juanfont
diff --git a/‎.github/workflows/test-integration-policyv2.yaml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/test-integration-policyv2.yaml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/test-integration.yaml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/test-integration.yaml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎hscontrol/mapper/mapper_test.go‎
Lines changed: 5 additions & 1 deletion b/‎hscontrol/mapper/mapper_test.go‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎hscontrol/mapper/tail.go‎
Lines changed: 6 additions & 10 deletions b/‎hscontrol/mapper/tail.go‎
Lines changed: 6 additions & 10 deletions
diff --git a/‎hscontrol/mapper/tail_test.go‎
Lines changed: 5 additions & 7 deletions b/‎hscontrol/mapper/tail_test.go‎
Lines changed: 5 additions & 7 deletions
diff --git a/‎hscontrol/routes/primary.go‎
Lines changed: 18 additions & 13 deletions b/‎hscontrol/routes/primary.go‎
Lines changed: 18 additions & 13 deletions
@@ -70,8 +70,9 @@ jobs:
           - TestAutoApprovedSubRoute2068
           - TestSubnetRouteACL
           - TestEnablingExitRoutes
+          - TestSubnetRouterMultiNetwork
+          - TestSubnetRouterMultiNetworkExitNode
           - TestHeadscale
-          - TestCreateTailscale
           - TestTailscaleNodesJoiningHeadcale
           - TestSSHOneUserToAll
           - TestSSHMultipleUsersAllToAll
 
@@ -70,8 +70,9 @@ jobs:
           - TestAutoApprovedSubRoute2068
           - TestSubnetRouteACL
           - TestEnablingExitRoutes
+          - TestSubnetRouterMultiNetwork
+          - TestSubnetRouterMultiNetworkExitNode
           - TestHeadscale
-          - TestCreateTailscale
           - TestTailscaleNodesJoiningHeadcale
           - TestSSHOneUserToAll
           - TestSSHMultipleUsersAllToAll
 
@@ -165,9 +165,13 @@ func Test_fullMapResponse(t *testing.T) {
 		),
 		Addresses: []netip.Prefix{netip.MustParsePrefix("100.64.0.1/32")},
 		AllowedIPs: []netip.Prefix{
-			netip.MustParsePrefix("100.64.0.1/32"),
 			tsaddr.AllIPv4(),
 			netip.MustParsePrefix("192.168.0.0/24"),
+			netip.MustParsePrefix("100.64.0.1/32"),
+			tsaddr.AllIPv6(),
+		},
+		PrimaryRoutes: []netip.Prefix{
+			netip.MustParsePrefix("192.168.0.0/24"),
 		},
 		HomeDERP:         0,
 		LegacyDERPString: "127.3.3.40:0",
 
@@ -2,13 +2,13 @@ package mapper
 
 import (
 	"fmt"
-	"net/netip"
 	"time"
 
 	"github.com/juanfont/headscale/hscontrol/policy"
 	"github.com/juanfont/headscale/hscontrol/routes"
 	"github.com/juanfont/headscale/hscontrol/types"
 	"github.com/samber/lo"
+	"tailscale.com/net/tsaddr"
 	"tailscale.com/tailcfg"
 )
 
@@ -49,14 +49,6 @@ func tailNode(
 ) (*tailcfg.Node, error) {
 	addrs := node.Prefixes()
 
-	allowedIPs := append(
-		[]netip.Prefix{},
-		addrs...) // we append the node own IP, as it is required by the clients
-
-	for _, route := range node.SubnetRoutes() {
-		allowedIPs = append(allowedIPs, netip.Prefix(route))
-	}
-
 	var derp int
 
 	// TODO(kradalby): legacyDERP was removed in tailscale/tailscale@2fc4455e6dd9ab7f879d4e2f7cffc2be81f14077
@@ -89,6 +81,10 @@ func tailNode(
 	}
 	tags = lo.Uniq(append(tags, node.ForcedTags...))
 
+	allowed := append(node.Prefixes(), primary.PrimaryRoutes(node.ID)...)
+	allowed = append(allowed, node.ExitRoutes()...)
+	tsaddr.SortPrefixes(allowed)
+
 	tNode := tailcfg.Node{
 		ID:       tailcfg.NodeID(node.ID), // this is the actual ID
 		StableID: node.ID.StableID(),
@@ -104,7 +100,7 @@ func tailNode(
 		DiscoKey:         node.DiscoKey,
 		Addresses:        addrs,
 		PrimaryRoutes:    primary.PrimaryRoutes(node.ID),
-		AllowedIPs:       allowedIPs,
+		AllowedIPs:       allowed,
 		Endpoints:        node.Endpoints,
 		HomeDERP:         derp,
 		LegacyDERPString: legacyDERP,
 
