https://www.zhangtaidong.cn/2024/09/ TAIDONG's Blog https://www.zhangtaidong.cn/archives/313/ 2024-09-13T22:44:00+08:00 1 Linux服务器中安装 Tailscale 客户端curl -fsSL https://tailscale.com/install.sh | sh开放所有端口systemctl stop firewalld iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -I INPUT 1 -j ACCEPT iptables -I OUTPUT 1 -j ACCEPT2 部署 DERP 中继服务安装Golang# 更新软件源 apt update && apt upgrade # 安装相关依赖 apt install -y wget git openssl curl # 可打开https://go.dev/dl/查看最新版本 cd /root wget https://go.dev/dl/go1.23.0.linux-amd64.tar.gz # 解压 sudo tar -C /usr/local -xzf go1.23.0.linux-amd64.tar.gz # 查看版本 export PATH=$PATH:/usr/local/go/bin go version # 添加环境变量 echo "export PATH=$PATH:/usr/local/go/bin" >> /etc/profile source /etc/profile # 让 Go 使用国内代理源(国外主机忽略) go env -w GO111MODULE=on go env -w GOPROXY=https://goproxy.cn,direct部署 DERP 中继服务# 拉取并编译derper go install tailscale.com/cmd/derper@main # 进入到编译好的文件夹(不要直接复制命令，按实际情况填写) cd /root/go/pkg/mod/tailscale.com@v1.1.1-xxxx/cmd/derper/ # 打开cert.go文件 sudo chmod 777 ./cert.go vi cert.go # 注释以下信息 func (m *manualCertManager) getCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error) { // if hi.ServerName != m.hostname { // return nil, fmt.Errorf("cert mismatch with hostname: %q", hi.ServerName) // } ![2024-09-14T12:46:13.png][1] # 编译并输出到/etc/derp/ go build -o /etc/derp/derper # 查看是否存在derper文件 cd /root ls /etc/derp # 自签域名(derp.myself.com可随意编写，命令中四处需要一致) openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/derp/derp.myself.com.key -out /etc/derp/derp.myself.com.crt -subj "/CN=derp.myself.com" -addext "subjectAltName=DNS:derp.myself.com" # 自签域名错误解决(openssl 命令出错是因为 -addext 选项在旧版本的 OpenSSL 中不可用。-addext 选项是在 OpenSSL 1.1.1 及以上版本中引入的，而你可能正在使用较旧的版本。) # 检查 OpenSSL 版本 openssl version # 创建配置文件 vi /etc/derp/openssl-san.cnf # 在文件中写入以下内容 [ req ] default_bits = 4096 default_md = sha256 distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [ req_distinguished_name ] CN = derp.myself.com [ v3_req ] subjectAltName = @alt_names [ alt_names ] DNS.1 = derp.myself.com # 生成证书 openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/derp/derp.myself.com.key -out /etc/derp/derp.myself.com.crt -config /etc/derp/openssl-san.cnf复制以下全部内容到命令行粘贴：cat > /etc/systemd/system/derp.service <<EOF [Unit] Description=TS Derper After=network.target Wants=network.target [Service] User=root Restart=always ExecStart=/etc/derp/derper -hostname derp.myself.com -a :33445 -http-port 33446 -verify-clients -certmode manual -certdir /etc/derp RestartPreventExitStatus=1 [Install] WantedBy=multi-user.target EOF设置开机自启和启动服务systemctl enable derp systemctl start derp测试访问 https://ip:334453 配置 Tailscale// Tailscale DERP "derpMap": { // OmitDefaultRegions 用来忽略官方的中继节点 "OmitDefaultRegions": false, "Regions": { "900": { "RegionID": 900, // 901 三个地方保持一致，900开始，多个节点可以往后+1 "RegionCode": "hty", "RegionName": "Tianjin", "Nodes": [ { "Name": "1", "RegionID": 900, "IPv4": "150.100.111.222", // 改成你的公网IP "DERPPort": 33445, "InsecureForTests": true, }, ], }, }, },DERP 中继服务的连接情况tailscale netcheck