felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(vpn): exclude tailscale from Mullvad VPN routing

Browse source
This commit is contained in:
Felix Schröter 2023-12-27 15:50:17 +01:00
parent 8431125cdf
commit 8679912bfb
Signed by: felschr
GPG key ID: 671E39E6744C807D
1 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
system/vpn.nix
View file

@ -34,4 +34,28 @@
fi
'';
};
# Exclude Tailscale from Mullvad VPN
networking.firewall.extraCommands = ''
${pkgs.nftables}/bin/nft -f ${
pkgs.writeText "mullvad-incoming" ''
table inet allow-tailscale {
chain exclude-dns {
type filter hook output priority -10; policy accept;
ip daddr 100.00.100.100 udp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
ip daddr 100.00.100.100 tcp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
chain exclude-outgoing {
type route hook output priority 0; policy accept;
ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
ip6 daddr fd7a:115c:a1e0::/48 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
chain allow-incoming {
type filter hook input priority -100; policy accept;
iifname "tailscale0" ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
}
''
}
'';
}