diff --git a/configuration.nix b/configuration.nix
index 915eff0..bb07005 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -180,6 +180,13 @@
     dns = [ "10.0.1.65" ];
     privateKeyFile = "/etc/wireguard/private.key";
 
+    postUp = ''
+      ${pkgs.iproute2}/bin/ip route add vpn.leeworks.dev via $(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $3}') dev $(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $5}')
+    '';
+    preDown = ''
+      ${pkgs.iproute2}/bin/ip route del vpn.leeworks.dev || true
+    '';
+
     peers = [{
       publicKey = "VEpzr/CeGdS6Wsy0NDDfmlB/bCYxS55A155HWGCIIzc=";
       endpoint = "vpn.leeworks.dev:51820";
@@ -196,7 +203,7 @@
   # Open firewall for Tailscale
   networking.firewall = {
     checkReversePath = "loose";
-    trustedInterfaces = [ "tailscale0" ];
+    trustedInterfaces = [ "tailscale0" "wg0" ];
     allowedUDPPorts = [ config.services.tailscale.port ];
   };