From f9425b23d31350a28d8e482f5842a381b2dd96a7 Mon Sep 17 00:00:00 2001 From: "Community Hass.io Add-ons Bot" Date: Mon, 20 May 2024 10:37:35 +0000 Subject: [PATCH] :tada: Release of add-on Tailscale 0.19.0 --- README.md | 6 ++--- tailscale/CHANGELOG.md | 20 +++++++++++++--- tailscale/DOCS.md | 42 ++++++++++++++++++++++++++++++---- tailscale/README.md | 4 ++-- tailscale/config.yaml | 4 +++- tailscale/translations/en.yaml | 16 +++++++++++++ 6 files changed, 79 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index f1cd50cf..381eb8dc 100644 --- a/README.md +++ b/README.md @@ -1050,10 +1050,10 @@ SOFTWARE. [vscode-armhf-shield]: https://img.shields.io/badge/armhf-no-red.svg [vscode-armv7-shield]: https://img.shields.io/badge/armv7-no-red.svg [vscode-i386-shield]: https://img.shields.io/badge/i386-no-red.svg -[addon-tailscale]: https://github.com/hassio-addons/addon-tailscale/tree/v0.18.0 -[addon-doc-tailscale]: https://github.com/hassio-addons/addon-tailscale/blob/v0.18.0/README.md +[addon-tailscale]: https://github.com/hassio-addons/addon-tailscale/tree/v0.19.0 +[addon-doc-tailscale]: https://github.com/hassio-addons/addon-tailscale/blob/v0.19.0/README.md [tailscale-issue]: https://github.com/hassio-addons/addon-tailscale/issues -[tailscale-version-shield]: https://img.shields.io/badge/version-v0.18.0-blue.svg +[tailscale-version-shield]: https://img.shields.io/badge/version-v0.19.0-blue.svg [tailscale-aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg [tailscale-amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg [tailscale-armhf-shield]: https://img.shields.io/badge/armhf-no-red.svg diff --git a/tailscale/CHANGELOG.md b/tailscale/CHANGELOG.md index d38d0ecf..f46cd221 100644 --- a/tailscale/CHANGELOG.md +++ b/tailscale/CHANGELOG.md @@ -1,10 +1,24 @@ ## What’s changed +## ✨ New features + +- Add app connector option @angel-urena ([#348](https://github.com/hassio-addons/addon-tailscale/pull/348)) +- Make stateful filtering configurable @lmagyar ([#357](https://github.com/hassio-addons/addon-tailscale/pull/357)) + ## 🐛 Bug fixes -- Tag names must start with a letter after 'tag:' and contain letters, … @noconnor29 ([#342](https://github.com/hassio-addons/addon-tailscale/pull/342)) +- Fix Linux optimizations @lmagyar ([#360](https://github.com/hassio-addons/addon-tailscale/pull/360)) +- Allow Linux optimizations (UDP GRO for forwarding) on multiple default interfaces and IPv6 @lmagyar ([#361](https://github.com/hassio-addons/addon-tailscale/pull/361)) + +## 🚀 Enhancements + +- Linux optimizations for subnet routers and exit nodes @lmagyar ([#351](https://github.com/hassio-addons/addon-tailscale/pull/351)) +- Fix indentation @lmagyar ([#356](https://github.com/hassio-addons/addon-tailscale/pull/356)) +- Reword app connector option's translation @lmagyar ([#358](https://github.com/hassio-addons/addon-tailscale/pull/358)) ## ⬆️ Dependency updates -- ⬆️ Update Add-on base image to v15.0.8 @renovate ([#344](https://github.com/hassio-addons/addon-tailscale/pull/344)) -- ⬆️ Update tailscale/tailscale to v1.64.0 @renovate ([#346](https://github.com/hassio-addons/addon-tailscale/pull/346)) +- ⬆️ Update alpine_3_19/nginx to v1.24.0-r16 @renovate ([#349](https://github.com/hassio-addons/addon-tailscale/pull/349)) +- ⬆️ Update tailscale/tailscale to v1.66.0 @renovate ([#350](https://github.com/hassio-addons/addon-tailscale/pull/350)) +- ⬆️ Update tailscale/tailscale to v1.66.1 @renovate ([#352](https://github.com/hassio-addons/addon-tailscale/pull/352)) +- ⬆️ Update tailscale/tailscale to v1.66.3 @renovate ([#354](https://github.com/hassio-addons/addon-tailscale/pull/354)) diff --git a/tailscale/DOCS.md b/tailscale/DOCS.md index 1ed74318..7bfc3233 100644 --- a/tailscale/DOCS.md +++ b/tailscale/DOCS.md @@ -65,6 +65,7 @@ add-on is restarted._ accept_dns: true accept_routes: true advertise_exit_node: true +advertise_connector: true advertise_routes: - 192.168.1.0/24 - fd12:3456:abcd::/64 @@ -74,6 +75,7 @@ login_server: "https://controlplane.tailscale.com" proxy: false proxy_and_funnel_port: 443 snat_subnet_routes: true +stateful_filtering: true tags: - tag:example - tag:homeassistant @@ -113,6 +115,22 @@ More information: [Exit nodes][tailscale_info_exit_nodes] When not set, this option is enabled by default. +### Option: `advertise_connector` + +This option allows you to advertise this Tailscale instance as an app connector. + +When you use an app connector, you specify which applications you wish to make +accessible over your tailnet, and the domains for those applications. Any traffic +for that application is then forced over the tailnet to a node running an app +connector before egressing to the target domains. This is useful for cases where +the application has an allowlist of IP addresses which can connect to it: the IP +address of the node running the app connector can be added to the allowlist, and +all nodes on the tailnet will use that IP address for their traffic egress. + +More information: [App connectors][tailscale_info_app_connectors] + +When not set, this option is enabled by default. + ### Option: `advertise_routes` This option allows you to advertise routes to subnets (accessible on the network @@ -262,8 +280,23 @@ router, and this simplifies routing configuration. When not set, this option is enabled by default. To