Mullvad Tunnel Up but unable to put traffic on it

I have setup a wireguard tunnel with Mullvad which is up and I am able to ping to the internet through that tunnel from firewall, however none of the clients behind the firewall is able to use the tunnel. I have setup source nat rules as well as route policy to redirect traffic on to the wireguard tunnel
I am using 1.4-RC1
The relevant config is as below-- Please suggest what changes I need to do get this working.

vyos@vyos-pghome:~$ show interfaces wireguard wg100
wg100: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.69.11.77/32 scope global wg100
       valid_lft forever preferred_lft forever
    inet6 fe80::f06e:1bff:fee2:2ad9/64 scope link
       valid_lft forever preferred_lft forever
    Description: MullVad

    RX:  bytes  packets  errors  dropped  overrun       mcast
          4436       43       0        0        0           0
    TX:  bytes  packets  errors  dropped  carrier  collisions
         14380      230       0        0        0           0
vyos@vyos-pghome:~$
vyos@vyos-pghome# show protocols static table 100
 description "Mullvad Default Route"
 route 0.0.0.0/0 {
     interface wg100 {
     }
 }
[edit]
vyos@vyos-pghome#
vyos@vyos-pghome:~$ ping 8.8.4.4 interface wg100 count 5
PING 8.8.4.4 (8.8.4.4) from 10.69.11.77 wg100: 56(84) bytes of data.
64 bytes from 8.8.4.4: icmp_seq=1 ttl=119 time=198 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=119 time=198 ms
64 bytes from 8.8.4.4: icmp_seq=3 ttl=119 time=198 ms
64 bytes from 8.8.4.4: icmp_seq=4 ttl=119 time=198 ms
64 bytes from 8.8.4.4: icmp_seq=5 ttl=119 time=198 ms

--- 8.8.4.4 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 197.802/197.992/198.290/0.195 ms
vyos@vyos-pghome:~$
vyos@vyos-pghome# show interfaces wireguard wg100
 address 10.69.11.77/32
 description "MullVad"
 peer mullvad {
     address xxx.xxx.153.66
     allowed-ips 0.0.0.0/0
     persistent-keepalive 15
     port 51816
     public-key xxxxxxxxx
 }
 private-key xxxxxxx
[edit]
vyos@vyos-pghome#

vyos@vyos-pghome# show nat
 source {
     rule 5005 {
         outbound-interface {
             name wg100
         }
         source {
             group {
                 address-group mullvad-al
             }
         }
         translation {
             address masquerade
         }
     }
     rule 5010 {
         outbound-interface {
             name pppoe0
         }
         source {
             address 192.168.50.128/25
         }
         translation {
             address masquerade
         }
     }
     rule 5020 {
         outbound-interface {
             name eth1
         }
         source {
             address 192.168.50.128/25
         }
         translation {
             address masquerade
         }
     }
 }

vyos@vyos-pghome# show policy
 route mullvad {
     interface eth0
     rule 10 {
         description "Local Destination"
         destination {
             group {
                 network-group RFC1918
             }
         }
         set {
             table main
         }
         source {
             group {
                 address-group mullvad-al
             }
         }
     }
     rule 100 {
         description "Mullvad"
         set {
             table 100
         }
         source {
             group {
                 address-group mullvad-al
             }
         }
     }
 }
[edit]
vyos@vyos-pghome#
vyos@vyos-pghome# show firewall group address-group mullvad-al
 address 192.168.50.149
 address 192.168.50.235
[edit]
vyos@vyos-pghome#

I’d suggest simplifying your NAT source rules by dropping the source requirement unless they’re specifically required for functionality, just for brevity alone. Regarding routing, since you’re specifying a different routing table than main your direct connected routes don’t carry over to it if I’m remembering correctly. You would need to add a route for the subnet of the hosts as well, I presume it’s direct connected in main table so: set protocols static table 100 route 192.168.50.128/25 interface eth0 or using next-hop address if you prefer that over interface.

Set nat and route policy will let it works.
PS : Also need to set the right mtu and mss for that.
Could you please run the command to got details about our configuration?

show configuration commands | strip-private

Tried this but it is not helping. The traffic is not hitting the nat rule 5005 because all the devices are able to browse internet via regular Wan interface

Here is the full config. I have disabled IPv6 as of now.

