search

jack-broadway / vyos-module-tailscale

Tailscale module that can be used with vyos-modular
8 stars 7 forks source link

How to clamp mss to pmtu on tailscale interface? #12

Open fghorow opened 10 months ago

fghorow commented 10 months ago

I'm attempting to configure site-to-site routing on a tailscale0 interface created by this infrastructure.

I'm using a sagitta VyOS 1.4.0-rc3 core .iso and your module to build my install .iso. (Works very well, BTW. Thank you!!!)

One of the things in the tailscale instructions for site-to-site is to configure clamp mss to pmtu on that interface.

Because when I try to execute set interface tailscale ... and tailscale is not recognized in that config mode, I can't figure out how to set that clamp-mss-to-pmtu configuration. Is this something that needs to be patched (somewhere?) in this codebase? If so, where? (I can take a crack at it, but I'm lost in the vyos codebase, not to mention your additions.)

Any help would be greatly appreciated!

jack-broadway commented 9 months ago

Hi @fghorow after having a quick look through the vyos docs this is implemented for other interface types so it should be more than possible to implement for the tailscale interface. I'll have a look over the coming weekend

jack-broadway commented 9 months ago

@fghorow Try with the following config when building and let me know if it solves you're issue. I can see the rule get create in nftables.

This does require version 2.2.0 of vyos-modular so please update first

name: tailscale-1.4.0-rc3
vyos_target:
  # This is used to target an appropriate vyos-core version when using modules
  # that patch the core
  branch: 1.4.0-rc3
  release: sagitta
  # This is the name of an iso found under resources/isos
  iso: vyos-1.4.0-rc3-amd64.iso
modules:
  - type: git
    url: https://github.com/jack-broadway/vyos-module-tailscale.git
    version: issue-12
fghorow commented 9 months ago

Thanks for the patch!

At first I failed to build the new image (using vyos-modular of course). But eventually, after a clean fresh installation of the whole vyos-modular infrastructure managed to get the build to work.

Attempting to update a running vyos machine using the add system image approach failed, with complaints: “”” Validating image checksums Cleaning up Unmounting target filesystems Removing temporary files Image checksum verification failed. “”” Updating via booting from the .iso and then executing install image worked correctly, with my old /config/config.boot migrated via the usual procedure.

In config mode, executing set interfaces tailscale tailscale0 ip adjust-mss clamp-mss-to-pmtu appears to have worked, with the commit and save also working.

I can provide more details if needed.

Thanks again! Frank Horowitz

On Feb 10, 2024, at 1:33 AM, Jack Broadway @.***> wrote:

@fghorow Try with the following config when building and let me know if it solves you're issue. I can see the rule get create in nftables name: tailscale-1.4.0-rc3 vyos_target:

This is used to target an appropriate vyos-core version when using modules

that patch the core

branch: 1.4.0-rc3 release: sagitta

This is the name of an iso found under resources/isos

iso: vyos-1.4.0-rc3-amd64.iso modules:

Frank Horowitz @.***

jack-broadway commented 9 months ago

Hi Frank,

Can you please try an in-place upgrade again with v2.4.0 of vyos-modular. That version fixes a bug where only the MD5 sums are updated, not the SHA256 sums.

pip install --upgrade vyos-modular