On 4/1/25 10:28, [email protected] wrote: > Skip asked me to make Tailscale work on Plan 9. > > I tried, but ran into problems so I asked Russ for some help. Together, we > just got it all mostly working. > > Blog post 1 of 2 is now at > https://tailscale.com/blog/tailscale-enterprise-plan-9-support > <https://tailscale.com/blog/tailscale-enterprise-plan-9-support>
Your post this morning was quite a present surprise. Got a couple chuckles out of me as well. I realize the date, but seeming that there was some code written for this I suspect there's some truth to this. > > The followup blog post tomorrow will go into details about what we did. > > There are a number of shortcuts and TODOs and things I'll need to ask for > more help on. (e.g. how do I make an outgoing TCP connection bound to a > specific interface or ignoring a certain route in the routing table? I > couldn't figure that out, and that's necessary for "exit node" support... so > we're able to make connections out to control/data plane services with your > "real" underlay network card and ignore the 0.0.0.0/0, ::0/0 routes back into > the Tailscale network device.) As far as I know there isn't a way of doing either of what you're asking for. I also have to apologize, I am not familiar with how exactly tailscale works so let me know if I've got some wrong assumptions. The type of things I believe you're reaching for can be solved in plan 9/9front by using multiple instances of /net. Essentially you use one /net as your "outside" network, one in which the vpn software itself can use to reach out to other peers. While the vpn software then creates an interface on the "inside" /net, and programs using the "inside" /net will then have their connections forwarded through the software. The vpn software created interface can then be the default route on the "inside" /net without impacting the vpn software's ability to talk on the "outside" net. This is largely how the existing tinc vpn implementation[0][1] works in 9front. While not strictly required, I also use multiple /net devices for my home NAT configuration for the same purpose of isolating the routing tables from the LAN and the greater internet. If it is of any use I've written a short blog post[2] about how I have this NAT configuration all setup. [0] http://man.9front.org/8/tinc [1] https://git.9front.org/plan9front/plan9front/a3fef8384db2ce1ff98c38373c59841b83c83ce0/sys/src/cmd/ip/tinc.c/f.html [2] https://posixcafe.org/blogs/2024/01/04/0/ Hope this helps, Jacob Moody ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T4cecdedbabdedc00-M444dc1bd14088cfac2a4a1b7 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
