The wireguard client to Mullvad must not install the default route, but allowed IPs should be the whole internet (0.0.0.0/0)
Then with policy routing (either pbr or rules/routes) you will select which devices will go via Mullvad towards the internet.
1 Like