2021/07/17 17:27:59 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:28:01.999Z innernet-test tailscaled[56712]: 2021/07/17 17:28:01 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:07.023Z innernet-test tailscaled[56712]: 2021/07/17 17:28:07 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:12.031Z innernet-test tailscaled[56712]: 2021/07/17 17:28:12 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:17.042Z innernet-test tailscaled[56712]: 2021/07/17 17:28:17 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:22.062Z innernet-test tailscaled[56712]: 2021/07/17 17:28:22 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:27.082Z innernet-test tailscaled[56712]: 2021/07/17 17:28:27 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:32.020Z innernet-test tailscaled[56712]: 2021/07/17 17:28:32 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:28:32.027Z innernet-test tailscaled[56712]: 2021/07/17 17:28:32 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:28:32.101Z innernet-test tailscaled[56712]: 2021/07/17 17:28:32 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:32.133Z innernet-test tailscaled[56712]: 2021/07/17 17:28:32 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:28:37.112Z innernet-test tailscaled[56712]: 2021/07/17 17:28:37 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:42.121Z innernet-test tailscaled[56712]: 2021/07/17 17:28:42 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:28:47.143Z innernet-test tailscaled[56712]: 2021/07/17 17:28:47 ping(100.99.59.105): sending disco ping to [WwgZK] headscale ...
    2021-07-17T15:29:00.440Z innernet-test tailscaled[56712]: 2021/07/17 17:29:00 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:29:00.442Z innernet-test tailscaled[56712]: 2021/07/17 17:29:00 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:29:00.555Z innernet-test tailscaled[56712]: 2021/07/17 17:29:00 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:29:31.404Z innernet-test tailscaled[56712]: 2021/07/17 17:29:31 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:29:31.406Z innernet-test tailscaled[56712]: 2021/07/17 17:29:31 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:29:31.711Z innernet-test tailscaled[56712]: 2021/07/17 17:29:31 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:30:02.153Z innernet-test tailscaled[56712]: 2021/07/17 17:30:02 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:30:02.155Z innernet-test tailscaled[56712]: 2021/07/17 17:30:02 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:30:02.302Z innernet-test tailscaled[56712]: 2021/07/17 17:30:02 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:30:30.730Z innernet-test tailscaled[56712]: 2021/07/17 17:30:30 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:30:30.738Z innernet-test tailscaled[56712]: 2021/07/17 17:30:30 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:30:30.850Z innernet-test tailscaled[56712]: 2021/07/17 17:30:30 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    2021-07-17T15:30:58.208Z innernet-test tailscaled[56712]: 2021/07/17 17:30:58 magicsock: want call-me-maybe but endpoints stale; restunning
    2021-07-17T15:30:58.210Z innernet-test tailscaled[56712]: 2021/07/17 17:30:58 netcheck: probePortMapServices: failed to look up gateway address
    2021-07-17T15:30:58.324Z innernet-test tailscaled[56712]: 2021/07/17 17:30:58 magicsock: STUN done; sending call-me-maybe to d:d52bb11973f8889b [WwgZK]
    
    opened by viq 22
  • Mobile clients

    Mobile clients

    Tailscale has clients for linux, Windows, macOS, Android and iOS. Linux, Windows and macOS can be told to connect to a headscale server. I'm not aware of a way to do that on Android or iOS.

    Can the (open source) android client be compiled with another server or be patched to allow server selection? What about iOS?

    opened by ptman 21
  • Support for IPv6 prefixes in namespaces

    Support for IPv6 prefixes in namespaces

    I'm sending an MR to initiate a discussion about this initial implementation.

    I have found that specifying an IPv6 prefix for ip_prefix caused the Headscale server to crash, because getAvailableIP assumed an IPv4 address by calling As4().

    While I was at it, I also tidied up address generation a bit, because the comment within was inaccurate (a network/broadcast address is one where the host parts of the address are all zero/one bits, not ones that end with eights consecutive zero/one bits), and if I interpret the netaddr API reference correctly, IsZero() and IsLoopback() should never return true for the same address, so I assume the use of && probably had been a typo here.

    I also found that machine.go also assumed an IPv4 representation and sent /32 routes to nodes, which tailscaled refused to use, even though tailscale ping managed to resolve the correct destination node.

    These changes were enough to ICMPv6 ping working both against namespace addresses, as well as advertised IPv6 routes. As far as I can see, the changes did not break any of the established tests that use IPv4, but I have not yet added any IPv6 specific test coverage - If I read the code correctly, there is a single unit under test preconfigured with an IPv4 prefix, and I'm not sure about the optimal way to handle the situation.

    I have also separately tested with the default IPv4 prefix as well and things seem to still work that way. I'm not sure why yet, but I was only able to access IPv4 advertised routes when I also used an IPv4 prefix for the namespace, and only able to access IPv6 advertised routes with an IPv6 prefix configured for the namespace. Accessing IPv4 advertised routes from an IPv6 prefix or the other way around does not seem to work, and I have yet to perceive any error messages anywhere, so far I can only observe the lack of packets.

    opened by enoperm 20
  • Docker releases appear out of sync with the code releases?

    Docker releases appear out of sync with the code releases?

    Issue description

    The tags used for docker releases appear out of sync with the code releases?

    0.12 was released a month ago according to docker, and it is not clear how they relate to the code releases?

    Is there a docker release for 0.12.0-beta2, or I presume those other docker tags should be ignored?

    To Reproduce

    The docker releases I am referring to are these -> https://hub.docker.com/r/headscale/headscale/tags

    Thanks for any clarification 👍🏻

    bug 
    opened by mannp 19
  • Rework the CLI to use gRPC

    Rework the CLI to use gRPC

    First, apologise for the massive PR, I got a bit carried away. (A lot of the code is generated, and is a separate commit)

    This PR moves the rest of the user facing CLI (all commands but serve) to use gRPC to communicate with the server.

    This means that the PR has "three layers".

    1. It adds protobuf definitions and generate types and rpc based on this
    2. Then it implements the "service" interface provided by gRPC
    3. And then we move all the commands to use the new interface.
    4. Bonus layer: I have added integration tests for the CLI (execute command and read out result) for every command.

    In between these steps, there is a lot of code cleanup and streamlining of functions to better fit the new interface. I have also made an attempt on standardising and cleaning up where we had several different ways to get information.

    This means that we now have:

    • A CLI that communicates over rpc
      • which means we can run it from everywhere when we add authentication
    • A Web API generated from the same spec, supporting the same as gRPC (currently disabled, due to missing auth)
    • Integration tests for the CLI, should help us find direct and detect underlying issues changes can cause.

    What I still would like to tackle (before release): The cli takes quite inconsistent parameters: database id, machine key, name + namespace. I think we should discuss to standardise on one main approach.

    opened by kradalby 19
  • create namespace error : ephemeral_node_inactivity_timeout

    create namespace error : ephemeral_node_inactivity_timeout

    download headscale binary from latest release and try to create my first namespace , but headscale return some error messages like

    2021-12-07 09:58:25 [[email protected] Downloads]$ ./headscale_0.11.0_linux_amd64 namespaces create em
    An updated version of Headscale has been found (0.12.0-beta1 vs. your current v0.11.0). Check it out https://github.com/juanfont/headscale/releases
    2021/12/07 09:58:36 Error initializing: ephemeral_node_inactivity_timeout () is set too low, must be more than 1m5s
    

    any suggestions??

    opened by changchichung 16
  • Make /metrics listen on a different address

    Make /metrics listen on a different address

    • [x] read the CONTRIBUTING guidelines
    • [x] raised a GitHub issue or discussed it on the projects chat beforehand
    • [x] added unit tests
    • [x] added integration tests
    • [x] updated documentation if needed
    • [x] updated CHANGELOG.md

    Addresses #343

    opened by reynico 15
  • Improvements on the ACLs and bug fixing

    Improvements on the ACLs and bug fixing

    • [x] read the CONTRIBUTING guidelines
    • [x] raised a GitHub issue or discussed it on the projects chat beforehand
    • [x] added unit tests
    • [] added integration tests
    • [x] updated documentation if needed
    • [x] updated CHANGELOG.md

    This PR is a first implementation of what has been discussed on #311 It should be reviewed commit by commit since last commits are linting modifications and changes quite much some part of the code that I didn't touch.

    All subject discussed in PR #311 are not implemented here. I think all those modifications should be splitted in multiple PRs.

    If this PR is too big, some commits could be moved outside of this PR it's related but just fixes some bugs on the ACLs parsing behavior.

    opened by restanrm 12
  • Nodes IP missing in tailscale status

    Nodes IP missing in tailscale status

    Hi,

    Here is my config.json

    {
        "server_url": "https://sub.domain.tld",
        "listen_addr": "0.0.0.0:443",
        "ip_prefix": "10.0.1.0/24",
        "private_key_path": "/etc/headscale/private.key",
        "derp_map_path": "/etc/headscale/derp.yaml",
        "ephemeral_node_inactivity_timeout": "30m",
        "db_type": "sqlite3",
        "db_path": "/etc/headscale/db.sqlite",
        "tls_cert_path": "/etc/headscale/crt.pem",
        "tls_key_path": "/etc/headscale/key.pem",
        "acl_policy_path": "",
        "dns_config": {
            "nameservers": ["1.1.1.1", "8.8.8.8"],
            "domains": [],
            "magic_dns": true,
            "base_domain": "local.net"
        }
    }
    

    Created namescpace. Joined 3 nodes successfully. They can reach each others. The issue is, when I run tailscale status, it doesn't show headscale IP on node list. I get the following output.

    [email protected]:~$ sudo tailscale status
    10.0.1.2        node-2                main         linux   -
                    node-1                main         linux   active; direct PUBLICIP:41641, tx 11524412 rx 288104
                    node-3                main         linux   active; direct PUBLICIP:41641, tx 3092 rx 2556
    

    I can ping using node name like ping node-1 because of Magic DNS but can't use tailscale ping node-1 or Taildrop using node name. I have to use node's tailscale IP address. Headscale log seems fine. I am running v0.10.0

    bug tailscale-releated 
    opened by mhhakim 12
  • Webpage not reachable via port 8080 when using docker

    Webpage not reachable via port 8080 when using docker

    Bug description

    I tried following the documentation here: https://github.com/juanfont/headscale/blob/main/docs/running-headscale-container.md

    I got the template config file as described (no changes) and created the db.sqlite file then executed the docker run command. The container ran without errors but attempting to access the page via port 8080 failed. I tried 127.0.01:8080 and local-ip:8080 with no luck.

    I originally tried the syntax publishing 127.0.0.1:8080 before trying 0.0.0.0:8080 as per the documentation.

    I also tried this on a Mac, Ubuntu and finally on Kali before giving up.

    To Reproduce

    Context info

    • Version of headscale used: 0.17.0
    • Version of tailscale client: Not Used
    • OS (e.g. Linux, Mac, Cygwin, WSL, etc.) Kali 2021.3
    • Kernel version: Linux kali 5.10.0-kali9-amd64 #1 SMP Debian 5.10.46-4kali1 (2021-08-09) x86_64 GNU/Linux
    • The relevant config parameters you used. See output below:
    • Log output:
    
    └─$ docker run   --name headscale   --detach   --volume $(pwd)/config:/etc/headscale/   --publish 0.0.0.0:8080:8080   --publish 127.0.0.1:9090:9090   headscale/headscale:latest   headscale serve
    b550a1b4e30208e5b4424d5ed9146c9d9f65b72cf40db9af4aa9fbbafb2baa7e
    
    └─$ docker logs headscale                                                                                                                                                                                                   125 ⨯
    2022-11-30T14:38:54Z INF Setting up a DERPMap update worker frequency=86400000
    2022-11-30T14:38:54Z INF listening and serving HTTP on: 127.0.0.1:8080
    2022-11-30T14:38:54Z INF listening and serving metrics on: 127.0.0.1:9090
    
    └─$ telnet 127.0.0.1 8080
    Trying 127.0.0.1...
    Connected to 127.0.0.1.
    Escape character is '^]'.
    Connection closed by foreign host.
    
