I have a personal server I connect to through Tailscale whenever I’m not home, however I’ve found that whenever I’m connecting remotely connection speed drops drastically from 100MB/s to <3MB/s.
I expect there to be some speed loss when connecting over the internet compared to locally, but 3MB/s doesn’t make any sense especially considering that according to a python script I found that uses speedtest.net to test internet speed through a terminal, it reported 109Mbit/s download and and 76Mbit/s upload (~13MB/s; 9MB/s), which aren’t amazing but leagues beyond 2MB/s. Moreover I also did a quick test with a friend of mine briefly using port-forwarding and they reported the same speeds, which tells me it isn’t Tailscale slowing me down.
Is this just what happens when you connect over the internet? What trickery is afoot to allow me to download things from the interwebz using that sweet full 109Mbit/s bandwidth?
EDIT: tailscale status says the connection is direct
Enable bbr in Linux kernal. You will be amused how big of a difference that creates. Since its a home ISP line… I suspect there may be tiny tiny packet loss that drags speeds down with traditional cubic TCP conjection algorithm.
I’m not sure what the route looks like based on your post, so I’m not sure this is relevant, but the problem description is similar to what I have experienced with other VPN setups when MTU was too high on the VPN interface.
I found IPv6 is usually faster than IPv4. Which do you use to connect?
You haven’t mentioned what device and network you connect from. Mobile internet can be flakey.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters ISP Internet Service Provider NAT Network Address Translation VPN Virtual Private Network
[Thread #26 for this comm, first seen 25th Jun 2026, 05:10] [FAQ] [Full list] [Contact] [Source code]
Could be QOS or packet shaping going on at your ISP, or just throttling or congestion. Speed tests only really test for typical traffic patterns, so will give you a warped view: it certainly disagrees with your observed measurements. There are lots of factors that can affect how quickly traffic passes between two hosts on the internet, but domestic broadband is generally the worst of all worlds - you usually share bandwidth with other subscribers, and although the throughput can be quite good, the latency and error rate can be quite bad, and you can get fragmentation as frame sizes can differ between network segments, causing buffering especially when congestion is occurring. Your ISP might also have deprioritised your type of traffic, or they might be dropping packets, which causes retries, and thus slows your connection down.
I would make sure you have a full connection in tailscale, not a relayed one. That will kill your speed.
Also check packet loss, if you are losing lots, tailscale seems to suffer badly.
Re: trickery, some ISPs have done sneaky shit like prioritising speedtest sites, while throttling everything else.
some ISPs have done sneaky shit like prioritising speedtest sites, while throttling everything else.
Yes, and I really dislike that. In my estimation, https://speed.cloudflare.com/ gives you a more comprehensive snapshot. Sites like fast.com, or you ISP’s own speed test usually concentrate on download speed and don’t actually measure under load, along with other variables.
Fast is good because its hosted by Netflix, so isps can’t throttle Netflix without impacting fast.
The cloudflare one of new to me, thanks!
What are good ways to check for packet loss?
IDK if it’s the “best” way, but generally I just let
pingrun for a while and check the statistics at the end
The maximum internet speed you get is the speed of the slowest link in between your house, your ISP, any other network in the middle, and the ISP you are using to connect your remote device to the internet itself
On top of that, put tailscale. Assuming packets go directly between home and your remote device, then tailscale should not impact. But if the packets do go trough a tailscale server, like you have no public IP address at home, or CG-NAT, then that will be the bottleneck most probably.
Tailscale on itself isn’t a measurable overhead.
In general, for home network speed, consider your home UPLOAD speed (as that will the seen as “download” speed from outside) not the download speed, which is often many times faster.
Connecting to my N100-based box on my LAN is measurably (and noticeably) slower over tailscale than without. The encryption overhead is not nothing, and it can be meaningful depending on CPU hardware. (To be clear, not OP’s problem, just commenting on “Tailscale on itself isn’t a measurable overhead.”)
