[client] Fix legacy routes when connecting to management servers older than v0.30.0 (#3854)

2025-08-08 23:05:28 +02:00 · 2025-05-21 13:48:55 +02:00
parent daa8380df9
commit e806d9de38
2 changed files with 8 additions and 6 deletions
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@ -978,6 +978,14 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
 				log.Errorf("failed to update local IPs: %v", err)
 			}
 		}
+
+		// If we got empty rules list but management did not set the networkMap.FirewallRulesIsEmpty flag,
+		// then the mgmt server is older than the client, and we need to allow all traffic for routes.
+		// This needs to be toggled before applying routes.
+		isLegacy := len(networkMap.RoutesFirewallRules) == 0 && !networkMap.RoutesFirewallRulesIsEmpty
+		if err := e.firewall.SetLegacyManagement(isLegacy); err != nil {
+			log.Errorf("failed to set legacy management flag: %v", err)
+		}
 	}

 	dnsRouteFeatureFlag := toDNSFeatureFlag(networkMap)