Reorder operations

olm/olm.go

@@ -656,20 +656,22 @@ func StartTunnel(config TunnelConfig) {
 			return
 		}
 
-		// Remove old subnets
+		// Add new subnets BEFORE removing old ones to preserve shared subnets
-		for _, subnet := range updateSubnetsData.OldRemoteSubnets {
+		// This ensures that if an old and new subnet are the same on different peers,
-			if err := peerManager.RemoveRemoteSubnet(updateSubnetsData.SiteId, subnet); err != nil {
+		// the route won't be temporarily removed
-				logger.Error("Failed to remove allowed IP %s: %v", subnet, err)
-			}
-		}
-
-		// Add new subnets
 		for _, subnet := range updateSubnetsData.NewRemoteSubnets {
 			if err := peerManager.AddRemoteSubnet(updateSubnetsData.SiteId, subnet); err != nil {
 				logger.Error("Failed to add allowed IP %s: %v", subnet, err)
 			}
 		}
 
+		// Remove old subnets after new ones are added
+		for _, subnet := range updateSubnetsData.OldRemoteSubnets {
+			if err := peerManager.RemoveRemoteSubnet(updateSubnetsData.SiteId, subnet); err != nil {
+				logger.Error("Failed to remove allowed IP %s: %v", subnet, err)
+			}
+		}
+
 		// Add new aliases BEFORE removing old ones to preserve shared IP addresses
 		// This ensures that if an old and new alias share the same IP, the IP won't be
 		// temporarily removed from the allowed IPs list