Peer relay requires UDP port forwarding for public reachability

Tailscale Peer Relays must be publicly reachable to accept connections from other nodes. This requires forwarding a UDP port from the router's public IP to the relay node. Without proper port forwarding, the relay cannot function and clients will fall back to DERP. The relay only accepts authenticated connections from nodes in the tailnet.

After running `tailscale set --relay-server-port=<port>` on the relay node, configure UDP port forwarding on the router to direct traffic from the public IP to the relay node's internal IP on the specified port. Verify public reachability using `tailscale ping` from remote clients - successful peer relay connections will show `via peer-relay(<ip>:<port>:vni:<id>)`. For complex network setups, use `--relay-server-static-endpoints` to explicitly specify advertised IP:port combinations.