Inconsistent NAT behavior between local and external connections

Remote network shows MappingVariesByDestIP=false (non-restrictive NAT) but still requires DERP for home PC connections, while Oracle cloud instance achieves direct connections. This suggests different NAT handling for different external hosts despite netcheck indicating non-restrictive NAT locally.

Compare the network path characteristics between working (Oracle) and non-working (home PC) connections using 'tailscale netcheck'. Investigate whether home router has application-layer gateways (ALG) or stateful packet inspection interfering with UDP hole punching. Check if Oracle instance has explicit firewall rules (Security List entries) that home PCs lack. Test if adding explicit inbound/outbound rules on home router resolves the issue.