    └─$ curl http://127.0.0.1:9090/metrics                                                                                                                                                                                        1 ⨯
    
    curl: (56) Recv failure: Connection reset by peer
    
    └─$ curl http://127.0.0.1:8080                                                                                                                                                                                               56 ⨯
    
    curl: (56) Recv failure: Connection reset by peer
    
    
    └── config
        ├── config.yaml
        ├── db.sqlite
        ├── noise_private.key
        └── private.key
    
    bug 
    opened by frakman1 0
  • Refactor routing code and add support for subnet failover (HA)

    Refactor routing code and add support for subnet failover (HA)

    This PR implements https://github.com/juanfont/headscale/pull/988, for better route management.

    It enables Headscale to:

    • Enable and disable advertised subnets
    • Handle exit nodes
    • Manage multiple nodes offering the same route
    • Failover to another node when the primary node for a subnet is disconnected

    Should also implement https://github.com/juanfont/headscale/issues/1010, and https://github.com/juanfont/headscale/issues/260.

    opened by juanfont 0
  • Expotential CPU usage from allowed peer checks

    Expotential CPU usage from allowed peer checks

    Bug description

    CPU usage grows exponentially as the number of peers grows, to the point where headscale cannot respond to updates fast enough for clients to remain connected.

    This appears to be due to recalculating allowable peers for every update, which is an O(n) operation, for n peers. The allowed peer list should be static except when new peers are added, so updating the peer list once for each new peer would be a huge performance win.

    Enabling ACLs makes this worse because there is more work per peer to check if it's valid, but the namespace only checks do eventually cause performance issues too with 1000s of peers.

    To Reproduce

    Create a network with 400-600 peers, the exact number where the performance curve becomes a problem depends on the system specs, but with a 4 core server 600 is usually enough to overwhelm the system.

    Context info

    Bug description --snat-subnet-routes=true not work

    To Reproduce

    1. tailscale up --login-server=http://server_url --accept-routes=true --accept-dns=false --advertise-routes=10.0.0.234/32--snat-subnet-routes=true

    2. headscale routes enable -i 12 -r "10.0.0.234/32"

    3. headscale node route list -i 12 Route | Enabled 10.0.0.234/32 | true

    Context info i use tcpdump at one of node(ip:10.0.0.234) :

    tcpdump -i ens160 icmp and host 10.0.9.3 -nn -vvv tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes 13:52:26.379681 IP (tos 0x0, ttl 63, id 42914, offset 0, flags [DF], proto ICMP (1), length 84) 10.0.9.3 > 10.0.0.234: ICMP echo request, id 18, seq 93, length 64 13:52:26.379754 IP (tos 0x0, ttl 64, id 29816, offset 0, flags [none], proto ICMP (1), length 84) 10.0.0.234 > 10.0.9.3: ICMP echo reply, id 18, seq 93, length 64 13:52:27.392447 IP (tos 0x0, ttl 63, id 42921, offset 0, flags [DF], proto ICMP (1), length 84) 10.0.9.3 > 10.0.0.234: ICMP echo request, id 18, seq 94, length 64

    So, --snat-subnet-routes=true not work

    Version of headscale used: v0.17.0-beta4 Version of tailscale client: 1.32.2 OS: Ubuntu 18

    bug 
    opened by pingod 0
Releases(v0.17.0)
  • v0.17.0(Nov 26, 2022)

    BREAKING

    • noise.private_key_path has been added and is required for the new noise protocol.
    • Log level option log_level was moved to a distinct log config section and renamed to level #768
    • Removed Alpine Linux container image #962

    Important Changes

    • Added support for Tailscale TS2021 protocol #738
    • Add experimental support for SSH ACL (see docs for limitations) #847
      • Please note that this support should be considered partially implemented
      • SSH ACLs status:
        • Support accept and check (SSH can be enabled and used for connecting and authentication)
        • Rejecting connections are not supported, meaning that if you enable SSH, then assume that all ssh connections will be allowed.
        • If you decied to try this feature, please carefully managed permissions by blocking port 22 with regular ACLs or do not set --ssh on your clients.
        • We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
      • This feature should be considered dangerous and it is disabled by default. Enable by setting HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1.

    Changes

    • Add ability to specify config location via env var HEADSCALE_CONFIG #674
    • Target Go 1.19 for Headscale #778
    • Target Tailscale v1.30.0 to build Headscale #780
    • Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
    • Fix subnet routers with Primary Routes #811
    • Added support for JSON logs #653
    • Sanitise the node key passed to registration url #823
    • Add support for generating pre-auth keys with tags #767
    • Add support for evaluating autoApprovers ACL entries when a machine is registered #763
    • Add config flag to allow Headscale to start if OIDC provider is down #829
    • Fix prefix length comparison bug in AutoApprovers route evaluation #862
    • Random node DNS suffix only applied if names collide in namespace. #766
    • Remove ip_prefix configuration option and warning #899
    • Add dns_config.override_local_dns option #905
    • Fix some DNS config issues #660
    • Make it possible to disable TS2019 with build flag #928
    • Fix OIDC registration issues #960 and #971
    • Add support for specifying NextDNS DNS-over-HTTPS resolver #940
    • Make more sslmode available for postgresql connection #927

    Commits

    • c28ca27 Add SSH ACL to changelog
    • 52a323b Add SSH capability advertisement
    • d4e3bf1 Add experimental flag to unit test
    • c6d3174 Add feature flag for SSH, and warning
    • cfaa36e Add method to expose container id
    • e28d308 Add negative tests
    • 36b8862 Add notes about current ssh status
    • 91ed6e2 Allow WithEnv to be passed multiple times
    • 8a79c2e Do not retry on permission denied in ssh
    • 22da5bf Enable SSH for tests
    • d207c30 Ensure we have ssh in container
    • 3695284 Make simple initial test case
    • d71aef3 Mark all tests with Parallel
    • c02e105 Mark the flag properly experimental
    • 519f22f SSH integration test setup
    • fd6d25b SSH: Lint and typos
    • f610be6 SSH: add test between namespaces
    • f34e7c3 Strip newline from hostname
    • eb072a1 mark some changes as more important
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(382 bytes)
    headscale_0.17.0_darwin_amd64(26.81 MB)
    headscale_0.17.0_darwin_arm64(26.24 MB)
    headscale_0.17.0_linux_amd64(24.48 MB)
    headscale_0.17.0_linux_arm64(23.37 MB)
  • v0.17.0-beta5(Nov 25, 2022)

    BREAKING

    • Log level option log_level was moved to a distinct log config section and renamed to level #768
    • Removed Alpine Linux container image #962

    Changes

    • Added support for Tailscale TS2021 protocol #738
    • Add ability to specify config location via env var HEADSCALE_CONFIG #674
    • Target Go 1.19 for Headscale #778
    • Target Tailscale v1.30.0 to build Headscale #780
    • Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
    • Fix subnet routers with Primary Routes #811
    • Added support for JSON logs #653
    • Sanitise the node key passed to registration url #823
    • Add support for generating pre-auth keys with tags #767
    • Add support for evaluating autoApprovers ACL entries when a machine is registered #763
    • Add config flag to allow Headscale to start if OIDC provider is down #829
    • Fix prefix length comparison bug in AutoApprovers route evaluation #862
    • Random node DNS suffix only applied if names collide in namespace. #766
    • Remove ip_prefix configuration option and warning #899
    • Add dns_config.override_local_dns option #905
    • Fix some DNS config issues #660
    • Make it possible to disable TS2019 with build flag #928
    • Fix OIDC registration issues #960 and #971
    • Add support for specifying NextDNS DNS-over-HTTPS resolver #940
    • Make more sslmode available for postgresql connection #927
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.17.0-beta5_darwin_amd64(26.81 MB)
    headscale_0.17.0-beta5_darwin_arm64(26.24 MB)
    headscale_0.17.0-beta5_linux_amd64(24.48 MB)
    headscale_0.17.0-beta5_linux_arm64(23.37 MB)
  • v0.17.0-beta4(Nov 15, 2022)

    CHANGELOG

    0.17.0 (2022-XX-XX)

    BREAKING

    • Log level option log_level was moved to a distinct log config section and renamed to level #768
    • Removed Alpine Linux container image #962

    Changes

    • Added support for Tailscale TS2021 protocol #738
    • Add ability to specify config location via env var HEADSCALE_CONFIG #674
    • Target Go 1.19 for Headscale #778
    • Target Tailscale v1.30.0 to build Headscale #780
    • Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
    • Fix subnet routers with Primary Routes #811
    • Added support for JSON logs #653
    • Sanitise the node key passed to registration url #823
    • Add support for generating pre-auth keys with tags #767
    • Add support for evaluating autoApprovers ACL entries when a machine is registered #763
    • Add config flag to allow Headscale to start if OIDC provider is down #829
    • Fix prefix length comparison bug in AutoApprovers route evaluation #862
    • Random node DNS suffix only applied if names collide in namespace. #766
    • Remove ip_prefix configuration option and warning #899
    • Add dns_config.override_local_dns option #905
    • Fix some DNS config issues #660
    • Make it possible to disable TS2019 with build flag #928
    • Fix OIDC registration issues #960 and #971
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.17.0-beta4_darwin_amd64(26.81 MB)
    headscale_0.17.0-beta4_darwin_arm64(26.24 MB)
    headscale_0.17.0-beta4_linux_amd64(24.48 MB)
    headscale_0.17.0-beta4_linux_arm64(23.37 MB)
  • v0.17.0-beta3(Nov 14, 2022)

    BREAKING

    • Log level option log_level was moved to a distinct log config section and renamed to level #768

    Changes

    • Added support for Tailscale TS2021 protocol #738
    • Add ability to specify config location via env var HEADSCALE_CONFIG #674
    • Target Go 1.19 for Headscale #778
    • Target Tailscale v1.30.0 to build Headscale #780
    • Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
    • Fix subnet routers with Primary Routes #811
    • Added support for JSON logs #653
    • Sanitise the node key passed to registration url #823
    • Add support for generating pre-auth keys with tags #767
    • Add support for evaluating autoApprovers ACL entries when a machine is registered #763
    • Add config flag to allow Headscale to start if OIDC provider is down #829
    • Fix prefix length comparison bug in AutoApprovers route evaluation #862
    • Random node DNS suffix only applied if names collide in namespace. #766
    • Remove ip_prefix configuration option and warning #899
    • Add dns_config.override_local_dns option #905
    • Fix some DNS config issues #660
    • Make it possible to disable TS2019 with build flag #928
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.17.0-beta3_darwin_amd64(26.81 MB)
    headscale_0.17.0-beta3_darwin_arm64(26.23 MB)
    headscale_0.17.0-beta3_linux_amd64(24.47 MB)
    headscale_0.17.0-beta3_linux_arm64(23.37 MB)
  • v0.17.0-beta2(Nov 1, 2022)

    Changelog

    0.17.0 (2022-XX-XX)

    BREAKING

    • Log level option log_level was moved to a distinct log config section and renamed to level #768

    Changes

    • Added support for Tailscale TS2021 protocol #738
    • Add ability to specify config location via env var HEADSCALE_CONFIG #674
    • Target Go 1.19 for Headscale #778
    • Target Tailscale v1.30.0 to build Headscale #780
    • Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
    • Fix subnet routers with Primary Routes #811
    • Added support for JSON logs #653
    • Sanitise the node key passed to registration url #823
    • Add support for generating pre-auth keys with tags #767
    • Add support for evaluating autoApprovers ACL entries when a machine is registered #763
    • Add config flag to allow Headscale to start if OIDC provider is down #829
    • Fix prefix length comparison bug in AutoApprovers route evaluation #862
    • Random node DNS suffix only applied if names collide in namespace. #766
    • Remove ip_prefix configuration option and warning #899
    • Add dns_config.override_local_dns option #905
    • Fix some DNS config issues #660

    Commits

    • 8a07381 Fix prefix length comparison bug in AutoApprovers route evaluation (#862)
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.17.0-beta2_darwin_amd64(26.80 MB)
    headscale_0.17.0-beta2_darwin_arm64(26.23 MB)
    headscale_0.17.0-beta2_linux_amd64(24.47 MB)
    headscale_0.17.0-beta2_linux_arm64(23.37 MB)
  • v0.17.0-beta1(Oct 31, 2022)

    Changelog

    0.17.0 (2022-XX-XX)

