Windows Kills SMB Speeds When Using Tailscale

This is framed as a problem with windows, when it’s clearly a problem with tailscale misreporting its capabilities to the OS. If I have a 100gbit and a 1gbit interface, it’s perfectly reasonable for the OS to auto assign route metrics to prefer the much faster interface.

This is the OS working as designed, switching to Linux won’t help. Tailscale needs to do a better job reporting link characteristics.

This isn't a Windows problem. The OP would experience the same problem on Linux. I've run into this with SRs. I believe I may have even opened an issue with Tailscale to detect when a client is local to an exit and/or provide more fine grained route ingestion depending on where the client is with respect to the SR.

But... Again, not a Windows problem. It is easy to fix by just advertising a longer route. But that implies you won't clobber other things. By default a more specific route will be chosen so a longer route advertised on the TS interface won't be selected.

So, a virtual adapter advertises 100Gbps link speed, but is not capable of delivering that and the takeaway is "Windows kills..." ?

How do other OSes handle the situation of having two interfaces with identical routes to a given destination ?

I don't see a better solution than using link speed, but I haven't thought about it too deeply.

I feel like this whole thing buries the lede a bit.

Yes, turns out running overlay/VPN type things disrupts traffic patterns. This is a non-story.

But we're talking about using wireguard on a local network, so the actual interesting question is: why does it cause the performance to plummet? Is it an implementation issue or something more fundamental?

I expect some performance impact. I don't expect a three orders of magnitude impact (which is what 355 KB/s imputes).

Thanks to the author for this!

What oddly coincidental timing ... I finished setup of Tailscale just yesterday and ran into this exact issue when testing it. I didn't think too much of it and blamed the USB connection I'm using to connect my external drive.

It was nice to see PowerShell could change the interface metric when the adapter GUI refused due to the empty IP field. I bet that check has been there since the 90s.

It makes me a little happy when a new CLI is able to do something the old GUI cannot!

I have my desktop PC connected to my TrueNAS box via both regular 1GbE via switch and a direct 10GbE link. I experienced similar issues where sometimes Windows would pick the sub-optimal interface.

I decided to brute force it, by editing my hosts file on Windows and adding a custom entry for the static IP assigned to the 10GbE adapter in TrueNAS. So if my NAS was named "mynas" I'd add a "mynas10" entry in hosts file.

If Tailscale is being used for remote access to the author's LAN, why is it running on a desktop that's always physically connected to the LAN? I have a similar setup for remote access but using Wireguard instead; my main router (pfSense VM running on Proxmox like the author's thing) handles the tunnels and routing for the remote subnet(s), and it all Just Works. Only the devices that actually get used remotely need to be set up as Wireguard peers, and they're configured to disconnect from the tunnel when they're on my home wifi. IIUC Wireguard automatically does the setup/teardown of routes on those peers when it's toggled on/off.

Does this also happen in Zerotier?

Don't take me wrong, I think tailscale is absolutely great, I'm just interested in trying Zerotier for a while since it has integration with OPNSense (in the GUI, I know tailscale works fine if you install the package and configure it manually).

Ah, non-transparent middlebox trouble.

I don’t think this is exclusive to Windows. SMB is a crappy service for anything outside local LAN. I am not too familiar with Tailscale but from what I understand, it’s basically akin to a VPN.

I’ve been curious as to why SMB seems to get little attention, and NFS even less. I had to go through hoops to even get NFS working at all on Windows.

I treated myself to 10GbE a while ago, and it feels like the protocol side of this is something that just gets overlooked. Unclear why. Maybe people just assume once it works, it works?