I have setup a vps with 8 core and 2gb ram in my remote virtual network using proxmox with virtio ethernet , I have opened the vps subnet to other clients and the transfer speed, to other machine in the remote subnet using the tailscale vps as bridge is only of 2MB/s …, when with my office upload connection i can reach 50MB/s (n°2 250 Mbps bonded fiber connections)
it happen on all machines on tailscale… behind a pfsense firewall.
how to solve?
That does sound surprisingly slow, and suggests tailscale isn’t able
to establish a point-to-point connection, so it’s falling back to DERP
relays. You can tell whether a point-to-point connection is possible
by checking the “udp” and “MappingVariesByDestIP” fields in
I think I’ve heard there are pfsense settings you can adjust so that
MappingVariesByDestIP is false, which is what you want, but I don’t
have the information in front of me.
Aha, I got a tip from someone on our team: pfsense acts differently for services on port 500 (weird, I know). If you adjust your tailscale nodes to use --port 500 instead of --port 41641, this might fix your pfsense port mapping problems.
In general, it’s better to find the port mapping option in pfsense and adjust it correctly. I’m told this doc might help: https://docs.netgate.com/pfsense/en/latest/nat/outbound.html. If you find out the specific setting that makes a difference in
tailscale netcheck, please let us know!
really thank you.
But how I want avoid to modify the settings of nat out in opnsense firewall running as vps in the datacenter. Where I can modify the out port in the tailscale linux config file?
You should find the port config in /etc/default/tailscaled:
# Set the port to listen on for incoming VPN packets. # Remote nodes will automatically be informed about the new port number, # but you might want to configure this in order to set external firewall # settings. PORT="41641"
I have moved the vps to scaleway cloud where there is the same problem.
In the cloud I don’t have my vps firewall, it is working with a stateless firewall rules given by the cloud control panel with deny all in and allow all out
* UDP: true
* IPv4: yes, xxx.xxx.xxx.xxx:59706
* IPv6: no
* MappingVariesByDestIP: false
* HairPinning: false
* Nearest DERP: 4 (fra)
* DERP latency:
- 1, nyc = 84.3ms
- 2, sfo = 148ms
- 3, sin = 160.4ms
- 4, fra = 23.4ms
- 5, syd = 273.6ms
little offtopic - sorry …
What rules did you put in opnsense to get access from other TSs . i’m using opnsense but cannot connect via TSnetwork from another TSenables system. On the opnsense itself connection to 100.101.102.103 is ok and i can also ping all others.
When i want to connect to the opnsense all packets are dropped by DefaultDenyRule.
Hello, no, I have setup a VPS inside the remote virtual lan exposing the remote lan to my office host, but the remote tailscale bridge also having troubles with p2p connection… and therefore with speed problems because the connection works only using remote relays…
I have not solved this problem…