[Bug]: macOS Screen Sharing "High Performance" mode fails over sing-box Tailscale endpoint (Direct connection established)

[chuangbo]

Operating system

macOS

System version

26.5

Installation type

sing-box for macOS Graphical Client

If you are using a graphical client, please provide the version of the client.

1.14.0-alpha.25

Version

Description

When using sing-box with the Tailscale endpoint, macOS Screen Sharing cannot initiate "High Performance" mode between two remote Macs while "Standard" mode works.

However, using the official Tailscale client under the exact same network environment allows "High Performance" mode to function perfectly.

Troubleshooting

To rule out performance and connection state bottlenecks, the following tests were conducted:

1. NAT Traversal: Both official Tailscale and sing-box successfully established direct connections (p2p). No DERP relaying was involved.
2. Throughput Test: iperf3 (both TCP and UDP) shows identical performance and bandwidth between the official client and sing-box. Speed or packet loss is not the bottleneck.

Reproduction

1. two Macs located on different networks (across the WAN).
2. configure sing-box on both Macs using the Tailscale endpoint configuration. Ensure a direct connection (STUN/hole-punching successful, no DERP relay).
3. Launch the Screen Sharing app, try to select "High Performance" mode in the settings.

Logs

No suspicious logs found at TRACE level.

Supporter

• I am a sponsor

Integrity requirements

• I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.