Tailscale 鏄竴绉嶅熀浜?WireGuard 鐨勮櫄鎷熺粍缃戝伐鍏凤紝瀹冨湪鐢ㄦ埛鎬佸疄鐜颁簡 WireGuard 鍗忚锛岀浉姣斾簬鍐呮牳鎬?WireGuard 鎬ц兘浼氭湁鎵€鎹熷け锛屼絾鍦ㄥ姛鑳藉拰鏄撶敤鎬т笂涓嬩簡寰堝ぇ鍔熷か锛?/p>
- 寮€绠卞嵆鐢?
- 鏃犻渶閰嶇疆闃茬伀澧?/li>
- 娌℃湁棰濆鐨勯厤缃?/li>
- 楂樺畨鍏ㄦ€?绉佸瘑鎬?
- 鑷姩瀵嗛挜杞崲
- 鐐瑰鐐硅繛鎺?/li>
- 鏀寔鐢ㄦ埛瀹℃煡绔埌绔殑璁块棶璁板綍
- 鍦ㄥ師鏈夌殑 ICE銆丼TUN 绛?UDP 鍗忚澶栵紝瀹炵幇浜?DERP TCP 鍗忚鏉ュ疄鐜?NAT 绌块€?/li>
- 鍩轰簬鍏綉鐨勬帶鍒舵湇鍔″櫒涓嬪彂 ACL 鍜岄厤缃紝瀹炵幇鑺傜偣鍔ㄦ€佹洿鏂?/li>
- 閫氳繃绗笁鏂癸紙濡?Google锛?SSO 鏈嶅姟鐢熸垚鐢ㄦ埛鍜岀閽ワ紝瀹炵幇韬唤璁よ瘉
绠€鑰岃█涔嬶紝鎴戜滑鍙互灏?Tailscale 鐪嬫垚鏄洿涓烘槗鐢ㄣ€佸姛鑳芥洿瀹屽杽鐨?WireGuard銆?/p>
鍏夋湁杩欎簺杩樹笉澶燂紝浣滀负涓€涓櫧瀚栧厷锛屽挶鏇村叧蹇冪殑鏄?strong>鍏嶈垂涓?strong>寮€婧?/strong>銆?/p>
Tailscale 鏄竴娆惧晢涓氫骇鍝侊紝浣嗕釜浜虹敤鎴锋槸鍙互鐧藉珫鐨勶紝涓汉鐢ㄦ埛鍦ㄦ帴鍏ヨ澶囦笉瓒呰繃 20 鍙扮殑鎯呭喌涓嬫槸鍙互鍏嶈垂浣跨敤鐨勶紙铏界劧鏈変竴浜涢檺鍒讹紝姣斿瀛愮綉缃戞鏃犳硶鑷畾涔夛紝涓旀棤娉曡缃涓瓙缃戯級銆傞櫎 Windows 鍜?macOS 鐨勫浘褰㈠簲鐢ㄧ▼搴忓锛屽叾浠?Tailscale 瀹㈡埛绔殑缁勪欢锛堝寘鍚?Android 瀹㈡埛绔級鏄湪 BSD 璁稿彲涓嬩互寮€婧愰」鐩殑褰㈠紡寮€鍙戠殑锛屼綘鍙互鍦ㄤ粬浠殑 GitHub 浠撳簱鎵惧埌鍚勪釜鎿嶄綔绯荤粺鐨勫鎴风婧愮爜銆?/p>
瀵逛簬澶ч儴浠界敤鎴锋潵璇达紝鐧藉珫 Tailscale 宸茬粡瓒冲浜嗭紝濡傛灉浣犳湁鏇撮珮鐨勯渶姹傦紝姣斿鑷畾涔夌綉娈碉紝鍙互閫夋嫨浠樿垂銆?/p>
鍘熸枃閾炬帴锛歨ttps://icloudnative.io/posts/how-to-set-up-or-migrate-headscale/
鎴戝氨涓嶆兂浠樿垂琛屼笉琛岋紵琛岋紝涓嶈繃寰楀線涓嬬湅銆?/strong>
Headscale 鏄粈涔?/h2>
Tailscale 鐨勬帶鍒舵湇鍔″櫒鏄笉寮€婧愮殑锛岃€屼笖瀵瑰厤璐圭敤鎴锋湁璇稿闄愬埗锛岃繖鏄汉瀹剁殑鎽囬挶鏍戯紝鍙互鐞嗚В銆傚ソ鍦ㄧ洰鍓嶆湁涓€娆惧紑婧愮殑瀹炵幇鍙?Headscale锛岃繖涔熸槸鍞竴鐨勪竴娆撅紝甯屾湜鑳藉彂灞曞.澶с€?/p>
Headscale 鐢辨娲茶埅澶╁眬鐨?Juan Font 浣跨敤 Go 璇█寮€鍙戯紝鍦?BSD 璁稿彲涓嬪彂甯冿紝瀹炵幇浜?Tailscale 鎺у埗鏈嶅姟鍣ㄧ殑鎵€鏈変富瑕佸姛鑳斤紝鍙互閮ㄧ讲鍦ㄤ紒涓氬唴閮紝娌℃湁浠讳綍璁惧鏁伴噺鐨勯檺鍒讹紝涓旀墍鏈夌殑缃戠粶娴侀噺閮界敱鑷繁鎺у埗銆?/p>
Headscale 閮ㄧ讲
浣跨敤 Sealos 涓€閿儴缃?/h3>
濡傛灉浣犲珜涓嬮潰澶暱涓嶇湅锛屽彲浠ラ€夋嫨鐩存帴浣跨敤 Sealos 搴旂敤妯℃澘涓€閿儴缃诧紝鏈夋墜灏辫锛屽暐閮戒笉闇€瑕佽缃€?/p>
