--- title: "How to Use Mullvad & Tailscale Simultaneously on Linux Using iproute2" draft: false date: 2025-12-29 tags: - Mullvad - Tailscale - Linux --- This guide will show you two different methods, one temporary, one permanant, on how to set up your VPN to work with Tailscale simultaneously on Linux. These steps below work as of January 2026. All commands listed in this guide will be ran as root, and this guide assumess that your Mullvad VPN interface is `wg0-mullvad` and your Tailscale interface is `tailscale0`. **NOTE:** I've only tested this with Mullvad VPN on Arch Linux, so if your setup differs, your mileage may vary. **WARNING:** If you use ***Mullvad's DNS*** with Mullvad, make sure to also follow the [Mullvad DNS Routing](#mullvad-dns-routing) part of the guide. ## Installation Make sure the `iproute2` package (ip command) is installed. ## Temporary Setup To route all Tailscale traffic to the proper interface, run the command: `ip route add 100.64.0.0/10 dev tailscale0` Breaking down the command: `ip route add`: Command to add routes to the database. `100.64.0.0/10`: CIDR/IP whos route we want to change. `dev tailscale0`: Device we want the traffic routed to. If you have subnet routers setup on Tailscale you need to access, make sure to check out the [Subnet Routers](#subnet-routers) section. ## Permanant Setup All routes configured under iproutes2 have only been made temporary so far and will be wiped on reboot, to opt for a more persistent setup, extra configuration will be needed. ### With SystemD Wiith your text editor, open: `/etc/systemd/system/tailscale-mullvad.service` place the following config inside the file, save it, making any changes as necessary. ```ini [Unit] Description=Mullvad-Tailscale Routing (shadeouts.net) [Service] Type=oneshot ExecStart=/sbin/ip route add 100.64.0.0/10 dev tailscale0 # If you have a subnet router (see Subnet Routers): # ExecStart=/sbin/ip route add dev tailscale0 RemainAfterExit=yes [Install] WantedBy=multi-user.target ``` Then enable the service: ```bash systemctl daemon-reload systemctl enable tailscale-mullvad.service ``` ### With Dinit 👑 With your text editor, open: `/etc/dinit.d/tailscale-mullvad` place the following config inside the file, save it, making any changes as necessary. ```ini type = scripted command = /sbin/ip route add 100.64.0.0/10 dev tailscale0 # Subnets: command = /sbin/ip route add dev tailscale0 after = login.target ``` Then enable the service: ```bash dinitctl enable tailscale-mullvad ``` ## Subnet Routers If you've configured subnets in Tailscale that you need to access, run the command: `ip route add dev tailscale0` replacing \ with the range you've setup within Tailscale. For example: `ip route add 192.168.0.0/24 dev tailscale0` **NOTE:** If you've opted to set up these routes permanantly, make sure to make any edits necessary in the system service files. ## Mullvad DNS Routing Since Mullvad uses the `100.64.0.0/24` CIDR for its DNS, we'll have to route these IPs to the `wg0-mullvad` interface. The simplest way to to this is: `ip route add 100.64.0.0/24 dev wg0-mullvad` but may conflict with some of your Tailscale devices within this range. To counter this, you can either (i) change the IPs of your devices in Tailscale to IPs outside of this range, or (ii) route just the IP used by Mullvad for its DNS services. If you chose the ladder, setup is as follows: ```bash cat /etc/resolv.conf # With the IP listed after nameserver, add it to the section of the command below # Example: ip route add 100.64.0.7 dev wg0-mullvad ip route add dev wg0-mullvad ``` **NOTE:** If you change any of the toggles in Mullvad's DNS menu, the IP listed in this file willl change and you'll have to configure it again.