From c71828f5a1da63ef0a0b55260f6ea65bbdd4e0e3 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 5 Dec 2025 16:34:09 -0500
Subject: [PATCH] Reorder operations

Former-commit-id: ef49089160bc4eff05f1c96a1c8a759141bde5f7
---
 olm/olm.go | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/olm/olm.go b/olm/olm.go
index 853bac9..cc75194 100644
--- a/olm/olm.go
+++ b/olm/olm.go
@@ -656,20 +656,22 @@ func StartTunnel(config TunnelConfig) {
 			return
 		}
 
-		// Remove old subnets
-		for _, subnet := range updateSubnetsData.OldRemoteSubnets {
-			if err := peerManager.RemoveRemoteSubnet(updateSubnetsData.SiteId, subnet); err != nil {
-				logger.Error("Failed to remove allowed IP %s: %v", subnet, err)
-			}
-		}
-
-		// Add new subnets
+		// Add new subnets BEFORE removing old ones to preserve shared subnets
+		// This ensures that if an old and new subnet are the same on different peers,
+		// the route won't be temporarily removed
 		for _, subnet := range updateSubnetsData.NewRemoteSubnets {
 			if err := peerManager.AddRemoteSubnet(updateSubnetsData.SiteId, subnet); err != nil {
 				logger.Error("Failed to add allowed IP %s: %v", subnet, err)
 			}
 		}
 
+		// Remove old subnets after new ones are added
+		for _, subnet := range updateSubnetsData.OldRemoteSubnets {
+			if err := peerManager.RemoveRemoteSubnet(updateSubnetsData.SiteId, subnet); err != nil {
+				logger.Error("Failed to remove allowed IP %s: %v", subnet, err)
+			}
+		}
+
 		// Add new aliases BEFORE removing old ones to preserve shared IP addresses
 		// This ensures that if an old and new alias share the same IP, the IP won't be
 		// temporarily removed from the allowed IPs list