#!/bin/bash # ================================================================= # 🚀 VPS (Oracle/AWS/DigitalOcean) Tailscale 满血部署脚本 # 核心功能:内核转发 + 自动 NAT 伪装 + Exit Node + 自动更新 # ================================================================= GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m' echo -e "${YELLOW}>>> [1/6] 开启内核转发${NC}" echo "net.ipv4.ip_forward = 1" | sudo tee /etc/sysctl.d/99-tailscale.conf > /dev/null echo "net.ipv6.conf.all.forwarding = 1" | sudo tee -a /etc/sysctl.d/99-tailscale.conf > /dev/null sudo sysctl -p /etc/sysctl.d/99-tailscale.conf > /dev/null 2>&1 echo -e "${GREEN}✅ [Step 1] OK${NC}" echo -e "${YELLOW}>>> [2/6] 配置 NAT 转发规则${NC}" IFACE=$(ip route | grep default | awk '{print $5}' | head -n1) sudo iptables -t nat -A POSTROUTING -o ${IFACE} -j MASQUERADE sudo iptables -A FORWARD -i tailscale0 -j ACCEPT sudo iptables -A FORWARD -o tailscale0 -j ACCEPT echo -e "${GREEN}✅ [Step 2] OK${NC}" echo -e "${YELLOW}>>> [3/6] 安装持久化工具并锁定规则${NC}" echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | sudo debconf-set-selections echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | sudo debconf-set-selections sudo apt-get update > /dev/null 2>&1 sudo apt-get install iptables-persistent -y > /dev/null 2>&1 sudo netfilter-persistent save > /dev/null 2>&1 echo -e "${GREEN}✅ [Step 3] OK${NC}" echo -e "${YELLOW}>>> [4/6] 安装并强制启动 Tailscale${NC}" curl -fsSL https://tailscale.com/install.sh | sh > /dev/null 2>&1 # 【核心修正】强行启动并设置开机自启,给系统 3 秒启动缓冲 sudo systemctl daemon-reload sudo systemctl enable --now tailscaled > /dev/null 2>&1 sleep 3 echo -e "${GREEN}✅ [Step 4] OK (服务已激活)${NC}" echo -e "${YELLOW}>>> [5/6] 开启自动更新${NC}" sudo tailscale set --auto-update=true echo -e "${GREEN}✅ [Step 5] OK${NC}" echo -e "${YELLOW}>>> [6/6] 智能启动服务 (身份检测)${NC}" # 检查身份目录。注意:ls -A 的结果我们加上 2>/dev/null 屏蔽报错 if [ -d "/var/lib/tailscale" ] && [ "$(sudo ls -A /var/lib/tailscale 2>/dev/null)" ]; then echo -e "${GREEN}✅ 检测到旧身份数据,正在尝试无感恢复连接...${NC}" sudo tailscale up --advertise-exit-node --ssh --netfilter-mode=off --accept-dns=false else echo -e "${YELLOW}⚠️ 未发现有效身份,请通过下方链接完成授权:${NC}" sudo tailscale up --advertise-exit-node --ssh --netfilter-mode=off --accept-dns=false --reset fi echo "" echo -e "${GREEN}🎉 全部步骤执行完毕!${NC}" echo -e "请确认 Tailscale 后台已开启 'Exit Node' 开关。" echo -e "从此重启服务器,网络依然秒通!"