So if you are using NordVPN with firewall and killswitch enabled you could be having issues to use tailscale as it would block connections, and would need us to create the necessary whitelist rules in order to make tailscale connect directly to its servers without going through NordVPN’s ones. How would we do it? So according to this TS KB (https://tailscale.com/kb/1082/firewall-ports/) there is a specific list of domains we need to whitelist, with the warning that the IPs for each domains could be changed more or less often.

So here’s a script written with bash that dynamically query the DNS for each domain, and for each IP adds it to NordVPN whitelist:

#!/bin/bash

DOMAINS=(login controlplane log derp1-all derp2-all derp3-all derp4-all derp5-all derp6-all derp7-all derp8-all derp9-all derp10-all derp11-all derp12-all derp13-all derp14-all derp15-all derp16-all derp17-all derp18-all derp19-all derp20-all derp21-all derp22-all derp23-all derp24-all)

for d in ${DOMAINS[@]}; do
dig +answer -4 $d.tailscale.com +short | \
awk '{print $1"/32"}' | \
xargs -L 1 nordvpn whitelist add subnet
done;

nordvpn whitelist add port 41641

Hope saved you some time