The traffic from raspberry goes via DERP “ams”. It is shown by command tailscale ping 100.x.x.x Can I clear DERP? That the traffic goes to me without any DERP.
Yes, you can create ACL rules to restrict the usage of some or all DERP nodes, or even run your own DERP server. But in general is the fallback to a DERP a good thing, Tailscale will try a direct connect without a DERP first, it will fallback using a DERP once that isn’t possilbe.
It will be better to troubleshoot why Tailscale is using the DERP relay on your network.
[ Optional: Removing Tailscale’s DERP Regions ] (Custom DERP Servers · Tailscale)
I have a similar problem. Sometimes I get relayed (DERP), mostlyI don’t. I found these seemed to reduce the “failure” rate.
! added this first
tailscale ping --peerapi otherpi
and then added a longer ping count so Tailscale would try harder. This isn’t perfect but I get a good success rate.
tailscale ping --c 20 otherpi