If you've ever tried to connect to your home server from outside your network, you've probably encountered at least one of a few obstacles, such as firewalls, double NAT, ISP restrictions, or any other wide range of issues. That's why Tailscale's new "Peer Relays" feature is a game-changer, and while it's currently in beta, it might improve your network's connectivity dramatically.
Peer Relays are a very simple concept: in essence, they allow devices within your Tailnet (so your private, encrypted Tailscale network) to act as high-throughput relays when direct connections aren't possible. Instead of relying on Tailscale's global DERP (Designated Encrypted Relay for Packets) infrastructure, which can sometimes add latency or throttle throughput, you can now use one of your own devices to relay traffic.
For self-hosters this may seem like a small change, and in a way, I guess it is, but it could have a huge impact on how fast and reliable your connections are to your self-hosted services. Plus, every user gets two for free.
Peer Relays are better than DERP
But they don't replace DERP
Tailscale already does an excellent job of connecting devices directly using WireGuard tunnels, automatically traversing NATs and firewalls whenever possible and even bypassing CGNAT as a result. But when it can't achieve a direct connection, it falls back to DERP servers. These globally distributed relays are secure and reliable, but because they route traffic through Tailscale's infrastructure, they can also introduce additional latency and bandwidth bottlenecks.
That's where Peer Relays come in. Instead of bouncing your data off of the nearest DERP node, Tailscale can now route it through a device in your own network, like your NAS, or even a VPS in the same region. This not only improves throughput and latency, but also helps keep more of your data flow within your own infrastructure. If you use Tailscale to access your home lab, this effectively means you can now build your own high-speed relay layer inside your Tailnet.
Now, when a device can't establish a direct connection, it first hecks whether any peer relays are available in the same Tailnet. If one is, it routes traffic through that relay using a specified UDP port, all while maintaining complete end-to-end encryption and WireGuard tunnel integrity. Only if no peer relays are available does Tailscale fall back to DERP servers, and crucially, these relays aren't replacing DERP, merely serving as a complement.
There are a few key places where a peer relay can be an extremely useful tool to have in your networking arsenal. For example, devices behind strict firewalls can benefit, as a peer relay in a more accessible network can act as a bridge to facilitate that connection. As well, file transfers can be a lot faster with lower latency, and that includes streaming from a Plex or Jellyfin server, which in turn reduces buffering.
How to configure your own Tailscale relay
It's just one command
If you like the sound of setting up your own relay server, all you need to do is set a relay server port when starting Tailscale (ensuring that you're using version 1.86 or newer), like so:
tailscale set --relay-server-port=40000
The above command will tell Tailscale to listen for relay traffic on UDP port 40000, and so long as the port is open and accessible, other devices will use it as a relay instead. However, you also need to define a grant policy (the successor to ACLs) allowing specific devices to use specific relays. For example:
{
"grants": [
{
"src": ["tag:us-east-vpc"], // Devices that can be accessed through the peer relay
"dst": ["tag:us-east-relays"], // Devices functioning as peer relays for the src devices
"app": {
"tailscale.com/cap/relay": [] // The relay capability doesn't require any parameters
}
}
]
} After that, you can type "tailscale status" and look for the "peer-relay" parameter to confirm that it's up and available.
It's a big deal for self-hosters
Free performance improvements
For anyone running their own self-hosted services, be it a Jellyfin server, a Home Assistant dashboard, or a remote Proxmox node, Tailscale Peer Relays are a huge quality-of-life improvement that are worth checking out. By bridging the gap between what's convenient and what gives you control, you can keep connections private with lower latency and better throughput.
This feature is still in beta, but if you already rely on Tailscale for your home lab or remote work setup, enabling Peer Relays is worth experimenting with. It might just become one of those features you can't imagine networking without. All users of Tailscale can have two Peer Relays for free, and it's definitely worth checking out.
Honestly, all of this is a win-win for both consumers and Tailscale. Not only do you control your data while also gaining more bandwidth (assuming your infrastructure can handle it), Tailscale also has to handle less of your data as a result of it.