@@ -67,8 +67,6 @@ func TestTailNode(t *testing.T) {
 			want: &tailcfg.Node{
 				Name:              "empty",
 				StableID:          "0",
-				Addresses:         []netip.Prefix{},
-				AllowedIPs:        []netip.Prefix{},
 				HomeDERP:          0,
 				LegacyDERPString:  "127.3.3.40:0",
 				Hostinfo:          hiview(tailcfg.Hostinfo{}),
@@ -139,9 +137,13 @@ func TestTailNode(t *testing.T) {
 				),
 				Addresses: []netip.Prefix{netip.MustParsePrefix("100.64.0.1/32")},
 				AllowedIPs: []netip.Prefix{
-					netip.MustParsePrefix("100.64.0.1/32"),
 					tsaddr.AllIPv4(),
 					netip.MustParsePrefix("192.168.0.0/24"),
+					netip.MustParsePrefix("100.64.0.1/32"),
+					tsaddr.AllIPv6(),
+				},
+				PrimaryRoutes: []netip.Prefix{
+					netip.MustParsePrefix("192.168.0.0/24"),
 				},
 				HomeDERP:         0,
 				LegacyDERPString: "127.3.3.40:0",
@@ -156,10 +158,6 @@ func TestTailNode(t *testing.T) {
 
 				Tags: []string{},
 
-				PrimaryRoutes: []netip.Prefix{
-					netip.MustParsePrefix("192.168.0.0/24"),
-				},
-
 				LastSeen:          &lastSeen,
 				MachineAuthorized: true,
 
 
@@ -11,6 +11,7 @@ import (
 	"github.com/juanfont/headscale/hscontrol/types"
 	"github.com/juanfont/headscale/hscontrol/util"
 	xmaps "golang.org/x/exp/maps"
+	"tailscale.com/net/tsaddr"
 	"tailscale.com/util/set"
 )
 
@@ -74,18 +75,12 @@ func (pr *PrimaryRoutes) updatePrimaryLocked() bool {
 	// If the current primary is not available, select a new one.
 	for prefix, nodes := range allPrimaries {
 		if node, ok := pr.primaries[prefix]; ok {
-			if len(nodes) < 2 {
-				delete(pr.primaries, prefix)
-				changed = true
-				continue
-			}
-
 			// If the current primary is still available, continue.
 			if slices.Contains(nodes, node) {
 				continue
 			}
 		}
-		if len(nodes) >= 2 {
+		if len(nodes) >= 1 {
 			pr.primaries[prefix] = nodes[0]
 			changed = true
 		}
@@ -107,12 +102,16 @@ func (pr *PrimaryRoutes) updatePrimaryLocked() bool {
 	return changed
 }
 
-func (pr *PrimaryRoutes) SetRoutes(node types.NodeID, prefix ...netip.Prefix) bool {
+// SetRoutes sets the routes for a given Node ID and recalculates the primary routes
+// of the headscale.
+// It returns true if there was a change in primary routes.
+// All exit routes are ignored as they are not used in primary route context.
+func (pr *PrimaryRoutes) SetRoutes(node types.NodeID, prefixes ...netip.Prefix) bool {
 	pr.mu.Lock()
 	defer pr.mu.Unlock()
 
 	// If no routes are being set, remove the node from the routes map.
-	if len(prefix) == 0 {
+	if len(prefixes) == 0 {
 		if _, ok := pr.routes[node]; ok {
 			delete(pr.routes, node)
 			return pr.updatePrimaryLocked()
@@ -121,12 +120,17 @@ func (pr *PrimaryRoutes) SetRoutes(node types.NodeID, prefix ...netip.Prefix) bo
 		return false
 	}
 
-	if _, ok := pr.routes[node]; !ok {
-		pr.routes[node] = make(set.Set[netip.Prefix], len(prefix))
+	rs := make(set.Set[netip.Prefix], len(prefixes))
+	for _, prefix := range prefixes {
+		if !tsaddr.IsExitRoute(prefix) {
+			rs.Add(prefix)
+		}
 	}
 
-	for _, p := range prefix {
-		pr.routes[node].Add(p)
+	if rs.Len() != 0 {
+		pr.routes[node] = rs
+	} else {
+		delete(pr.routes, node)
 	}
 
 	return pr.updatePrimaryLocked()
@@ -153,6 +157,7 @@ func (pr *PrimaryRoutes) PrimaryRoutes(id types.NodeID) []netip.Prefix {
 		}
 	}
 
+	tsaddr.SortPrefixes(routes)
 	return routes
 }