Tailscale搭建derp中转服务

官网：https://tailscale.com/

linux安装：curl -fsSL https://tailscale.com/install.sh | sh

Windows安装：https://pkgs.tailscale.com/stable/tailscale-setup-latest.exe

需要什么

域名加ssl

nginx反向代理

docker安装derp服务器

docker run --restart always \
  --name derper -p 12345:12345 -p 3478:3478/udp \
  -e DERP_ADDR=:12345 \
  -e DERP_DOMAIN=derp.7boe.top \
  -d ghcr.io/yangchuansheng/derper:latest

参考文章

配置文件

// Example/default ACLs for unrestricted connections.
{
	// Declare static groups of users beyond those in the identity service.
	"groups": {
		"group:example": ["user1@example.com", "user2@example.com"],
	},

	// Declare convenient hostname aliases to use in place of IP addresses.
	"hosts": {
		"example-host-1": "100.100.100.100",
	},

	// Access control lists.
	"acls": [
		// Match absolutely everything.
		// Comment this section out if you want to define specific restrictions.
		{"action": "accept", "users": ["*"], "ports": ["*:*"]},
	],
	"ssh": [
		// Allow all users to SSH into their own devices in check mode.
		// Comment this section out if you want to define specific restrictions.
		{
			"action": "check",
			"src":    ["autogroup:members"],
			"dst":    ["autogroup:self"],
			"users":  ["autogroup:nonroot", "root"],
		},
	],
	"derpMap": {
		"OmitDefaultRegions": true, // 是否只连接自建 derper 节点
		"Regions": {"900": {
			"RegionID":   900,
			"RegionCode": "hk",
			"RegionName": "hongkong", // 字符串，代表地区
			"Nodes": [{
				"Name":     "nodename",
				"RegionID": 900,
				"HostName": "d66.456.com",
				"DERPPort": 12345,
				"STUNPort": 3478,
				"IPv4":     "1.1.1.1",
			}],
		}},
	},
}

把同子网设备加入VPN

官方文档

启动命令

tailscale up --advertise-routes=192.168.0.0/24

开启自己的子网地址后