The official Tailscale subreddit. Not routinely monitored by Tailscale employees. Please contact support via https://tailscale.com/contact/support if you need further help.
Regarding the DERP relay
Question
Two nodes are able to establish a WireGuard connection, as I can see the logs indicating successful handshake. The keepalive packets are also functioning properly. However, when I try to send a file from Node A to Node B, for example using the scp
command, I noticed that the data goes through DERP first. When I check the output of tailscale status
, I see records of relays. But based on my understanding, since the WireGuard connection is already established, why does the data still have to go through DERP for transmission?
Sort by:
Best
Open comment sort options
Best
Top
New
Controversial
Old
Q&A
Tailscale uses DERP relaying as a fallback when a direct connection can’t be established. You could disable DERP for your tailnet via policy, but I suspect that you would then just get no connection at all.
What you’re seeing in the logs might be the relayed handshakes, not necessarily direct connections.
I saw the successful handshake and keepalive logs in the code of wireguard-go, so it should be that the handshake and keepalive of wireguard itself are successful. My understanding is, since wireguard can establish a successful connection, why do we still need to use DERP relay?
More importantly, what needs to be true to avoid DERP? It's killing my connection speeds, and I don't know how to avoid it.
Few things to consider when it comes to establishing a direct connect
https://tailscale.com/kb/1181/firewalls
https://tailscale.com/kb/1082/firewall-ports
Direct connection is not always maintained if not used.
As soon as you try sending some data again, it will try to establish it again, so first data will be relayed and after a few you'll get the direct connection again.
How does Tailscale handle this logic internally? When should it go through DERP?
Is it possible to force the use of a tunnel without going through DERP?