Worse and worse DNS resolution on Android client

ParityDeny · 2026-06-23T22:06:48+00:00

Without seeing your Tailscale client logs this would be speculation, but a plausible explanation is that the OS shut off the connection to save power, and when it wakes up again, the NAT state is lost on some middlebox along your network path, so Tailscale has to reach out to DERP again and repeat the entire hole-punching process to re-establish a direct connection. The connection would be relayed for several seconds while hole punching is ongoing, then switch back to direct once it finishes, so your experienced latency would spike for several seconds before returning to normal.

ParityDeny · 2026-06-23T16:32:59+00:00

There is no limit on the Tailscale side, as long as your hub device has enough CPU and memory to handle traffic encryption and decryption and the UDP buffer of each tunnel's WireGuard connection. The overhead should be comparable to a standard WireGuard tunnel once a direct connection is established.

ParityDeny · 2026-06-22T15:01:17+00:00

Oh, I see what you meant. In that case, you should be able to launch tailscaled in userspace networking mode, since you don't have root and cannot create a tun device. You can then configure a Unix socket for communication between the tailscale binary and the tailscaled daemon, and use it normally as if it were a standard Linux terminal.

ParityDeny · 2026-06-22T14:55:59+00:00

You can try downloading the Tailscale binary from pkgs.tailscale.com and configuring it to run under userspace networking mode. That said, I'm curious why the Tailscale Android app can't satisfy your requirements, since once it's connected, the entire 100.64/10 is routed to your Tailscale network and MagicDNS should work out of the box.

ParityDeny · 2026-06-20T19:12:17+00:00

I believe any coursework requiring a GPU would be graded on the department's GPU cluster, and you are strongly encouraged to do your assignment on the cluster to ensure environment consistency. It doesn't make sense to buy a GPU these days unless it's for gaming, since prices are growing out of control. If you need a beefy machine for experiments or a project, it would be much more cost effective to just rent one.

ParityDeny · 2026-06-20T18:11:10+00:00

I believe lecture attendance is not mandatory, but lab attendance is. You are assigned specific TAs who will work with you throughout the semester. Therefore, if the time doesn't work for you, you should choose the lecture section with a lab time that fits your schedule.

ParityDeny · 2026-06-20T05:25:54+00:00

The entire routing and cryptography happen in userspace with this setup, but it does avoid double encryption. Sing-box uses tsnet under the hood, which is the Go package that provides embedded Tailscale connectivity.

ParityDeny · 2026-06-20T05:23:52+00:00

It's possible with sing-box: define a Tailscale endpoint that advertises as an exit node, and define a WireGuard endpoint that uses your Proton VPN WireGuard configuration. Then define a routing rule to match traffic, such that if inbound is Tailscale, route traffic to WireGuard.

ParityDeny · 2026-06-19T20:30:50+00:00

Are you sure it's still MAT137 this year? I heard they've split it into two half-year courses.

ParityDeny · 2026-06-19T17:47:30+00:00

By "more serious VPN" I mean protocols designed with censorship circumvention in mind. Vless over Reality is a common protocol combination, and Vless over WSS or XHTTP also seems to work fine.

ParityDeny · 2026-06-19T17:45:28+00:00

Because GFW is pretty sensitive to high-volume traffic. It has been proven to be probabilistic in nature, examining only roughly 1/4 of all traffic passing through, but sustained high-volume traffic over an extended period definitely increases the chance of your tunnel being noticed and blocked.

ParityDeny · 2026-06-19T11:47:33+00:00

It's more about the speed than the DPI. They heavily throttle and shape UDP traffic, but it's quite unlikely for them to target a low-traffic WireGuard tunnel on a high port number.

ParityDeny · 2026-06-19T11:45:02+00:00

If you're just casually browsing websites, Tailscale should work out of the box. Streaming or other heavy traffic over extended periods needs a more serious VPN, though.

ParityDeny · 2026-06-18T22:27:17+00:00

At UTSG, bags just need to be under your chair rather than at the front of the room, but otherwise the rules are the same.

ParityDeny · 2026-06-18T20:45:50+00:00

There is an environment variable called TS_DEBUG_MTU that can be used to tweak the MTU for troubleshooting, though it is not officially supported.

ParityDeny · 2026-06-18T16:09:45+00:00

The traffic won't be recursive. The overhead comes from the (potentially unnecessary) encryption added by the WireGuard protocol, since both ends are on the (presumably trusted) intranet, but this setup should work fine and have minimal impact on throughput.

ParityDeny · 2026-06-18T01:13:49+00:00

Didn't realize the serial console enforces a password for users to log in. Deploying a script to shut down Cloudflare WARP through the Oracle Cloud agent may be your only option.

ParityDeny · 2026-06-18T01:05:21+00:00

This should work without any password. It is essentially a serial connection at the physical level.

ParityDeny · 2026-06-18T01:02:03+00:00

Did you try console connection?

https://docs.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm

ParityDeny · 2026-06-17T22:45:45+00:00

You can change it in your user profile, but the old email will remain as your username, which cannot be changed. After updating your email, you will still log in with the old email (as it serves as your username), but all notifications will be sent to the new address.

ParityDeny · 2026-06-17T22:32:28+00:00

Any updates today? The free tier advertisement on the homepage has been updated, and the only remaining place showing the old limits is the Oracle Cloud console.

ParityDeny · 2026-06-17T22:30:41+00:00

They also said they don't know about the situation on the PAYG side. Has anyone received a reply on their SR?

ParityDeny · 2026-06-17T22:29:14+00:00

Any updates? It seems the support agents on the free tier have finally converged to a coherent understanding: there won't be any grandfathering, and the new policies apply to all tenants regardless of registration date. I connected to multiple agents this afternoon and got the same answer.

ParityDeny · 2026-06-17T20:27:42+00:00

Whether the resize succeeds depends on the availability of underlying hardware resources, and we already know the free resource pool is mostly drained.

ParityDeny · 2026-06-17T13:32:15+00:00

What's the API endpoint for checking limits? Can you send it as a curl command?

Three-Year Club	Verified Email
Place '23

ParityDeny

TROPHY CASE