鐩存帴澶嶅埗涓嬮潰鐨勯摼鎺ョ矘璐村埌娴忚鍣ㄦ墦寮€ Sealos 鐨勫簲鐢ㄦā鏉块儴缃茬晫闈細
- https://template.cloud.sealos.io/deploy?templateName=headscale
濡傛灉鎮ㄦ槸绗竴娆℃墦寮€ Sealos锛岄渶瑕佸厛娉ㄥ唽鐧诲綍璐﹀彿銆?/p>
鐒跺悗鐐瑰嚮銆岄儴缃插簲鐢ㄣ€嶆寜閽紑濮嬮儴缃层€傞儴缃插畬鎴愬悗锛屼綘浼氱湅鍒颁袱涓簲鐢紝涓€涓槸 Headscale锛屽彟涓€涓垯鏄?Headscale 鍙鍖栫晫闈€?/p>
鐐瑰嚮 Headscale 搴旂敤鐨勩€岃鎯呫€嶈繘鍏ヨ鎯呴〉闈€傚唴缃戠鍙?8080 瀵瑰簲鐨勫缃戝湴鍧€灏辨槸 Headscale 鐨勫叕缃戝煙鍚嶃€?/p>
Headscale 鍏綉鍩熷悕鍚庨潰璺熶笂璺緞 /admin/ 鍗冲彲鎵撳紑鍙鍖栫晫闈€?/p>
鍦?Linux 涓婇儴缃?/h3>
鍦?Linux 涓婄殑閮ㄧ讲姝ラ灏辩◢寰鏉傜偣浜?/p>
鐞嗚涓婃潵璇村彧瑕佷綘鐨?Headscale 鏈嶅姟鍙互鏆撮湶鍒板叕缃戝嚭鍙e氨琛岋紝浣嗘渶濂戒笉瑕佹湁 NAT锛屾墍浠ユ帹鑽愬皢 Headscale 閮ㄧ讲鍦ㄦ湁鍏綉 IP 鐨勪簯涓绘満涓娿€?/p>
棣栧厛闇€瑕佸埌鍏?GitHub 浠撳簱鐨?Release 椤甸潰涓嬭浇鏈€鏂扮増鐨勪簩杩涘埗鏂囦欢銆?/p>
$ wget --output-document=/usr/local/bin/headscale \
https://github.com/juanfont/headscale/releases/download/v<HEADSCALE VERSION>/headscale_<HEADSCALE VERSION>_linux_<ARCH>
$ chmod +x /usr/local/bin/headscale
鍒涘缓閰嶇疆鐩綍锛?/p>
$ mkdir -p /etc/headscale
鍒涘缓鐩綍鐢ㄦ潵瀛樺偍鏁版嵁涓庤瘉涔︼細
$ mkdir -p /var/lib/headscale
鍒涘缓绌虹殑 SQLite 鏁版嵁搴撴枃浠讹細
$ touch /var/lib/headscale/db.sqlite
鍒涘缓 Headscale 閰嶇疆鏂囦欢锛?/p>
$ wget https://github.com/juanfont/headscale/raw/main/config-example.yaml -O /etc/headscale/config.yaml
- 淇敼閰嶇疆鏂囦欢锛屽皢
server_url鏀逛负鍏綉 IP 鎴栧煙鍚嶃€?strong>濡傛灉鏄浗鍐呮湇鍔″櫒锛屽煙鍚嶅繀椤昏澶囨銆傛垜鐨勫煙鍚嶆棤娉曞妗堬紝鎵€浠ユ垜灏辩洿鎺ョ敤鍏綉 IP 浜嗐€?/li> - 濡傛灉鏆傛椂鐢ㄤ笉鍒?DNS 鍔熻兘锛屽彲浠ュ厛灏?
magic_dns璁句负 false銆?/li> -
server_url璁剧疆涓?http://<PUBLIC_ENDPOINT>:8080锛屽皢<PUBLIC_ENDPOINT>鏇挎崲涓哄叕缃?IP 鎴栬€呭煙鍚嶃€?/li> - 寤鸿鎵撳紑闅忔満绔彛锛屽皢 randomize_client_port 璁句负 true銆?/li>
- 鍙嚜瀹氫箟绉佹湁缃戞锛屼篃鍙悓鏃跺紑鍚?IPv4 鍜?IPv6锛?
