On NixOS when ever I enabled mullvad as exit nodes via tailscale (the trayscale app). My internet would stop working, which was weird as this worked fine on my other devices i.e. Ubuntu or my phone.
Well turns out it seems to be the way NixOS works with the firewall, you can read all the details here 1. Where the poster explains it really well.
My understanding is the following:
This changes RPF (reverse path filtering) from “strict” to “loose” mode:
- Strict: Reply must go back out the exact same interface it came in on
- Loose: Reply can go out any interface, as long as there’s a valid route back to the source
Solution
But the fix is enabling this option: networking.firewall.checkReversePath = "loose";. Please make sure you understand
exactly what you are doing when enabling this.