    BREAKING

    • Log level option log_level was moved to a distinct log config section and renamed to level #768

    Changes

    • Added support for Tailscale TS2021 protocol #738
    • Add ability to specify config location via env var HEADSCALE_CONFIG #674
    • Target Go 1.19 for Headscale #778
    • Target Tailscale v1.30.0 to build Headscale #780
    • Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
    • Fix subnet routers with Primary Routes #811
    • Added support for JSON logs #653
    • Sanitise the node key passed to registration url #823
    • Add support for generating pre-auth keys with tags #767
    • Add support for evaluating autoApprovers ACL entries when a machine is registered #763
    • Add config flag to allow Headscale to start if OIDC provider is down #829
    • Random node DNS suffix only applied if names collide in namespace. #766
    • Remove ip_prefix configuration option and warning #899
    • Add dns_config.override_local_dns option #905
    • Fix some DNS config issues #660

    Commits

    • 2c0488d Add Execute helper for controlserver
    • ff217cc Add back head and unstable, ts 1.32.0
    • ed2236a Add buildtags to pls
    • 13aa845 Add comment about scenario test
    • 25e39d9 Add get ips command to scenario
    • d8144ee Add initial pingallbyhostname
    • cb61a49 Add namespace command test
    • 2bf50bc Add new integration tests to ci
    • 0cf9c4c Add nolint since go os has weird casing
    • 239ef16 Add preauthkey command test
    • 5013187 Add some sort stability
    • ca8bca9 Add support for "override local DNS" (#905)
    • 0db608a Add tailscale versions, waiters and helpers for scenario
    • 3951f39 Add wait for peers and status to tsic
    • 308b9e7 Defince control server interface
    • a9c3b14 Define a "scenario", which is a controlserver with nodes
    • a846e13 Expose and use ports consistently
    • 7155b22 Factor out some commonly used patterns
    • 8893100 Fail correctly if container exist
    • 6b67584 Fix DERP name in integration tests
    • aca3a66 Fix declaration of pointer
    • a0ec369 Fix error declaration
    • 12ee9bc Fix golangcilint
    • 6d8c18d Fix golangcilint
    • 4e8b95e Fix issue 660 (#874)
    • 40c048f Fix lint
    • e8b3de4 Fix lint
    • df36bcf Fix machine test from marger
    • bc1c1f5 Fix most nil pointers, actually make it check for unique across headscale
    • d56ad29 Fix nolint comment
    • 073308f Fix the proposed noise private_key_path
    • 70ecda6 Fix warning on success
    • 9f58eeb Fix zero arguments error
    • 53b4bb2 Fixup after ts interface
    • 79864e0 Fmt md with prettier
    • 21ec543 Give user better feedback if headscale socket is unwritable
    • 23a0946 Integration, remove retry
    • f109b54 Join test suite container to network, allowing seperate networks
    • 37a4d41 Make addr configurable
    • d242cea Make hostname dns safe, allow string in ping command
    • 4904ccc Make sure mock container is removed before started
    • 201f81c Make sure mockoidc is up, has unique name and removed if exist
    • 830d59f Merge branch 'main' into feature-random-suffix-on-collision
    • 40b3de9 Merge branch 'main' into feature-random-suffix-on-collision
    • 03194e2 Merge branch 'main' into feature-random-suffix-on-collision
    • 611f7c3 Merge branch 'main' into integration-remove-v1-genera
    • e112514 Merge branch 'main' into integration-ts-interface
    • 73eae8e Merge branch 'main' into integration-v2-cli
    • 2ca286e Merge branch 'main' into integration-v2-cli
    • 21b06f6 Merge branch 'main' into integration-v2-no-verbose
    • e7e2c78 Merge branch 'main' into integration-v2-resolve-magicdns
    • 907aa07 Merge branch 'main' into main
    • 852cb90 Merge branch 'main' into main
    • 463180c Merge branch 'main' into main
    • 88d1287 Merge branch 'main' into patch-1
    • 1eea9c9 Merge branch 'main' into patch-1
    • 5333df2 Merge branch 'main' into sanitise-machine-key-url
    • d06ba7b Merge branch 'main' into sanitise-machine-key-url
    • d69a5f6 Merge branch 'main' into update-xsync-version
    • babd303 Merge pull request #771 from shanna/feature-random-suffix-on-collision
    • d575dac Merge pull request #823 from kradalby/sanitise-machine-key-url
    • 98f5b7f Merge pull request #837 from ShadowJonathan/patch-1
    • c00e559 Merge pull request #840 from juanfont/update-contributors
    • 9c16d5e Merge pull request #843 from phpmalik/patch-1
    • f18e222 Merge pull request #844 from kradalby/container-exist-fix
    • 399c325 Merge pull request #852 from kevin1sMe/main
    • 0048ed0 Merge pull request #853 from zhzy0077/patch-1
    • cf40d2a Merge pull request #854 from kradalby/integration-split
    • 4dd2eef Merge pull request #855 from Donran/main
    • 587a016 Merge pull request #856 from kradalby/integration-v2
    • e96bcee Merge pull request #859 from kradalby/new-integration-versions
    • a395045 Merge pull request #865 from kradalby/integration-no-build-tags
    • 129afdb Merge pull request #871 from kradalby/integration-ts-interface
    • ecce82d Merge pull request #875 from thetillhoff/main
    • ae189c0 Merge pull request #884 from kradalby/integration-v2-ping-by-hostname
    • 9c30939 Merge pull request #887 from kradalby/integration-v2-taildrop
    • 8d46986 Merge pull request #888 from juanfont/update-contributors
    • a647e6a Merge pull request #889 from kradalby/integration-v2-resolve-magicdns
    • 91c0a15 Merge pull request #890 from kradalby/integration-v2-cli
    • a14f482 Merge pull request #891 from kradalby/integration-ditch-retry
    • 5c9c4f2 Merge pull request #892 from kradalby/integration-v2-no-verbose
    • 341db0c Merge pull request #895 from puzpuzpuz/update-xsync-version
    • 7f69b08 Merge pull request #896 from kradalby/update-golines
    • c1c22a4 Merge pull request #897 from kradalby/integration-remove-v1-genera
    • 018b1d6 Migrate taildrop test to v2
    • 0b0fb0a Minor change
    • f68ba75 Move some helper functions into dockertestutil package
    • 22cabc1 No interactive tty
    • b2bca2a Only run integration tests from dir in new tests
    • 39bc6f7 Port PingAll test to new test suite
    • 7e6ab19 Port preauthkey subcommand tests
    • 93082b8 Protect against user injection for registration CLI page
    • 2aebd29 Random suffix only on collision.
    • d706c35 Remove 1.16 from FQDN, bump 1.32.1
    • 2b10226 Remove extra line
    • dde39aa Remove general v1 makefile entry
    • 94ad0a1 Remove ip_prefix, its been deprecated for a long time (#899)
    • e45ba37 Remove v1 general integration tests
    • bcdd34b Remove v1 general integration tests code
    • 86c132c Remove verbose flag for v2 tests, increase timeout
    • fa3d21c Rename pingall test to signal ip
    • a94ed05 Run all integration tests fully in docker
    • 85df2c8 Run oidc tests fully in docker
    • 4cb7d63 Set better names for different integration tests
    • 0e12b66 Simplify code around latest state change map updates
    • eda4321 Skip integration tests on short or lack of docker
    • 21dd212 Split integration tests into seperate jobs
    • 8ee35c9 Stuff
    • f3dbfc9 Style change
    • c6f82c3 Switch from hacking buildtags to selecting tests
    • 382a37f Test against last patch version
    • 54e3a0d Test with a longer timeout
    • 701f990 Unify code snippet comment location
    • 75a8fc8 Update changelog
    • 3a6257b Update everything else
    • 5d3c027 Update golines
    • 62e3fa0 Update nix
    • 3659461 Update reverse-proxy document for istio/envoy
    • ad31378 Update vendor sha in nix
    • 06e12f7 Update: tips about warnning log
    • fafa3f8 Upgrade tailscale
    • cbbf9fb Use FQDN from tailscale client
    • c9823ce Use TailscaleClient interface instead of tsic
    • dfadb96 Use short test to signal that we dont run integration
    • 2bb3475 Validate the incoming nodekey with regex before attempting to parse
    • 4df47de add nolint to integrationtests, they are going away :tm:
    • 32c21a0 cache go mod in docker, speed up local
    • a3d3ad2 docs(README): update contributors
    • b22e628 docs(README): update contributors
    • 72e2fa4 docs(README): update contributors
    • 8502a0a dont request tty
    • d900f48 expose right porsts
    • 84f9f60 go mod tidy
    • 8be14ef gofumpt
    • 36ad000 golangci-lint --fix
    • b331e3f hsic: ControlServer implementation of headscale in docker
    • 8c4744a make TailscaleClient interface
    • fe4e05b only print stdout on err
    • 7015d72 port resolve magicdns test
    • 76689c2 remove fixed todo
    • c90d0dd remove the need to bind host port
    • b0a4ee4 test login with one node
    • fa8b02a tsic: Tailscale in Container abstraction
    • 1469425 update flake vendor hash
    • 2d170fe update tests
    • 2f36a11 use short flag for nix build test
    • aef77a1 use variable for namespace
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.17.0-beta1_darwin_amd64(26.80 MB)
    headscale_0.17.0-beta1_darwin_arm64(26.23 MB)
    headscale_0.17.0-beta1_linux_amd64(24.47 MB)
    headscale_0.17.0-beta1_linux_arm64(23.37 MB)
  • v0.17.0-alpha4(Sep 26, 2022)

