[vnet] feat: support diag checks on windows#55856
Merged
Conversation
nklaassen
force-pushed
the
nklaassen/vnet-ssh-connect-status
branch
from
f8e2cbe to
bcec307
Compare
nklaassen
force-pushed
the
nklaassen/vnet-windows-diag
branch
from
13cff0b to
867671f
Compare
ravicious
approved these changes
Jun 18, 2025
Member
ravicious
left a comment
ravicious
left a comment
There was a problem hiding this comment.
I checked it with Tailscale and it seems to work fine. It'd be nice to check it with Mullvad in WireGuard and OpenVPN modes to see how this diag check interacts with more traditional VPN software. I'm not sure though if Mullvad implements both modes on Windows.
Member
There was a problem hiding this comment.
I tried it out with Tailscale. It seems like what we report on Windows could be categorized as a false positive. Unlike on macOS, on Windows there's just a few conflicting Tailscale routes, not a whole range.
But I think that's fine, no? Technically maybe it could cause issues with VNet, idk. If the user is bothered with the warning, they can dismiss it in the VNet panel and it won't show up again until they manually run diagnostics.
Report
VNet Diagnostic Report
Created at: 2025-06-18 11:19:13 (Wed, 18 Jun 2025 09:19:13 GMT)
Network interface: TeleportVNet
IPv4 CIDR ranges: 100.64.0.0/10
IPv6 prefix: fd5e:d015:6e86::
DNS zones: company.test, cluster.mirrors.link, leaf.mirrors.link
| VNet destination | Conflicting destination | Interface | Set up by |
|---|---|---|---|
| 100.64.0.0/10 | 100.78.53.61 | Tailscale | Tailscale |
| 100.64.0.0/10 | 100.80.252.65 | Tailscale | Tailscale |
| 100.64.0.0/10 | 100.87.112.117 | Tailscale | Tailscale |
| 100.64.0.0/10 | 100.95.109.108 | Tailscale | Tailscale |
| 100.64.0.0/10 | 100.100.100.100 | Tailscale | Tailscale |
| 100.64.0.0/10 | 100.106.203.59 | Tailscale | Tailscale |
$ netstat -rn
===========================================================================
Interface List
3...........................WireGuard Tunnel
4...........................Tailscale Tunnel
11...00 1c 42 a3 34 34 ......Parallels VirtIO Ethernet Adapter
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.196 15
100.64.0.0 255.192.0.0 100.64.0.1 3 6
100.78.53.61 255.255.255.255 On-link 100.106.203.59 5
100.80.252.65 255.255.255.255 On-link 100.106.203.59 5
100.87.112.117 255.255.255.255 On-link 100.106.203.59 5
100.95.109.108 255.255.255.255 On-link 100.106.203.59 5
100.100.100.100 255.255.255.255 On-link 100.106.203.59 5
100.106.203.59 255.255.255.255 On-link 100.106.203.59 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.196 271
192.168.1.196 255.255.255.255 On-link 192.168.1.196 271
192.168.1.255 255.255.255.255 On-link 192.168.1.196 271
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.196 271
224.0.0.0 240.0.0.0 On-link 3 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.196 271
255.255.255.255 255.255.255.255 On-link 3 261
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
4 5 fd7a:115c:a1e0::/48 fd7a:115c:a1e0::53
4 5 fd7a:115c:a1e0::53/128 On-link
4 261 fd7a:115c:a1e0::d701:cb3b/128
On-link
11 271 fe80::/64 On-link
3 261 fe80::/64 On-link
3 261 fe80::3b0e:5a54:acf1:f746/128
On-link
11 271 fe80::76b6:a13f:6baf:a727/128
On-link
1 331 ff00::/8 On-link
11 271 ff00::/8 On-link
3 261 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
$ ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : RAFACIELAK0690
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ocelot-paradise.ts.net
Unknown adapter TeleportVNet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WireGuard Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fd5e:d015:6e86::1(Tentative)
Link-local IPv6 Address . . . . . : fe80::3b0e:5a54:acf1:f746%3(Preferred)
IPv4 Address. . . . . . . . . . . : 100.64.0.1(Tentative)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Unknown adapter Tailscale:
Connection-specific DNS Suffix . : ocelot-paradise.ts.net
Description . . . . . . . . . . . : Tailscale Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fd7a:115c:a1e0::d701:cb3b(Preferred)
Link-local IPv6 Address . . . . . : fe80::d8ff:5060:f230:9168%4(Preferred)
IPv4 Address. . . . . . . . . . . : 100.106.203.59(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Connection-specific DNS Suffix Search List :
ocelot-paradise.ts.net
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Parallels VirtIO Ethernet Adapter
Physical Address. . . . . . . . . : 00-1C-42-A3-34-34
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::76b6:a13f:6baf:a727%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.196(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : sroda, 18 czerwca 2025 11:02:04
Lease Expires . . . . . . . . . . : czwartek, 19 czerwca 2025 11:02:03
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 83893314
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-67-8E-5D-00-1C-42-A3-34-34
DNS Servers . . . . . . . . . . . : 1.1.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
$ netsh namespace show effectivepolicy
DNS Effective Name Resolution Policy Table Settings
Note: DirectAccess settings are inactive when this computer is inside a corporate network.
