From 67a3d64f381393bb6eba42c400a8415713c10117 Mon Sep 17 00:00:00 2001
From: Nic Klaassen <nic@goteleport.com>
Date: Wed, 5 Jun 2024 17:15:24 -0700
Subject: [PATCH] [vnet] clean up osconfig on startup (#42518)

---
 lib/vnet/osconfig.go |  6 ++----
 lib/vnet/setup.go    | 13 +++++++++++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/lib/vnet/osconfig.go b/lib/vnet/osconfig.go
index f566fe8620a17..1ef9a91a7df11 100644
--- a/lib/vnet/osconfig.go
+++ b/lib/vnet/osconfig.go
@@ -130,11 +130,9 @@ func (c *osConfigurator) updateOSConfiguration(ctx context.Context) error {
 	return trace.Wrap(err, "configuring OS")
 }
 
-func (c *osConfigurator) deconfigureOS() error {
+func (c *osConfigurator) deconfigureOS(ctx context.Context) error {
 	// configureOS is meant to be called with an empty config to deconfigure anything necessary.
-	// Pass context.Background() because we are likely deconfiguring because we received a signal to terminate
-	// and all contexts have been canceled.
-	return trace.Wrap(configureOS(context.Background(), &osConfig{}))
+	return trace.Wrap(configureOS(ctx, &osConfig{}))
 }
 
 func (c *osConfigurator) setTunIPv4FromCIDR(cidrRange string) error {
diff --git a/lib/vnet/setup.go b/lib/vnet/setup.go
index 55e9f93520472..d778fdf5c69b3 100644
--- a/lib/vnet/setup.go
+++ b/lib/vnet/setup.go
@@ -235,10 +235,19 @@ func createAndSetupTUNDeviceAsRoot(ctx context.Context, ipv6Prefix, dnsAddr stri
 		return tunCh, errCh
 	}
 
+	// Clean up any stale configuration left by a previous VNet instance that may have failed to clean up.
+	// This is necessary in case any stale /etc/resolver/<proxy address> entries are still present, we need to
+	// be able to reach the proxy in order to fetch the vnet_config.
+	if err := osConfigurator.deconfigureOS(ctx); err != nil {
+		errCh <- trace.Wrap(err, "cleaning up OS configuration on startup")
+		return tunCh, errCh
+	}
+
 	go func() {
 		defer func() {
-			// Shutting down, deconfigure OS.
-			errCh <- trace.Wrap(osConfigurator.deconfigureOS())
+			// Shutting down, deconfigure OS. Pass context.Background because [ctx] has likely been canceled
+			// already but we still need to clean up.
+			errCh <- trace.Wrap(osConfigurator.deconfigureOS(context.Background()))
 		}()
 
 		if err := osConfigurator.updateOSConfiguration(ctx); err != nil {