I had a bit more time for debugging
Installed a tailscale node onto the host directly and was able to get a direct connection with my other devices. I was also able to get a direct connection from host into ts-sidecar within the k8s cluster
This tells me that something in the cluster is blocking the connection. Looking at threads like this: Tailscale proxy in k8s with cilium works with pod not with svc? - #5 by farcaller
I am pretty sure that it’s calico messing with the direct connection. I’m not used to managing calico because my previous clusters were using cilium, but if anyone has an idea…