Windows routes all SMB traffic through Tailscale even when LAN IP is specified (is much slower)

I have 3 windows devices on the same 1Gbps physical network that are connected to the same Tailscale “Tailnet”. Even when I use the local IP address (like \\\C) to mount drives over SMB shares in Windows, System still makes that connection through tailscale regardless.

I can see that System is uploading/downloading through 100.x.x.x IPs from resource monitor. As a result, the speeds are at most 25 MB/s when they can easily be 100 MB/s+ through the local IP.

Besides trying to block off all Port 139/445 traffic from all tailscale IPs using firewall rules, I can’t find a way to fix this, and I don’t want to block SMB traffic because I need SMB over Tailscale when I’m outside with my laptop.

Even if I disconnect Tailscale for a while, as soon as I connect to it again, System starts routing all traffic through tailscale IP again and reduces speed too much.

Why does Windows do this? Connects through a different IP even when I specified which IP to use while mounting the shares or accessing them?

One guess I have is - in network adapter properties, Tailscale states it’s bandwidth as 100 Gbps, which could be the reason why Windows routes through that IP instead, but it should still not ignore a directly mentioned IP.

Is there any way to fix this and route through local IPs instead of Tailscale when possible?

I have not encountered that in my setups. Could you make a connection over SMB, then run tailscale bugreport and send that code to ?

Sure, will do. Thanks.

I’m having the same issues. I tried disabling NETBIOS entirely (in network settings) and still the network file share traffic routes through TailScale. And what’s even more fun is that my network shares are pointing directly to local DNS hostnames (like server.local resolves to - and not a NETBIOS/etc name like “server”.

Did you ever get this resolved?

Yes. I used a 3rd party firewall to create a rule (or filter?) that blocks system (ntoskrnl.exe), port 139 or port 445 on specific IPs. The IPs could be say your SMB server, or entire tailscale IP range if you never want SMB to work over tailscale. Remember to do this for both IPv4 and IPv6. It should be possible to do with windows firewall too.

After the block, windows makes a quick attempt, fails and falls back to the next best IP which should be the actual local network. You won’t notice any delay at all, it’s very fast.

Now, my two desktops that are always on the same local network, always have smb over tailscale to each other blocked with the firewall rules, meanwhile I toggle the rule on or off with my laptop depending on if im at home or outside.

Hope this simple solution works for you as well… (just block it in firewall)

Some more explanation -

Overall I think this is a windows issue, has nothing to do with Tailscale. Tailscale is just another network adapter that is acts as a path between the same computer(s). My first thought was also to disable netbios but system kept making connections regardless of settings, services disabled, etc. Windows sees the same computer behind both IPs and selects the one with higher bandwidth (Tailscale states it’s link speed as 100 Gbps) even after mentioning the IP when mounting SMB shares.

If you open up resource monitor and go to network tab, very quickly, you’ll notice TCP connections will list IPs for a few seconds and change that to computer names instead for SMB connections, which made me see that at least by default, no “route through” tailscale exists that can connect from tailscale (100 subnet) to local (192 or 172 subnets).