eyjhb/headscale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Remove subnet router visibility workaround from docs (#2569)

Browse source 
Previous Headscale versions required a dedicated rule to make a subnet
router visible to clients. This workaround is no longer required.
This commit is contained in:
nblock 2025-05-05 15:24:59 +02:00 committed by GitHub
parent 1dddd3e93b
commit 833e0f66f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 6 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

16
docs/ref/routes.md
View file

@ -76,27 +76,19 @@ The routes announced by subnet routers are available to the nodes in a tailnet.
nodes can accept and use such routes. Configure an ACL to explicitly manage who can use routes.
The ACL snippet below defines three hosts, a subnet router `router`, a regular node `node` and `service.example.net` as
internal service that can be reached via a route on the subnet router `router`. The first ACL rule allows anyone to see
the subnet router `router` without allowing access to any service of the subnet router itself. The second ACL rule
allows the node `node` to access `service.example.net` on port 80 and 443 which is reachable via the subnet router.
internal service that can be reached via a route on the subnet router `router`. It allows the node `node` to access
`service.example.net` on port 80 and 443 which is reachable via the subnet router. Access to the subnet router itself is
denied.
```json title="Access the routes of a subnet router without the subnet router itself"
{
"hosts": {
// the router is not referenced but announces 192.168.0.0/24"
"router": "100.64.0.1/32",
"node": "100.64.0.2/32",
"service.example.net": "192.168.0.1/32"
},
"acls": [
{
"action": "accept",
"src": [
"*"
],
"dst": [
"router:0"
]
},
{
"action": "accept",
"src": [