From 343419d5c349e17ea791708a725aec5e49c73d1b Mon Sep 17 00:00:00 2001
From: Laszlo Magyar <lmagyar1973@gmail.com>
Date: Wed, 11 Sep 2024 16:36:34 +0200
Subject: [PATCH] Make UDP port configurable (#390)

---
 tailscale/DOCS.md                                   | 13 +++++++++++++
 tailscale/config.yaml                               |  2 ++
 .../rootfs/etc/s6-overlay/s6-rc.d/tailscaled/run    |  7 +++++++
 tailscale/translations/en.yaml                      |  4 ++++
 4 files changed, 26 insertions(+)

diff --git a/tailscale/DOCS.md b/tailscale/DOCS.md
index 7a4b8273..872782e0 100644
--- a/tailscale/DOCS.md
+++ b/tailscale/DOCS.md
@@ -333,6 +333,19 @@ your tailnet. This will prevent your Home Assistant instance from losing network
 connection. This also means that using the same subnet on multiple nodes for load
 balancing and failover is impossible with the current add-on behavior.
 
+## Network
+
+### Port: `41641/udp`
+
+UDP port to listen on for WireGuard and peer-to-peer traffic.
+
+Use this option (and router port forwarding) if you experience that Tailscale
+can't establish peer-to-peer connections to some of your devices (usually behind
+CGNAT networks). You can test connections with `tailscale ping
+<hostname-or-ip>`.
+
+When not set, an automatically selected port is used by default.
+
 ## Changelog & Releases
 
 This repository keeps a change log using [GitHub's releases][releases]
diff --git a/tailscale/config.yaml b/tailscale/config.yaml
index 484ef7a6..ef761850 100644
--- a/tailscale/config.yaml
+++ b/tailscale/config.yaml
@@ -25,6 +25,8 @@ devices:
   - /dev/net/tun
 map:
   - share:rw
+ports:
+  41641/udp: null
 schema:
   accept_dns: bool?
   accept_routes: bool?
diff --git a/tailscale/rootfs/etc/s6-overlay/s6-rc.d/tailscaled/run b/tailscale/rootfs/etc/s6-overlay/s6-rc.d/tailscaled/run
index bbb52847..8ea71ed7 100755
--- a/tailscale/rootfs/etc/s6-overlay/s6-rc.d/tailscaled/run
+++ b/tailscale/rootfs/etc/s6-overlay/s6-rc.d/tailscaled/run
@@ -5,6 +5,7 @@
 # Runs tailscale
 # ==============================================================================
 declare -a options
+declare udp_port
 
 bashio::log.info 'Starting Tailscale...'
 
@@ -16,6 +17,12 @@ if ! bashio::debug ; then
   options+=(--no-logs-no-support)
 fi
 
+# Use configured UDP port
+udp_port=$(bashio::addon.port "41641/udp")
+if bashio::var.has_value "${udp_port}"; then
+  options+=(--port=${udp_port})
+fi
+
 # Use userspace networking by default when not set, or when explicitly enabled
 if ! bashio::config.has_value "userspace_networking" || \
   bashio::config.true "userspace_networking";
diff --git a/tailscale/translations/en.yaml b/tailscale/translations/en.yaml
index 7ab78bd4..252ca219 100644
--- a/tailscale/translations/en.yaml
+++ b/tailscale/translations/en.yaml
@@ -98,3 +98,7 @@ configuration:
       Assistant instance, disable userspace networking mode, which will create a
       `tailscale0` network interface on your host.
       When not set, this option is enabled by default.
+network:
+  41641/udp: >-
+    UDP port to listen on for WireGuard and peer-to-peer traffic.
+    When not set, an automatically selected port is used by default.