951451 – net-vpn/tailscale: add DERP server support

Bug 951451 - net-vpn/tailscale: add DERP server support

Summary: net-vpn/tailscale: add DERP server support

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Yixun Lan

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2025-03-16 10:40 UTC by Yixun Lan
Modified:	2025-03-25 02:57 UTC (History)
CC List:	3 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/41165
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yixun Lan archtester

2025-03-16 10:40:27 UTC

https://tailscale.com/kb/1232/derp-servers

DERP (Designated Encrypted Relay for Packets) servers manage device connections and NAT traversal. They serve two primary purposes: negotiating direct connections between tailnet devices and serving as a relay server when a direct connection isn't possible.

A custom DERP server is helpful when user need a fast relay server when the official one isn't reliable or fast enough.

Two approaches for adding derp support, I'm not sure which is best to go

1) bundle up with net-vpn/tailscale, maybe introduce a USE=tool to control it? or just enable it mandatory without USE if people prefer

2) introduce a separated package - net-vpn/derper, and request a dedicated user/group for security concern, with dedicated systemd/openrc init script


@williamh what's your idea? thanks

Reproducible: Always

Comment 1 Yixun Lan archtester

2025-03-19 07:26:53 UTC

I've went ahead to have separated ebuild for derper server which easy to maintain and more independent, although it share same tarball sources with net-vpn/tailscale

May need to request group/user id in another PR

Comment 2 Larry the Git Cow gentoo-dev

2025-03-25 02:38:14 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/api.git/commit/?id=ca3710534ffe889dd1052d384fcd94bec1e71975

commit ca3710534ffe889dd1052d384fcd94bec1e71975
Author:     Yixun Lan <dlan@gentoo.org>
AuthorDate: 2025-03-19 12:45:10 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2025-03-25 02:37:31 +0000

    uid-gid.txt: assign 547 to derper
    
    Bug: https://bugs.gentoo.org/951451
    Closes: https://github.com/gentoo/api-gentoo-org/pull/730
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 files/uid-gid.txt | 1 +
 1 file changed, 1 insertion(+)

Comment 3 Larry the Git Cow gentoo-dev

2025-03-25 02:57:25 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0138d169c837b68394a632df107c9c646949c22

commit f0138d169c837b68394a632df107c9c646949c22
Author:     Yixun Lan <dlan@gentoo.org>
AuthorDate: 2025-03-19 06:57:52 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2025-03-25 02:56:55 +0000

    net-vpn/derper: add version 1.80.3
    
    Add DERP (Designated Encrypted Relay for Packets) server
    for tailnet devices, which quite useful if connecting to
    official one is either slow or unstable.
    
    Link: https://tailscale.com/kb/1232/derp-servers
    Closes: https://bugs.gentoo.org/951451
    Closes: https://github.com/gentoo/gentoo/pull/41165
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 net-vpn/derper/Manifest                  |  2 +
 net-vpn/derper/derper-1.80.3.ebuild      | 64 ++++++++++++++++++++++++++++++++
 net-vpn/derper/files/derper-pre.sh       | 59 +++++++++++++++++++++++++++++
 net-vpn/derper/files/derper.defaults     | 48 ++++++++++++++++++++++++
 net-vpn/derper/files/derper.initd        | 34 +++++++++++++++++
 net-vpn/derper/files/derper.service      | 15 ++++++++
 net-vpn/derper/files/derper.service.conf |  3 ++
 net-vpn/derper/metadata.xml              | 11 ++++++
 8 files changed, 236 insertions(+)