Clamp the TCP MSS for the primary network interface instead

clrxbl · Jun 29, 2022 · 294db87 · 294db87
1 parent 09df566
commit 294db87
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/runtime/run.sh b/runtime/run.sh
@@ -77,7 +77,9 @@ done
 echo "Adding iptables rule for DNAT"
 iptables -t nat -I PREROUTING -d "${TS_IP}" -j DNAT --to-destination "${SVC_IP}"
 iptables -t nat -A POSTROUTING -j MASQUERADE
-iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o tailscale0 -j TCPMSS --set-mss 1240   
+
+PRIMARY_NETWORK_INTERFACE=$(route | grep '^default' | grep -o '[^ ]*$')
+iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ${PRIMARY_NETWORK_INTERFACE} -j TCPMSS --set-mss 1240   
 
 echo "Updating secret with Tailscale IP"
 # patch secret with the tailscale ipv4 address