Hi, all
Is there a way to force all connection to the subnet-router to go directly to the subnet-router address and not through relay?
Also, how do I debug this? See why a connection is going through a relay?
tailscale status only gives me a yes/no answer.
I’ve opened the ports described in this doc: What firewall ports should I open to use Tailscale? · Tailscale, but my connection is still going through relay, and are quite slower than a direct wireguard connection.
If you tailscale ping 100.x.x.x it might send the first few packets through a DERP while it negotiates. By default tailscale ping will try ten times to establish a direct connection while testing connectivity, and will stop either after 10 derp replies, or after it has negotiated a connection.
jay@Naultilinux:~/corp/cmd/tailadm$ tailscale ping tailtest
pong from tailtest (100.70.188.118) via DERP(sea) in 309ms
pong from tailtest (100.70.188.118) via DERP(sea) in 97ms
pong from tailtest (100.70.188.118) via 20x.x.x.x:37083 in 78ms
If it is having trouble establishing a direct connection, there may be something (like CGNAT) between the two hosts that it can’t negotiate. Tailscale tries quite hard to do so before failing back to a DERP relay. Some information on the process is here: How NAT traversal works · Tailscale