Settings for .leaf.mirrors.link
----------------------------------------------------------------------
Generic (DNS Servers) : fd5e:d015:6e86::2
Generic (VPN Trigger) : disabled
Settings for .cluster.mirrors.link
----------------------------------------------------------------------
Generic (DNS Servers) : fd5e:d015:6e86::2
Generic (VPN Trigger) : disabled
Settings for .company.test
----------------------------------------------------------------------
Generic (DNS Servers) : fd5e:d015:6e86::2
Generic (VPN Trigger) : disabled
Settings for .84.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .83.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .82.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .81.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .80.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .79.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .78.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .77.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .76.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .75.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .74.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .73.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .72.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .71.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .70.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .69.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .68.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .67.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .66.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .65.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .64.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .127.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .126.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .125.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .124.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .123.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .122.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .121.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .120.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .119.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .118.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .117.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .116.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .115.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .114.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .113.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .112.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .111.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .110.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .109.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .108.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .107.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .106.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .105.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .104.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .103.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .102.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .101.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .100.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .ts.net
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .ocelot-paradise.ts.net
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .99.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .98.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .97.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .96.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .95.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .94.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .93.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .92.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .91.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .90.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .89.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .88.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .87.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .86.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
Settings for .85.100.in-addr.arpa
----------------------------------------------------------------------
Generic (DNS Servers) : 100.100.100.100
Generic (VPN Trigger) : disabled
The user's default SSH configuration file does not include VNet's
generated configuration file and connections to VNet SSH hosts will
not work by default.
| File description | Path |
|---|---|
| User OpenSSH config file | C:\Users\rav.ssh\config |
| VNet SSH config file | C:\Users\rav\AppData\Roaming\Teleport Connect\tsh\vnet_ssh_config |
Ran into an error when executing cat C:\Users\rav.ssh\config:
exit status 1
cat: 'C:\Users\rav.ssh\config': No such file or directory
Contributor
Author
There was a problem hiding this comment.
it's maybe fine until VNet tries to assign an IP to an app that tailscale is already routing for, probably still best to know about the potential conflict and use a different IP range
Comment on lines
+75
to
+77
| exec.CommandContext(ctx, "netstat", "-rn"), | ||
| exec.CommandContext(ctx, "ipconfig", "/all"), | ||
| exec.CommandContext(ctx, "netsh", "namespace", "show", "effectivepolicy"), |
Member
There was a problem hiding this comment.
These are all executable files, so having BadBatBut in mind, we should append .exe to each of them to avoid executing a .bat in the path with the same name.
Contributor
Author
There was a problem hiding this comment.
great call-out, done
Member
There was a problem hiding this comment.
It's easy enough for me to understand the changes in this file since I have the required context. But I think for other reviewers it'd have helped if the changes in lib/teleterm/vnet supporting diag checks on Windows were in a separate commit from the routeconflict Windows implementation.
nklaassen
force-pushed
the
nklaassen/vnet-ssh-connect-status
branch
from
5954318 to
4a758de
Compare
nklaassen
force-pushed
the
nklaassen/vnet-windows-diag
branch
from
867671f to
84a01b9
Compare
nklaassen
force-pushed
the
nklaassen/vnet-ssh-connect-status
branch
from
abad358 to
a6e44ee
