跳至正文
  • 12 views
  • 5 min read

UGREEN NAS 异地双机对等组网与同步备份指南

新浪微博 豆瓣 QQ 百度贴吧 QQ空间

UGREEN NAS Dual-Node Remote Peer-to-Peer Networking & Sync/Backup Guide

一、 核心部署原理:为什么要这么操作?

I. Core Deployment Principles: Why Do We Do This?

1. 宿主机网络模式 (Host Network Mode)

中文原理:Docker 默认环境是隔离的。而“同步与备份”等系统应用安装在 NAS 宿主机系统内。
Principle: Docker environments are isolated by default. However, system apps like “Sync & Backup” are installed within the NAS host system.
操作目的:使用 host 模式让 Tailscale 将网卡直接安装在宿主机,确保系统 App 能直接看见并使用。
Purpose: Using host mode allows Tailscale to install the NIC directly on the host, ensuring system apps can see and use it.

2. 内核级隧道转发 (Kernel Forwarding)

中文原理:通常网络流量处理速度慢。我们通过映射 TUN 设备,强制让流量走系统内核路径。
Principle: Normal network traffic processing is slow. We map the TUN device to force traffic through the system kernel path.
操作目的:这是确保异地同步时,数据传输能达到带宽上限并保持连接稳定的关键。
Purpose: This is key to ensuring that data transfer reaches bandwidth limits and maintains a stable connection during remote sync.

3. 子网路由通告原理与原因 (Subnet Router)

中文原理:子网路由就像给两台 NAS 之间修了一条秘密隧道,并共享了彼此的地图。
Principle: Subnet routing is like building a secret tunnel between two NAS units and sharing maps with each other.
通告原因:两台 NAS 异地组网时,无法直接通过 IP 通讯。通过通告子网路由,NAS A 会告知网络如何到达其物理内网(192.168.A.x),实现异地间像在同一个内网一样的互访。
Reason: Since NAS units are in different locations, they cannot communicate via local IPs directly. By advertising Subnet Routes, NAS A tells the network how to reach its physical LAN (192.168.A.x), enabling remote access as if it were local.

二、 准备工作 1:如何申请授权码 (Auth Key)

II. Preparation 1: How to Apply for an Auth Key

中文步骤:登录 Tailscale 官网管理后台 -> 点击顶部菜单 “Settings”。
Step: Log in to the Tailscale admin console -> Click “Settings” in the top menu.
中文步骤:点击左侧侧边栏 “Keys” -> 在 “Auth keys” 区域点击 “Generate auth key…”。
Step: Click “Keys” on the left sidebar -> Click “Generate auth key…” in the “Auth keys” section.
中文说明:建议勾选 “Reusable (可重复使用)”,生成后请立即复制并保存该秘钥(以 tskey-auth- 开头)。
Note: It’s recommended to check “Reusable”. Copy and save the key (starting with tskey-auth-) immediately after generation.

三、 准备工作 2:如何登录 NAS 终端 (SSH)

III. Preparation 2: How to Login to NAS Terminal (SSH)

1. 在 NAS 上开启 SSH 权限

1. Enable SSH Permissions on the NAS

中文路径:打开 NAS “控制面板” -> “终端机” -> 勾选“启用 SSH 服务” -> 点击“应用”。
Path: Open NAS “Control Panel” -> “Terminal” -> Check “Enable SSH Service” -> Click “Apply”.

2. 使用电脑登录终端

2. Login via PC Terminal

中文步骤:Windows 用户在搜索栏输入 cmd 打开;Mac 用户打开 Terminal。
Step: Windows users type cmd in the search bar; Mac users open Terminal.
中文指令:输入 ssh 账号@NAS局域网IP 并回车(例如:ssh [email protected])。
Command: Type ssh username@NAS_IP and press Enter (e.g., ssh [email protected]).
中文说明:输入密码时屏幕不会显示字符,输完直接回车。
Note: No characters will appear when typing the password; just press Enter after typing.

3. 切换至最高管理权限 (Root)

3. Switch to Root Privileges

中文指令:输入 sudo -i 并回车,再次输入一次密码并回车。
Command: Type sudo -i and Enter; type the password again and Enter.
成功标志:命令提示符从 $ 变成 #,代表您已进入最高权限模式。
Indicator: The prompt changes from $ to #, meaning you are now in root privilege mode.

四、 操作前环境检查 (在两台 NAS 终端分别执行)

IV. Pre-deployment Checklist (Execute on Both NAS Terminals)

1. 验证内核隧道设备

1. Verify Kernel Tunnel Device

指令 / Command:

ls -l /dev/net/tun

成功输出示例 (必须包含 crw-rw-rw-) / Success Example (Must include crw-rw-rw-):

crw-rw-rw- 1 root root 10, 200 Feb 23 14:26 /dev/net/tun

2. 开启 IP 转发功能 (分步执行)

2. Enable IP Forwarding (Step-by-Step)

中文步骤:第一步,将转发指令写入配置文件。
Step 1: Write the forwarding command to the configuration file.
指令 / Command:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf

中文步骤:第二步,立即激活该配置生效。
Step 2: Activate the configuration immediately.
指令 / Command:

sudo sysctl -p

五、 Docker 部署与 YAML 配置文件拆解

V. Docker Deployment & YAML Configuration Breakdown

中文路径:打开 NAS “Docker” App -> 项目 -> 创建项目。
Path: Open NAS “Docker” app -> Project -> Create Project.
中文提醒:存储路径由系统自动生成。此步骤必须在两台 NAS 上分别部署。
Note: Storage path is auto-generated. This step must be completed on both NAS units.

