tailscale的默认中转节点全都在境外,延迟有点高,可以使用tailscale netcheck来检测,结果如下
Report:
* Time: 2025-05-08T07:45:27.5357943Z
* UDP: false
* IPv4: (no addr found)
* IPv6: no, but OS has support
* MappingVariesByDestIP:
* PortMapping:
* CaptivePortal: false
* Nearest DERP: baidu Derper
* DERP latency:
- blr: 138ms (Bangalore)
- tok: 147.5ms (Tokyo)
- lax: 171ms (Los Angeles)
- sfo: 180.3ms (San Francisco)
- syd: 190.9ms (Sydney)
- sea: 191.2ms (Seattle)
- den: 195.7ms (Denver)
- hel: 223ms (Helsinki)
- nyc: 224.6ms (New York City)
- hnl: 227.4ms (Honolulu)
- nue: 227.7ms (Nuremberg)
- iad: 233.5ms (Ashburn)
- par: 239.2ms (Paris)
- mia: 240.6ms (Miami)
- tor: 244ms (Toronto)
- fra: 252.4ms (Frankfurt)
- dbi: 254.8ms (Dubai)
- lhr: 257.8ms (London)
- ord: 257.9ms (Chicago)
- ams: 257.9ms (Amsterdam)
- waw: 258.4ms (Warsaw)
- mad: 268.6ms (Madrid)
- dfw: 318.7ms (Dallas)
- nai: 332.9ms (Nairobi)
- sao: 360.9ms (São Paulo)
- jnb: 396.5ms (Johannesburg)现在阿里去新用户注册,68元就可以买一个200M的带宽的vps,这个非常适合用来做derp中转服务的。之前的derp服务都需要注册域名和证书来做,现在derp不需要了,可以直接使用ip了。
安装go
下载go并且安装
apt install -y wget git openssl curl
wget https://go.dev/dl/go1.24.3.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.24.3.linux-amd64.tar.gz添加go到path
export PATH=$PATH:/usr/local/go/bin需要将上面的命令放到.bashrc或者.zshrc里面。
设置go proxy
增加go安装的国内镜像,加快go install的安装速度,这个非常有用。
go env -w GO111MODULE=on
go env -w GOPROXY=https://goproxy.cn,direct安装derp
下载derper
go install tailscale.com/cmd/derper@latest进入~/go/pkg/mod/[email protected]/cmd/derper文件夹内,修改cert.go文件, 注释以下三行代码。
if hi.ServerName != m.hostname && !m.noHostname {
return nil, fmt.Errorf("cert mismatch with hostname: %q", hi.ServerName)
} 编译derper
go build -o /usr/local/bin/derperls /usr/local/bin/derper看下有没有编译成功。
配置derper服务器
生成ssl证书,其中CN=http://derp.ai-free.com中的网址可以任意填写
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/derp/derp.ai-free.com.key -out /etc/derp/derp.ai-free.com.crt -subj "/CN=derp.ai-free.com" -addext "subjectAltName=DNS:derp.ai-free.com"新建derper的service
sudo vim /etc/systemd/system/derp.service
将以下内容写入到derp.service文件中
[Unit]
Description=TS Derper
After=network.target
Wants=network.target
[Service]
User=root
Restart=always
ExecStart=/usr/local/bin/derper -hostname derp.ai-free.com -a :45678 -http-port 33446 -certmode manual -certdir /etc/derp --verify-clients
RestartPreventExitStatus=1
[Install]
WantedBy=multi-user.target
需要注意的是:
-a指定的端口必要要在防火墙中开放(TCP),同时要开放默认的3478(UDP)端口;
--verified-clients是为了增加验证环节,只有服务器上登陆的tailscale账号可以使用此derper节点, 这个非常重要,可以防止被别人白嫖。
启动derper
systemctl enable derp
systemctl start derp检验是否设置成功
在启动derp后可以在浏览器中进入https://IP:PORT,如果看到以下网页则说明成功。其中IP是第一步中记录的服务器公网IP,PORT是derp.service中设置的,就是那个45678端口
安装taiscale
运行自动安装脚本
curl -fsSL https://tailscale.com/install.sh | sh启动tailscale并登陆
tailscale up运行上面命令后,会输出一个网址,复制网址到浏览器,进入登陆网页登陆tailscale账号
重启derp服务
systemctl daemon-reload
systemctl restart derp在tailscale中增加derper服务器
打开tailscale的网页console,在access control里的最后面加上下面的内容
"derpMap": {
//"OmitDefaultRegions": true,
"Regions": {
"900": {
"RegionID": 900,
"RegionCode": "ai-free",
"RegionName": "ai-free Derper",
"Nodes": [
{
"Name": "ai-free-derp",
"RegionID": 900,
"HostName": "derp.ai-free.com",
"IPv4": "your vps's public ip",
"DERPPort": 45678,
"STUNPort": 3478,
"InsecureForTests": true,
},
],
},
},
},检测是否配置成功
在自己的电脑上输入以下命令:
tailscale netcheck
Report:
* Time: 2025-05-08T08:11:42.4856885Z
* UDP: true
* IPv4: yes, 27.154.165.100:59024
* IPv6: no, but OS has support
* MappingVariesByDestIP: false
* PortMapping:
* CaptivePortal: false
* Nearest DERP: baidu Derper
* DERP latency:
- baidu: 35.2ms (ai-free Derper)
- sfo: 168.9ms (San Francisco)
- lax: 173.9ms (Los Angeles)
- sea: 185.4ms (Seattle)
- hkg: 190.8ms (Hong Kong)
- hel: 196.3ms (Helsinki)
- den: 198.1ms (Denver)
- nue: 211.3ms (Nuremberg)
- hnl: 217.8ms (Honolulu)
- iad: 223.1ms (Ashburn)
- nyc: 225.5ms (New York City)
- tok: 226.8ms (Tokyo)
- tor: 235.8ms (Toronto)
- dfw: 235.8ms (Dallas)
- par: 241.5ms (Paris)
- mia: 245.1ms (Miami)
- ord: 246.9ms (Chicago)
- lhr: 252.2ms (London)
- ams: 257.9ms (Amsterdam)
- mad: 257.9ms (Madrid)
- waw: 266.6ms (Warsaw)
- fra: 277.5ms (Frankfurt)
- blr: 355.8ms (Bangalore)
- sao: 369.2ms (São Paulo)
- dbi: 375.6ms (Dubai)
- jnb: 406ms (Johannesburg)
- syd: 428.5ms (Sydney)
- sin: (Singapore)
- nai: (Nairobi)如果在DERP latency中出现自己刚才设置的服务器ai-free Derper,即为安装成功。
使用tailscale status,可以查看当前的状态,是直连,还是通过derp中转的。