support advanced [Site-to-site networking][tailscale_info_site_to_site] (eg. -to traverse multiple networks), you can disable this functionality. But do it -only when you really understand why you need this. +to traverse multiple networks), you can disable this functionality, and execute +steps 2 and 3 as described on [Site-to-site +networking][tailscale_info_site_to_site]. But do it only when you really +understand why you need this. + +### Option: `stateful_filtering` + +This option enables stateful packet filtering on packet-forwarding nodes (exit +nodes, subnet routers, and app connectors), to only allow return packets for +existing outbound connections. Inbound packets that don't belong to an existing +connection are dropped. + +When not set, this option is enabled by default. + +To support basic [Site-to-site networking][tailscale_info_site_to_site], you can +disable this functionality, and execute steps 2 and 3 as described on +[Site-to-site networking][tailscale_info_site_to_site]. ### Option: `tags` @@ -295,8 +328,8 @@ instance, disable userspace networking mode, which will create a `tailscale0` network interface on your host. If you want to access other clients on your tailnet even from your local subnet, -execute steps 2 and 3 as described on [Site-to-site -networking][tailscale_info_site_to_site]. +disable `stateful_filtering` and execute steps 2 and 3 as described on +[Site-to-site networking][tailscale_info_site_to_site]. In case your local subnets collide with subnet routes within your tailnet, your local network access has priority, and these addresses won't be routed toward @@ -381,6 +414,7 @@ SOFTWARE. [tailscale_dns]: https://login.tailscale.com/admin/dns [tailscale_info_acls]: https://tailscale.com/kb/1068/acl-tags/ [tailscale_info_exit_nodes]: https://tailscale.com/kb/1103/exit-nodes/ +[tailscale_info_app_connectors]: https://tailscale.com/kb/1281/app-connectors [tailscale_info_funnel]: https://tailscale.com/kb/1223/tailscale-funnel/ [tailscale_info_funnel_policy_requirement]: https://tailscale.com/kb/1223/tailscale-funnel/#tailnet-policy-file-requirement [tailscale_info_https]: https://tailscale.com/kb/1153/enabling-https/ diff --git a/tailscale/README.md b/tailscale/README.md index 3b4729fa..896d1ad4 100644 --- a/tailscale/README.md +++ b/tailscale/README.md @@ -45,5 +45,5 @@ If you are more interested in stable releases of our add-ons: [patreon-shield]: https://frenck.dev/wp-content/uploads/2019/12/patreon.png [patreon]: https://www.patreon.com/frenck [project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg -[release-shield]: https://img.shields.io/badge/version-v0.18.0-blue.svg -[release]: https://github.com/hassio-addons/addon-tailscale/tree/v0.18.0 \ No newline at end of file +[release-shield]: https://img.shields.io/badge/version-v0.19.0-blue.svg +[release]: https://github.com/hassio-addons/addon-tailscale/tree/v0.19.0 \ No newline at end of file diff --git a/tailscale/config.yaml b/tailscale/config.yaml index cf8e75e1..ccffb43c 100644 --- a/tailscale/config.yaml +++ b/tailscale/config.yaml @@ -1,5 +1,5 @@ name: Tailscale -version: 0.18.0 +version: 0.19.0 slug: tailscale description: Zero config VPN for building secure networks url: https://github.com/hassio-addons/addon-tailscale @@ -28,6 +28,7 @@ schema: accept_dns: bool? accept_routes: bool? advertise_exit_node: bool? + advertise_connector: bool? advertise_routes: - match(^(((25[0-5]|(2[0-4]|1\d|[1-9]?)\d)\.){3}(25[0-5]|(2[0-4]|1\d|[1-9]?)\d)\/(3[0-2]|[12]?\d)|[a-fA-F\d.:]+:[a-fA-F\d.:]+\/(12[0-8]|(1[01]|[1-9]?)\d))$)? funnel: bool? @@ -36,6 +37,7 @@ schema: proxy: bool? proxy_and_funnel_port: match(^(443|8443|10000)$)? snat_subnet_routes: bool? + stateful_filtering: bool? tags: - match(^tag:[a-zA-Z][a-zA-Z0-9-]*$)? taildrop: bool? diff --git a/tailscale/translations/en.yaml b/tailscale/translations/en.yaml index 1e88564b..7c9ea49a 100644 --- a/tailscale/translations/en.yaml +++ b/tailscale/translations/en.yaml @@ -19,6 +19,14 @@ configuration: By setting a device on your network as an exit node, you can use it to route all your public internet traffic as needed, like a consumer VPN. When not set, this option is enabled by default. + advertise_connector: + name: Advertise as an app connector + description: >- + When you use an app connector, you specify which applications you wish to make + accessible over your tailnet, and the domains for those applications. Any traffic + for that application is then forced over the tailnet to a node running an app + connector before egressing to the target domains. + When not set, this option is enabled by default. advertise_routes: name: Advertise subnet routes description: >- @@ -64,6 +72,14 @@ configuration: To support advanced Site-to-site networking (eg. to traverse multiple networks), you can disable this functionality. When not set, this option is enabled by default. + stateful_filtering: + name: Stateful packet filtering + description: >- + This option enables stateful packet filtering on packet-forwarding nodes (exit + nodes, subnet routers, and app connectors), to only allow return packets for + existing outbound connections. + To support basic Site-to-site networking, you can disable this functionality. + When not set, this option is enabled by default. tags: name: Tags description: >-