ip_prefixes: # - fd7a:115c:a1e0::/48 - 100.64.0.0/16
鍒涘缓 SystemD service 閰嶇疆鏂囦欢锛?/p>
# /etc/systemd/system/headscale.service
[Unit]
Description=headscale controller
After=syslog.target
After=network.target
[Service]
Type=simple
User=headscale
Group=headscale
ExecStart=/usr/local/bin/headscale serve
Restart=always
RestartSec=5
# Optional security enhancements
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
ReadWritePaths=/var/lib/headscale /var/run/headscale
AmbientCapabilities=CAP_NET_BIND_SERVICE
RuntimeDirectory=headscale
[Install]
WantedBy=multi-user.target
鍒涘缓 headscale 鐢ㄦ埛锛?/p>
$ useradd headscale -d /home/headscale -m
淇敼 /var/lib/headscale 鐩綍鐨?owner锛?/p>
$ chown -R headscale:headscale /var/lib/headscale
淇敼閰嶇疆鏂囦欢涓殑 unix_socket锛?/p>
unix_socket: /var/run/headscale/headscale.sock
Reload SystemD 浠ュ姞杞芥柊鐨勯厤缃枃浠讹細
$ systemctl daemon-reload
鍚姩 Headscale 鏈嶅姟骞惰缃紑鏈鸿嚜鍚細
$ systemctl enable --now headscale
鏌ョ湅杩愯鐘舵€侊細
$ systemctl status headscale
鏌ョ湅鍗犵敤绔彛锛?/p>
$ ss -tulnp|grep headscale
tcp LISTEN 0 1024 [::]:9090 [::]:* users:(("headscale",pi
d=10899,fd=13))
tcp LISTEN 0 1024 [::]:50443 [::]:* users:(("headscale",pi
d=10899,fd=10))
tcp LISTEN 0 1024 [::]:8080 [::]:* users:(("headscale",pi
d=10899,fd=12))
鍒涘缓鐢ㄦ埛
鍛戒护琛?/h3>
Tailscale 涓湁涓€涓蹇靛彨 tailnet锛屼綘鍙互鐞嗚В鎴愮鎴凤紝绉熸埛涓庣鎴蜂箣闂存槸鐩镐簰闅旂鐨勶紝鍏蜂綋鐪嬪弬鑰?Tailscale 鐨勫畼鏂规枃妗o細What is a tailnet銆侶eadscale 涔熸湁绫讳技鐨勫疄鐜板彨 user锛屽嵆鐢ㄦ埛銆傛垜浠渶瑕佸厛鍒涘缓涓€涓?user锛屼互渚垮悗缁鎴风鎺ュ叆锛屼緥濡傦細
$ headscale user create default
鏌ョ湅鍛藉悕绌洪棿锛?/p>
$ headscale user list
ID | Name | Created
1 | default | 2022-03-09 06:12:06
濡傛灉浣犳槸閫氳繃 Sealos 涓€閿儴缃茬殑 Headscale锛屽彲浠ュ湪 Headscale 搴旂敤鐨勮鎯呴〉闈㈢偣鍑诲彸渚х殑銆岀粓绔€嶆寜閽繘鍏?Headscale 瀹瑰櫒鐨勭粓绔細
鐒跺悗鍦ㄧ粓绔腑鎵ц涓婅堪鍛戒护鍒涘缓 user銆?/p>
鍙鍖栫晫闈?/h3>
Headscale-Admin 闇€瑕侀€氳繃 API Key 鏉ユ帴鍏?Headscale锛屾墍浠ュ湪浣跨敤涔嬪墠鎴戜滑闇€瑕佸厛鍒涘缓涓€涓?API key銆傚湪 Headscale 搴旂敤鐨勮鎯呴〉闈㈢偣鍑诲彸渚х殑銆岀粓绔€嶆寜閽繘鍏?Headscale 瀹瑰櫒鐨勭粓绔細
鐒跺悗鎵ц浠ヤ笅鍛戒护鍒涘缓 API Key锛?/p>
$ headscale apikey create
灏?Headscale 鍏綉鍩熷悕鍜?API Key 濉叆 Headscale-Admin 鐨勮缃〉闈紝鍚屾椂鍙栨秷鍕鹃€?Legacy API锛岀劧鍚庣偣鍑汇€孲ave銆嶏細
鎺ュ叆鎴愬姛鍚庯紝鐐瑰嚮宸﹁竟渚ф爮鐨勩€孶sers銆嶏紝鐒跺悗鐐瑰嚮銆孋reate銆嶅紑濮嬪垱寤虹敤鎴凤細
Tailscale 瀹㈡埛绔帴鍏?/h2>
鐩墠闄や簡 iOS 瀹㈡埛绔紝鍏朵粬骞冲彴鐨勫鎴风閮芥湁鍔炴硶鑷畾涔?Tailscale 鐨勬帶鍒舵湇鍔″櫒銆?/p>
| OS | 鏄惁鏀寔 Headscale |
|---|---|
| Linux | Yes |
| OpenBSD | Yes |
| FreeBSD | Yes |
| macOS | Yes |
| Windows | Yes 鍙傝€?Windows 瀹㈡埛绔枃妗? |
| Android | Yes |
| iOS | Yes |
鎴戜滑鍏堟潵鐪嬩笅 Linux 骞冲彴鐨勬帴鍏ャ€?/p>
Linux
Tailscale 瀹樻柟鎻愪緵浜嗗悇绉?Linux 鍙戣鐗堢殑杞欢鍖咃紝浣嗗浗鍐呯殑缃戠粶浣犳噦寰楋紝杞欢婧愭牴鏈敤涓嶄簡銆傚ソ鍦ㄥ畼鏂硅繕鎻愪緵浜嗛潤鎬佺紪璇戠殑浜岃繘鍒舵枃浠讹紝鎴戜滑鍙互鐩存帴涓嬭浇銆備緥濡傦細
$ wget https://pkgs.tailscale.com/stable/tailscale_1.22.2_amd64.tgz
瑙e帇锛?/p>
$ tar zxvf tailscale_1.22.2_amd64.tgz
x tailscale_1.22.2_amd64/
x tailscale_1.22.2_amd64/tailscale
x tailscale_1.22.2_amd64/tailscaled
x tailscale_1.22.2_amd64/systemd/
x tailscale_1.22.2_amd64/systemd/tailscaled.defaults
x tailscale_1.22.2_amd64/systemd/tailscaled.service
灏嗕簩杩涘埗鏂囦欢澶嶅埗鍒板畼鏂硅蒋浠跺寘榛樿鐨勮矾寰勪笅锛?/p>
$ cp tailscale_1.22.2_amd64/tailscaled /usr/sbin/tailscaled
$ cp tailscale_1.22.2_amd64/tailscale /usr/bin/tailscale
灏?systemD service 閰嶇疆鏂囦欢澶嶅埗鍒扮郴缁熻矾寰勪笅锛?/p>
$ cp tailscale_1.22.2_amd64/systemd/tailscaled.service /lib/systemd/system/tailscaled.service
