My experience is similar to that of @Theragus. From a machine on my home network with both NAT-PMP and PCP available (OPNSense), I cannot get a direct connection to my subnet router on a NATed Azure VM (nor to one on GCP, for that matter).
2023/03/31 11:13:09 portmap: [v1] Got PMP response; IP: <home-ip-addres>, epoch: 8217281
Report:
* UDP: true
* IPv4: yes, <home-ip-address>:64339
* IPv6: no, but OS has support
* MappingVariesByDestIP: true
* HairPinning: false
* PortMapping: NAT-PMP
* Nearest DERP: Seattle
* DERP latency:
- sea: 32.4ms (Seattle)
- den: 32.6ms (Denver)
- ord: 49.7ms (Chicago)
- dfw: 51.9ms (Dallas)
- tor: 60.3ms (Toronto)
- mia: 72.3ms (Miami)
- hnl: 74.1ms (Honolulu)
- nyc: 74.4ms (New York City)
- lax: 80.3ms (Los Angeles)
- sfo: 88.5ms (San Francisco)
- tok: 102ms (Tokyo)
- hkg: 137.3ms (Hong Kong)
- lhr: 140.1ms (London)
- ams: 146ms (Amsterdam)
- par: 147.2ms (Paris)
- fra: 154.2ms (Frankfurt)
- mad: 162ms (Madrid)
- waw: 165.2ms (Warsaw)
- syd: 175.6ms (Sydney)
- sao: 175.9ms (São Paulo)
- sin: 184.5ms (Singapore)
- blr: (Bangalore)
- jnb: (Johannesburg)
- dbi: (Dubai)
phil@home-laptop:~$ tailscale ping subnet-router-azure
pong from subnet-router-azure (100.113.216.75) via DERP(nyc) in 343ms
pong from subnet-router-azure (100.113.216.75) via DERP(nyc) in 87ms
pong from subnet-router-azure (100.113.216.75) via DERP(nyc) in 88ms
pong from subnet-router-azure (100.113.216.75) via DERP(nyc) in 89ms
pong from subnet-router-azure (100.113.216.75) via DERP(nyc) in 88ms
pong from subnet-router-azure (100.113.216.75) via DERP(nyc) in 87ms
pong from subnet-router-azure (100.113.216.75) via DERP(nyc) in 87ms
pong from subnet-router-azure (100.113.216.75) via DERP(nyc) in 87ms
pong from subnet-router-azure (100.113.216.75) via DERP(nyc) in 87ms
pong from subnet-router-azure (100.113.216.75) via DERP(nyc) in 87ms
2023/03/31 11:14:07 direct connection not established
In the Tailscale admin interface, information for my machine includes:
- OS: macOS
- Tailscale version: 1.36.2
- Relays: —
- client connectivity:
- Varies: Yes
- Hairpinning: No
- IPv6: No
- UDP: Yes
- UPnP: No
- PCP: Yes
- NAT-PMP: Yes
Also strange: tailscale netcheck reports 30+ ms DERP latency to Seattle, but I am about 25 miles from Seattle, and direct pings of the current sea DERP servers indicate just 3-4 ms latency:
PING derp10b.tailscale.com (192.73.240.161): 56 data bytes
64 bytes from 192.73.240.161: icmp_seq=0 ttl=55 time=3.702 ms
64 bytes from 192.73.240.161: icmp_seq=1 ttl=55 time=3.551 ms
--- derp10b.tailscale.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.551/3.627/3.702/0.076 ms
PING derp10c.tailscale.com (192.73.240.121): 56 data bytes
64 bytes from 192.73.240.121: icmp_seq=0 ttl=55 time=3.547 ms
64 bytes from 192.73.240.121: icmp_seq=1 ttl=55 time=3.606 ms
--- derp10c.tailscale.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.547/3.577/3.606/0.030 ms
PING derp10d.tailscale.com (192.73.240.132): 56 data bytes
64 bytes from 192.73.240.132: icmp_seq=0 ttl=55 time=3.363 ms
64 bytes from 192.73.240.132: icmp_seq=1 ttl=55 time=3.354 ms
--- derp10d.tailscale.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.354/3.359/3.363/0.004 ms```