tailscale 回家速度不理想，求教

电信 300M 宽带有公网 ip ，千兆光猫设置了桥接，主路由硬件 RouterOS 设备负责拨号，副路由 Openwrt 上安装有 tailscale
拓扑为华为光猫---RB760---Openwrt
最早在 RouterOS 配置了 NAT1 给 openwrt ，tailscale 的速度还凑活吧，现在关闭了 NAT1 ，tailscale 的速度就很慢了，但是凑活将就能用，网上说可通过自建 derper 的方式提速，但是我在阿里轻量云上安装并配置了 derper ，测试无法使用，下面我发出来步骤，请大家排查一下问题，谢谢了。

[安装 derper ]
wget --no-check-certificate https://go.dev/dl/go1.20.4.linux-amd64.tar.gz
tar -xzf go1.20.4.linux-amd64.tar.gz -C /usr/local
echo 'export GOROOT=/usr/local/go' | tee -a /etc/profile
echo 'export GOPATH=/usr/local/gopath' | tee -a /etc/profile
echo 'export GOBIN=$GOPATH/bin' | tee -a /etc/profile
echo 'export PATH=$PATH:$GOROOT/bin' | tee -a /etc/profile
echo 'export PATH=$PATH:$GOPATH/bin' | tee -a /etc/profile
source /etc/profile
go version
go env -w GOPROXY=https://goproxy.cn,direct
go install tailscale.com/cmd/derper@main

[阿里云申请 1 年免费证书并上传到 /home/admin/certs ]
浏览器 https 方式打开 deeper 页面也正常

[ aliyun 上关闭了防火墙和系统内置的 firewalld ]

[启动服务如下]
tee /etc/systemd/system/derper.service <<'EOF'
[Unit]
Description=Tailscale DERP Server
Requires=tailscaled.service
After=tailscaled.service

[Service]
Type=simple
User=root
Restart=always
RestartSec=5
ExecStart=/usr/local/gopath/bin/derper -c=/root/derper.conf --hostname=aliyun.111.com --verify-clients -a=:7777 -stun-port=8888 -http-port=-1 -certdir=/home/admin/certs/ -certmode=manual

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload && systemctl enable --now derper && systemctl status derper

[官方页面里配置 ACL 规则]
"derpMap": {
"OmitDefaultRegions": false,
"Regions": {
"900": {
"RegionID": 900,
"RegionCode": "aliyunderp",
"Nodes": [
{
"Name": "1",
"RegionID": 900,
"HostName": "aliyun.111.com",
"STUNPort": 7777,
"DERPPort": 8888,
},
],
},
},
},

[安装验证服务]
dnf config-manager --add-repo https://pkgs.tailscale.com/stable/centos/9/tailscale.repo
dnf install tailscale -y
systemctl enable --now tailscaled
tailscale up

测试时就有问题了，tailscale status 也显示无法连接到自建 derper 上
提示# Health check:
# - not connected to home DERP region 900

或者显示连接上了，使用命令 tailscale ping 不通 openwrt 和其他安装 tailscale 的设备，好奇怪，请有经验的各位大大指点指点，谢谢大家

superchijinpeng

2023-05-25 18:37:41 +08:00

看了下延迟还是很低的

* MappingVariesByDestIP: false
* HairPinning: false
* PortMapping:
* CaptivePortal: false
* Nearest DERP: Shanghai
* DERP latency:
- sh: 20.5ms (Shanghai)
- tok: 76.6ms (Tokyo)
- hkg: 125.2ms (Hong Kong)
- sin: 140.5ms (Singapore)
- blr: 164.6ms (Bangalore)
- sfo: 169.3ms (San Francisco)
- sea: 193.8ms (Seattle)
- den: 213ms (Denver)
- dfw: 217.5ms (Dallas)
- hnl: 222.3ms (Honolulu)
- ord: 225.8ms (Chicago)
- lhr: 234.8ms (London)
- fra: 238.2ms (Frankfurt)
- lax: 238.4ms (Los Angeles)
- ams: 241.2ms (Amsterdam)
- nyc: 242.7ms (New York City)
- par: 242.8ms (Paris)
- waw: 245.2ms (Warsaw)
- mia: 248ms (Miami)
- tor: 252.2ms (Toronto)
- mad: 264.8ms (Madrid)
- dbi: 346.6ms (Dubai)
- jnb: 352.5ms (Johannesburg)
- sao: 391ms (São Paulo)
- syd: 490.1ms (Sydney)