From 294db8799fc49c850d5f7fa449551819358dfafd Mon Sep 17 00:00:00 2001
From: Michael <michael@iptables.sh>
Date: Wed, 29 Jun 2022 15:13:31 +0200
Subject: [PATCH] Clamp the TCP MSS for the primary network interface instead

---
 runtime/run.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/runtime/run.sh b/runtime/run.sh
index 5e27c6b..75eb6ea 100755
--- a/runtime/run.sh
+++ b/runtime/run.sh
@@ -77,7 +77,9 @@ done
 echo "Adding iptables rule for DNAT"
 iptables -t nat -I PREROUTING -d "${TS_IP}" -j DNAT --to-destination "${SVC_IP}"
 iptables -t nat -A POSTROUTING -j MASQUERADE
-iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o tailscale0 -j TCPMSS --set-mss 1240   
+
+PRIMARY_NETWORK_INTERFACE=$(route | grep '^default' | grep -o '[^ ]*$')
+iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ${PRIMARY_NETWORK_INTERFACE} -j TCPMSS --set-mss 1240   
 
 echo "Updating secret with Tailscale IP"
 # patch secret with the tailscale ipv4 address