灏嗙幆澧冨彉閲忛厤缃枃浠跺鍒跺埌绯荤粺璺緞涓嬶細
$ cp tailscale_1.22.2_amd64/systemd/tailscaled.defaults /etc/default/tailscaled
鍚姩 tailscaled.service 骞惰缃紑鏈鸿嚜鍚細
$ systemctl enable --now tailscaled
鏌ョ湅鏈嶅姟鐘舵€侊細
$ systemctl status tailscaled
Tailscale 鎺ュ叆 Headscale锛?/p>
# 濡傛灉浣犳槸鍦ㄨ嚜宸辩殑鏈嶅姟鍣ㄤ笂閮ㄧ讲鐨勶紝璇峰皢 <HEADSCALE_PUB_ENDPOINT> 鎹㈡垚浣犵殑 Headscale 鍏綉 IP 鎴栧煙鍚?
$ tailscale up --login-server=http://<HEADSCALE_PUB_ENDPOINT>:8080 --accept-routes=true --accept-dns=false
# 濡傛灉浣犳槸浣跨敤 Sealos 涓€閿儴缃茬殑锛岃灏?<HEADSCALE_PUB_ENDPOINT> 鎹㈡垚涓婃枃鎻愬埌鐨?Sealos 涓殑 Headscale 鍏綉鍩熷悕
$ tailscale up --login-server=https://<HEADSCALE_PUB_ENDPOINT> --accept-routes=true --accept-dns=false
浣犱篃鍙互鍦?Headsca-Admin 鐨?Deploy 鐣岄潰鑾峰彇鎺ュ叆鍛戒护锛?/p>
杩欓噷鎺ㄨ崘灏?DNS 鍔熻兘鍏抽棴锛屽洜涓哄畠浼氳鐩栫郴缁熺殑榛樿 DNS銆傚鏋滀綘瀵?DNS 鏈夐渶姹傦紝鍙嚜宸辩爺绌跺畼鏂规枃妗o紝杩欓噷涓嶅啀璧樿堪銆?/p>
鎵ц瀹屼笂闈㈢殑鍛戒护鍚庯紝浼氬嚭鐜颁笅闈㈢殑淇℃伅锛?/p>
To authenticate, visit:
https://qgemohpy.cloud.sealos.io/register/mkey:e13651ddbfc269513723f1afd6f42465e56922b67ecea8f37d61a35b1b357e0c
鍦ㄦ祻瑙堝櫒涓墦寮€璇ラ摼鎺ワ紝灏变細鍑虹幇濡備笅鐨勭晫闈細
灏嗗叾涓殑鍛戒护澶嶅埗绮樿创鍒?headscale 鎵€鍦ㄦ満鍣ㄧ殑缁堢涓紝骞跺皢 USERNAME 鏇挎崲涓哄墠闈㈡墍鍒涘缓鐨?user銆?/p>
$ headscale nodes register --user default --key 905cf165204800247fbd33989dbc22be95c987286c45aac3033937041150d846
Machine register
娉ㄥ唽鎴愬姛锛屾煡鐪嬫敞鍐岀殑鑺傜偣锛?/p>
$ headscale nodes list
ID | Name | NodeKey | Namespace | IP addresses | Ephemeral | Last seen | Onlin
e | Expired
1 | coredns | [Ew3RB] | default | 100.64.0.1 | false | 2022-03-20 09:08:58 | onlin
e | no
鍥炲埌 Tailscale 瀹㈡埛绔墍鍦ㄧ殑 Linux 涓绘満锛屽彲浠ョ湅鍒?Tailscale 浼氳嚜鍔ㄥ垱寤虹浉鍏崇殑璺敱琛ㄥ拰 iptables 瑙勫垯銆傝矾鐢辫〃鍙€氳繃浠ヤ笅鍛戒护鏌ョ湅锛?/p>
$ ip route show table 52
鏌ョ湅 iptables 瑙勫垯锛?/p>
$ iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N ts-forward
-N ts-input
-A INPUT -j ts-input
-A FORWARD -j ts-forward
-A ts-forward -i tailscale0 -j MARK --set-xmark 0x40000/0xffffffff
-A ts-forward -m mark --mark 0x40000 -j ACCEPT
-A ts-forward -s 100.64.0.0/10 -o tailscale0 -j DROP
-A ts-forward -o tailscale0 -j ACCEPT
-A ts-input -s 100.64.0.5/32 -i lo -j ACCEPT
-A ts-input -s 100.115.92.0/23 ! -i tailscale0 -j RETURN
-A ts-input -s 100.64.0.0/10 ! -i tailscale0 -j DROP
$ iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A ts-postrouting -m mark --mark 0x40000 -j MASQUERADE
macOS
macOS 鏈?3 绉嶅畨瑁呮柟娉曪細
- 鐩存帴閫氳繃搴旂敤鍟嗗簵瀹夎锛屽湴鍧€锛歨ttps://apps.apple.com/ca/app/tailscale/id1475387142銆傚墠鎻愭槸浣?strong>闇€瑕佷竴涓編鍖?ID銆傘€傘€?/li>
- 涓嬭浇瀹夎鍖呯洿鎺ュ畨瑁咃紝缁曡繃搴旂敤鍟嗗簵銆?/li>
- 瀹夎寮€婧愮殑鍛戒护琛屽伐鍏?
