[jakedata]

I hope they are working on improving firewall traversal. Lots of firewalls don't allow symmetrical UDP NAT ports, causing clients to fall back to DERP relays on TCP port 443. It's a lot slower. It is possible to work around this by statically mapping inbound UDP ports but that is clearly not an ideal situation. I generally love Tailscale though, amazing work all around.

[ianlevesque]

From the extensive blog posts about all the tricks they already use, I’d assume they’ve squeezed all the juice from that orange.

https://tailscale.com/blog/how-nat-traversal-works/

[wtatum]

Do you know of a straightforward way to identify that this is happening: where one node is using DERP or one link between your nodes is falling back to DERP?

[cassianoleal]

`tailscale status` should tell you which nodes do or don't have a direct connection.

[incahoots]

Oh I wasn't aware of this, thanks for sharing this.