No, really, wireguard encryption overhead is negligible unless you have a really old CPU (like a Pentium100 or something).
Whatever slows down your N100 is not wireguard per se, probably some tailscale overhead going trough their servers.
I have a fairly dated rented server, with an Atom D510, 2 cores, which is 10 years old, and accessing it over wireguard or not, I can still max out the network bandwidth without any visible CPU overhead.
You already ruled out Tailscale and the internal network and potentially the route taken to each your router. Does your router run any services that perform IDS/IPS maybe? Any sort of packet filtering on the external interface?
first off, you will not get your full 109Mb as thats into your house. You should see something close to the 76Mb, as that is out of your house.
How did you test your external speed to your house and to your friends house?
If that was from your phone/laptop, that could be your phone provider capping you
I did expect the connection to not be as fast, was just kind of suspicious since the one I was getting was so incredibly low. My friend was connected on a desktop, through 4G/LTE, they did mention they have a 100Mbit/s down speed limit, which still doesn’t line up. My own server is plugged into street fiber-optic, but I can try testing it with another friend that has a more reliable connection too. If I do that I’ll get back with the results
deleted by creator
There can be multiple things at play but one thought it’s you may be hardware constrained. This is not limited to just your server but also how you are connecting. If you are using a budget cell phone with a bunch of things installed and running it will get slower. If you use a bunch of social media apps disable them before starting a test so they are not running in the background or eating into your connection.
Another is it sounds like you are using your Tailscale connection to then reach out through your regular connection to a speedtest. So you’re using the same connection with multiple data streams at the same time. You will be limited to your slowest speed when sending data to or from a server through you tailscale connection to the internet so give up on that 109Mb/s. You also have to take into account what your connecting devices speed is, if you are on cellular with an 18Mb/s connection that is your top speed.
Finally instead of running a speed test to the internet, spin up an instance of openspeedtest on a computer that is not hosting your tailscale connection and test to there. When you are starting to setup a homelab it can be useful to have an in house speedtest anyway.
Connecting remotely to your home devices is dependent on your home internet connection’s upload speed, which is usually a fraction of the download speed.
Then add the overhead of the VPN (Tailscale) and how direct of a connection it’s able to make.
Then the connection of the device you’re testing from - it may have some bandwidth limitations.
I just did a quick test - copy a specific file from a local server to my phone - just enabling Tailscale made that copy take twice as long, so it’s definitely adding significant bandwidth constraints (could be an Android limitation).
Tailscale, which is wireguard is pretty lightweight protocol wise, so the overhead is usually not significant in my experience.
However, some devices don’t accelerate the crypto well, which can dramatically reduce speeds. My pi4 definitely struggles with it.
At 3mb/s, I would question if OP is getting relay’d, or possibly hitting some pretty bad packet loss.
I would suspect he’s getting relayed, and I suspect I was too for my test.
Run
tailscale pingif it’s using a DERP relay that means you’d get abysmal speed and bandwidth. Usually this is because the NAT can’t be punched through. Try opening proper ports and/or configure a peer relayApologies for the lack of detail but I want to make sure you know about the tool traceroute. The speed at which you connect depends on every node between your remote location and home, plus there will be some overhead with whatever vpn is involved.
Trace route measures latency, which is not directly correlated with speed.
I have a tailscale node that is 200ms away from me, but I can still hit solid speeds to it.
Yeah (fully agree) but it would point out each of the hops the user goes through before reaching home, yes? I’m just trying to help visualize where all the bottlenecks could be
I’ll check it out, thanks!
How are you running tailscale at home? Docker? Or natively?
Natively
Are you using any other networking sw?
none that I’m aware of
Do you use tailscale as an exit node? What device are you using to access the home network when you are away? What are your speeds on that device without tailscale (but still away)?
Or did you mean that the speed drop happens for the server, not for the connected device? So when you are connected through tailscale the server would be unable to e.g. download anything fast?
