phantom
c2fb9d0c1e
3.8 KiB
title, draft, date, tags
| title | draft | date | tags | |||
|---|---|---|---|---|---|---|
| How to Use Mullvad & Tailscale Simultaneously on Linux Using iproute2 | false | 2025-12-29 |
|
This guide will show you two different methods, one temporary, one permanant, on how to set up your VPN to work with Tailscale simultaneously on Linux. This steps below work as of January 1st 2026.
All commands listed in this guide will be ran as root, and this guide assumess that your Mullvad VPN interface is wg0-mullvad and your Tailscale interface is tailscale0.
NOTE: I've only tested this with Mullvad VPN on Arch Linux, so if your setup differs, your mileage may vary.
WARNING: If you use Mullvad's DNS with Mullvad, make sure to also follow the Mullvad DNS Routing part of the guide.
Installation
Make sure the iproute2 package (ip command) is installed.
Temporary Setup
To route all Tailscale traffic to the proper interface, run the command:
ip route add 100.64.0.0/10 dev tailscale0
Breaking down the command:
ip route add: Command to add routes to the database.
100.64.0.0/10: CIDR/IP whos route we want to change.
dev tailscale0: Device we want the traffic routed to.
If you have subnet routers setup on Tailscale you need to access, make sure to check out the Subnet Routers section.
Permanant Setup
All routes configured under iproutes2 have only been made temporary so far and will be wiped on reboot, to opt for a more persistent setup, extra configuration will be needed.
With SystemD
Wiith your text editor, open:
/etc/systemd/system/tailscale-mullvad.service
place the following config inside the file, save it, making any changes as necessary.
[Unit]
Description=Mullvad-Tailscale Routing (shadeouts.net)
[Service]
Type=oneshot
ExecStart=/sbin/ip route add 100.64.0.0/10 dev tailscale0
# If you have a subnet router (see Subnet Routers):
# ExecStart=/sbin/ip route add <router-cidr> dev tailscale0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Then enable the service:
systemctl daemon-reload
systemctl enable tailscale-mullvad.service
With Dinit 👑
With your text editor, open:
/etc/dinit.d/tailscale-mullvad
place the following config inside the file, save it, making any changes as necessary.
type = scripted
command = /sbin/ip route add 100.64.0.0/10 dev tailscale0
# Subnets: command = /sbin/ip route add <router-cidr> dev tailscale0
after = login.target
Then enable the service:
dinitctl enable tailscale-mullvad
Subnet Routers
If you've configured subnets in Tailscale that you need to access, run the command:
ip route add <router-cidr> dev tailscale0
replacing <router-cidr> with the range you've setup within Tailscale.
For example: ip route add 192.168.0.0/24 dev tailscale0
NOTE: If you've opted to set up these routes permanantly, make sure to make any edits necessary in the system service files.
Mullvad DNS Routing
Since Mullvad uses the 100.64.0.0/24 CIDR for its DNS, we'll have to route these IPs to the wg0-mullvad interface.
The simplest way to to this is:
ip route add 100.64.0.0/24 dev wg0-mullvad
but may conflict with some of your Tailscale devices within this range.
To counter this, you can either (i) change the IPs of your devices in Tailscale to IPs outside of this range, or (ii) route just the IP used by Mullvad for its DNS services. If you chose the ladder, setup is as follows:
cat /etc/resolv.conf
# With the IP listed after nameserver, add it to the <dns-ip> section of the command below
# Example: ip route add 100.64.0.7 dev wg0-mullvad
ip route add <dns-ip> dev wg0-mullvad
NOTE: If you change any of the toggles in Mullvad's DNS menu, the IP listed in this file willl change and you'll have to configure it again.