tailscale鍜?tailscaled銆傜浉鍏抽摼鎺ワ細https://github.com/tailscale/tailscale/wiki/Tailscaled-on-macOS銆?/li>
杩欎笁绉嶅畨瑁呭寘鐨勬牳蹇冩暟鎹寘澶勭悊浠g爜鏄浉鍚岀殑锛屽敮涓€鐨勫尯鍒湪浜庡湪浜庢墦鍖呮柟寮忎互鍙婁笌绯荤粺鐨勪氦浜掓柟寮忋€?/p>
搴旂敤鍟嗗簵閲岀殑搴旂敤杩愯鍦ㄤ竴涓簲鐢ㄦ矙绠变腑锛屼笌绯荤粺鐨勫叾浠栭儴鍒嗛殧绂汇€傚湪娌欑鍐咃紝搴旂敤鍙互鏄竴涓綉缁滄墿灞曪紝浠ュ疄鐜?VPN 鎴栬€呯被 VPN 鐨勫姛鑳姐€傜綉缁滄墿灞曞疄鐜扮殑鍔熻兘瀵瑰簲鐢ㄥ晢搴椾箣澶栫殑搴旂敤鏄棤娉曠敓鏁堢殑銆?/p>
浠?macOS 浠?10.15 寮€濮嬫柊澧炰簡绯荤粺鎵╁睍锛岃鐧戒簡灏辨槸杩愯鍦ㄧ敤鎴锋€佺殑鍐呮牳鎵╁睍锛屽畠鐩告瘮浜庝紶缁熺殑缃戠粶鎵╁睍澧炲己浜嗗緢澶氬姛鑳斤紝姣斿鍐呭杩囨护銆侀€忔槑浠g悊銆丏NS 浠g悊绛夈€俆ailscale 鐙珛浜庡簲鐢ㄥ晢搴楃殑瀹夎鍖呬娇鐢ㄧ殑灏辨槸绯荤粺鎵╁睍锛岄€氳繃 DMG 鎴栬€?zip 鍘嬬缉鍖呰繘琛屽垎鍙戙€?/p>
{{< alert >}}
涓嶈鍚屾椂瀹夎搴旂敤鍟嗗簵鐗堟湰鍜岀嫭绔嬪垎鍙戠増鏈紝鍚屾椂鍙兘瑁呬竴涓€?br>
{{< /alert >}}
鑰屽懡浠よ宸ュ叿鏃㈡病鏈変娇鐢ㄧ綉缁滄墿灞曚篃娌℃湁浣跨敤绯荤粺鎵╁睍锛岃€屾槸浣跨敤鐨?utun 鎺ュ彛锛岀浉姣斾簬 GUI 鐗堟湰缂哄皯浜嗛儴鍒嗗姛鑳斤紝姣斿 MagicDNS 鍜?Taildrop銆?/p>
鎬昏锛?/p>
| 搴旂敤鍟嗗簵锛堢綉缁滄墿灞曪級 | 鐙珛搴旂敤锛堢郴缁熸墿灞曪級 | 鍛戒护琛岀増鏈?/th> | |
|---|---|---|---|
| 鏄惁鍙敤 | yes | yes, beta | yes |
| 鍥惧舰鐣岄潰 | yes | yes | no; CLI |
| macOS 鏈€浣庣増鏈?/td> | macOS 10.13 | macOS 10.15 | macOS 10.13 |
| 鍚庡彴杩愯 | no; sandboxed | 鐞嗚涓婃敮鎸? 灏氭湭瀹炵幇 | yes |
| 浣跨敤鐨勯挜鍖欎覆馃攽 | 鐢ㄦ埛绾?/td> | 绯荤粺绾?/td> | 鐩存帴瀛樻斁鍦ㄦ枃浠朵腑 |
| 娌欑洅闅旂 | yes | no | no |
| 鑷姩鏇存柊 | yes; 搴旂敤鍟嗗簵鐩存帴鏇存柊 | yes; Sparkle | no |
| 鏄惁寮€婧?/td> | no | no | yes |
| MagicDNS | yes | yes | yes |
| Taildrop | yes | yes | 鏈疄鐜?/td> |
瀹夎瀹?GUI 鐗堝簲鐢ㄥ悗杩橀渶瑕佸仛涓€浜涢獨鎿嶄綔锛屾墠鑳借 Tailscale 浣跨敤 Headscale 浣滀负鎺у埗鏈嶅姟鍣ㄣ€傚綋鐒讹紝Headscale 宸茬粡缁欐垜浠彁渚涗簡璇︾粏鐨勬搷浣滄楠わ紝浣犲彧闇€瑕佸湪娴忚鍣ㄤ腑鎵撳紑 URL锛?code>https://<HEADSCALE_PUB_ENDPOINT>/apple锛屼究浼氬嚭鐜板涓嬬殑鐣岄潰锛?/p>
瀵逛簬 1.34.0 鍙婁互涓婄殑 Tailscale 鐗堟湰锛屽彲浠ユ寜鐓т笅闈㈢殑鏂规硶鏉ユ搷浣滐細
-
闀挎寜銆孉LT銆嶉敭锛岀劧鍚庣偣鍑婚《閮ㄨ彍鍗曟爮鐨?Tailscale 鍥炬爣锛岀劧鍚庡皢榧犳爣鎸囬拡鎮仠鍦ㄣ€孌ebug銆嶈彍鍗曚笂銆?/p>
鍦ㄣ€孋ustom Login Server銆嶄笅鏂归€夋嫨銆孉dd Account...銆嶃€?/p>
-
鍦ㄦ墦寮€鐨勫脊绐椾腑濉叆 Headscale 鐨勫叕缃戝煙鍚嶏紝鐒跺悗鐐瑰嚮銆孉dd Account銆嶃€?/p>
-
鐒跺悗绔嬮┈灏变細璺宠浆鍒版祻瑙堝櫒骞舵墦寮€涓€涓〉闈€?/p>
-
鎺ヤ笅鏉ヤ笌涔嬪墠 Linux 瀹㈡埛绔浉鍚岋紝鍥炲埌 Headscale 鎵€鍦ㄧ殑鏈哄櫒鎵ц娴忚鍣ㄤ腑鐨勫懡浠ゅ嵆鍙紝娉ㄥ唽鎴愬姛锛?/p>
鍥炲埌 Headscale 鎵€鍦ㄤ富鏈猴紝鏌ョ湅娉ㄥ唽鐨勮妭鐐癸細
$ headscale nodes list
ID | Name | NodeKey | Namespace | IP addresses | Ephemeral | Last seen | Onlin
e | Expired
1 | coredns | [Ew3RB] | default | 100.64.0.1 | false | 2022-03-20 09:08:58 | onlin
