Topology : 1 LAN network behind a Flint 2 MT6000 router (running 4.7.4).
Tests : From phone (using 5G), and the official Tailscale App
Issue : When testing connection from my phone, I easily get a direct connection to the Flint 2.
For all devices behind the router, I end up showing relayed (through one of the public DERP servers). This seems to be the case whether the client is Linux or Windows based.
Things I've tried :
I enabled "Allow Remote Access LAN". While this allowed me to access internal IPs, it didn't solve the Direct Connection issue when using Tailscale IPs.
In System -> Security, I opened port 41641 UDP. This made no difference.
Next I logged in via LuCI and downloaded a Universal Plug & Play plugin.
Within it I enabled the NAT-PMP and UPnP services. Although the default Allow High Ports option included port 41641, I added an additional rule at the top to ensure it was permitted.
I got a direct connection for a few seconds to a Windows client behind the router.
Tried a linux client behind the router, relayed. Deleted the new UPnP rule it had automatically created and tried again. Was not able to Direct connect to any of the devices behind the router 
From this point onwards I attempted a few more changes - restarting the UPnP service, disabling Tailscale on the router itself etc, but I didn't get anywhere.
I can still connect to devices behind the router - but they are always relayed.
The router itself shows direct connection every time, and I have no problems accessing the web interface via my cell, as expected.
Is there a setting I have missed that will allow me to establish a Direct Connection between outside networks, and devices behind the router? The idea of trying Tailscale is not to have opened ports. But I wish to be able to stream from my media server when travelling...
TIA