diff --git a/roles/tailscale.nix b/roles/tailscale.nix
index f41449e..9300026 100644
--- a/roles/tailscale.nix
+++ b/roles/tailscale.nix
@@ -6,7 +6,14 @@
 }:
 
 {
-  services.tailscale.enable = true;
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "both";
+  };
   # See https://github.com/NixOS/nixpkgs/issues/180175#issuecomment-2541381489
-  systemd.services.tailscaled.after = [ "systemd-networkd-wait-online.service" ];
+  systemd.services.tailscaled.after = [
+    "systemd-networkd-wait-online.service"
+  ];
+  # See https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
+  networking.firewall.checkReversePath = "loose";
 }