I thought it was Tailscale that always selects which IP to use as endpoint for other devices, and set that up for Wireguard? If I'm wrong, could I replicate that behavior (using relay on WAN, direct connection on LAN) with Wireguard without external configuration tools?
Hmm, yes, I think you’re right. Tailscale does handle the connection here, not Wireguard.
I’ve digged into it a bit and I believe it first connects over a relay, then the devices try to find a more optimal route. So for LAN, they would exchange their local IPs and try to connect over those. If they are indeed on the same LAN, they connect directly: https://tailscale.com/kb/1257/connection-types
