Hmm got it not sure I entirely understand. The issue I have is I’m trying to connect two devices where one is behind a hard CGNAT that always causes the connection to be relayed even though the other one is not behind a cgnat with proper port forwarding. Would a peer relay solve this but is it like a DERP where I have to host it on a VPS separate from my existing two networks or is this something different where I can host the peer relay on the same network not behind a CGNAT and somehow it will link the two networks through it?

What happens if your peer relay device is behind CGNAT/SymNat?

Also, offtopic question: is Tailscale named after the idea of UDP packets “tailgating” a connection?

> every DERP server used by your tailnet must be accessible by every node on your tailnet at all times, otherwise you get hard-to-debug netsplits.

What would allow a given pair of nodes access a peer relay? Isn’t the peer relay by default also accessible by every node on the tailnet since it’s in the tailnet as well?