Hard NAT on both sides forces DERP relay connection degrading performance

When both devices in a Tailscale connection are behind hard NAT configurations (restrictive NAT with complex port allocation, disabled port mapping protocols like UPnP/PCP/NAT-PMP, or short idle timeouts), direct peer-to-peer connections fail and traffic must relay through DERP servers, reducing performance.

Run 'tailscale netcheck' on both devices to confirm hard NAT. Check if MappingVariesByDestIP is true and PortMapping is false. If possible, enable UPnP, PCP, or NAT-PMP on network devices. Otherwise, deploy a Tailscale Peer Relay server in your infrastructure for better relay performance than public DERP servers.