Compare
nklaassen
force-pushed
the
nklaassen/vnet-windows-diag
branch
from
84a01b9 to
9c8f519
Compare
nklaassen
force-pushed
the
nklaassen/vnet-windows-diag
branch
from
b109c05 to
5e0f914
Compare
bl-nero
approved these changes
Jun 20, 2025
public-teleport-github-review-bot
Bot
removed the request for review
from kimlisa
nklaassen
added a commit
that referenced
this pull request
Jun 20, 2025
Backport #55856 to branch/v18
nklaassen
added a commit
that referenced
this pull request
Jun 20, 2025
Backport #55856 to branch/v17
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jul 22, 2025
* [v17][vnet] feat: TCP dial to SSH targets Backport #55087 to branch/v17 * [v17][vnet] feat: accept incoming SSH connections Backport #55155 to branch/v17 * [v17][vnet] feat: forward SSH connections to target Backport #55156 to branch/v17 * [v17][vnet] feat: write VNet SSH keys to TELEPORT_HOME Backport #55228 to branch/v17 * [v17][vnet] feat: write OpenSSH-compatible config file for VNet SSH Backport #55239 to branch/v17 * [v17][vnet] fix: support <hostname>.<leaf-cluster> for VNet SSH Backport #55688 to branch/v17 * fix BlockUntil API for backport * [v17][vnet] feat: add "Connect with VNet" button to SSH servers Backport #55623 to branch/v17 * [v17][vnet] feat: support VNet SSH when cluster name does not match proxy public addr Backport #55655 to branch/v17 * [v17][vnet] feat: add SSH configuration diagnostic Backport #55594 to branch/v17 Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> * [v17][vnet] feat: show SSH status in VNet slider Backport #55755 to branch/v17 Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> * [v17][vnet] feat: support proxy recording mode with VNet SSH Backport #55788 to branch/v17 * [v17][vnet] feat: support diag checks on windows Backport #55856 to branch/v17 * [v17] fix: data race in vnet.TestSSH Backport #55980 to branch/v17 * [v17][vnet] feat: mention SSH on VNet info page Backport #55973 to branch/v17 * [v17][vnet] feat: serve DNS on IPv4 Backport #55539 to branch/v17 * [v17][vnet] fix: close proxied channel only after data and requests are complete Backport #56020 to branch/v17 * [v17][vnet] feat: automatic SSH client configuration Backport #55923 to branch/v17 * VNet docs: Provide clear instructions for getting debug logs (#56068) * VNet diag notification: Do not show button to open report if there's no workspace selected (#56067) * VNet diag report: Don't show button in notification if there's no workspace * Replace deprecated MutableRefObject with RefObject * Make openReport not depend on value of rootClusterUri Otherwise the effect that uses setInterval re-runs whenever the user switches to another workspace. * [v17][vnet] feat: automatic SSH client configuration in Connect Backport #55924 to branch/v17 Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> Co-authored-by: Grzegorz Zdunek <grzegorz.zdunek@goteleport.com> * [v17][vnet] fix: avoid empty host matchers in generated SSH config Backport #56103 to branch/v17 * avoid t.Context() pre go1.24 * fix cspell lint * [v17][docs] VNet SSH Backport #56147 to branch/v17 * [v17][vnet] feat: SSH usage reporting Backport #56537 to branch/v17 * [v17][vnet] fix: mask default IP route on windows Backport #56957 to branch/v17 --------- Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> Co-authored-by: Grzegorz Zdunek <grzegorz.zdunek@goteleport.com>
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jul 22, 2025
* [v18][vnet] feat: TCP dial to SSH targets Backport #55087 to branch/v18 * [v18][vnet] feat: accept incoming SSH connections Backport #55155 to branch/v18 * [v18][vnet] feat: forward SSH connections to target Backport #55156 to branch/v18 * [v18][vnet] feat: write VNet SSH keys to TELEPORT_HOME Backport #55228 to branch/v18 * [v18][vnet] feat: write OpenSSH-compatible config file for VNet SSH Backport #55239 to branch/v18 * [v18][vnet] fix: support <hostname>.<leaf-cluster> for VNet SSH Backport #55688 to branch/v18 * [v18][vnet] feat: add "Connect with VNet" button to SSH servers Backport #55623 to branch/v18 * fix test in backport * [v18][vnet] feat: support VNet SSH when cluster name does not match proxy public addr Backport #55655 to branch/v18 * [v18][vnet] feat: add SSH configuration diagnostic Backport #55594 to branch/v18 Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> * [v18][vnet] feat: show SSH status in VNet slider Backport #55755 to branch/v18 Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> * [v18][vnet] feat: support proxy recording mode with VNet SSH Backport #55788 to branch/v18 * [v18][vnet] feat: support diag checks on windows Backport #55856 to branch/v18 * [v18] fix: data race in vnet.TestSSH Backport #55980 to branch/v18 * [v18][vnet] feat: mention SSH on VNet info page Backport #55973 to branch/v18 * [v18][vnet] feat: serve DNS on IPv4 Backport #55539 to branch/v18 * [v18][vnet] fix: close proxied channel only after data and requests are complete Backport #56020 to branch/v18 * [v18][vnet] feat: automatic SSH client configuration Backport #55923 to branch/v18 * VNet diag notification: Do not show button to open report if there's no workspace selected (#56067) * VNet diag report: Don't show button in notification if there's no workspace * Replace deprecated MutableRefObject with RefObject * Make openReport not depend on value of rootClusterUri Otherwise the effect that uses setInterval re-runs whenever the user switches to another workspace. * [v18][vnet] feat: automatic SSH client configuration in Connect Backport #55924 to branch/v18 Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> Co-authored-by: Grzegorz Zdunek <grzegorz.zdunek@goteleport.com> * [v18][vnet] fix: avoid empty host matchers in generated SSH config Backport #56103 to branch/v18 * [v18][docs] VNet SSH Backport #56147 to branch/v18 * [v18][docs] add VNet warnings Backport #56601 to branch/v18 * [v18][vnet] feat: SSH usage reporting Backport #56537 to branch/v18 * [v18][vnet] fix: mask default IP route on windows Backport #56957 to branch/v18 --------- Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> Co-authored-by: Grzegorz Zdunek <grzegorz.zdunek@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds both the route conflict and SSH VNet diagnostics for Windows.
changelog: Added VNet diagnostics on Windows