(Tailscale co-founder) I'm with you on this! The NAT problem drives me nuts. That's one of the core concepts behind tailscale. Unfortunately I don't think the "open source NAT traversal as a library" idea will work; it's been tried before, but NAT is just so fiddly that the library invariably "doesn't quite work" in some weird condition and the app developer is left trying to debug NATs, which they don't know how to do.
With Tailscale we want to take full responsibility for connectivity, so that app developers can work on apps that just assume the connectivity+security is there, and users can complain to us instead of them when their computers won't connect. At least, that's the dream. How best to package that up, I'm not quite sure.
Regarding DERP, the server code is open source: https://github.com/tailscale/tailscale/tree/master/cmd/derpe... and if you look closely, you can see that DERP servers are fully anonymous (pseudonymous?) and will route traffic between any two DERP connections based on their public keys. We rate limit traffic to keep costs under control, and we'll let paying customers boost their speeds, but we intend to always let our DERP network be usable at "reasonable throughput" for free. And since the code is open source, you can write your own tools that do it.
Does tailscale work in China? Does DERP penetrate the great firewall? How does tailscale protect / work against nation state actors? Are you incorporated in the US? How does Tailscale help against wide-reaching legislation like EARN IT?
With Tailscale we want to take full responsibility for connectivity, so that app developers can work on apps that just assume the connectivity+security is there, and users can complain to us instead of them when their computers won't connect. At least, that's the dream. How best to package that up, I'm not quite sure.
Regarding DERP, the server code is open source: https://github.com/tailscale/tailscale/tree/master/cmd/derpe... and if you look closely, you can see that DERP servers are fully anonymous (pseudonymous?) and will route traffic between any two DERP connections based on their public keys. We rate limit traffic to keep costs under control, and we'll let paying customers boost their speeds, but we intend to always let our DERP network be usable at "reasonable throughput" for free. And since the code is open source, you can write your own tools that do it.
Lots of things to work on. Hope this helps!