e | no
2 | carsondemacbook-pro | [k7bzX] | default | 100.64.0.2 | false | 2022-03-20 09:48:30 | online | no
鍥炲埌 macOS锛屾祴璇曟槸鍚﹁兘 ping 閫氬绔妭鐐癸細
$ ping -c 2 100.64.0.1
PING 100.64.0.1 (100.64.0.1): 56 data bytes
64 bytes from 100.64.0.1: icmp_seq=0 ttl=64 time=37.025 ms
64 bytes from 100.64.0.1: icmp_seq=1 ttl=64 time=38.181 ms
--- 100.64.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 37.025/37.603/38.181/0.578 ms
涔熷彲浠ヤ娇鐢?Tailscale CLI 鏉ユ祴璇曪細
$ /Applications/Tailscale.app/Contents/MacOS/Tailscale ping 100.64.0.1
pong from coredns (100.64.0.1) via xxxx:41641 in 36ms
瀵逛簬鐗堟湰鍙蜂綆浜?1.32.0 鐨?Tailscale 瀹㈡埛绔紝浣犲彧闇€瑕佹寜鐓у浘涓墍杩扮殑姝ラ鎿嶄綔鍗冲彲锛屾湰鏂囧氨涓嶅啀璧樿堪浜嗐€?/p>
Android
Android 瀹㈡埛绔粠 1.30.0 鐗堟湰寮€濮嬫敮鎸佽嚜瀹氫箟鎺у埗鏈嶅姟鍣紙鍗?coordination server锛夛紝浣犲彲浠ラ€氳繃 Google Play 鎴栬€?F-Droid 涓嬭浇鏈€鏂扮増鏈殑瀹㈡埛绔€?/p>
瀹夎瀹屾垚鍚庢墦寮€ Tailscale App锛屼細鍑虹幇濡備笅鐨勭晫闈細
<img src="https://cdn.jsdelivr.us/gh/yangchuansheng/imghosting4@main/uPic/2022-11-22-18-12-m2IYpv.jpeg">
鐐瑰紑鍙充笂瑙掔殑鈥滀笁涓偣鈥濓紝浣犱細鐪嬪埌鍙湁涓€涓?About 閫夐」锛?/p>
<img src="https://cdn.jsdelivr.us/gh/yangchuansheng/imghosting4@main/uPic/2022-11-22-18-14-ghdl4A.jpeg">
鎺ヤ笅鏉ュ氨闇€瑕佷竴浜涢獨鎿嶄綔浜嗭紝浣犻渶瑕佸弽澶嶄笉鍋滃湴鐐瑰紑鍐嶅叧闂?/strong>鍙充笂瑙掔殑鈥滀笁涓偣鈥濓紝閲嶅涓夊洓娆′箣鍚庯紝渚夸細鍑虹幇涓€涓? <img src="https://cdn.jsdelivr.us/gh/yangchuansheng/imghosting4@main/uPic/2022-11-22-18-23-mcAexh.jpeg"> 鐐瑰嚮 <img src="https://cdn.jsdelivr.us/gh/yangchuansheng/imghosting4@main/uPic/2022-11-22-18-37-fkRIxW.jpeg"> 鐒跺悗鐐瑰嚮 <img src="https://cdn.jsdelivr.us/gh/yangchuansheng/imghosting6@main/uPic/2024-01-07-19-39-fKOCTT.jpg"> 灏嗗叾涓殑鍛戒护绮樿创鍒?Headscale 鎵€鍦ㄤ富鏈虹殑缁堢锛屽皢 USER 鏇挎崲涓轰箣鍓嶅垱寤虹殑 user锛岀劧鍚庢墽琛屽懡浠ゅ嵆鍙€傛敞鍐屾垚鍔熷悗鍙皢璇ラ〉闈㈠叧闂紝鍥炲埌 App 涓婚〉锛屾晥鏋滃鍥撅細 <img src="https://cdn.jsdelivr.us/gh/yangchuansheng/imghosting6@main/uPic/2024-01-07-20-21-2e8CKX.jpg"> Windows Tailscale 瀹㈡埛绔兂瑕佷娇鐢?Headscale 浣滀负鎺у埗鏈嶅姟鍣紝鍙渶鍦ㄦ祻瑙堝櫒涓墦寮€ URL锛?code>https://<HEADSCALE_PUB_ENDPOINT>/windows锛屼究浼氬嚭鐜板涓嬬殑鐣岄潰锛?/p>
鎸夌収鍏朵腑鐨勬楠ゆ搷浣滃嵆鍙€?/p>