services:
  tailscale:
    image: tailscale/tailscale:latest
    container_name: tailscale
    # 设置设备主机名,方便在控制台区分
    # Set the hostname for easy identification
    # in the console.
    hostname: UGREEN-NAS-REMOTE
    # 核心:使用 host 网络模式,确保系统级 App 能识别虚拟网卡
    # Core: Use host network mode to ensure system-level
    # apps recognize the virtual NIC.
    network_mode: host
    cap_add:
      # 授予容器修改系统网络设置的最高权限
      # Grant container full privileges to modify
      # system network settings.
      - NET_ADMIN
      # 允许使用原始套接字支持底层加密协议
      # Allow raw network sockets for low-level
      # encrypted protocols.
      - NET_RAW
    devices:
      # 关键映射:将宿主机内核隧道设备连接至容器内
      # Key mapping: Connect the host kernel tunnel
      # device to the container.
      - /dev/net/tun:/dev/net/tun
    volumes:
      # 持久化挂载:保存登录状态,防止重启后丢失认证
      # Persistent Volume: Save login status to
      # prevent loss after restart.
      - ./state:/var/lib/tailscale
      # 确保容器能持续稳定访问隧道硬件设备
      # Ensure the container has stable access
      # to the tunnel hardware.
      - /dev/net/tun:/dev/net/tun
    environment:
      # 指定状态文件存储目录
      # Specify the storage directory for state files.
      - TS_STATE_DIR=/var/lib/tailscale
      # 强制开启高性能内核模式转发,这是异地互通的关键
      # Force enable high-performance kernel forwarding
      # for remote access.
      - TS_USERSPACE=false
      # 填入您从 Tailscale 官网申请的 Auth Key
      # Fill in your Auth Key applied from the
      # Tailscale portal here.
      - TS_AUTHKEY=tskey-auth-xxxxxx
      # 极其重要:填入本台 NAS 所在的真实物理局域网段
      # Extremely Important: Enter the actual local
      # LAN subnet of this NAS.
      - TS_ROUTES=192.168.x.0/24
      # 禁用 DNS 接管并允许接收来自对端的路由
      # Disable DNS hijacking and allow accepting
      # routes from the peer.
      - TS_EXTRA_ARGS=--accept-dns=false --accept-routes
    restart: always

六、 Tailscale 控制台操作:审批子网路由

VI. Tailscale Console Operation: Approving Subnet Routes

中文步骤:登录 Tailscale Admin Console。找到您的设备,点击右侧的 “…” -> “Edit route settings”。
Step: Log in to the Tailscale Admin Console. Find your device, click “…” on the right -> “Edit route settings”.
中文步骤:在 “Subnet routes” 下勾选您宣告的局域网段(如 192.168.x.0/24),并点击 “Save”。
Step: Under “Subnet routes”, check your advertised subnet (e.g., 192.168.x.0/24) and click “Save”.
注意:两台 NAS 均需在控制台执行此操作。
Note: Both NAS units require this operation in the console.

七、 同步与备份 App 操作流程

VII. Sync & Backup App Operational Workflow

1. 建立异地连接

1. Establish Remote Connection

中文步骤:打开“同步与备份” -> “同步” -> “添加” -> “同步另一个 UGREEN NAS” -> “下一步”。
Step: Open “Sync & Backup” -> “Sync” -> “Add” -> “Sync another UGREEN NAS” -> “Next”.
中文步骤:点击“新建连接 (New connection)”。输入对方的物理局域网 IP(如 192.168.0.20)。
Step: Click “New connection”. Enter the remote physical LAN IP (e.g., 192.168.0.20).
中文步骤:开启“传输加密”,输入对端账号密码。提示“操作成功 (Operate successful)”后继续。
Step: Enable “Transmission Encryption” and enter credentials. Proceed after “Operate successful”.

八、 结果检查与最终验证 (在 NAS 终端执行)

VIII. Inspection & Final Verification (In NAS Terminal)

1. 虚拟网卡验证 (ifconfig 示例)

1. Virtual NIC Verification (ifconfig Example)

指令 / Command: ifconfig tailscale0
成功示例 / Success Example:

tailscale0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  
    mtu 1280
    inet 100.110.246.93  netmask 255.255.255.255  
    destination 100.110.246.93

2. 异地连通性验证 (ping 示例)

2. Remote Connectivity Verification (ping Example)

指令 / Command: ping 192.168.0.20 (对方物理 IP)
成功示例 / Success Example:

64 bytes from 192.168.0.20: icmp_seq=1 ttl=64 time=15.3 ms
64 bytes from 192.168.0.20: icmp_seq=2 ttl=64 time=14.7 ms

3. 同步业务状态确认

3. Sync Service Status Confirmation

中文检查:任务列表中,状态应显示为蓝色的 “Normal (正常)”。
Check: In the task list, the status should show blue “Normal”.
中文检查:任务下方应显示 “Preparing for Sync (正在准备同步)”,这代表内核级转发已成功。
Check: “Preparing for Sync” should appear below the task, indicating kernel forwarding is successful.

发表回复

联系站长