A quick note on the mullvad exit node integration feature offered by tailscale.

Tailscale doesn’t allow you to select a different UDP port for the connection to the mullvad node! It’s hardcoded to port 51820.

This is in contrast to the official mullvad client, which lets you use port 53 or a custom port of your choice.

If you’re using this feature in the mullvad client to tunnel out of a network which blocks common VPN ports like 51820, the tailscale integration won’t work! And there will be nothing you can do about it. Tailscale’s relay network doesn’t come into play here, the client just seems content to leave your machine unable to route any packets at all. Presumably there is debug logging to be found somewhere.

There’s an issue open on the tailscale client github repo - go and vote for it so I can tunnel out via mullvad’s servers when I’m in the library rather than a spare VPS.