fix: opt-in tailscale vpn loop prevention

ibetitsmike · ibetitsmike · commit a13f952a57b4 · 2025-07-21T10:31:07.000+02:00
diff --git a/App/App.xaml.cs b/App/App.xaml.cs
@@ -92,6 +92,7 @@ public App()
 
         services.AddSingleton<IDispatcherQueueManager>(_ => this);
         services.AddSingleton<IDefaultNotificationHandler>(_ => this);
+        services.AddSingleton<ISettingsManager<CoderConnectSettings>, SettingsManager<CoderConnectSettings>>();
         services.AddSingleton<ICredentialBackend>(_ =>
             new WindowsCredentialBackend(WindowsCredentialBackend.CoderCredentialsTargetName));
         services.AddSingleton<ICredentialManager, CredentialManager>();
@@ -120,7 +121,6 @@ public App()
         // FileSyncListMainPage is created by FileSyncListWindow.
         services.AddTransient<FileSyncListWindow>();
 
-        services.AddSingleton<ISettingsManager<CoderConnectSettings>, SettingsManager<CoderConnectSettings>>();
         services.AddSingleton<IStartupManager, StartupManager>();
         // SettingsWindow views and view models
         services.AddTransient<SettingsViewModel>();
diff --git a/App/Models/Settings.cs b/App/Models/Settings.cs
@@ -34,6 +34,11 @@ public class CoderConnectSettings : ISettings<CoderConnectSettings>
     /// </summary>
     public bool ConnectOnLaunch { get; set; }
 
+    /// <summary>
+    /// When this is true Coder Connect will not attempt to protect against Tailscale loopback issues.
+    /// </summary>
+    public bool DisableTailscaleLoopProtection { get; set; }
+
     /// <summary>
     /// CoderConnect current settings version. Increment this when the settings schema changes.
     /// In future iterations we will be able to handle migrations when the user has
@@ -46,17 +51,21 @@ public CoderConnectSettings()
         Version = VERSION;
 
         ConnectOnLaunch = false;
+
+        DisableTailscaleLoopProtection = false;
     }
 
-    public CoderConnectSettings(int? version, bool connectOnLaunch)
+    public CoderConnectSettings(int? version, bool connectOnLaunch, bool disableTailscaleLoopProtection)
     {
         Version = version ?? VERSION;
 
         ConnectOnLaunch = connectOnLaunch;
+
+        DisableTailscaleLoopProtection = disableTailscaleLoopProtection;
     }
 
     public CoderConnectSettings Clone()
     {
-        return new CoderConnectSettings(Version, ConnectOnLaunch);
+        return new CoderConnectSettings(Version, ConnectOnLaunch, DisableTailscaleLoopProtection);
     }
 }
diff --git a/App/Services/RpcController.cs b/App/Services/RpcController.cs
@@ -69,16 +69,18 @@ public interface IRpcController : IAsyncDisposable
 public class RpcController : IRpcController
 {
     private readonly ICredentialManager _credentialManager;
+    private readonly ISettingsManager<CoderConnectSettings> _settingsManager;
 
     private readonly RaiiSemaphoreSlim _operationLock = new(1, 1);
     private Speaker<ClientMessage, ServiceMessage>? _speaker;
 
     private readonly RaiiSemaphoreSlim _stateLock = new(1, 1);
     private readonly RpcModel _state = new();
 
-    public RpcController(ICredentialManager credentialManager)
+    public RpcController(ICredentialManager credentialManager, ISettingsManager<CoderConnectSettings> settingsManager)
     {
         _credentialManager = credentialManager;
+        _settingsManager = settingsManager;
     }
 
     public event EventHandler<RpcModel>? StateChanged;
@@ -156,6 +158,11 @@ public async Task StartVpn(CancellationToken ct = default)
         using var _ = await AcquireOperationLockNowAsync();
         AssertRpcConnected();
 
+        var coderConnectSettings = await _settingsManager.Read();
+        var disableTailscaleLoopProtection = coderConnectSettings.DisableTailscaleLoopProtection;
+        Debug.WriteLine(
+            $"Starting VPN with DisableTailscaleLoopProtection={disableTailscaleLoopProtection}");
+
         var credentials = _credentialManager.GetCachedCredentials();
         if (credentials.State != CredentialState.Valid)
             throw new RpcOperationException(
diff --git a/App/ViewModels/SettingsViewModel.cs b/App/ViewModels/SettingsViewModel.cs
@@ -13,6 +13,9 @@ public partial class SettingsViewModel : ObservableObject
     [ObservableProperty]
     public partial bool ConnectOnLaunch { get; set; }
 
+    [ObservableProperty]
+    public partial bool DisableTailscaleLoopProtection { get; set; }
+
     [ObservableProperty]
     public partial bool StartOnLoginDisabled { get; set; }
 
