I did not intuitively understand what Tailscale does, so I visited the following related page:
https://tailscale.com/blog/how-tailscale-works
Ah! OK, now I get it! :-)
But, what found particularly interesting on that page was the following:
>" Some especially cruel networks block UDP entirely
, or are otherwise so strict that they simply cannot be traversed using STUN and ICE. For those situations, Tailscale provides a network of so-called DERP (Designated Encrypted Relay for Packets) servers. These fill the same role as TURN servers in the ICE standard, except they use HTTPS streams and WireGuard keys instead of the obsolete TURN recommendations."
DERP seems like one interesting solution (there may be others!) to UDP blockages...
Yup, really in very simple terms they just give you a public-key discovery/exchange server for your wireguard connected devices. Really wouldn't be that hard to create from scratch, wireguard does the heavy lifting.
Would encourage anyone to go look at the wireguard source code, it's amazingly concise and easy to read.
But they do seem to contribute and open source a lot to the community which I am grateful for.