闄や簡甯歌鐨?Linux 鍙戣鐗堜箣澶栵紝杩樻湁涓€浜涚壒娈婂満鏅殑 Linux 鍙戣鐗堬紝姣斿 OpenWrt銆佸▉鑱旈€氾紙QNAP锛夈€佺兢鏅栫瓑锛岃繖浜涘彂琛岀増鐨勫畨瑁呮柟娉曞凡缁忔湁浜哄啓濂戒簡锛岃繖閲屽氨涓嶈缁嗘弿杩颁簡锛屾垜鍙粰鍑虹浉鍏崇殑 GitHub 浠撳簱锛屽ぇ瀹跺鏋滆嚜宸辨湁闇€姹傦紝鐩存帴鍘荤湅鐩稿叧浠撳簱鐨勬枃妗e嵆鍙€?/p>
iOS 绯荤粺鐩存帴浠庡簲鐢ㄥ晢搴楀畨瑁呭嵆鍙紝褰撶劧鍓嶆彁鏄綘闇€瑕佹湁涓€涓編鍖?ID銆?/p>
瀹夎瀹屾垚鍚庢墦寮€ Tailscale 纭浣犳病鏈夌櫥褰曚换浣曡处鍙枫€傜劧鍚庢墦寮€銆岃缃€嶏紝鍚戜笅婊戝姩锛屽湪銆孏ame Center銆嶆垨鑰呫€岀數瑙嗘彁渚涘晢銆嶄笅鏂规壘鍒般€孴ailscale銆嶏紝鐒跺悗鐐瑰嚮杩涘幓銆?/p>
濡傛灉浣犵殑璁惧涔嬪墠鐧诲綍杩?Tailscale 鏈嶅姟绔紝闇€瑕佸皢銆孯eset Keychain銆嶉€夐」鎵撳紑銆?/p>
鍦ㄣ€孉lternate Coordination Server URL銆嶄笅鏂硅緭鍏ヤ綘鐨?Headscale 鍏綉鍩熷悕銆?/p> 浠?iOS 搴旂敤绋嬪簭鍒囨崲鍣ㄤ腑鍏抽棴 Tailscale 鍐嶉噸鏂版墦寮€锛岀劧鍚庨€夋嫨銆孡og in銆嶏紝灏变細寮瑰嚭涓€涓?Headscale 韬唤璁よ瘉椤甸潰銆?/p>
灏?Headscale 韬唤璁よ瘉椤甸潰涓殑鍛戒护澶嶅埗绮樿创鍒?headscale 鎵€鍦ㄥ鍣ㄧ殑缁堢涓紝骞跺皢 USERNAME 鏇挎崲涓哄墠闈㈡墍鍒涘缓鐨?user銆?/p>
娉ㄥ唽鎴愬姛銆?/p>
鍓嶉潰鐨勬帴鍏ユ柟娉曢兘闇€瑕佹湇鍔$鍚屾剰锛屾楠ゆ瘮杈冪儲鐞愶紝鍏跺疄杩樻湁鏇寸畝鍗曠殑鏂规硶锛屽彲浠ョ洿鎺ユ帴鍏ワ紝涓嶉渶瑕佹湇鍔$鍚屾剰銆?/p>
棣栧厛鍦ㄦ湇鍔$鐢熸垚 pre-authkey 鐨?token锛屾湁鏁堟湡鍙互璁剧疆涓?24 灏忔椂锛?/p>
鏌ョ湅宸茬粡鐢熸垚鐨?key锛?/p>
褰撶劧浣犱篃鍙互鍦?Headscale-Admin 涓敓鎴愩€傜偣鍑诲鎴风鎯冲姞鍏ョ殑 User锛?/p>
鍦ㄥ脊鍑虹殑鐣岄潰涓偣鍑汇€孭reAuth Keys銆嶅彸渚х殑 鍒涘缓鎴愬姛鍚庯紝鐐瑰嚮绾㈡鍖哄煙渚垮彲澶嶅埗璇?PreAuth Key锛?/p>
鐜板湪鏂拌妭鐐瑰氨鍙互鏃犻渶鏈嶅姟绔悓鎰忕洿鎺ユ帴鍏ヤ簡锛?/p>
鍒扮洰鍓嶄负姝㈡垜浠彧鏄墦閫犱簡涓€涓偣瀵圭偣鐨?Mesh 缃戠粶锛屽悇涓妭鐐逛箣闂撮兘鍙互閫氳繃 WireGuard 鐨勭鏈夌綉缁?IP 杩涜鐩磋繛銆備絾鎴戜滑鍙互鏇村ぇ鑳嗕竴鐐癸紝杩樿寰楁垜鍦ㄦ枃绔犲紑澶存彁鍒扮殑璁块棶瀹跺涵鍐呯綉鐨勮祫婧愬悧锛熸垜浠彲浠ラ€氳繃閫傚綋鐨勯厤缃姣忎釜鑺傜偣閮借兘璁块棶鍏朵粬鑺傜偣鐨勫眬鍩熺綉 IP銆傝繖涓娇鐢ㄥ満鏅氨姣旇緝澶氫簡锛屼綘鍙互鐩存帴璁块棶瀹跺涵鍐呯綉鐨?NAS锛屾垨鑰呭唴缃戠殑浠讳綍涓€涓湇鍔★紝鏇撮珮绾х殑鐜╁鍙互浣跨敤杩欎釜鏂规硶鏉ヨ闂簯涓?Kubernetes 闆嗙兢鐨?Pod IP 鍜?Service IP銆?/strong> 鍋囪浣犵殑瀹跺涵鍐呯綉鏈変竴鍙?Linux 涓绘満锛堟瘮濡?OpenWrt锛夊畨瑁呬簡 Tailscale 瀹㈡埛绔紝鎴戜滑甯屾湜鍏朵粬 Tailscale 瀹㈡埛绔彲浠ョ洿鎺ラ€氳繃瀹朵腑鐨勫眬鍩熺綉 IP锛堜緥濡?192.168.100.0/24锛?璁块棶瀹跺涵鍐呯綉鐨勪换浣曚竴鍙拌澶囥€?/p>
閰嶇疆鏂规硶寰堢畝鍗曪紝棣栧厛闇€瑕佽缃?IPv4 涓?IPv6 璺敱杞彂锛?/p>
瀹㈡埛绔慨鏀规敞鍐岃妭鐐圭殑鍛戒护锛屽湪鍘熸潵鍛戒护鐨勫熀纭€涓婂姞涓婂弬鏁? 鍦?Headscale 绔煡鐪嬭矾鐢憋紝鍙互鐪嬪埌鐩稿叧璺敱鏄叧闂殑銆?/p>
寮€鍚矾鐢憋細 濡傛灉鏈夊鏉¤矾鐢遍渶瑕佺敤 涔熷彲浠ラ€氳繃鍙傛暟 -a 寮€鍚墍鏈夎矾鐢憋細 鍏朵粬鑺傜偣鏌ョ湅璺敱缁撴灉锛?/p>
鍏朵粬鑺傜偣鍚姩鏃堕渶瑕佸鍔? 鐜板湪浣犲湪浠讳綍涓€涓?Tailscale 瀹㈡埛绔墍鍦ㄧ殑鑺傜偣閮藉彲浠?ping 閫氬搴唴缃戠殑鏈哄櫒浜嗭紝浣犲湪鍏徃鎴栬€呮槦宸村厠涔熷彲浠ュ儚鍦ㄥ閲屼竴鏍风敤鍚屾牱鐨?IP 闅忔剰璁块棶瀹朵腑鐨勪换浣曚竴涓澶囷紝灏遍棶浣犻涓嶉锛?/p>
鐩墠浠庣ǔ瀹氭€ф潵鐪嬶紝Tailscale 姣斿叾浠栨満閬?WireGuard 鐨勭粍缃戝伐鍏风暐鑳滀竴绛癸紝鍩烘湰涓婁笉浼氭椂涓嶆椂鍑虹幇 ping 涓嶉€氱殑鎯呭喌锛岃繖鍙栧喅浜?Tailscale 鍦ㄧ敤鎴锋€佸 NAT 绌块€忔墍鍋氱殑绉嶇浼樺寲锛屼粬浠繕涓撻棬鍐欎簡涓€绡囨枃绔犱粙缁?NAT 绌块€忕殑鍘熺悊锛屼腑鏂囩増缈昏瘧鑷浗鍐呯殑 eBPF 澶т浆璧典簹妤狅紝澧欒鎺ㄨ崘澶у闃呰銆傛斁涓€寮犲浘缁欏ぇ瀹舵劅鍙椾竴涓嬶細Change server 閫夐」锛?/p>