@@ -31,6 +34,7 @@ public SettingsViewModel(ILogger<SettingsViewModel> logger, ISettingsManager<Cod
         _connectSettings = settingsManager.Read().GetAwaiter().GetResult();
         StartOnLogin = startupManager.IsEnabled();
         ConnectOnLaunch = _connectSettings.ConnectOnLaunch;
+        DisableTailscaleLoopProtection = _connectSettings.DisableTailscaleLoopProtection;
 
         // Various policies can disable the "Start on login" option.
         // We disable the option in the UI if the policy is set.
@@ -43,6 +47,21 @@ public SettingsViewModel(ILogger<SettingsViewModel> logger, ISettingsManager<Cod
         }
     }
 
+    partial void OnDisableTailscaleLoopProtectionChanged(bool oldValue, bool newValue)
+    {
+        if (oldValue == newValue)
+            return;
+        try
+        {
+            _connectSettings.DisableTailscaleLoopProtection = DisableTailscaleLoopProtection;
+            _connectSettingsManager.Write(_connectSettings);
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError($"Error saving Coder Connect {nameof(DisableTailscaleLoopProtection)} settings: {ex.Message}");
+        }
+    }
+
     partial void OnConnectOnLaunchChanged(bool oldValue, bool newValue)
     {
         if (oldValue == newValue)
@@ -54,7 +73,7 @@ partial void OnConnectOnLaunchChanged(bool oldValue, bool newValue)
         }
         catch (Exception ex)
         {
-            _logger.LogError($"Error saving Coder Connect settings: {ex.Message}");
+            _logger.LogError($"Error saving Coder Connect {nameof(ConnectOnLaunch)} settings: {ex.Message}");
         }
     }
 
diff --git a/App/Views/Pages/SettingsMainPage.xaml b/App/Views/Pages/SettingsMainPage.xaml
@@ -44,6 +44,12 @@
                                        >
                     <ToggleSwitch IsOn="{x:Bind ViewModel.ConnectOnLaunch, Mode=TwoWay}" />
                 </controls:SettingsCard>
+                <controls:SettingsCard Description="This setting controls whether Coder Connect should bypass VPN loop preventation mechanism. Turn this ON only when dealing with a Coder deployment behind a corporate VPN."
+                       Header="Disable corporate VPN loop protection"
+                       HeaderIcon="{ui:FontIcon Glyph=&#xE8AF;}"
+                       >
+                    <ToggleSwitch IsOn="{x:Bind ViewModel.DisableTailscaleLoopProtection, Mode=TwoWay}" />
+                </controls:SettingsCard>
             </StackPanel>
         </Grid>
     </ScrollViewer>
diff --git a/App/Views/SettingsWindow.xaml b/App/Views/SettingsWindow.xaml
@@ -9,8 +9,8 @@
     xmlns:winuiex="using:WinUIEx"
     mc:Ignorable="d"
     Title="Coder Settings"
-    Width="600" Height="350"
-    MinWidth="600" MinHeight="350">
+    Width="600" Height="450"
+    MinWidth="600" MinHeight="450">
 
     <Window.SystemBackdrop>
         <MicaBackdrop/>

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,11 @@ public class CoderConnectSettings : ISettings<CoderConnectSettings>`
`34`	`34`	`/// </summary>`
`35`	`35`	`public bool ConnectOnLaunch { get; set; }`
`36`	`36`
	`37`	`+ /// <summary>`
	`38`	`+ /// When this is true Coder Connect will not attempt to protect against Tailscale loopback issues.`
	`39`	`+ /// </summary>`
	`40`	`+ public bool DisableTailscaleLoopProtection { get; set; }`
	`41`	`+`
`37`	`42`	`/// <summary>`
`38`	`43`	`/// CoderConnect current settings version. Increment this when the settings schema changes.`
`39`	`44`	`/// In future iterations we will be able to handle migrations when the user has`
`@@ -46,17 +51,21 @@ public CoderConnectSettings()`
`46`	`51`	`Version = VERSION;`
`47`	`52`
`48`	`53`	`ConnectOnLaunch = false;`
	`54`	`+`
	`55`	`+ DisableTailscaleLoopProtection = false;`
`49`	`56`	`}`
`50`	`57`
`51`		`- public CoderConnectSettings(int? version, bool connectOnLaunch)`
	`58`	`+ public CoderConnectSettings(int? version, bool connectOnLaunch, bool disableTailscaleLoopProtection)`
`52`	`59`	`{`
`53`	`60`	`Version = version ?? VERSION;`
`54`	`61`
`55`	`62`	`ConnectOnLaunch = connectOnLaunch;`
	`63`	`+`
	`64`	`+ DisableTailscaleLoopProtection = disableTailscaleLoopProtection;`
`56`	`65`	`}`
`57`	`66`
`58`	`67`	`public CoderConnectSettings Clone()`
`59`	`68`	`{`
`60`		`- return new CoderConnectSettings(Version, ConnectOnLaunch);`
	`69`	`+ return new CoderConnectSettings(Version, ConnectOnLaunch, DisableTailscaleLoopProtection);`
`61`	`70`	`}`
`62`	`71`	`}`