    Changelog

    • f6e8341 Add PR link to changelog
    • a3f18f2 Add internal mockoidc command
    • 3abca99 Add logs for issues in Actions
    • 2462989 Add new config option to cli integration tests
    • 256b6cb Add new option to config-example
    • 98e7842 Add nix overlay to flake
    • 90e840c Add reverse proxy documentation
    • 60cc9dd Add test for autoApprovers feature
    • 3a04247 Add web sockets section
    • dc18d64 Add websockets config
    • b27b789 Added base config file template
    • 2e97119 Added derp config to OIDC etc
    • 95948e0 Added indication of workaround for #814
    • 41353a5 Added integration tests for OIDC on Makefile
    • b117ca7 Added missing TLS key for testing
    • 7a171cf Added sleep to workaround #814
    • 791272e Adds grpc/cli support for preauthkey tags
    • dbe58e5 Allow headscale to start if oidc setup fails.
    • 45df6e7 Apply suggestions from code review
    • 1c267f7 Capture listen error on mockoidc
    • fc4361b Delete FUNDING.yml
    • b3a53bf Do not load the config for CLI mockoidc (and version)
    • 6faa1d2 Fix tests broken by preauthkey tags
    • 804d9d8 Format nix with alejandra
    • e286ba8 Format reverse-proxy.md
    • 5774b32 Include OIDC in the full execution
    • fca3805 Initial work on OIDC tests
    • 083d2a8 Linting fixes
    • a9da953 Merge branch 'main' into autoapprovers
    • 5b12ab9 Merge branch 'main' into autoapprovers
    • 548551c Merge branch 'main' into autoapprovers
    • adb352e Merge branch 'main' into autoapprovers
    • 6d2cfd5 Merge branch 'main' into autoapprovers
    • 9810d84 Merge branch 'main' into autoapprovers
    • 84c4b03 Merge branch 'main' into fix-https-listen
    • ed58b2e Merge branch 'main' into fix-https-listen
    • 1a30bcb Merge branch 'main' into nix-overlay
    • d83a28b Merge branch 'main' into oidc-integration-testing
    • 8aa0eef Merge branch 'main' into oidc-integration-testing
    • f6153a9 Merge branch 'main' into preauthkey-tags
    • 8a1c0e0 Merge branch 'main' into preauthkey-tags
    • 470c493 Merge branch 'main' into preauthkey-tags
    • e056b86 Merge branch 'main' into preauthkey-tags
    • 09863b5 Merge branch 'main' into preauthkey-tags
    • 2c73f8e Merge branch 'main' into remove-gin-references
    • ddd9282 Merge branch 'main' into remove-gin-references
    • 12d5b6a Merge branch 'main' into remove-sponsorship
    • e3f1fd1 Merge branch 'main' into remove-sponsorship
    • aca1c1b Merge branch 'main' into remove-sponsorship
    • 6fe86df Merge branch 'main' into remove-sponsorship
    • becf918 Merge branch 'main' into remove-sponsorship
    • 31662bc Merge branch 'main' into reverse-proxy
    • 9b1dcb2 Merge branch 'main' into reverse-proxy
    • e6e5872 Merge branch 'main' into reverse-proxy
    • 44be239 Merge branch 'main' into reverse-proxy
    • 7092a3e Merge branch 'oidc-integration-testing' of https://github.com/juanfont/headscale into oidc-integration-testing
    • a507a04 Merge pull request #763 from tsujamin/autoapprovers
    • 8fa05c1 Merge pull request #767 from tsujamin/preauthkey-tags
    • c9b39da Merge pull request #790 from mike-lloyd03/reverse-proxy
    • a46170e Merge pull request #793 from juanfont/remove-sponsorship
    • bd6282d Merge pull request #801 from juanfont/oidc-integration-testing
    • 22c68ff Merge pull request #815 from juanfont/remove-gin-references
    • 5f975cb Merge pull request #829 from kradalby/oidc-dependency
    • 8fbba1a Merge pull request #830 from kradalby/nix-overlay
    • 5fe6538 Merge pull request #831 from kradalby/fix-https-listen
    • 71b7123 Minor change on the base config for OIDC
    • 9088521 Move lets enc listener into go routine
    • 0fe3c21 Move map block out of server block
    • 94be5ca Nix update
    • 9c0cf45 OIDC integration tests working
    • f33e3e3 Parse the OIDC login URL
    • fb25a06 Preserve current behaviour with a config flag
    • c21479c Print docker network config
    • 91e3039 Remove --rm flag from Docker example
    • ce25a1e Remove sponsor buttons
    • e87b470 Removed fmt.Println for linting
    • f2928d7 Removed gin from go.sum (Github security notice)
    • 5f384c6 Removed old code and minor changes
    • 9c58395 Removed unused param after routes fix
    • 6953598 Return stderr too in ExecuteCommand
    • cb70d7c Return the results on error
    • fc6a1e1 Revert overlay overlapping
    • b2f3ffb Run integration tests in Actions
    • ac18723 Set tags as part of handleAuthKeyCommon
    • 7653ad4 Split GetRouteApprovers from EnableAutoApprovedRoutes
    • 6b4d533 Update changelog
    • e5decbd Update changelog
    • d764f52 Update changelog
    • 02ab3a2 Update changelog
    • 99307d1 Update nix sum
    • 1563d75 Use Headscale container to run mockoidc
    • 8dcc82c Use oidc if it initialised, not if it is configured
    • d0e945f _ unused variable
    • e27a4db add acl_tags to PreAuthKey proto
    • 7761a7b fix autoapprover test following tagged authkey change
    • 72a4300 fix broken preauth-key tag test
    • 8a8ec74 fix linting issues in preauthkey tags
    • 688cba7 fix linting mistakes
    • 81dd9b2 format
    • 004ebca initial implementation of autoApprovers support
    • c52e3aa remove unnecessary checks on slices
    • 842c28a replace netaddr usage with netip
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(410 bytes)
    headscale_0.17.0-alpha4_darwin_amd64(26.32 MB)
    headscale_0.17.0-alpha4_darwin_arm64(25.75 MB)
    headscale_0.17.0-alpha4_linux_amd64(24.00 MB)
    headscale_0.17.0-alpha4_linux_arm64(22.93 MB)
  • v0.17.0-alpha3(Sep 21, 2022)

    BREAKING

    • Log level option log_level was moved to a distinct log config section and renamed to level #768

    Changes

    • Added support for Tailscale TS2021 protocol #738
    • Add ability to specify config location via env var HEADSCALE_CONFIG #674
    • Target Go 1.19 for Headscale #778
    • Target Tailscale v1.30.0 to build Headscale #780
    • Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
    • Fix subnet routers with Primary Routes #811
    • Added support for JSON logs #653
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(410 bytes)
    headscale_0.17.0-alpha3_darwin_amd64(26.17 MB)
    headscale_0.17.0-alpha3_darwin_arm64(25.60 MB)
    headscale_0.17.0-alpha3_linux_amd64(23.88 MB)
    headscale_0.17.0-alpha3_linux_arm64(22.81 MB)
  • v0.17.0-alpha2(Sep 4, 2022)

    Changelog

    • Added support for Tailscale TS2021 protocol #738
    • Add ability to specify config location via env var HEADSCALE_CONFIG #674
    • Target Go 1.19 for Headscale #778
    • Target Tailscale v1.30.0 to build Headscale #780
    • Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(410 bytes)
    headscale_0.17.0-alpha2_darwin_amd64(26.17 MB)
    headscale_0.17.0-alpha2_darwin_arm64(25.60 MB)
    headscale_0.17.0-alpha2_linux_amd64(23.87 MB)
    headscale_0.17.0-alpha2_linux_arm64(22.81 MB)
  • v0.16.1(Aug 12, 2022)

    Changelog

    • Updated dependencies (including the library that lacked armhf support) #722
    • Fix missing group expansion in function excludeCorretlyTaggedNodes #563
    • Improve registration protocol implementation and switch to NodeKey as main identifier #725
    • Add ability to connect to PostgreSQL via unix socket #734
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(382 bytes)
    headscale_0.16.1_darwin_amd64(25.05 MB)
    headscale_0.16.1_darwin_arm64(24.68 MB)
    headscale_0.16.1_linux_amd64(22.88 MB)
    headscale_0.16.1_linux_arm64(22.06 MB)
  • v0.16.0(Jul 25, 2022)

    BREAKING

    • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
    • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639
    • Fix nodes being shown as 'offline' in tailscale status #648
    • Improve shutdown behaviour #651
    • Drop Gin as web framework in Headscale 648 677
    • Make tailnet node updates check interval configurable #675
    • Fix regression with HTTP API #684
    • nodes ls now print both Hostname and Name(Issue #647 PR #687)
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(382 bytes)
    headscale_0.16.0_darwin_amd64(24.92 MB)
    headscale_0.16.0_darwin_arm64(24.54 MB)
    headscale_0.16.0_linux_amd64(22.76 MB)
    headscale_0.16.0_linux_arm64(21.93 MB)
  • v0.16.0-beta7(Jul 22, 2022)

    BREAKING

    • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
    • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639
    • Fix nodes being shown as 'offline' in tailscale status #648
    • Improve shutdown behaviour #651
    • Drop Gin as web framework in Headscale 648 677
    • Make tailnet node updates check interval configurable #675
    • Fix regression with HTTP API #684
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta7_darwin_amd64(24.92 MB)
    headscale_0.16.0-beta7_darwin_arm64(24.54 MB)
    headscale_0.16.0-beta7_linux_amd64(22.76 MB)
    headscale_0.16.0-beta7_linux_arm64(21.93 MB)
  • v0.16.0-beta6(Jul 12, 2022)

    Changelog

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
    • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639
    • Fix nodes being shown as 'offline' in tailscale status #648
    • Improve shutdown behaviour #651
    • Drop Gin as web framework in Headscale 648
    • Make tailnet node updates check interval configurable #675
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta6_darwin_amd64(26.94 MB)
    headscale_0.16.0-beta6_darwin_arm64(26.54 MB)
    headscale_0.16.0-beta6_linux_amd64(24.62 MB)
    headscale_0.16.0-beta6_linux_arm64(23.68 MB)
  • v0.16.0-beta5(Jun 26, 2022)

    CHANGELOG

    0.16.0 (2022-xx-xx)

    BREAKING

    • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
    • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639
    • Fix nodes being shown as 'offline' in tailscale status #648
    • Improve shutdown behaviour #651
    • Drop Gin as web framework in Headscale 648

    Changelog

    • b0b919e Added more logging to derp server
    • 082fbea Added mux dependency
    • 00885df Fix implicit memory aliasing in for loop (lint 8/n)
    • 5e9004c Fix issues in the poll loop
    • 8551b0d Fixed issue when in linting rampage
    • 73c16ff Fixed issue with the method used to send data
    • 116bef2 Fixed wrong copy paste in Header
    • 657fb20 Flush buffered data on polling
    • c02819a Ignore new dump file
    • 10cd87e Lint fixes 1/n
    • a913d1b Lint fixes 2/n
    • c859bea Lint fixes 3/n
    • 03ced0e Lint fixes 4/n
    • c810b24 Lint fixes 5/n
    • fa91ece Lint fixes 6/n
    • ffcc728 Lint fixes 7/n
    • 625e45b Merge branch 'abandon-gin' of https://github.com/juanfont/headscale into abandon-gin
    • 8e63b53 Merge branch 'abandon-gin' of https://github.com/juanfont/headscale into abandon-gin
    • 294975b Merge branch 'main' into abandon-gin
    • 050782a Merge branch 'main' into abandon-gin
    • bb4a958 Merge branch 'main' into abandon-gin
    • f2f4c3f Merge branch 'main' into fix-segfault-when-not-runner
    • 647972c Merge branch 'main' into fix-segfault-when-not-runner
    • 9707b1f Merge branch 'main' into fix/db-shutdown
    • 2215e17 Merge branch 'main' into fix/dns-name-panic
    • 0bd39b2 Merge branch 'main' into ignore-integtest-dump
    • bfa9ed8 Merge branch 'main' into show-nodes-online
    • d2d1f92 Merge pull request #641 from juanfont/update-contributors
    • 157db30 Merge pull request #642 from kradalby/ignore-integtest-dump
    • 8dda441 Merge pull request #643 from iSchluff/fix/dns-name-panic
    • e3f99d6 Merge pull request #646 from juanfont/update-contributors
    • 3ae3405 Merge pull request #648 from juanfont/show-nodes-online
    • d559e23 Merge pull request #651 from iSchluff/fix/db-shutdown
    • 6da4396 Merge pull request #654 from ChibangLW/main
    • 4a200c3 Merge pull request #656 from juanfont/abandon-gin
    • 7604c0f Merge pull request #658 from juanfont/fix-segfault-when-not-runner
    • 2464c92 Merge pull request #665 from juanfont/update-contributors
    • e611063 Migrate platform config out of Gin
    • dec5134 Minor status change
    • c8378e8 Quick fix to segfault on CLI when Headscale is not running (fix #652)
    • d5e331a Remove Gin from OIDC callback
    • 367da0f Remove Gin from simple endpoints for TS2019
    • 396c3ec Remove Gin from the OIDC handlers
    • dedeb4c Remove Gin from the Registration handler
    • 6c9c9a4 Remove gin from DERP server
    • 53e5c05 Remove gin from the poll handlers
    • 66fffd6 Send Online field of tailcfg.Node based on LastSeen
    • d89fb68 Switch to use gorilla's mux as muxer
    • 4637400 Update CHANGELOG.md
    • 0fa943e Update CHANGELOG.md
    • 72d1d26 Update cmd/headscale/cli/utils.go
    • 34f489b Update cmd/headscale/cli/utils.go
    • 51b8c65 Updated changelog
    • 1e4678c Updated changelog
    • 39b58f7 Use a signal to close the longpolls on shutdown
    • d404ba1 Use request context to close when client disconnects
    • 735440d add timeout for http shutdown, add db disconnect
    • d4a550b chore: add version to binary in containers
    • 89b7fa6 chore: fix lint
    • 8d94621 chore: use docker-meta version
    • 7ae3834 docs(README): update contributors
    • 28a3a5b docs(README): update contributors
    • 360488a docs(README): update contributors
    • 8f31ed5 fix occasional panic on registration
    • 8111b0a update changelog
    • 58c336e updated nix flake go.sum
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta5_darwin_amd64(26.94 MB)
    headscale_0.16.0-beta5_darwin_arm64(26.54 MB)
    headscale_0.16.0-beta5_linux_amd64(24.62 MB)
    headscale_0.16.0-beta5_linux_arm64(23.68 MB)
  • v0.16.0-beta4(Jun 12, 2022)

    0.16.0 (2022-xx-xx)

    BREAKING

    • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
    • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639

