Tailscale 国内中继(DERP)教程

中转服务器安装 Tailscale

curl -fsSL https://tailscale.com/install.sh | sh
tailscale login

docker(或手动安装)二选一

services:
  derper:
    image: ghcr.io/yangchuansheng/ip_derper:latest
    container_name: derper
    restart: always
    ports:
      - "12345:12345"
      - "3478:3478/udp"
    volumes:
      - /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock
    environment:
      - DERP_ADDR=:12345
      - DERP_CERTS=/app/certs
      - DERP_VERIFY_CLIENTS=true

手动安装(或 docker)二选一

apt install go --classic
go env -w GOPROXY=https://goproxy.cn,direct
go install tailscale.com/cmd/derper@latest
cp ~/go/bin/derper /usr/bin/
DERP_IP="服务器ip"
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout ${DERP_IP}.key -out ${DERP_IP}.crt -subj "/CN=${DERP_IP}" -addext "subjectAltName=IP:${DERP_IP}"
mkdir cert
mv *.crt *.key cert/
derper --hostname="服务器ip" -certmode manual -certdir ./cert --verify-clients

中转服务器开放端口

在安全组中放开 TCP:12345 UDP:3478

修改 tailscale ACL 配置启用第三方 DERP

在页面的 ssh 配置上增加

"derpMap": {
		"OmitDefaultRegions": true,
		"Regions": {
			"910": {
				"RegionID":   910,
				"RegionCode": "cn",
				"RegionName": "cn",
				"Nodes": [
					{
						"Name":             "cn_derper",
						"RegionID":         910,
						"IPv4":             "服务器ip",
						"DERPPort":         12345,
						"InsecureForTests": true,
					},
				],
			},
		},
	},

验证

tailscale netcheck

DERP latency 一行应该出现刚刚配置的 cn_derper 并且延迟不高

posted @ 2026-01-23 14:07  LiuChengloong  阅读(18)  评论(0)    收藏  举报