You already ruled out Tailscale and the internal network and potentially the route taken to each your router. Does your router run any services that perform IDS/IPS maybe? Any sort of packet filtering on the external interface?
this post was submitted on 24 Jun 2026
17 points (100.0% liked)
Selfhosted
60091 readers
1309 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam.
-
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
-
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
-
Submission headline should match the article title.
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
The maximum internet speed you get is the speed of the slowest link in between your house, your ISP, any other network in the middle, and the ISP you are using to connect your remote device to the internet itself
On top of that, put tailscale. Assuming packets go directly between home and your remote device, then tailscale should not impact. But if the packets do go trough a tailscale server, like you have no public IP address at home, or CG-NAT, then that will be the bottleneck most probably.
Tailscale on itself isn't a measurable overhead.
In general, for home network speed, consider your home UPLOAD speed (as that will the seen as "download" speed from outside) not the download speed, which is often many times faster.
Connecting to my N100-based box on my LAN is measurably (and noticeably) slower over tailscale than without. The encryption overhead is not nothing, and it can be meaningful depending on CPU hardware. (To be clear, not OP's problem, just commenting on "Tailscale on itself isn’t a measurable overhead.")
No, really, wireguard encryption overhead is negligible unless you have a really old CPU (like a Pentium100 or something).
Whatever slows down your N100 is not wireguard per se, probably some tailscale overhead going trough their servers.
I have a fairly dated rented server, with an Atom D510, 2 cores, which is 10 years old, and accessing it over wireguard or not, I can still max out the network bandwidth without any visible CPU overhead.
I would make sure you have a full connection in tailscale, not a relayed one. That will kill your speed.
Also check packet loss, if you are losing lots, tailscale seems to suffer badly.
Re: trickery, some ISPs have done sneaky shit like prioritising speedtest sites, while throttling everything else.
What are good ways to check for packet loss?
some ISPs have done sneaky shit like prioritising speedtest sites, while throttling everything else.
Yes, and I really dislike that. In my estimation, https://speed.cloudflare.com/ gives you a more comprehensive snapshot. Sites like fast.com, or you ISP's own speed test usually concentrate on download speed and don't actually measure under load, along with other variables.
There can be multiple things at play but one thought it's you may be hardware constrained. This is not limited to just your server but also how you are connecting. If you are using a budget cell phone with a bunch of things installed and running it will get slower. If you use a bunch of social media apps disable them before starting a test so they are not running in the background or eating into your connection.
Another is it sounds like you are using your Tailscale connection to then reach out through your regular connection to a speedtest. So you're using the same connection with multiple data streams at the same time. You will be limited to your slowest speed when sending data to or from a server through you tailscale connection to the internet so give up on that 109Mb/s. You also have to take into account what your connecting devices speed is, if you are on cellular with an 18Mb/s connection that is your top speed.
Finally instead of running a speed test to the internet, spin up an instance of openspeedtest on a computer that is not hosting your tailscale connection and test to there. When you are starting to setup a homelab it can be useful to have an in house speedtest anyway.
first off, you will not get your full 109Mb as thats into your house. You should see something close to the 76Mb, as that is out of your house.
How did you test your external speed to your house and to your friends house?
If that was from your phone/laptop, that could be your phone provider capping you
I did expect the connection to not be as fast, was just kind of suspicious since the one I was getting was so incredibly low. My friend was connected on a desktop, through 4G/LTE, they did mention they have a 100Mbit/s down speed limit, which still doesn't line up. My own server is plugged into street fiber-optic, but I can try testing it with another friend that has a more reliable connection too. If I do that I'll get back with the results
Connecting remotely to your home devices is dependent on your home internet connection's upload speed, which is usually a fraction of the download speed.
Then add the overhead of the VPN (Tailscale) and how dirext of a connection it's able to make.
Then the connection of the device you're testing from - it may have some bandwidth limitations.
I just did a quick test - copy a specific file from a local server to my phone - just enabling Tailscale made that copy take twice as long, so it's definitely adding significant bandwidth constraints (could be an Android limitation).
Tailscale, which is wireguard is pretty lightweight protocol wise, so the overhead is usually not significant in my experience.
However, some devices don't accelerate the crypto well, which can dramatically reduce speeds. My pi4 definitely struggles with it.
At 3mb/s, I would question if OP is getting relay'd, or possibly hitting some pretty bad packet loss.
I would suspect he's getting relayed, and I suspect I was too for my test.
Apologies for the lack of detail but I want to make sure you know about the tool traceroute. The speed at which you connect depends on every node between your remote location and home, plus there will be some overhead with whatever vpn is involved.
Trace route measures latency, which is not directly correlated with speed.
I have a tailscale node that is 200ms away from me, but I can still hit solid speeds to it.
Yeah (fully agree) but it would point out each of the hops the user goes through before reaching home, yes? I'm just trying to help visualize where all the bottlenecks could be
Run tailscale ping if it's using a DERP relay that means you'd get abysmal speed and bandwidth. Usually this is because the NAT can't be punched through. Try opening proper ports and/or configure a peer relay
You're connecting through a proxy. Don't do that if you care about speed.
How are you running tailscale at home? Docker? Or natively?
Natively
Are you using any other networking sw?