This is a fairly common scenario and one that we had in mind when building the NAT traversal implementation. The short answer is that you wouldn't need to sign out of Firezone when in the office -- the connection should hairpin off the nearest common router and go directly to the SMB share in this case.
redrove|1 year ago
Tailscale fails at this and I consider it fairly basic networking.
jamilbk|1 year ago
https://github.com/firezone/firezone/issues/3553
We didn't invent these techniques. Host candidates are part of standard ICE:
https://datatracker.ietf.org/doc/html/rfc8445#section-5.1.1....