Tailscale虚拟组网
centos7教程:
一键安装
curl -fsSL https://tailscale.com/install.sh | sh
包可用于 x86 和 ARM CPU,有 32 位和 64 位变体。
安装 Yum 存储库管理器:
sudo yum install yum-utils
添加 Tailscale 存储库并安装 Tailscale:
sudo yum-config-manager --add-repo https://pkgs.tailscale.com/stable/centos/7/tailscale.repo
sudo yum install tailscale
用于 systemctl启用和启动服务:
sudo systemctl enable --now tailscaled
将您的机器连接到 Tailscale 网络并在浏览器中进行身份验证:
sudo tailscale up
你已连接!您可以通过运行以下命令找到您的 Tailscale IPv4 地址:
tailscale ip -4
启用 IP 转发
如果您的 Linux 系统有/etc/sysctl.d目录,请使用:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
否则,使用:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
如果您的 Linux 节点使用firewalld,由于 已知问题,您可能还需要允许伪装。作为解决方法,您可以允许使用此命令进行伪装
firewall-cmd --permanent --add-masquerade
Tailscale 实现「出口节点和使用本地网络」
阻止 Tailscaled 覆盖/etc/resolv.conf
tailscale set --accept-dns=false
Linux
tailscale up --advertise-routes=10.10.10.0/24,192.168.1.0/24 --accept-dns=false --advertise-exit-node --reset
win
tailscale up --advertise-routes=10.10.10.0/24,192.168.1.0/24 --advertise-exit-node --reset
Tailscale 自定义 DERP 服务器
获取derp服务器
https://fofa.info/
port=="12345" && country=="CN" && header="DENY"
port=="12345" && country=="CN" && region="Zhejiang" && header="DENY" && body="Documentation"
apt update && apt upgrade
apt install -y wget git openssl curl
wget https://go.dev/dl/go1.20.5.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.20.5.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
go version
echo "export PATH=$PATH:/usr/local/go/bin" >> /etc/profile
source /etc/profile
go env -w GO111MODULE=on
go env -w GOPROXY=https://goproxy.cn,direct
go install tailscale.com/cmd/derper@main
cd /root/go/pkg/mod/tailscale.com@v1.1.1-0.20231129164448-26db9775f82d/cmd/derper
go build -o /etc/derp/derper
ls /etc/derp
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/derp/derp.myself.com.key -out /etc/derp/derp.myself.com.crt -subj "/CN=derp.myself.com" -addext "subjectAltName=DNS:derp.myself.com"
cat > /etc/systemd/system/derp.service <<EOF
[Unit]
Description=TS Derper
After=network.target
Wants=network.target
[Service]
User=root
Restart=always
ExecStart=/etc/derp/derper -hostname derp.myself.com -a :33445 -http-port 33446 -certmode manual -certdir /etc/derp
RestartPreventExitStatus=1
[Install]
WantedBy=multi-user.target
EOF
systemctl enable derp
systemctl start derp
开放端口 33445 TCP 3478 UDP
检测
tailscale netcheck
tailscale status
tailscale ping
tailscale down
tailscale up
节点设置
"derpMap": {
//"OmitDefaultRegions": true,
"Regions": {
"901": {
"RegionID": 901,
"RegionCode": "Myself",
"RegionName": "Myself Derper",
"Nodes": [
{
"Name": "901a",
"RegionID": 901,
"DERPPort": 33445,
"IPv4": "119.29.244.53",
"InsecureForTests": true,
},
],
},
"1": null,
"2": null,
"3": null,
"4": null,
"5": null,
"6": null,
"7": null,
"8": null,
"9": null,
"10": null,
"11": null,
"12": null,
"13": null,
"14": null,
"15": null,
"16": null,
"17": null,
"18": null,
"19": null,
//"20": null,
"21": null,
"22": null,
"23": null,
"24": null,
"25": null,
},
},