I’m new to Wireguard and am trying to run two wireguard services, Mullvad and Tailscale. I want Mullvad to handle all my outgoing web browsing, and Tailscale to handle all my personal device-to-device connections.
However they’re interfering with each other in a way don’t understand. Does anyone have a config for this I could take a look at?
Hi, I just got this working.
❯ mullvad version
Current version: 2022.1
Is supported: true
Suggested update: 2022.4
Latest stable version: 2022.4
❯ tailscale version
1.30.1
go version: go1.19.1
allow the tailscale daemon to bypass the VPN
mullvad split-tunnel pid add (pgrep tailscaled)
SSH through tailscale
sudo mullvad-exclude ssh remoteuser@remotetailscaleip
without sudo I get a couple errors
Cannot set the cgroup
Caused by: Permission denied (os error 13)
I actually did this a different way. I set up a docker container using gluetun connecting to Mullvad and had it share the network stack with a tailscale container. Then I set that as an exit node. I now have all my internet traffic over Mullvad and access to all my own things via tailscale.
This also has the advantage of only using 1 Mullvad device for anything that uses that exit node.
Do you think you could provide your docker-compose.yaml for reference? I can’t manage to get it working on my side, running into:
#### Unable to relay traffic
This machine has IP forwarding disabled and cannot relay traffic. Please [enable IP forwarding on this machine](https://tailscale.com/kb/1104/enable-ip-forwarding) to use relay features like subnets or exit nodes.
In “edit route settings” of the exit node in the tailscale machines dashboard.
You need to enable IP forwarding. It’s pretty easy but I don’t have the details to hand. Use sysctl as a keyword in your search