Skip to content

Commit 09dc7d7

Browse files
coadlerspikecurtis
coadler
and
spikecurtis
committed
fix(tailnet): disable wireguard trimming
Since Tailscale removed keep-alives, it seems like open but idle connections (SSH, port-forward, etc) can get trimmed fairly easily, causing hangs for a few seconds while the connection is setup again. This was taken from Spike's PR #8492 Co-authored-by: Spike Curtis <spike@coder.com>
1 parent 4e36f91 commit 09dc7d7

File tree

1 file changed

+17
-0
lines changed

1 file changed

+17
-0
lines changed

tailnet/conn.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ import (
1919
"golang.org/x/xerrors"
2020
"gvisor.dev/gvisor/pkg/tcpip"
2121
"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
22+
"tailscale.com/envknob"
2223
"tailscale.com/hostinfo"
2324
"tailscale.com/ipn/ipnstate"
2425
"tailscale.com/net/connstats"
@@ -64,6 +65,22 @@ func init() {
6465
// Globally disable network namespacing. All networking happens in
6566
// userspace.
6667
netns.SetEnabled(false)
68+
// Tailscale, by default, "trims" the set of peers down to ones that we are "actively" communicating with in
69+
// an effort to save memory. But, we want to make sure the Wireguard connection is up and handshaked before sending
70+
// TCP traffic over it to avoid anomalously long round-trip time of the initial handshake
71+
// c.f. https://github.com/coder/coder/issues/7388#issuecomment-1625463069 for more details.
72+
//
73+
// If Tailscale is waiting for traffic to bring up Wireguard, and we wait for Wireguard to send traffic, that's a
74+
// deadlock. So, disable this feature.
75+
//
76+
// Note that Tailscale.com's use case is very different from ours: in their use case, users create one persistent
77+
// tailnet per device, and it allows connections to every other thing in Tailscale that belongs to them. The
78+
// tailnet stays up as long as your laptop or phone is turned on.
79+
//
80+
// Our use case is different: for clients, it's a point-to-point connection to a single workspace, and lasts only as
81+
// long as the connection. For agents, it's connections to a small number of clients (CLI or Coderd) that are being
82+
// actively used by the end user.
83+
envknob.Setenv("TS_DEBUG_TRIM_WIREGUARD", "false")
6784
}
6885

6986
type Options struct {

0 commit comments

Comments
 (0)