1、準備條件
注冊Tailscale賬號 生成key,參考:https://tailscale.com/kb/1085/auth-keys?q=key site-to-site參考:https://tailscale.com/kb/1214/site-to-site?q=key
2、下載Debian CT模板并通過模板啟動實例
創建后別開機
3、修改CT配置
# 查看主機設備信息 # ls -al /dev/net/tun crw-rw-rw- 1 root root 10, 200 Aug 27 13:57 /dev/net/tun # 修改CT配置 # vim /etc/pve/lxc/133.conf ... lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file # 啟動CT實例
4、開啟IP轉發
# vim /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 # sysctl -p
5、安裝Tailscale
# 安裝 curl -fsSL https://tailscale.com/install.sh | sh # 安裝基礎軟件包 apt install ethtool net-tools chrony -y # 查看UDP轉發及開啟UDP GRO轉發 ethtool -k eth0 | grep -e rx-gro-list -e rx-udp-gro-forwarding ethtool -K eth0 rx-udp-gro-forwarding on # 配置開機自動開啟UDP GRO轉發 # vim /etc/systemd/system/ethtool-config.service [Unit] Description=Apply ethtool settings [Service] Type=oneshot ExecStart=/usr/sbin/ethtool -K eth0 rx-udp-gro-forwarding on RemainAfterExit=yes [Install] WantedBy=multi-user.target # 啟動服務 systemctl enable --now ethtool-config
6、配置Site-to-Site
Site A配置
# 配置Site A啟動服務腳本 # vim /etc/systemd/system/tailscale.service [Unit] Description=AutoStart tailscale After=tailscaled.service Requires=tailscaled.service [Service] Type=oneshot ExecStart=/usr/bin/tailscale up --authkey=tailscale官網生成的key --accept-routes --snat-subnet-routes=false --advertise-routes=192.168.100.0/24 --hostname=tailscale-A ExecStop=/usr/bin/tailscale down RemainAfterExit=yes Restart=on-failure [Install] WantedBy=multi-user.target # 啟動Site A服務 systemctl enable --now tailscale # 配置iptables # vim /etc/systemd/system/iptables-config.service [Unit] Description=Apply iptables settings [Service] Type=oneshot ExecStart=/sbin/iptables -t mangle -A FORWARD -i tailscale0 -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu RemainAfterExit=yes [Install] WantedBy=multi-user.target # 啟動服務 systemctl enable --now iptables-config.service # 配置路由 # vim /etc/systemd/system/ip-route-config.service [Unit] Description=Apply IP route settings [Service] Type=oneshot ExecStart=/sbin/ip route add 100.64.0.0/10 via 192.168.100.2 ExecStart=/sbin/ip route add 192.168.100.0/24 via 192.168.100.2 RemainAfterExit=yes [Install] WantedBy=multi-user.target # 啟動服務 systemctl enable --now ip-route-config.service
Site B配置
# 配置Site B啟動服務腳本 # vim /etc/systemd/system/tailscale.service [Unit] Description=AutoStart tailscale After=tailscaled.service Requires=tailscaled.service [Service] Type=oneshot ExecStart=/usr/bin/tailscale up --authkey=tailscale官網生成的key --accept-routes --snat-subnet-routes=false --advertise-routes=192.168.110.0/24 --hostname=tailscale-B ExecStop=/usr/bin/tailscale down RemainAfterExit=yes Restart=on-failure [Install] WantedBy=multi-user.target # 啟動Site B服務 systemctl enable --now tailscale # 配置iptables # vim /etc/systemd/system/iptables-config.service [Unit] Description=Apply iptables settings [Service] Type=oneshot ExecStart=/sbin/iptables -t mangle -A FORWARD -i tailscale0 -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu RemainAfterExit=yes [Install] WantedBy=multi-user.target # 啟動服務 systemctl enable --now iptables-config.service # 配置路由 # vim /etc/systemd/system/ip-route-config.service [Unit] Description=Apply IP route settings [Service] Type=oneshot ExecStart=/sbin/ip route add 100.64.0.0/10 via 192.168.110.2 ExecStart=/sbin/ip route add 192.168.110.0/24 via 192.168.110.2 RemainAfterExit=yes [Install] WantedBy=multi-user.target # 啟動服務 systemctl enable --now ip-route-config.service
7、測試
# 登錄Tailscale控制臺--->機器--->編輯路由設置--->勾選內網網段,參考:https://tailscale.com/kb/1214/site-to-site # 測試 ping 對端IP
參考:
https://www.bilibili.com/read/cv33665042/ https://isay.me/2023/07/pve-lxc-enable-tailscale-site-to-site-networking.html https://isay.me/2023/07/tailscale-systemd-autostart.html https://www.iigeek.com/archives/366
浙公網安備 33010602011771號