Tailscale虚拟组网

官网:https://tailscale.com/

centos7教程:

一键安装

curl -fsSL https://tailscale.com/install.sh | sh

包可用于 x86 和 ARM CPU,有 32 位和 64 位变体。

安装 Yum 存储库管理器:

sudo yum install yum-utils

添加 Tailscale 存储库并安装 Tailscale:

sudo yum-config-manager --add-repo https://pkgs.tailscale.com/stable/centos/7/tailscale.repo
sudo yum install tailscale

用于 systemctl启用和启动服务:

sudo systemctl enable --now tailscaled

将您的机器连接到 Tailscale 网络并在浏览器中进行身份验证:

sudo tailscale up

你已连接!您可以通过运行以下命令找到您的 Tailscale IPv4 地址:

tailscale ip -4

启用 IP 转发
如果您的 Linux 系统有/etc/sysctl.d目录,请使用:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

否则,使用:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf

如果您的 Linux 节点使用firewalld,由于 已知问题,您可能还需要允许伪装。作为解决方法,您可以允许使用此命令进行伪装

firewall-cmd --permanent --add-masquerade

Tailscale 实现「出口节点和使用本地网络」

阻止 Tailscaled 覆盖/etc/resolv.conf
tailscale set --accept-dns=false
Linux
tailscale up --advertise-routes=10.10.10.0/24,192.168.1.0/24 --accept-dns=false --advertise-exit-node --reset
win
tailscale up --advertise-routes=10.10.10.0/24,192.168.1.0/24 --advertise-exit-node --reset

Tailscale 自定义 DERP 服务器

获取derp服务器
https://fofa.info/
port=="12345" && country=="CN" && header="DENY"
port=="12345" && country=="CN" && region="Zhejiang" && header="DENY" && body="Documentation"

apt update && apt upgrade

apt install -y wget git openssl curl

wget https://go.dev/dl/go1.20.5.linux-amd64.tar.gz

rm -rf /usr/local/go && tar -C /usr/local -xzf go1.20.5.linux-amd64.tar.gz

export PATH=$PATH:/usr/local/go/bin
go version

echo "export PATH=$PATH:/usr/local/go/bin" >> /etc/profile
source /etc/profile

go env -w GO111MODULE=on
go env -w GOPROXY=https://goproxy.cn,direct

go install tailscale.com/cmd/derper@main

cd /root/go/pkg/mod/tailscale.com@v1.1.1-0.20231129164448-26db9775f82d/cmd/derper

go build -o /etc/derp/derper

ls /etc/derp

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/derp/derp.myself.com.key -out /etc/derp/derp.myself.com.crt -subj "/CN=derp.myself.com" -addext "subjectAltName=DNS:derp.myself.com"

cat > /etc/systemd/system/derp.service <<EOF
[Unit]
Description=TS Derper
After=network.target
Wants=network.target
[Service]
User=root
Restart=always
ExecStart=/etc/derp/derper -hostname derp.myself.com -a :33445 -http-port 33446 -certmode manual -certdir /etc/derp
RestartPreventExitStatus=1
[Install]
WantedBy=multi-user.target
EOF

systemctl enable derp
systemctl start derp

开放端口 33445 TCP 3478 UDP

检测
tailscale netcheck

tailscale status

tailscale ping 

tailscale down 

tailscale up

节点设置

"derpMap": {
        //"OmitDefaultRegions": true,
        "Regions": {
            "901": {
                "RegionID":   901,
                "RegionCode": "Myself",
                "RegionName": "Myself Derper",
                "Nodes": [
                    {
                        "Name":             "901a",
                        "RegionID":         901,
                        "DERPPort":         33445,
                        "IPv4":             "119.29.244.53",
                        "InsecureForTests": true,
                    },
                ],
            },
            "1":  null,
            "2":  null,
            "3":  null,
            "4":  null,
            "5":  null,
            "6":  null,
            "7":  null,
            "8":  null,
            "9":  null,
            "10": null,
            "11": null,
            "12": null,
            "13": null,
            "14": null,
            "15": null,
            "16": null,
            "17": null,
            "18": null,
            "19": null,
            //"20": null,
            "21": null,
            "22": null,
            "23": null,
            "24": null,
            "25": null,
        },
    },
Last modification:August 6, 2024
如果觉得我的文章对你有用,请随意赞赏