TAILMON TAILMON v1.3.0 -Aug 24, 2025- WireGuard-based Tailscale Installer, Configurator and Monitor (Available in AMTM!)

[Joel_w]

Sorry @Joel_w I really can't follow what you're asking. You talk about NAT (full cone or symmetric), "direct connection", port forwarding, UPnP. None of this has anything to do with TAILMON (Tailscale). Tailscale is a VPN.

Tailscale tries to create a direct connection between two units on the Tailnet, but NAT and firewalls can make that difficult or impossible. If it fails the connection is sent via a third server, a DERP. That’s slow so I’m trying to avoid that.

I guess my question doesn’t have much to do with Tailmon but it was the way I installed Tailscale on the router.

 

[ColinTaylor]

Tailscale tries to create a direct connection between two units on the Tailnet, but NAT and firewalls can make that difficult or impossible. If it fails the connection is sent via a third server, a DERP. That’s slow so I’m trying to avoid that.

I guess my question doesn’t have much to do with Tailmon but it was the way I installed Tailscale on the router.

Does your router (with Tailscale installed on it) have a publicly accessible IP address? Or is it behind another, upstream router or have CGNAT?

What are your internet download and upload speeds normally? When you say using DERP is slow, how slow relative to your clients' normal speeds?

 

[Joel_w]

Does your router (with Tailscale installed on it) have a publicly accessible IP address? Or is it behind another, upstream router or have CGNAT?

What are your internet download and upload speeds normally? When you say using DERP is slow, how slow relative to your clients' normal speeds?

I’m not behind CGNAT so yes a publicly accessible IP address. And I do get direct connections to the other devices connected behind the same router, just not to the router itself. I’ve tried it with the ping function in the Tailscale app and with Iperf3 to both the internal IP address and the Tailscale address, same result.

I have a 1Gbit symmetrical connection, and usually get around 850 Mbit down and over 900 up. If I run Iperf3 to one of the devices that gets a direct connection the speed is around 120-150 Mbit which is perfectly fine for everything I want to do (I was testing over 5G so that might have limited the speed). But on the DERP connection to the router I sometimes get under 10 Mbit and sometimes around 25 Mbit, never more. And pings over 100 ms.

 

[ColinTaylor]

I’m not behind CGNAT so yes a publicly accessible IP address. And I do get direct connections to the other devices connected behind the same router, just not to the router itself. I’ve tried it with the ping function in the Tailscale app and with Iperf3 to both the internal IP address and the Tailscale address, same result.

I have a 1Gbit symmetrical connection, and usually get around 850 Mbit down and over 900 up. If I run Iperf3 to one of the devices that gets a direct connection the speed is around 120-150 Mbit which is perfectly fine for everything I want to do (I was testing over 5G so that might have limited the speed). But on the DERP connection to the router I sometimes get under 10 Mbit and sometimes around 25 Mbit, never more. And pings over 100 ms.

Does tailscale status on the router show that your clients have a direct connection or that they're using DERP?

You're currently using Userspace Mode. That will CPU limit your speeds, although not by the amount you report. I suggest you switch to Kernel Mode and see if that's any better.