diff --git a/hscontrol/app.go b/hscontrol/app.go
index 8131316e..ee1587ad 100644
--- a/hscontrol/app.go
+++ b/hscontrol/app.go
@@ -1153,6 +1153,7 @@ func (h *Headscale) loadPolicyManager() error {
 			errOut = fmt.Errorf("creating policy manager: %w", err)
 			return
 		}
+		log.Info().Msgf("Using policy manager version: %d", h.polMan.Version())
 
 		if len(nodes) > 0 {
 			_, err = h.polMan.SSHPolicy(nodes[0])
diff --git a/hscontrol/db/db.go b/hscontrol/db/db.go
index a130f876..7d0c3144 100644
--- a/hscontrol/db/db.go
+++ b/hscontrol/db/db.go
@@ -22,6 +22,7 @@ import (
 	"gorm.io/gorm"
 	"gorm.io/gorm/logger"
 	"gorm.io/gorm/schema"
+	"tailscale.com/net/tsaddr"
 	"tailscale.com/util/set"
 	"zgo.at/zcache/v2"
 )
@@ -655,7 +656,7 @@ AND auth_key_id NOT IN (
 					}
 
 					for nodeID, routes := range nodeRoutes {
-						slices.SortFunc(routes, util.ComparePrefix)
+						tsaddr.SortPrefixes(routes)
 						slices.Compact(routes)
 
 						data, err := json.Marshal(routes)
diff --git a/hscontrol/db/node_test.go b/hscontrol/db/node_test.go
index c3924bbe..889e60d5 100644
--- a/hscontrol/db/node_test.go
+++ b/hscontrol/db/node_test.go
@@ -19,6 +19,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"gopkg.in/check.v1"
 	"gorm.io/gorm"
+	"tailscale.com/net/tsaddr"
 	"tailscale.com/tailcfg"
 	"tailscale.com/types/key"
 	"tailscale.com/types/ptr"
diff --git a/hscontrol/grpcv1.go b/hscontrol/grpcv1.go
index 57b46889..afe916db 100644
--- a/hscontrol/grpcv1.go
+++ b/hscontrol/grpcv1.go
@@ -348,7 +348,7 @@ func (api headscaleV1APIServer) SetApprovedRoutes(
 			routes = append(routes, prefix)
 		}
 	}
-	slices.SortFunc(routes, util.ComparePrefix)
+	tsaddr.SortPrefixes(routes)
 	slices.Compact(routes)
 
 	node, err := db.Write(api.h.db.DB, func(tx *gorm.DB) (*types.Node, error) {
diff --git a/hscontrol/util/net.go b/hscontrol/util/net.go
index 5a355073..0d6b4412 100644
--- a/hscontrol/util/net.go
+++ b/hscontrol/util/net.go
@@ -16,24 +16,6 @@ func GrpcSocketDialer(ctx context.Context, addr string) (net.Conn, error) {
 	return d.DialContext(ctx, "unix", addr)
 }
 
-// TODO(kradalby): Remove when in stdlib;
-// https://github.com/golang/go/issues/61642
-// Compare returns an integer comparing two prefixes.
-// The result will be 0 if p == p2, -1 if p < p2, and +1 if p > p2.
-// Prefixes sort first by validity (invalid before valid), then
-// address family (IPv4 before IPv6), then prefix length, then
-// address.
-func ComparePrefix(p, p2 netip.Prefix) int {
-	if c := cmp.Compare(p.Addr().BitLen(), p2.Addr().BitLen()); c != 0 {
-		return c
-	}
-	if c := cmp.Compare(p.Bits(), p2.Bits()); c != 0 {
-		return c
-	}
-
-	return p.Addr().Compare(p2.Addr())
-}
-
 func PrefixesToString(prefixes []netip.Prefix) []string {
 	ret := make([]string, 0, len(prefixes))
 	for _, prefix := range prefixes {