Add Random IP Assignment

config-example.yaml

@@ -67,6 +67,10 @@ ip_prefixes:
   - fd7a:115c:a1e0::/48
   - 100.64.0.0/10
 
+# Whether to randomize the ip address assignemnt or to
+# assign sequentially.
+randomize_address: false
+
 # DERP is a relay system that Tailscale uses when a direct
 # connection cannot be established.
 # https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp

config.go

@@ -37,6 +37,7 @@ type Config struct {
 	EphemeralNodeInactivityTimeout time.Duration
 	NodeUpdateCheckInterval        time.Duration
 	IPPrefixes                     []netip.Prefix
+	RandomizeIP                    bool
 	PrivateKeyPath                 string
 	NoisePrivateKeyPath            string
 	BaseDomain                     string
@@ -165,6 +166,8 @@ func LoadConfig(path string, isFile bool) error {
 	viper.SetDefault("derp.server.enabled", false)
 	viper.SetDefault("derp.server.stun.enabled", true)
 
+	viper.SetDefault("randomize_ip", false)
+
 	viper.SetDefault("unix_socket", "/var/run/headscale.sock")
 	viper.SetDefault("unix_socket_permission", "0o770")
 
@@ -540,7 +543,8 @@ func GetHeadscaleConfig() (*Config, error) {
 		GRPCAllowInsecure:  viper.GetBool("grpc_allow_insecure"),
 		DisableUpdateCheck: viper.GetBool("disable_check_updates"),
 
-		IPPrefixes: prefixes,
+		IPPrefixes:  prefixes,
+		RandomizeIP: viper.GetBool("randomize_ip"),
 		PrivateKeyPath: AbsolutePathFromConfigPath(
 			viper.GetString("private_key_path"),
 		),

machine.go

@@ -897,7 +897,15 @@ func (h *Headscale) RegisterMachine(machine Machine,
 	h.ipAllocationMutex.Lock()
 	defer h.ipAllocationMutex.Unlock()
 
-	ips, err := h.getAvailableIPs()
+	var ips MachineAddresses
+	var err error
+
+	if h.cfg.RandomizeIP {
+		ips, err = h.getRandomAvailableIPs()
+	} else {
+		ips, err = h.getAvailableIPs()
+	}
+
 	if err != nil {
 		log.Error().
 			Caller().

utils.go

@@ -12,6 +12,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/fs"
+	mrand "math/rand"
 	"net"
 	"net/netip"
 	"os"
@@ -20,6 +21,7 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/viper"
@@ -155,6 +157,22 @@ func (h *Headscale) getAvailableIPs() (MachineAddresses, error) {
 	return ips, err
 }
 
+func (h *Headscale) getRandomAvailableIPs() (MachineAddresses, error) {
+	var ips MachineAddresses
+	var err error
+	ipPrefixes := h.cfg.IPPrefixes
+	for _, ipPrefix := range ipPrefixes {
+		var ip *netip.Addr
+		ip, err = h.getAvailableIP(ipPrefix)
+		if err != nil {
+			return shuffleIPs(ips), err
+		}
+		ips = append(ips, *ip)
+	}
+
+	return shuffleIPs(ips), err
+}
+
 func GetIPPrefixEndpoints(na netip.Prefix) (netip.Addr, netip.Addr) {
 	var network, broadcast netip.Addr
 	ipRange := netipx.RangeOfPrefix(na)
@@ -230,6 +248,16 @@ func (h *Headscale) getUsedIPs() (*netipx.IPSet, error) {
 	return ipSet, nil
 }
 
+func shuffleIPs(ips MachineAddresses) MachineAddresses {
+	// Seeding needed to ensure random order between runs.
+	mrand.Seed(time.Now().UnixNano())
+	mrand.Shuffle(len(ips), func(i, j int) {
+		ips[i], ips[j] = ips[j], ips[i]
+	})
+
+	return ips
+}
+
 func tailNodesToString(nodes []*tailcfg.Node) string {
 	temp := make([]string, len(nodes))
 

utils_test.go

@@ -18,6 +18,17 @@ func (s *Suite) TestGetAvailableIp(c *check.C) {
 	c.Assert(ips[0].String(), check.Equals, expected.String())
 }
 
+func (s *Suite) TestGetRandomAvailableIp(c *check.C) {
+	ips, err := app.getRandomAvailableIPs()
+
+	c.Assert(err, check.IsNil)
+
+	expected := netip.MustParseAddr("10.27.0.1")
+
+	c.Assert(len(ips), check.Equals, 1)
+	c.Assert(ips[0].String(), check.Equals, expected.String())
+}
+
 func (s *Suite) TestGetUsedIps(c *check.C) {
 	ips, err := app.getAvailableIPs()
 	c.Assert(err, check.IsNil)