Change server锛屽皢 headscale 鎺у埗鏈嶅姟鍣ㄧ殑鍦板潃濉繘鍘伙細Save and restart 閲嶅惎锛岀偣鍑?Sign in with other锛屽氨浼氳烦鍑鸿繖涓〉闈細Windows
鍏朵粬 Linux 鍙戣鐗?/h3>
iOS
$ headscale nodes register --user default --key mkey:1fbd9696ebb03b9394033949514345bc5dba0e570bc0d778f15f92a02d2dcb66
2023-12-29T09:55:38Z TRC DNS configuration loaded dns_config={"Nameservers":["1.1.1.1"],"Proxied":true,"Resolvers":[{"Addr":"1.1.1.1"}]}
Node localhost registered
閫氳繃 Pre-Authkeys 鎺ュ叆
$ headscale preauthkeys create -e 24h --user default
$ headscale --user default preauthkeys list
ID | Key | Reusable | Ephemeral | Used | Expiration | Created
1 | 57e419c40e30b0dxxxxxxxf15562c18a8c6xxxx28ae76f57 | false | false | false | 2022-05-30 07:14:17 | 2022-05-29 07:14:17
Create锛岃缃竴涓繃鏈熸椂闂达紙姣斿 100 骞磣锛夛紝濡傛灉鎯抽噸澶嶅埄鐢ㄨ繖涓?Key锛屽彲浠ュ嬀閫?Reusable锛屾渶鍚庣偣鍑?鉁咃細
$ tailscale up --login-server=http://<HEADSCALE_PUB_ENDPOINT>:8080 --accept-routes=true --accept-dns=false --authkey $KEY
鎵撻€氬眬鍩熺綉
$ echo 'net.ipv4.ip_forward = 1' | tee /etc/sysctl.d/ipforwarding.conf
$ echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.d/ipforwarding.conf
$ sysctl -p /etc/sysctl.d/ipforwarding.conf
--advertise-routes=192.168.100.0/24锛屽憡璇?Headscale 鏈嶅姟鍣ㄢ€滄垜杩欎釜鑺傜偣鍙互杞彂杩欎簺鍦板潃鐨勮矾鐢扁€濄€?/p>
$ tailscale up --login-server=http://<HEADSCALE_PUB_ENDPOINT>:8080 --accept-routes=true --accept-dns=false --advertise-routes=192.168.100.0/24 --reset
$ headscale nodes list|grep openwrt
6 | openwrt | [7LdVc] | default | 100.64.0.6 | false | 2022-03-20 15:50:46 | onlin
e | no
$ headscale routes list -i 6
Route | Enabled
192.168.100.0/24 | false
$ headscale routes enable -i 6 -r "192.168.100.0/24"
Route | Enabled
192.168.100.0/24 | true
, 闅斿紑锛?/p>
$ headscale routes enable -i 6 -r "192.168.100.0/24,xxxx"
$ headscale routes enable -i 6 -a
$ ip route show table 52|grep "192.168.100.0/24"
192.168.100.0/24 dev tailscale0
--accept-routes=true 閫夐」鏉ュ0鏄?鈥滄垜鎺ュ彈澶栭儴鍏朵粬鑺傜偣鍙戝竷鐨勮矾鐢扁€濄€?/p>
鎬荤粨
