Tailscale is a useful utility to connect all your consoles together with a virtual LAN.
It’s based on Wireguard and supports Windows, Linux, macOS, Android and iOS operating system.
DERP servers are relay nodes in the tailscale network. Since all the official tailscale DERP servers are deployed outside of China, a private DERP server is necessary for fast connection.
Deployment is explained in offcial documentation - Custom DERP Servers - Tailscale
Here I make a brief record of my deployment and note some points that’s not illustrated in the official documentation.
DERP server is written in Go. To avoid any strange problems that may occur, I recommend using the official build of Go release and follow the instructions to install it.
The installation is straightforward,
go install tailscale.com/cmd/derper@mainAs a reference, I provide a command for starting up the DERP server that meets most use cases
sudo ~/go/bin/derper --hostname='your_domain_name' --verify-clients --stun -a :444 -certdir path_certs -certmode "manual" -http-port 81With this command, the derper serves on port 444 with TLS encryption and STUN protocal requests are served on port 3478 by default.
Note that the derper requires the certificate and key files named following the pattern.
your_domain_name.crt
your_domain_name.keyand placed in path_certs.
NOTE: You can obtain the SSL certification with the help of certbot, a helper program that supports the automatic certification APIs provided by letsencrypt organization. Instructions are given in one of my posts.
tailscale, derp — Jan 24, 2023
Made with ❤ and at Earth.