mirror of
https://gitlab.postmarketos.org/postmarketOS/pmaports.git
synced 2025-07-25 15:55:11 +03:00
f2e83e42eb
The iptables frontend for nftables seems to not play nice. Since we use nftables in postmarketOS anyway, tell tailscale to use it directly. This fixes routing not working and the following error seen in tailscale status - adding [-i tailscale0 -j MARK --set-mark 0x40000/0xff0000] in v4/filter/ts-forward: running [/usr/sbin/iptables -t filter -A ts-forward -i tailscale0 -j MARK --set-mark 0x40000/0xff0000 --wait]: exit status 2: Warning: Extension MARK revision 0 not supported, missing kernel module? Signed-off-by: Caleb Connolly <caleb@postmarketos.org> Part-of: https://gitlab.postmarketos.org/postmarketOS/pmaports/-/merge_requests/6344
15 lines
511 B
Text
15 lines
511 B
Text
# Set the port to listen on for incoming VPN packets.
|
|
# Remote nodes will automatically be informed about the new port number,
|
|
# but you might want to configure this in order to set external firewall
|
|
# settings.
|
|
PORT="41641"
|
|
|
|
# Extra flags you might want to pass to tailscaled.
|
|
FLAGS=""
|
|
|
|
# postmarketOS uses nftables by default, and tailscale has
|
|
# some issues with the iptables frontend for it. So just
|
|
# tell tailscale to use the nftables backend for routing
|
|
# configuration.
|
|
TS_DEBUG_FIREWALL_MODE=nftables
|
|
|