I noticed some weird behavior recently that I can repeat just about every time.
Running the latest Tailscale beta app (1.29.72-xxxx) on my Galaxy S21+ on AT&T.
At home I’m running Tailscale as an exit node on my firewall (OPNsense 1.28.0) and also as a backup on a Proxmox LXC (1.28.0).
If I connect to Tailscale from my phone and access resources on the firewall or VPN container, I can see a direct connection is established between my phone and that node by running
But, if I choose to use one of those nodes as an exit node, it immediately goes to a relayed connection. It does work, but isn’t very fast.
Testing from a Windows machine, I can keep a direct connection every time. I thought maybe it was an AT&T thing, but if I tether my laptop to my phone, I can still get a direct connection when using an exit node.
Here are a few bugreports to maybe help?
From VPN LXC - ssh session active from my phone to the container itself via TS address. Direct IPV6 connection
(TS ADDRESS) gregg-s21 gregg@ android active; direct [IPV6 ADDRESS]:52808, tx 5180 rx 5780
From VPN LXC - Turned on exit node on phone, immedately reverted to a relayed connection
(TS ADDRESS) gregg-s21 gregg@ android active; relay "sfo", tx 181244 rx 9898564
Also, I have NAT-PMP setup on OPNsensewith a limited allowable port range for Tailscale. I can confirm that the VPN LXC has forwarded internal port 41641 to external 41642.