diff --git a/hosts/common/networking.nix b/hosts/common/networking.nix
index 3ddfb6b..4370f9c 100644
--- a/hosts/common/networking.nix
+++ b/hosts/common/networking.nix
@@ -9,9 +9,6 @@
 {
   networking = {
     networkmanager.enable = true;
-    firewall = {
-      enable = true;
-      checkReversePath = "loose"; # Tailscale may fail without this
-    };
+    firewall.enable = true;
   };
 }
diff --git a/hosts/desktops/common/services.nix b/hosts/desktops/common/services.nix
index ff55a7e..be85aa6 100644
--- a/hosts/desktops/common/services.nix
+++ b/hosts/desktops/common/services.nix
@@ -11,6 +11,7 @@
     printing.enable = true;
     udev.packages = with pkgs; [ yubikey-personalization ];
     desktopManager.plasma6.enable = true;
+    tailscale.useRoutingFeatures = "client";
     nginx = {
       enable = true;
       virtualHosts."localhost".root = inputs.homepage;
diff --git a/hosts/servers/common/services.nix b/hosts/servers/common/services.nix
index a1dee89..035de35 100644
--- a/hosts/servers/common/services.nix
+++ b/hosts/servers/common/services.nix
@@ -1,5 +1,8 @@
 { ... }:
 
 {
-  services.tailscale.extraSetFlags = [ "--advertise-exit-node" ];
+  services.tailscale = {
+    extraSetFlags = [ "--advertise-exit-node" ];
+    useRoutingFeatures = "server";
+  };
 }