diff --git a/tailscale/DOCS.md b/tailscale/DOCS.md index 7bfc323..47db600 100644 --- a/tailscale/DOCS.md +++ b/tailscale/DOCS.md @@ -280,7 +280,7 @@ router, and this simplifies routing configuration. When not set, this option is enabled by default. To support advanced [Site-to-site networking][tailscale_info_site_to_site] (eg. -to traverse multiple networks), you can disable this functionality, and execute +to traverse multiple networks), you can disable this functionality, and follow steps 2 and 3 as described on [Site-to-site networking][tailscale_info_site_to_site]. But do it only when you really understand why you need this. @@ -292,11 +292,7 @@ nodes, subnet routers, and app connectors), to only allow return packets for existing outbound connections. Inbound packets that don't belong to an existing connection are dropped. -When not set, this option is enabled by default. - -To support basic [Site-to-site networking][tailscale_info_site_to_site], you can -disable this functionality, and execute steps 2 and 3 as described on -[Site-to-site networking][tailscale_info_site_to_site]. +When not set, this option is disabled by default. ### Option: `tags` @@ -328,8 +324,8 @@ instance, disable userspace networking mode, which will create a `tailscale0` network interface on your host. If you want to access other clients on your tailnet even from your local subnet, -disable `stateful_filtering` and execute steps 2 and 3 as described on -[Site-to-site networking][tailscale_info_site_to_site]. +follow steps 2 and 3 as described on [Site-to-site +networking][tailscale_info_site_to_site]. In case your local subnets collide with subnet routes within your tailnet, your local network access has priority, and these addresses won't be routed toward diff --git a/tailscale/rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run b/tailscale/rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run index 75f827a..0fc6e4d 100755 --- a/tailscale/rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run +++ b/tailscale/rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run @@ -73,13 +73,13 @@ then options+=(--login-server="${login_server}") fi -# Support basic site-to-site networking, disable stateful filtering +# Enable stateful filtering (it's disabled by default from v1.66.4) if ! bashio::config.has_value "stateful_filtering" || \ - bashio::config.true "stateful_filtering"; + bashio::config.false "stateful_filtering"; then - options+=(--stateful-filtering) -else options+=(--stateful-filtering=false) +else + options+=(--stateful-filtering) fi # Support advanced site-to-site networking, disable source addresses NAT diff --git a/tailscale/translations/en.yaml b/tailscale/translations/en.yaml index 7c9ea49..7ab78bd 100644 --- a/tailscale/translations/en.yaml +++ b/tailscale/translations/en.yaml @@ -78,8 +78,7 @@ configuration: This option enables stateful packet filtering on packet-forwarding nodes (exit nodes, subnet routers, and app connectors), to only allow return packets for existing outbound connections. - To support basic Site-to-site networking, you can disable this functionality. - When not set, this option is enabled by default. + When not set, this option is disabled by default. tags: name: Tags description: >-