    Changelog

    • bfb58de Add 1.26 to tests
    • fd3a1c1 Add a default to ephemeral_node_inactivity_timeout
    • 76195bb Add warn if configuration could not be found
    • 95824ac MOve ephemeral inactivity config check to all the other config check
    • 7bd07e3 Merge branch 'main' into ephemeral-error-msg
    • f2a8bfe Merge branch 'main' into test-126
    • a058f17 Merge branch 'main' into test-126
    • cb88b16 Merge pull request #630 from kradalby/test-126
    • e0ef601 Merge pull request #636 from huskyii/fix_issue635
    • 6afd492 Merge pull request #638 from kradalby/update-nodes-derp
    • 8918156 Merge pull request #639 from kradalby/ephemeral-error-msg
    • 8650328 Remove debug output, it runs before we disable it
    • 8d58894 Tailscale 1.26 uses dnstype pointer
    • 257c025 Update build system
    • c95bce4 Update changelog
    • 50bdf9d Update vendor sha
    • 43fa7f9 Upgrade tailscale lib to 1.26
    • a050158 Use new update state logic for derp maps
    • 9c5d485 fix issue 635
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta4_darwin_amd64(26.84 MB)
    headscale_0.16.0-beta4_darwin_arm64(26.44 MB)
    headscale_0.16.0-beta4_linux_amd64(24.52 MB)
    headscale_0.16.0-beta4_linux_arm64(23.62 MB)
  • v0.16.0-beta3(Jun 11, 2022)

    0.16.0 (2022-xx-xx)

    BREAKING

    • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601
    • Use new ACL syntax #618
    • Add -c option to specify config file from command line #285 #612
    • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624

    Changelog

    • 2be16b5 1) fix typo 2) another hard coded version
    • 39f03b8 Added ACL test file
    • 19b9688 Added missing file
    • 7e6291c Change Set state change function to filter instead of single namespace
    • 8287ba2 Do not lint the protocol magic numbers
    • 8744eee ExecuteCommand set HEADSCALE_LOG_LEVEL to disabled
    • ab1aac9 Improve ACLs by adding protocol parsing support
    • cdf41bd Merge branch 'acl-syntax-fixes' of https://github.com/juanfont/headscale into acl-syntax-fixes
    • 06e22bf Merge branch 'juanfont:main' into doc_openbsd
    • 7cd0f5e Merge branch 'main' into acl-syntax-fixes
    • 80ad1db Merge branch 'main' into acl-syntax-fixes
    • de0e2bf Merge branch 'main' into doc_openbsd
    • fdefe46 Merge branch 'main' into enhance_cli_config
    • bcb04d3 Merge branch 'main' into enhance_cli_config
    • ab35baa Merge branch 'main' into feature/configure-randomize-port
    • 02cc6bc Merge branch 'main' into feature/configure-randomize-port
    • 3f7749c Merge branch 'main' into feature/configure-randomize-port
    • 586c541 Merge pull request #611 from huskyii/doc_openbsd
    • efca3da Merge pull request #612 from huskyii/enhance_cli_config
    • 54acee6 Merge pull request #615 from demiflat/fix_typo
    • 8fed47a Merge pull request #616 from juanfont/update-contributors
    • 883bb92 Merge pull request #618 from juanfont/acl-syntax-fixes
    • e918ea8 Merge pull request #619 from majst01/simplify-split
    • a4b4fc8 Merge pull request #624 from iSchluff/feature/configure-randomize-port
    • f93cf4b Merge pull request #628 from kradalby/acl-update-nodes
    • 06bbeea Merge pull request #632 from juanfont/update-contributors
    • 3e35300 Migrate ACLs syntax to new Tailscale format
    • 3d7be5b Minor rename
    • 9ff09b7 Update Changelog
    • 6faf2d6 Update integration dump tests
    • c47354b Update internal docs to the new syntax
    • 5bc1189 Update internal docs with protocol usage
    • 0c2648c Update the nodes after we have reloaded the ACL policy with sighup
    • 818d26b Updated changelog
    • 735a6aa Use const for IANA protcol numbers
    • 569f3ca Use constants in tests
    • 86ce0e0 Use strings.Cut to simplify logic
    • 34be108 add ability to set randomizeClientPort
    • 0c5a402 add changelog
    • ce13596 add integration test for headscale -c
    • 75a0155 add openbsd doc
    • 0363e58 cli.LoadConfig accepts config file now
    • e5f26f8 docs(README): update contributors
    • 17d4968 docs(README): update contributors
    • c8a14cc fix prettier
    • 1de29fd fix rcd link
    • a4e05d4 fix typo for GGO->CGO
    • 402a29e impl heascale -c to specify config file
    • 0b4b530 remove the hardcoded version(suggested by @kradalby)
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta3_darwin_amd64(26.65 MB)
    headscale_0.16.0-beta3_darwin_arm64(26.24 MB)
    headscale_0.16.0-beta3_linux_amd64(24.37 MB)
    headscale_0.16.0-beta3_linux_arm64(23.43 MB)
  • v0.16.0-beta2(Jun 5, 2022)

    Changelog

    • 24c9530 Add loglevel and disable update to config struct
    • af89180 Make get config load the config, use config in main method
    • 1b29673 Merge branch 'main' into config-rework
    • b0acbed Merge pull request #608 from kradalby/config-rework
    • c3db5ed Merge remote-tracking branch 'upstream/main' into config-rework
    • 35722cd Move FilePerm function from cli to headscale
    • aee8aa1 Move TLS config into its own struct
    • 1ea8bb7 Move all read config logic to config.go
    • 533ecee Move config struct to its own file
    • 90f6be0 Rename one char var
    • 78ed610 Switch config to pointer
    • 5514a86 Update headscale read config tests
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta2_darwin_amd64(26.63 MB)
    headscale_0.16.0-beta2_darwin_arm64(26.22 MB)
    headscale_0.16.0-beta2_linux_amd64(24.35 MB)
    headscale_0.16.0-beta2_linux_arm64(23.43 MB)
  • v0.16.0-beta1(Jun 4, 2022)

    0.16.0 (2022-xx-xx)

    Changes

    • Drop armhf (32-bit ARM) support. #609
    • Headscale fails to serve if the ACL policy file cannot be parsed #537
    • Fix labels cardinality error when registering unknown pre-auth key #519
    • Fix send on closed channel crash in polling #542
    • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
    • Add command for moving nodes between namespaces #362
    • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
    • Add command to set tags on a node #525
    • Add command to view tags of nodes #356
    • Add --all (-a) flag to enable routes command #360
    • Fix issue where nodes was not updated across namespaces #560
    • Add the ability to rename a nodes name #560
      • Node DNS names are now unique, a random suffix will be added when a node joins
      • This change contains database changes, remember to backup your database before upgrading
    • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
      • This change disables the logs by default
    • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
    • Add support for reloading ACLs with SIGHUP #601

