I've been trying to work out how Tailscale networking is used but it's tricky to find documentation around this.

We've got our own Tailscale network which allows the coder workspaces to reach the coder server but find that coder is doing its own tailscale thing in the background when reviewing logs which raises some security concerns and potentially causing connection issues for us.

What options should be specified both at coderd and coder agent to stop any sort of tailscale tunnel and force direct?

Or am I completely missing the point of all the Tailscale action I'm seeing?

I can see coder embedded relay is active but web terminal and web coder server doesn't seem to work and just wondering if this is related. coder CLI port forward and ssh commands work fine.