[notpushkin]

> from my understanding, it generates always tailnet ip for hosts

It does, but it should connect over LAN when both devices are on the same network. The tailnet IP doesn’t exist outside the WireGuard network, so it’s up to the WireGuard routing algorithm.

[bayesianbot]

I thought it was Tailscale that always selects which IP to use as endpoint for other devices, and set that up for Wireguard? If I'm wrong, could I replicate that behavior (using relay on WAN, direct connection on LAN) with Wireguard without external configuration tools?

[notpushkin]

Hmm, yes, I think you’re right. Tailscale does handle the connection here, not Wireguard.

I’ve digged into it a bit and I believe it first connects over a relay, then the devices try to find a more optimal route. So for LAN, they would exchange their local IPs and try to connect over those. If they are indeed on the same LAN, they connect directly: https://tailscale.com/kb/1257/connection-types

This is not without issues, however: https://github.com/tailscale/tailscale/issues/7206

[baq]

Tailscale DNS might cause a bit of trouble, but the overhead isn’t too bad, I’m measuring ~1ms ping difference, which is a lot in relative terms, but in absolute it makes 0.5ms into 1.5ms.

[savikko]

Yep, and there is no "ip alias" type of things. On zerotier, I route my home server ip to zerotier ip and then it just works.