    Changelog

    • 9901d6b Ability to clear nickname
    • 9d4822b Actually set up nix
    • 7f66d91 Add config test
    • 9254aff Add direnv and nix output to gitignore
    • 91e5cbd Add direnv flake support
    • c24de59 Add example commands for docker
    • 5de9de1 Add flake build file
    • 177c21b Add helper function to create a unique givenname
    • 9b393eb Add integration cli tests for rename command
    • f78deae Add new tailscale to integration tests
    • 70274d5 Add nix to runn on lint and integration
    • a6570d3 Add option to build docker image
    • 7cc58af Allow more configuration over the OIDC flow.
    • 62808cb Bubble error up to user for rename
    • caf79f6 Change nickname to givenname in proto
    • 3272feb Change publish interface
    • 59a1a85 Change to a go generics set implementation, no more casting :tada:
    • 52cc3bc Check all errors for db.Save
    • a09633e Check errors of more database calls
    • be2487f Clarified systemd friendly path
    • 63641a7 Correct pkgs call
    • ff5f31b Disable logtail for clients
    • 843e2bd Do not setLastStateChangeToNow every 5 seconds
    • 7e286c5 Docker docs enhancements
    • d68d7d5 Docs/ACLs: Add a network diagram to help explain ACLs
    • bff9036 Docs/ACLs: Add router examples with subnets
    • 8b08c2a Docs/ACLs: Namespaces are created automatically
    • b9f0fab Docs/ACLs: Wording, add intermediary router example
    • 2653c2f Drop arm32 (armhf) for linux and add Darwin arm64
    • 6e08241 Exit Headscale if ACL policy file cannot be parsed
    • 7ef8cd8 Fix comment
    • a19af04 Fix errors introduced by merge
    • 6dccfee Fix forced Tags with legitimate tagOwners
    • ac5ad42 Fix integration nix
    • 62d774b Fix key name about derp port
    • 52fd13b Fix labels cardinality error when registering unknown pre-auth key
    • df7d5fa Fix lint
    • 3e078f0 Fix logtail config function name
    • 73f1c06 Fix long line
    • 5ecfbba Fix pointer in machine save call
    • 8cee31d Fix prettier
    • f4873d9 Fix rename cli error
    • 4f3f054 Fix some issues in testing with new hostname handling
    • 98e98a8 Fix wrong metrics port in docs
    • 01d9a2f Fixed linting issues
    • 6b79679 Generate from proto
    • 5fa3016 Generate unique givennames for hosts joining (and debug added)
    • a992840 Give UpdateMachine a more meaningful name
    • 0b4f59b Improve signal handling
    • 24e4787 Make ACL policy part of the config struct
    • 5bfae22 Make config get function global
    • 802eb93 Make sure givenname is set for preauthkeys
    • bc1909f Merge branch 'feat-list-tags-of-machines' of github.com:restanrm/headscale into feat-list-tags-of-machines
    • 2edb542 Merge branch 'main' into acls-doc
    • 79fc74c Merge branch 'main' into acls-doc
    • 47bbb85 Merge branch 'main' into acls-doc
    • 699aa5c Merge branch 'main' into add-arm64-darwin-drop-32
    • a1837a4 Merge branch 'main' into db-error-handling
    • 6f6fb4d Merge branch 'main' into db-error-handling
    • 0676aa1 Merge branch 'main' into db-error-handling
    • 57c81e4 Merge branch 'main' into exit-if-acl-wrong
    • a28eebf Merge branch 'main' into feat-list-tags-of-machines
    • 3a90079 Merge branch 'main' into feat-list-tags-of-machines
    • c9efd5c Merge branch 'main' into feat-list-tags-of-machines
    • ea7bcff Merge branch 'main' into feat-list-tags-of-machines
    • d195847 Merge branch 'main' into fix-discord-invite
    • 8f6952a Merge branch 'main' into flake-build-env
    • cd9807a Merge branch 'main' into flake-build-env
    • 11ccae8 Merge branch 'main' into flake-build-env
    • 5c285af Merge branch 'main' into flake-build-env
    • 9a60eea Merge branch 'main' into flake-build-env
    • d43fec7 Merge branch 'main' into flake-build-env
    • c8aa653 Merge branch 'main' into main
    • 8845938 Merge branch 'main' into main
    • b028a7d Merge branch 'main' into main
    • 93682ab Merge branch 'main' into makefile-improvements
    • 3abdc87 Merge branch 'main' into makefile-improvements
    • 25c674e Merge branch 'main' into parse-duration-improv
    • 21268f7 Merge branch 'main' into patch-1
    • db930af Merge branch 'main' into patch-1
    • 886e95c Merge branch 'main' into patch-1
    • b60727b Merge branch 'main' into patch-1
    • 11da743 Merge branch 'main' into patch-2
    • 613dc61 Merge branch 'main' into remove-buf-installation
    • f7edea5 Merge branch 'main' into rename-fixess
    • d11279e Merge branch 'main' into rename-fixess
    • 9175aca Merge branch 'main' into rename-fixess
    • 7f7cd73 Merge branch 'main' into rename-fixess
    • 6eac504 Merge branch 'main' into rename-fixess
    • 679cf7c Merge branch 'main' into signals-reload-acl
    • f1db2d0 Merge branch 'main' into signals-reload-acl
    • dd3f24b Merge branch 'main' into suggest-english
    • ffa570e Merge branch 'main' into suggest-english
    • 57536b0 Merge branch 'main' into suggest-english
    • e631c6f Merge master
    • ef497ca Merge pull request #2 from juanfont/fix-rename-integration-tests
    • e80954b Merge pull request #482 from kradalby/flake-build-env
    • 546ddd2 Merge pull request #510 from reynico/acls-doc
    • 9a632c1 Merge pull request #518 from juanfont/update-contributors
    • b5aace6 Merge pull request #519 from hdhoang/pak-counter
    • 32522cb Merge pull request #521 from Niek/patch-1
    • 23be13b Merge pull request #528 from juanfont/update-contributors
    • 235a902 Merge pull request #531 from juanfont/suggest-english
    • c07dd3f Merge pull request #534 from nning/main
    • bc63c57 Merge pull request #537 from reynico/exit-if-acl-wrong
    • a14f50e Merge pull request #538 from artemklevtsov/patch-1
    • 5d67ed0 Merge pull request #540 from yangchuansheng/dev
    • a92f6ab Merge pull request #541 from juanfont/update-contributors
    • 367f848 Merge pull request #542 from mpldr/issue-342-send-on-closed-channel
    • 556ca5f Merge pull request #544 from mpldr/makefile-improvements
    • 6eeee8e Merge pull request #545 from mpldr/fix-discord-invite
    • f9e2ce2 Merge pull request #551 from mpldr/patch-1
    • 96ae78f Merge pull request #553 from kradalby/fix-discord-link
    • 2dfd8a9 Merge pull request #556 from juanfont/update-contributors
    • 970dea5 Merge pull request #557 from mpldr/remove-buf-installation
    • 747d64c Merge pull request #558 from restanrm/feat-list-tags-of-machines
    • 28efd92 Merge pull request #559 from kradalby/update-deps
    • be25bbc Merge pull request #560 from kradalby/rename-fixess
    • fd452d5 Merge pull request #565 from apognu/dev/oidc-custom-config
    • 96e2955 Merge pull request #566 from juanfont/fix-spurious-updates
    • 02a78e5 Merge pull request #568 from juanfont/reduce-containers-int-tests
    • ddb87af Merge pull request #569 from Kazauwa/362-add-move-command
    • 3fbfc5a Merge pull request #570 from juanfont/update-contributors
    • d6e1d10 Merge pull request #573 from deonthomasgy/patch-1
    • 91b95ff Merge pull request #574 from deonthomasgy/main
    • 41cd0d3 Merge pull request #576 from juanfont/update-contributors
    • 0d31ea0 Merge pull request #578 from samson4649/main
    • 0f532aa Merge pull request #590 from pvinis/patch-1
    • 914431b Merge pull request #591 from pvinis/patch-2
    • e596d82 Merge pull request #593 from juanfont/update-contributors
    • 583f6ee Merge pull request #594 from juanfont/update-contributors
    • 405de9e Merge pull request #595 from juanfont/update-contributors
    • 848727a Merge pull request #596 from kradalby/disable-logcatcher
    • 19b6405 Merge pull request #597 from kradalby/db-error-handling
    • d26e220 Merge pull request #598 from kradalby/parse-duration-improv
    • b472e5a Merge pull request #599 from kradalby/parse-duration-improv
    • 0797148 Merge pull request #601 from kradalby/signals-reload-acl
    • b1ba7ba Merge pull request #602 from iSchluff/fix/forced-tags-with-tagOwner
    • 7b7244d Merge pull request #607 from juanfont/update-contributors
    • 39f6fde Merge pull request #609 from kradalby/add-arm64-darwin-drop-32
    • adb55bc Merge pull request #610 from huskyii/fix_pie_build
    • a2fb5b2 Merge remote-tracking branch 'origin/main' into feat-list-tags-of-machines
    • 72c1eda Merge remote-tracking branch 'origin/main' into feat-list-tags-of-machines
    • 06c928b Migrate name and nickname fields
    • 36dca35 Move Abspath function to headscale utils
    • 8504d0d Move todo to correct file
    • 663e838 Nickname support
    • 466d03d Nixify integration test
    • 60ee046 Normalize nickname before saving to database
    • 4ffd3ea Override golangci-lint to use go 1.17
    • 5403f21 Reduce the number of containers in integration tests
    • 15f8cb5 Remove hacky go tool install
    • 0612927 Rename abspath function to describe what it does
    • 6e27680 Rename name -> hostname, nickname -> givenname
    • 4aae917 Require GivenName to be unique
    • db8db02 Resolve merge
    • e51e6f4 Resolve merge conflict
    • 9ebeb3d Retreive hostnames from headscale, now that they are random
    • dbc1d98 Revert golines
    • 03cccd6 Reword FQDN normalize errors to not only cover namespaces
    • 62f4c20 Run binary build with nix
    • 003c190 Run tests with nix
    • 0003e30 Suggest English as lingua franca
    • 2feed18 Support reloading ACLs with SIGHUP
    • 77ceeaf Test magic dns with the correct urls
    • 266aac9 Update CHANGELOG
    • 3d93cf9 Update changelog
    • 1486adb Update changelog
    • 6f32b80 Update changelog
    • c332437 Update changelog
    • 79704dc Update command with new fields
    • 580c72b Update discord link so it does not grant temp memberships
    • 7dae780 Update docs/running-headscale-container.md
    • 6d296a1 Update docs/running-headscale-container.md
    • 1e7d7e5 Update go sha for flake
    • fc502e1 Update golines and fix go mod checksum
    • 3a3fc0a Update headscale checksum
    • 124d8a3 Update readme with nix notes
    • 7bb87a7 Update vendor sha
    • cb0899b Update vendor shar
    • 03659c4 Updated changelog
    • b8e4aee Upgrade golines
    • 2dacf83 Upgrade tailscale dep
    • 4d2949b Upgrade tailscale dep
    • 6d41279 Upgrade to go 1.18
    • d860270 Use Prometheus duration parser (support days and weeks)
    • 6b1482d Use config object instead of viper for policy path
    • 14994cb Use new logic and fields for dns
    • 4a9d3be Use new names to resolve magic dns
    • 5316dd9 Use new nix stable (22.05)
    • a443255 Validate isOutdated against all namespaces
    • a0c465c Wire up setting to enable/disable logtail
    • bc055ed add command for moving node between namespaces
    • 41a8c14 add information on how to create a headscale user
    • e279224 add integrations tests
    • 47c72a4 add rpc method for moving node
    • 4e686f8 add unit test
    • 1b3a7bb apply styling fixes
    • b9ea83f check that new command does not break nodes list output
    • 98f54c9 chore: apply format and lint
    • 4435a4f chore: apply lint recommendations
    • 2c448d4 chore: apply linting
    • 4fcc5e2 chore: fmt for grpc file
    • 09836cd chore: update vendorSha after update of go.mod and go.sum
    • 17d6624 chore: fix lint
    • 6ba68d1 correctly update machine namespace
    • 9cdaa97 docs(README): update contributors
    • f7f722a docs(README): update contributors
    • 00535a2 docs(README): update contributors
    • 6c903d2 docs(README): update contributors
    • 31bdba7 docs(README): update contributors
    • c8ed1f0 docs(README): update contributors
    • 8758ee1 docs(README): update contributors
    • 5e44266 docs(README): update contributors
    • bec35b4 docs(README): update contributors
    • 571ce2b docs(README): update contributors
    • 9993f51 docs(README): update contributors
    • 6dd9e93 expanded arguments in useradd to be easier to understand for beginners
    • cd1d107 feat(acls): add support for forced tags
    • 9de9bc2 feat(cli): add tag subcommand to add and remove tags
    • 02f68eb feat: add forcedTags field and update proto
    • 852dc0f feat: add golangci-lint in nix develop
    • 31c0062 feat: add integration tests for tag support
    • db1528b feat: add invalid and valid tags to grpc response
    • 89a1a56 feat: add unit tests and fmt
    • 587bdc7 feat: add valid and invalid fields
    • 62cfd60 feat: add validation of tags
    • 209d003 feat: handle insert into database error
    • 63d9205 feat: improve nodes list with inputs from @deonthomasgy
    • 4651c44 feat: print tags in nodes list
    • fdbc965 feat: return error if validation is failed
    • 31debf7 feat: rewrite proto to only update tags of machine
    • ea9aaa6 feat: update functions to use set command
    • 25f1dcf feat: update generated files
    • cc9eeda feat: updating cli to match the set command
    • 3d8dc9d fix discord invite
    • a806694 fix gosum merge
    • 163e5c2 fix trace log message
    • 68417cc fix(go): add missing updated files
    • b2ae9b6 fix: Remove days from expiry option value examples
    • fec8cda fix: fix linting issue on my computer
    • 1158210 fix: flake.nex update sha256
    • dc8c20e fix: handle empty aclPolicy for integration tests
    • 16f9691 fix: ignore emptyPolicy errors for db insertion
    • c4e69fe fix: ignore exhaust linter
    • b511295 fix: integration tests result
    • b9fee36 fix: linting
    • 49ec994 fix: loop over result machines instead of startup machines
    • f53bb63 fix: move tag command to subcommand of nodes
    • 3d30244 fix: order error in the tests
    • 0445f40 fix: pin version of golangci-lint in GA
    • 02ae7a0 fix: pin version of golangci-lint to match dev config
    • ad4401a fix: remove debug code
    • 522e892 fix: remove unknown linters:
    • 9f08212 fix: remove version pinning for golangci-lint it does not work
    • 844ad15 fix: revert previous commit and add exclusion of linter
    • fcdc292 fix: update tag in db if acl is enabled
    • 8601dd1 fixed CGO disabling
    • 8be9e96 fixed issue #360
    • 22dd61d fixed the issue of sending on closed channel
    • ed46491 fixed typo
    • 835828f link fix
    • fa7ef3d make linter happy
    • c26280c modified code to satisfy golangci-lint and added integration test
    • 5fa9875 move populate to after when given_name exist
    • 6ed79b7 order Ip Address, IPv4 first, cleanup
    • b4f5ed6 order ip address output, IPv4 first
    • 8061abe refact: use generics for contains functions
    • 3023323 remove necessary buf installation
    • 12d8f0f remove redundant lines of code, fix response when output is not plain text
    • 7ce0bd0 removed leading whitespace
    • 1f43c39 replaced version-at-commit script with git-describe call
    • ecf5259 resolve merge conflict
    • c312f8b set up Makefile for reproducible builds
    • 06d8568 set version based on git rev
    • 2201ec8 some GOOS do not support pie build, detect in makefile and fall back to non-pie build
    • fff1011 typo
    • 62c780a update changelog
    • 86dfc91 update readme
    • a23035a update rest of deps
    • 9f03a01 updated changelog
    • 614c003 updated changelog
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(406 bytes)
    headscale_0.16.0-beta1_darwin_amd64(26.63 MB)
    headscale_0.16.0-beta1_darwin_arm64(26.22 MB)
    headscale_0.16.0-beta1_linux_amd64(24.35 MB)
    headscale_0.16.0-beta1_linux_arm64(23.43 MB)
  • v0.15.0(Mar 20, 2022)

    0.15.0 (2022-03-20)

    Note: Take a backup of your database before upgrading.

