Skip to content

Add CGNAT range to private host allowlist for Tailscale support#437

Merged
gabrielste1n merged 1 commit intoOpenWhispr:mainfrom
xAlcahest:fix/tailscale-cgnat-private-host
Mar 15, 2026
Merged

Add CGNAT range to private host allowlist for Tailscale support#437
gabrielste1n merged 1 commit intoOpenWhispr:mainfrom
xAlcahest:fix/tailscale-cgnat-private-host

Conversation

@xAlcahest
Copy link
Collaborator

@xAlcahest xAlcahest commented Mar 14, 2026

Summary

  • Add RFC 6598 CGNAT range (100.64.0.0/10) to isPrivateHost() in urlUtils.ts
  • Tailscale VPN assigns IPs from this range (100.64.x.x to 100.127.x.x) which were rejected as non-private, causing silent fallback to OpenAI
  • Tested with a real Tailscale IP (100.116.75.39) and a local whisper-server

Closes #430

@xAlcahest xAlcahest requested a review from gabrielste1n March 14, 2026 22:50
@gabrielste1n gabrielste1n merged commit df0497e into OpenWhispr:main Mar 15, 2026
4 checks passed
@gabrielste1n gabrielste1n deleted the fix/tailscale-cgnat-private-host branch March 15, 2026 19:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gabrielste1n gabrielste1n gabrielste1n approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

isSecureEndpoint rejects Tailscale IPs (100.64.0.0/10) — falls back to OpenAI silently

2 participants

@xAlcahest @gabrielste1n