For months I was stuck with terrible performance when streaming my gaming desktop remotely with Moonlight + Apollo over Tailscale. No matter what settings I changed, the bitrate would never rise above ~5 Mbps. With a 1 Gbps symmetrical home connection, this didn’t make sense. Until I dug into what was really happening.
The Problem: DERP Relays
Tailscale works by creating a peer-to-peer mesh VPN between your devices. It first tries to connect directly using UDP hole punching. If that fails (due to NAT, firewall, or ISP limitations), it falls back to DERP relays.
DERP relays are reliable but not fast. They’re essentially forwarding your packets through a relay node, which usually caps out around 5–10 Mbps. That’s why my Moonlight stream was stuck in the mud.
When I checked my connection with:
tailscale statusI saw this:
100.65.79.35 docker-local active; relay "mia", tx 943952 rx 31748592That relay "mia" line was the smoking gun.
The Fix: Direct Connections
The key to unlocking full Moonlight performance is making sure your Tailscale connection is direct, not relayed.
You can check this with:
tailscale netcheckor look at the tailscale status output. You want to see something like:
100.65.79.35 docker-local active; direct 99.153.39.42:41641Notice direct ...:41641 instead of relay. That means you’re connected peer-to-peer over UDP.
How to Force Direct Connections (Port Forwarding)
In my case, the solution was opening the right port on my OPNsense firewall at home. Tailscale uses UDP port 41641 by default. If that port is blocked, it can’t establish a direct path.
OPNsense Port Forward Rule
- Interface: WAN
- Protocol: UDP
- Destination: WAN Address
- Destination Port Range: 41641–41641
- Redirect Target IP: (LAN IP of your Tailscale host, e.g., 192.168.1.50)
- Redirect Target Port: 41641
- Filter Rule Association: Add associated filter rule
After saving and applying, I restarted Tailscale and saw my connection switch to direct. The 5 Mbps ceiling disappeared instantly.
Tuning Moonlight & Apollo
Once you’re on a direct path, Moonlight isn’t limited by Tailscale anymore. It’s limited only by your encoder, network, and client.
Recommended starting settings:
- Bitrate: 20–30 Mbps (scale up to 50–80 Mbps if stable)
- Resolution: 1080p (try 1440p or 4K if your GPU can encode it)
- FPS: 60 (120 if your display and GPU can handle it)
- Encoder: NVENC (NVIDIA) or QuickSync (Intel)
- Enable HEVC (H.265) for better quality at lower bitrates if your client supports it
Lessons Learned
- If Moonlight over Tailscale is stuck at ~5 Mbps, you’re almost certainly on a DERP relay.
- Use
tailscale statusortailscale netcheckto confirm. - Open UDP 41641 on your firewall and forward it to your host to allow direct connections.
- Once direct, Moonlight will happily use tens or even hundreds of Mbps.
Now I can stream my desktop at 60 Mbps, 1080p, 60 FPS with near-zero latency, a night and day compared to the relay bottleneck.
Final Thoughts
Tailscale makes secure remote networking dead simple, but performance can tank if you don’t notice you’re stuck on DERP. Pairing it with Moonlight/Apollo for remote game streaming is fantastic once you open the right ports.
If you’ve been banging your head against the 5 Mbps ceiling, check your tailscale status. The fix might just be a single port forward away.