    BREAKING

    • Boundaries between Namespaces has been removed and all nodes can communicate by default #357
      • To limit access between nodes, use ACLs.
    • /metrics is now a configurable host:port endpoint: #344. You must update your config.yaml file to include:
      metrics_listen_addr: 127.0.0.1:9090
      

    Features

    • Add support for writing ACL files with YAML #359
    • Users can now use emails in ACL's groups #372
    • Add shorthand aliases for commands and subcommands #376
    • Add /windows endpoint for Windows configuration instructions + registry file download #392
    • Added embedded DERP (and STUN) server into Headscale #388

    Changes

    • Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession #346
    • Simplify the code behind registration of machines #366
      • Nodes are now only written to database if they are registrated successfully
    • Fix a limitation in the ACLs that prevented users to write rules with * as source #374
    • Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine #371
    • Apply normalization function to FQDN on hostnames when hosts registers and retrieve informations #363
    • Fix a bug that prevented the use of tailscale logout with OIDC #508
    • Added Tailscale repo HEAD and unstable releases channel to the integration tests targets #513

    Commits

    • 749c929 Add Tailscale unstable channel and repo HEAD to integration tests
    • 631cf58 Added date for 0.15.0 in changelog
    • a8a683d Added default values in Dockerfile.tailscale
    • db9ba17 Added missing file
    • a645565 Added missing package
    • 98ac88d Changed comment position
    • af6a47f Changelog updated
    • f42868f Docker requires lowercase for the container names
    • 0165b89 Fixed paths
    • b8aad54 Make STUN run by default when embedded DERP is enabled
    • 2e66872 Make STUN server mandatory if DERP embedded is enabled
    • d21e9d2 Merge branch 'main' into feat-add-debug-log
    • 739653f Merge branch 'main' into feat-add-debug-log
    • b65bd5b Merge branch 'main' into fix-machine-registration-expired
    • c29af96 Merge branch 'main' into main
    • 4068a7b Merge branch 'main' into main
    • cd2914a Merge branch 'main' into mandatory-stun
    • d13338a Merge branch 'main' into mandatory-stun
    • 94d9105 Merge branch 'main' into unstable-integration-tests
    • 53b62f3 Merge pull request #499 from juanfont/mandatory-stun
    • 68403cb Merge pull request #505 from y0ngb1n/fix-docs-metrics-endpoint
    • 1c9b1c0 Merge pull request #507 from juanfont/update-contributors
    • e85b971 Merge pull request #509 from kradalby/go118
    • 304109a Merge pull request #511 from restanrm/fix-machine-registration-expired
    • daae2fe Merge pull request #512 from restanrm/feat-add-debug-log
    • 8a2c0e8 Merge pull request #513 from juanfont/unstable-integration-tests
    • c850307 Merge pull request #514 from aofei/main
    • 150ae18 Merge pull request #517 from juanfont/changelog-prep-0.15
    • a1caa5b Minor improvements on logging
    • d5ce7d7 Prettier
    • 8f5875e Reorg errors
    • 4522865 Update CHANGELOG.md to include future 0.16.0
    • b781446 Upgrade to go 1.18
    • 882c0c3 chore(changelog): update changelog
    • ade9552 docs(README): update contributors
    • 2e04abf feat(oidc): add debug log
    • 61ebb71 fix(oidc): Reset expiry for reauthentication
    • 1eafe96 fix: possible panic in Headscale.scheduledDERPMapUpdateWorker
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(379 bytes)
    headscale_0.15.0_darwin_amd64(26.27 MB)
    headscale_0.15.0_linux_amd64(24.05 MB)
    headscale_0.15.0_linux_arm(22.87 MB)
    headscale_0.15.0_linux_arm64(23.18 MB)
  • v0.15.0-beta6(Mar 16, 2022)

  • v0.15.0-beta5(Mar 10, 2022)

    Changelog

    • 397b6fc Merge branch 'main' into docs-acl-modifications
    • dd219d0 Merge branch 'main' into docs-acl-modifications
    • 62d7fae Merge pull request #311 from restanrm/docs-acl-modifications
    • 0abfbdc Merge pull request #495 from appbricks/appbricks/main-bug-fix
    • 8b5e8b7 Refresh expired machine on re-auth - closes #489
    • c364c2a chore(acl-proposals): apply prettier
    • 86b329d chore(docs): create proposals directory
    • e540679 docs(acl-proposals): integrate comments
    • 85cf443 docs(acls): Issues with ACL and proposition
    • 0426212 docs(acls): add example use case
    • 55d746d docs(acls-proposal): wording comment
    • 7bdd774 fix(acl): add missing internal namespace communications
    • af081e9 fixed lint errors
    • 082a852 fixed linting recommendation
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.15.0-beta5_darwin_amd64(26.73 MB)
    headscale_0.15.0-beta5_linux_amd64(24.48 MB)
    headscale_0.15.0-beta5_linux_arm(21.75 MB)
    headscale_0.15.0-beta5_linux_arm64(23.93 MB)
  • v0.15.0-beta4(Mar 8, 2022)

    Changelog

    • 897d480 Add an embedded DERP server to Headscale
    • e9eb90f Added integration tests for the embedded DERP server
    • 9d43f58 Added missing deps
    • 05df8e9 Added missing file
    • 992efbd Added missing private TLS key
    • e1fcf0d Added more version
    • b803240 Added new line for prettier
    • cc0c88a Added small integration test for stun
    • 607c1eb Be consistent with uppercase DERP
    • b3fa66d Check for DERP in test
    • a27b386 Clarified expiration dates
    • df37d1a Do not offer the option to be DERP insecure
    • b742379 Do not use the term embedded
    • 09d78c7 Even more stuff moved to common
    • 6aeaff4 Fix checkboxes in PR template
    • e78c002 Fix minor issue
    • dc909ba Improved logging on startup
    • de2ea83 Linting here and there
    • eb06054 Make DERP Region configurable
    • eb50015 Make STUN server configurable
    • 580db9b Mention that STUN is UDP
    • bdbf620 Merge branch 'embedded-derp' of https://github.com/juanfont/headscale into embedded-derp
    • 15ed713 Merge branch 'embedded-derp' of https://github.com/juanfont/headscale into embedded-derp
    • b41d899 Merge branch 'embedded-derp' of https://github.com/juanfont/headscale into embedded-derp
    • 237f7f1 Merge branch 'main' into embedded-derp
    • 23cde84 Merge branch 'main' into embedded-derp
    • dd26cbd Merge branch 'main' into embedded-derp
    • e5d22b8 Merge branch 'main' into embedded-derp
    • dcf3ea5 Merge branch 'main' into fix-magic-dns-and-uppercase-letters
    • e54c508 Merge branch 'main' into main
    • e799307 Merge branch 'main' into windows-endpoint
    • 54c3e00 Merge local DERP server region with other configured DERP sources
    • 71a6269 Merge pull request #379 from juanfont/kradalby-patch-1
    • 75ca91b Merge pull request #380 from juanfont/update-contributors
    • b72a8aa Merge pull request #381 from juanfont/update-contributors
    • f2ea6fb Merge pull request #384 from restanrm/fix-issue-with-empty-namespace-and-acl-evaluation
    • b0ae324 Merge pull request #387 from restanrm/fix-magic-dns-and-uppercase-letters
    • 941e9d9 Merge pull request #388 from juanfont/embedded-derp
    • e3ff87b Merge pull request #389 from e-zk/main
    • 0720473 Merge pull request #392 from e-zk/windows-endpoint
    • 60655c5 Merge pull request #393 from juanfont/update-contributors
    • 435ee36 Merge pull request #394 from juanfont/renovateaction/dockerfiles
    • b85dd7a Merge pull request #484 from juanfont/prtemplate-fix
    • 48cec3c Merge pull request #486 from e-zk/main
    • 6087e1c Merge pull request #488 from juanfont/update-contributors
    • 22d2443 Move more stuff to common
    • 03452a8 Prettied
    • 88378c2 Rename the file to derp_server.go for coherence
    • 758b1ba Renamed configuration items of the DERP server
    • f9c0597 Second contributor attempt
    • b47de07 Update Dockerfile.tailscale
    • 05c5e22 Updated CHANGELOG and README
    • 70910c4 Working /bootstrap-dns DERP helper
    • 1114449 change: update name of method to check and normalize Domain name
    • 35efd8f chore(deps): update dependency docker.io/golang to v1.17.8
    • 2b68c90 chore: update changelog
    • c47fb1a docs(README): update contributors
    • e208ccc docs(README): update contributors
    • a70669f docs(README): update contributors
    • e301d0d docs(README): update contributors
    • 4a49528 feat(acls): add some logs and skip error
    • 6cc8bbc feat(api): add normalisation at machine register step
    • 12a50ac feat(windows): add /windows endpoint for Windows configuration
    • b342cf0 feat(windows): cleanup /apple endpoint
    • d69dada feat(windows): rename apple_mobileconfig.go => platform_config.go
    • 6f172a6 fix(acls): remove dead error code
    • 44a5372 fix(poll): Normalize hostname
    • 41efe98 fix: apply fmt and fix missing name changes
    • f19c048 fix: change normalization function name
    • c06689d fix: make register html/template consistent with other html
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.15.0-beta4_darwin_amd64(26.73 MB)
    headscale_0.15.0-beta4_linux_amd64(24.48 MB)
    headscale_0.15.0-beta4_linux_arm(21.75 MB)
    headscale_0.15.0-beta4_linux_arm64(23.93 MB)
  • v0.15.0-beta3(Mar 2, 2022)

    Changelog

    • dcc46af Changelog: add breaking change
    • e3bcc88 Linter: make linter happy
    • d55c79e Merge branch 'main' into metrics-listen
    • b615006 Merge branch 'main' into metrics-listen
    • 6126d6d Merge branch 'main' into metrics-listen
    • d27f2bc Merge branch 'main' into metrics-listen
    • aa3eb51 Merge pull request #344 from reynico/metrics-listen
    • 9a61725 Metrics: Disable toggle. Set default port to 9090
    • 45d5ab3 metrics/cfg: add a new entry for the Prometheus listen address
    • 14e4988 metrics/kustomize: update Kustomize examples
    • fbc1843 metrics/tests: update tests
    • d5fd7a5 metrics: add a new router and listener for Prometheus' metrics endpoint
    • 06e6c29 metrics: make metrics endpoint toggleable
    • a9122c3 prometheus: replace default port by a port between the recommended prometheus range
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.15.0-beta3_darwin_amd64(26.34 MB)
    headscale_0.15.0-beta3_linux_amd64(24.16 MB)
    headscale_0.15.0-beta3_linux_arm(21.50 MB)
    headscale_0.15.0-beta3_linux_arm64(23.68 MB)
  • v0.15.0-beta2(Mar 2, 2022)

    Changelog

    • 8a3a0b6 Add YAML support to ACLs
    • c159eb7 Add basic test of yaml parsing
    • 1f8c7f4 Add comment
    • e0b9a31 Add note to config example
    • 1caa6f5 Add todo for JSON datatype
    • 2b6a517 Allow upstream delete continue on failure
    • 82cb6b9 Cleanup some unreachable code
    • 5157f35 Fix apple profile issue being generated with escaped characters
    • ecc2643 Fix excessive replace
    • 35616eb Fix oidc error were namespace isnt created #365
    • fd1e4a1 Generalise registration for openid
    • acb9458 Generalise registration for pre auth keys
    • c58ce6f Generalise the registration method to DRY stuff up
    • 50053e6 Ignore complexity linter
    • 54cc3c0 Implement new machine register parameter
    • 7c99d96 Merge branch 'main' into feat/command-aliases
    • d34d617 Merge branch 'main' into registration-simplification
    • a9d4fa8 Merge branch 'main' into registration-simplification
    • e4d81bb Merge branch 'main' into registration-simplification
    • 9b10457 Merge branch 'main' into smarter-contribute-pipeline
    • 1246267 Merge branch 'main' into smarter-contribute-pipeline
    • 5730087 Merge branch 'main' into update-dependencies
    • 0551b34 Merge branch 'main' into update-dependencies
    • a0a56d4 Merge branch 'main' into use-specific-database-typess
    • 1058124 Merge branch 'main' into yaml-acls
    • 4c74043 Merge pull request #359 from kradalby/yaml-acls
    • eeded85 Merge pull request #366 from kradalby/registration-simplification
    • 4a9fd3a Merge pull request #368 from kradalby/apple-profile-fix
    • 94c5474 Merge pull request #369 from kradalby/update-dependencies
    • 9a8f605 Merge pull request #371 from kradalby/use-specific-database-typess
    • dec4ee5 Merge pull request #373 from restanrm/feat-email-in-acls
    • 0c0653d Merge pull request #375 from restanrm/fix-limitations-in-source-acls-rules
    • 63d8711 Merge pull request #376 from e-zk/feat/command-aliases
    • ccec534 Merge pull request #377 from juanfont/smarter-contribute-pipeline
    • ef422e6 Protect against expiry nil
    • 3790176 Reformat and add db backup note
    • e64bee7 Regenerate proto
    • 469551b Register new machines needing callback in memory
    • 16b21e8 Remove all references to Machine.Registered
    • a8649d8 Remove all references to Machine.Registered from tests
    • c80e364 Remove always nil error
    • 86ade72 Remove err check
    • 67d6c8f Remove oversensitive tracing output
    • c6b87de Remove poorly aged test
    • 5e92dda Remove redundant caches
    • e7bef56 Remove reference to registered in integration test
    • 5e1b129 Remove registered field from proto
    • 78251ce Remove registrated field
    • 8bef04d Remove sorted todo
    • 7c63412 Remove todo
    • 5b16901 Resolve merge conflict
    • 402a760 Reuse machine structure for parameters, named parameters
    • eea8e7b Update changelog
    • 0835bff Update changelog
    • d6f6939 Update changelog
    • caffbd8 Update cli registration with new method
    • 32ac690 Update contributors.yml
    • 1cb39d9 Update dependencies
    • ec4dc68 Use correct machinekey format for oidc reg
    • 6477e6a Use new machine types
    • 49cd761 Use new machine types in tests
    • 8a95fe5 Use specific types for all fields on machine (no datatypes.json)
    • a455a87 feat(acls): normalize the group name
    • aff6b84 feat(aliases): add 'gen' alias for 'generate' command
    • 052dbfe feat(aliases): add aliases for apikeys command
    • 5310f86 feat(aliases): add aliases for namespaces command
    • 21eee91 feat(aliases): add aliases for nodes command
    • 12b3b5f feat(aliases): add aliases for preauthkeys command
    • dbb2af0 feat(aliases): add aliases for route command
    • 361b4f7 fix(machine): allow to use * in ACL sources
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.15.0-beta2_darwin_amd64(26.33 MB)
    headscale_0.15.0-beta2_linux_amd64(24.15 MB)
    headscale_0.15.0-beta2_linux_arm(21.50 MB)
    headscale_0.15.0-beta2_linux_arm64(23.68 MB)
  • v0.15.0-beta1(Feb 25, 2022)

