cmd/derper: clarify that derper and tailscaled need to be in sync
Fixes #12617 Change-Id: Ifc87b7d9cf699635087afb57febd01fb9a6d11b7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
parent
6b801a8e9e
commit
210264f942
|
@ -30,7 +30,9 @@ If you've decided or been advised to run your own `derper`, then read on.
|
|||
* You must build and update the `cmd/derper` binary yourself. There are no
|
||||
packages. Use `go install tailscale.com/cmd/derper@latest` with the latest
|
||||
version of Go. You should update this binary approximately as regularly as
|
||||
you update Tailscale nodes.
|
||||
you update Tailscale nodes. If using `--verify-clients`, the `derper` binary
|
||||
and `tailscaled` binary on the machine must be built from the same git revision.
|
||||
(It might work otherwise, but they're developed and only tested together.)
|
||||
|
||||
* The DERP protocol does a protocol switch inside TLS from HTTP to a custom
|
||||
bidirectional binary protocol. It is thus incompatible with many HTTP proxies.
|
||||
|
|
|
@ -1187,6 +1187,10 @@ func (s *Server) verifyClient(ctx context.Context, clientKey key.NodePublic, inf
|
|||
return fmt.Errorf("peer %v not authorized (not found in local tailscaled)", clientKey)
|
||||
}
|
||||
if err != nil {
|
||||
if strings.Contains(err.Error(), "invalid 'addr' parameter") {
|
||||
// Issue 12617
|
||||
return errors.New("tailscaled version is too old (out of sync with derper binary)")
|
||||
}
|
||||
return fmt.Errorf("failed to query local tailscaled status for %v: %w", clientKey, err)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue