Comment by Arcuru

Excellent, I'm finally able to retire the NixOS module I wrote to replace Tailscale to fix this exact problem [1]. It was certainly imperfect and overengineered, but it has worked for my use cases pretty well.

I'm still not sure if I like the login situation for Tailscale (allowing only 3rd party auth) but I understand why they do it.

EDIT: Turns out I can't use it yet since you have to buy Mullvad through Tailscale. I bought a year of Mullvad in May (they can't save payment info for port forwarding) and in the 4 months since they've removed port forwarding[2] and won't let me use my remaining credit for this integration.

[1] https://news.ycombinator.com/item?id=36113215