    Changelog

    • f7eeb97 Add timeout
    • fe2f75d Allow integration test to retry
    • 1e8f4db Drop shared node table
    • fb85c78 Fail integration tests fast
    • ebe59a5 Fix utils tests, use ipset datastructure
    • eda0a9f Lock allocation of IP address
    • 7e6e093 Merge branch 'integration-test-concurrent-join' of github.com:kradalby/headscale into integration-test-concurrent-join
    • 95453cb Merge branch 'main' into feat-oidc-login-as-namespace
    • aa50650 Merge branch 'main' into feat-oidc-login-as-namespace
    • 69f220f Merge branch 'main' into feat-oidc-login-as-namespace
    • 638a84a Merge branch 'main' into integration-test-concurrent-join
    • bae8ed3 Merge branch 'main' into make-namespace-to-users
    • 9c2c09f Merge branch 'main' into remove-shared
    • ec58979 Merge branch 'main' into remove-shared
    • 08c7076 Merge pull request #346 from kradalby/integration-test-concurrent-join
    • 3815986 Merge pull request #347 from kradalby/remove-shared
    • b1bd17f Merge pull request #350 from restanrm/feat-oidc-login-as-namespace
    • 8689a39 Merge pull request #357 from kradalby/make-namespace-to-users
    • b39faa1 Merge remote-tracking branch 'origin/main' into feat-oidc-login-as-namespace
    • 9ceac5c Remove CLI and tests for Shared node
    • e03b3d5 Remove boundries between namespaces
    • 4962335 Remove dependency on CGO
    • 6da2a19 Remove grpc share/unshare functions
    • 9d1752a Remove protobuf share/unshare
    • 9399754 Remove protobuf share/unshare generated go
    • 9687e67 Remove retry from integration tests
    • 9411ec4 Remove sharing class and tests
    • 4ca8181 Remove sharing from integration tests
    • 24a8e19 Remove sharing references across the code
    • 189e883 Resolve merge
    • 2fd36dd Resolve merge
    • 8dca405 Test if we can join headscale in parallell to speed up
    • d9e7f37 Uncomment previous test and update them for no boundries
    • f4c302f Uncomment tests that will failed in transition period
    • 47e8442 Update CHANGELOG.md
    • f9ce32f Update CHANGELOG.md
    • 2c70644 Update changelog
    • 6d699d3 Update changelog
    • 91b5055 Update readme and glossary to reflect features and goals
    • fe0b43e chore: update changelog
    • afd4a37 chore: update formating
    • 0461166 chore: update formatting
    • 45727db feat(namespace): add check function for namespace
    • 92ffac6 feat(namespace): add normalization function for namespace
    • 0191ea9 feat(oidc): bind email to namespace
    • 972bef1 feat: add length error if hostname too long
    • 4f1f235 feat: add strip_email_domain to normalization of namespace
    • 717250a feat: removing matchmap from headscale
    • 995731a fix(namespace): checknamespace name before actions
    • 7e4709c fix(namespace): remove name validation for destroy and get
    • cef0a2b fix(namespaces_test): fix missing namespace name
    • fcdbe7c fix(utils_test): fix namespace name
    • ae6a20e fix: add valid test identified by linter
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(403 bytes)
    headscale_0.15.0-beta1_darwin_amd64(26.14 MB)
    headscale_0.15.0-beta1_linux_amd64(23.96 MB)
    headscale_0.15.0-beta1_linux_arm(21.31 MB)
    headscale_0.15.0-beta1_linux_arm64(23.50 MB)
  • v0.14.0(Feb 24, 2022)

    UPCOMING BREAKING: From the next version (0.15.0), all machines will be able to communicate regardless of if they are in the same namespace. This means that the behaviour currently limited to ACLs will become default. From version 0.15.0, all limitation of communications must be done with ACLs.

    This is a part of aligning headscale's behaviour with Tailscale's upstream behaviour.

    BREAKING:

    • ACLs have been rewritten to align with the bevaviour Tailscale Control Panel provides. NOTE: This is only active if you use ACLs
      • Namespaces are now treated as Users
      • All machines can communicate with all machines by default
      • Tags should now work correctly and adding a host to Headscale should now reload the rules.
      • The documentation have a fictional example that should cover some use cases of the ACLs features

    Features:

    • Add support for configurable mTLS docs #297

    Changes:

    • Remove dependency on CGO (switch from CGO SQLite to pure Go) #346

    Changelog

    • daa75da Linting and updating tests
    • 9e619fc Making client authentication mode configurable
    • af25aa7 Merge branch 'configurable-mtls' of github.com:arch4ngel/headscale into configurable-mtls
    • 52db80a Merge branch 'configurable-mtls' of github.com:arch4ngel/headscale into configurable-mtls
    • 0609c97 Merge branch 'main' into configurable-mtls
    • afb67b6 Merge branch 'main' into configurable-mtls
    • 823cc49 Merge branch 'main' into configurable-mtls
    • 7bf2a91 Merge branch 'main' into configurable-mtls
    • 168b1bd Merge branch 'main' into configurable-mtls
    • 1b2fff4 Merge branch 'main' into configurable-mtls
    • f562ad5 Merge branch 'main' into configurable-mtls
    • 5596a0a Merge pull request #297 from arch4ngel/configurable-mtls
    • 8c33907 Sort lint
    • d44b2a7 adding default for tls_client_auth_mode
    • da5250e linting again
    • c98a559 linting/formatting
    • 310e7b1 making alternatives constants
    • 385dd9c refactoring
    • 5935b13 refining
    • 0c3fd16 refining and adding tests
    • b5a59d4 updating changelog and docs
    • 9de5c7f updating default
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(379 bytes)
    headscale_0.14.0_darwin_amd64(26.16 MB)
    headscale_0.14.0_linux_amd64(23.99 MB)
    headscale_0.14.0_linux_arm(21.37 MB)
    headscale_0.14.0_linux_arm64(23.50 MB)
Owner
Juan Font
Juan Font
Apache Traffic Control is an Open Source implementation of a Content Delivery Network

Apache Traffic Control Apache Traffic Control is an Open Source implementation of a Content Delivery Network. Documentation Intro CDN Basics Traffic C

The Apache Software Foundation 837 Dec 1, 2022
A memory-safe SSH server, focused on listening only on VPN networks such as Tailscale

Features Is tested to work with SCP Integrates well with systemd Quickstart Download binary for your architecture. We only support Linux. If you don't

function61.com 2 Jun 10, 2022
Provides agent and server plugins for SPIRE to allow Tailscale node attestation.

SPIRE Tailscale Plugin ⚠️ this node attestation plugin relies on a Tailscale OIDC id-token feature, which is marked as Work-in-Progress and may not be

Johan Siebens 9 May 22, 2022
The fastest way to create self-hosted exit-servers

inletsctl - the fastest way to create self-hosted exit-servers inletsctl automates the task of creating an exit-server (tunnel server) on public cloud

inlets 426 Nov 25, 2022
☁️ Cloud Torrent: a self-hosted remote torrent client

Cloud torrent is a a self-hosted remote torrent client, written in Go (golang). You start torrents remotely, which are downloaded as sets of files on

Jaime Pillora 5.4k Dec 4, 2022
Gogrok is a self hosted, easy to use alternative to ngrok. It uses SSH as a base protocol, using channels and existing functionality to tunnel requests to an endpoint.

gogrok A simple, easy to use ngrok alternative (self hosted!) The server and client can also be easily embedded into your applications, see the 'serve

Tyler Stuyfzand 6 Dec 3, 2022
Underpass - Self-hosted ngrok alternative.

Underpass Self-hosted ngrok alternative. Installation (CLI) brew install

Caleb Denio 54 Nov 14, 2022
Self-hosted and Easy-to-deploy Cloudflare based Dynamic DNS service for router

Self-hosted and Easy-to-deploy Cloudflare based Dynamic DNS service for router Contents Features Environment Variables Installation Heroku Docker (Run

Aseem Manna 5 Oct 9, 2022
Self-hosted reverse-proxy for F1 web viewer.

F1WebViewer-SelfHosted Self-hosted reverse-proxy for F1 web viewer and includes a web server at port 13331. You can also run this proxy on a server if

ieb 58 Nov 19, 2022
Go Http Proxy with Authentication, Schedule Control, and Portal Control

goproxy Go Http Proxy with Authentication, Schedule Control, and Portal Control Why this tool? You may need to restrict my kids's youtube watch time i

Wu Shilin 2 Mar 27, 2022
A TCP proxy used to expose services onto a tailscale network without root. Ideal for container environments.

tailscale-sidecar This is barely tested software, I don't guarantee it works but please make an issue if you use it and find a bug. Pull requests are

Mark Pashmfouroush 103 Nov 24, 2022
Example of how to write reverse proxy in Go that runs on Cloud Run with Tailscale

Cloudrun Tailscale Reverse Proxy Setup Create a ephemeral key in Tailscale Set TAILSCALE_AUTHKEY in your Cloud Run environment variables Set TARGET_UR

ThreeComma.io 12 Nov 3, 2022
A pair of local reverse proxies (one in Windows, one in Linux) for Tailscale on WSL2

tailscale-wsl2 TL;DR Running two reverse proxies (one in Windows, one in the WSL2 Linux VM), the Windows Tailscale daemon can be accessed via WSL2: $

Danny Hermes 29 Nov 16, 2022
Cdn - CDN microservice to upload files to zachlatta.com that only accepts traffic from Tailscale IPs

cdn CDN microservice to upload files to zachlatta.com that only accepts traffic from Tailscale IPs. source code available at https://github.com/zachla

zach latta 2 Jun 26, 2022
Tscert - Minimal package for just the HTTPS cert fetching part of the Tailscale client API

tscert This is a stripped down version of the tailscale.com/client/tailscale Go

Tailscale 15 Nov 27, 2022
An unofficial GUI wrapper around the Tailscale CLI client.

Trayscale Trayscale is an unofficial GUI wrapper around the Tailscale CLI client, particularly for use on Linux, as no official Linux GUI client exist

null 60 Nov 22, 2022
An open source Pusher server implementation compatible with Pusher client libraries written in Go

Try browsing the code on Sourcegraph! IPÊ An open source Pusher server implementation compatible with Pusher client libraries written in Go. Why I wro

Hava 1 Aug 27, 2022
Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core network solution.

Connecting the Next Billion People Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core

Magma 1.5k Dec 7, 2022
Project Kebe is the open-source Snap Store implementation.

Introduction Kebe intends to be a full replacement for the Snap Store. Quickstart Once you have an environment setup (for instance using https://githu

Free To Compute 25 Nov 9, 2022