Tailscale and Mullvad on Nix
Some time ago, Tailscale introduced a service which would allow their users to set Mullvad VPN as their exit nodes, which effectively enabled them to use Tailscale and Mullvad VPN concurrently. Allowing for convenient access to your tailscale services, while allowing for VPN access to use Netflix or whatever from a different countries.
I've been using Tailscale for a few years now, and the service is more than amazing. It's magic. I've come to rely on it for easy access to my Homelab, and to do remote management of my server. I have also started using Mullvad recently, but I wasn't forward thinking enough to just get the Mullvad exit-node subscription through Tailscale, so I bought a separate Mullvad subscription. Later I found out that a pre-existing Mullvad subscription can't be converted to the tailscale exit-node subscription. So I set out on figuring out how to be able to use both concurrently, and avoid having to turn off my VPN whenever I want to access my servers.
The solution was actually very simple, and there was a great article
about it on Mullvad's website already. The only question was, is how to
configure this in NixOS. In the end I ended up struggling with getting
it to work for an hour or so, but not due to the configuration being
complicated. It just only took effect after a reboot, not just a
rebuild switch. The configuration is basically exactly as described in
the article, and work flawlessly for me now:
networking = {
nftables = {
enable = true;
ruleset = ''
define EXCLUDED_IPS = {
100.117.232.92,
100.64.0.0/10,
}
table inet excludeTraffic {
chain excludeOutgoing {
type route hook output priority 0; policy accept;
ip daddr $EXCLUDED_IPS ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
}
'';
};