什么是derp

Tailscale 是一个基于 WireGuard 协议的 VPN 服务，它使用 P2P 技术来连接您的设备，无论它们在世界的哪个角落。通过在 Tailscale 网络上添加自己的 DERP 服务器，您可以改善网络性能，特别是在有大量跨地域流量的情况下。

准备工具

公网服务器一台推荐使用浪浪云服务器一键部署 https://idc.langlangy.com/?i44b5ec

效果演示

tailscale官方中转

延迟最低100多

Pasted image 20240627164544

国内自建中转

国内自建延迟只有30多

Pasted image 20240627164607

开始一键部署

Pasted image 20240626114734

设置端口转发访问casaos

设置derp端口

Pasted image 20240626115054

访问casaos

打开应用商店

Pasted image 20240623143411

安装derp

Pasted image 20240626114527

安装完成后设置tailscale配置文件

Pasted image 20240626141700

// Example/default ACLs for unrestricted connections.
{
	// Declare static groups of users. Use autogroups for all users or users with a specific role.
	// "groups": {
	//  	"group:example": ["alice@example.com", "bob@example.com"],
	// },

	// Define the tags which can be applied to devices and by which users.
	// "tagOwners": {
	//  	"tag:example": ["autogroup:admin"],
	// },
	"derpMap": {
		"OmitDefaultRegions": true,
		"Regions": {
			"900": {
				"RegionID":   900,
				"RegionCode": "langlangy",
				"Nodes": [
					{
						"Name":             "langlangy",
						"RegionID":         900,
						"DERPPort":         22957,
						"IPv4":             "120.195.6.243",
						"InsecureForTests": true,
					},
				],
			},
		},
	},

	// Define access control lists for users, groups, autogroups, tags,
	// Tailscale IP addresses, and subnet ranges.
	"acls": [
		// Allow all connections.
		// Comment this section out if you want to define specific restrictions.
		{"action": "accept", "src": ["*"], "dst": ["*:*"]},

		// Allow users in "group:example" to access "tag:example", but only from
		// devices that are running macOS and have enabled Tailscale client auto-updating.
		// {"action": "accept", "src": ["group:example"], "dst": ["tag:example:*"], "srcPosture":["posture:autoUpdateMac"]},
	],

	// Define postures that will be applied to all rules without any specific
	// srcPosture definition.
	// "defaultSrcPosture": [
	//      "posture:anyMac",
	// ],

	// Define device posture rules requiring devices to meet
	// certain criteria to access parts of your system.
	// "postures": {
	//      // Require devices running macOS, a stable Tailscale
	//      // version and auto update enabled for Tailscale.
	// 	"posture:autoUpdateMac": [
	// 	    "node:os == 'macos'",
	// 	    "node:tsReleaseTrack == 'stable'",
	// 	    "node:tsAutoUpdate",
	// 	],
	//      // Require devices running macOS and a stable
	//      // Tailscale version.
	// 	"posture:anyMac": [
	// 	    "node:os == 'macos'",
	// 	    "node:tsReleaseTrack == 'stable'",
	// 	],
	// },

	// Define users and devices that can use Tailscale SSH.
	"ssh": [
		// Allow all users to SSH into their own devices in check mode.
		// Comment this section out if you want to define specific restrictions.
		{
			"action": "check",
			"src":    ["autogroup:member"],
			"dst":    ["autogroup:self"],
			"users":  ["autogroup:nonroot", "root"],
		},
	],

	// Test access rules every time they're saved.
	// "tests": [
	//  	{
	//  		"src": "alice@example.com",
	//  		"accept": ["tag:example"],
	//  		"deny": ["100.101.102.103:443"],
	//  	},
	// ],
}