vyos@vyos-pghome:~$ show configuration commands | strip-private | no-more
set container name node-exporter allow-host-networks
set container name node-exporter description 'Prometheus Node Exporter'
set container name node-exporter image 'docker.io/prom/node-exporter:latest'
set container name node-exporter memory '1024'
set container name node-exporter port node-exporter destination '9100'
set container name node-exporter port node-exporter protocol 'tcp'
set container name node-exporter port node-exporter source '9100'
set container name node-exporter volume hostroot destination '/host'
set container name node-exporter volume hostroot source '/'
set container registry docker.io
set firewall global-options all-ping 'enable'
set firewall global-options broadcast-ping 'disable'
set firewall global-options ip-src-route 'disable'
set firewall global-options send-redirects 'enable'
set firewall global-options syn-cookies 'enable'
set firewall global-options twa-hazards-protection 'disable'
set firewall group address-group PIA_MANCHESTER address 'xxx.xxx.50.230'
set firewall group address-group blocked-internet address 'xxx.xxx.50.203'
set firewall group address-group google_dns address 'xxx.xxx.8.8'
set firewall group address-group google_dns address 'xxx.xxx.4.4'
set firewall group address-group google_dns address 'xxx.xxx.114.114'
set firewall group address-group mullvad-al address 'xxx.xxx.50.149'
set firewall group address-group mullvad-al address 'xxx.xxx.50.235'
set firewall group ipv6-address-group google-ipv6-dns address 'xxxx:xxxx:4860::8888'
set firewall group ipv6-address-group google-ipv6-dns address 'xxxx:xxxx:4860::8844'
set firewall group network-group RFC1918 description 'RFC1918 Address'
set firewall group network-group RFC1918 network 'xxx.xxx.0.0/12'
set firewall group network-group RFC1918 network 'xxx.xxx.0.0/16'
set firewall group network-group RFC1918 network 'xxx.xxx.0.0/8'
set firewall group network-group jnpr-apac network 'xxx.xxx.182.0/24'
set firewall group network-group jnpr-apac network 'xxx.xxx.184.0/21'
set firewall group network-group ocidns network 'xxx.xxx.4.38/32'
set firewall group network-group ocidns network 'xxx.xxx.44.0/24'
set firewall group network-group ocidns network 'xxx.xxx.44.0/30'
set firewall group network-group ocidns network 'xxx.xxx.250.21/32'
set firewall group port-group dnsports port '53'
set firewall group port-group dnsports port '443'
set firewall group port-group dnsports port '853'
set firewall ipv4 name local-north default-action 'drop'
set firewall ipv4 name local-north enable-default-log
set firewall ipv4 name local-north rule 100 action 'accept'
set firewall ipv4 name local-south default-action 'drop'
set firewall ipv4 name local-south enable-default-log
set firewall ipv4 name local-south rule 100 action 'accept'
set firewall ipv4 name north-local default-action 'drop'
set firewall ipv4 name north-local enable-default-log
set firewall ipv4 name north-local rule 100 action 'accept'
set firewall ipv4 name north-local rule 100 state 'established'
set firewall ipv4 name north-local rule 100 state 'related'
set firewall ipv4 name north-local rule 150 action 'accept'
set firewall ipv4 name north-local rule 150 description 'Accept WG from OCIDNS'
set firewall ipv4 name north-local rule 150 destination address 'xxx.xxx.42.189'
set firewall ipv4 name north-local rule 150 destination port '40195'
set firewall ipv4 name north-local rule 150 protocol 'udp'
set firewall ipv4 name north-local rule 150 source address 'xxx.xxx.250.21'
set firewall ipv4 name north-local rule 200 action 'drop'
set firewall ipv4 name north-local rule 200 state 'invalid'
set firewall ipv4 name north-south default-action 'drop'
set firewall ipv4 name north-south enable-default-log
set firewall ipv4 name north-south rule 100 action 'accept'
set firewall ipv4 name north-south rule 100 state 'related'
set firewall ipv4 name north-south rule 100 state 'established'
set firewall ipv4 name north-south rule 200 action 'drop'
set firewall ipv4 name north-south rule 200 state 'invalid'
set firewall ipv4 name south-local enable-default-log
set firewall ipv4 name south-local rule 100 action 'accept'
set firewall ipv4 name south-north default-action 'drop'
set firewall ipv4 name south-north description 'LAN to WAN IPv4'
set firewall ipv4 name south-north enable-default-log
set firewall ipv4 name south-north rule 100 action 'drop'
set firewall ipv4 name south-north rule 100 description 'No Access to Google DNS'
set firewall ipv4 name south-north rule 100 destination group address-group 'google_dns'
set firewall ipv4 name south-north rule 100 destination group port-group 'dnsports'
set firewall ipv4 name south-north rule 100 protocol 'tcp'
set firewall ipv4 name south-north rule 200 action 'drop'
set firewall ipv4 name south-north rule 200 description 'No Access to Google DNS'
set firewall ipv4 name south-north rule 200 destination group address-group 'google_dns'
set firewall ipv4 name south-north rule 200 destination group port-group 'dnsports'
set firewall ipv4 name south-north rule 200 protocol 'udp'
set firewall ipv4 name south-north rule 201 action 'drop'
set firewall ipv4 name south-north rule 201 description 'No Internet Access'
set firewall ipv4 name south-north rule 201 source group address-group 'blocked-internet'
set firewall ipv4 name south-north rule 300 action 'accept'
set firewall ipv4 name south-north rule 300 description 'Allow Everything Else!'
set firewall ipv6 name v6-local-north default-action 'drop'
set firewall ipv6 name v6-local-north enable-default-log
set firewall ipv6 name v6-local-north rule 100 action 'accept'
set firewall ipv6 name v6-local-south default-action 'drop'
set firewall ipv6 name v6-local-south enable-default-log
set firewall ipv6 name v6-local-south rule 100 action 'accept'
set firewall ipv6 name v6-north-local default-action 'drop'
set firewall ipv6 name v6-north-local enable-default-log
set firewall ipv6 name v6-north-local rule 100 action 'accept'
set firewall ipv6 name v6-north-local rule 100 description 'Accept Established/Related'
set firewall ipv6 name v6-north-local rule 100 protocol 'all'
set firewall ipv6 name v6-north-local rule 100 state 'established'
set firewall ipv6 name v6-north-local rule 100 state 'related'
set firewall ipv6 name v6-north-local rule 200 action 'accept'
set firewall ipv6 name v6-north-local rule 200 description 'Accept ICMPv6'
set firewall ipv6 name v6-north-local rule 200 protocol 'icmpv6'
set firewall ipv6 name v6-north-local rule 300 action 'accept'
set firewall ipv6 name v6-north-local rule 300 description 'Accept DHCPv6'
set firewall ipv6 name v6-north-local rule 300 destination port '546'
set firewall ipv6 name v6-north-local rule 300 protocol 'udp'
set firewall ipv6 name v6-north-local rule 300 source port '547'
set firewall ipv6 name v6-north-local rule 400 action 'drop'
set firewall ipv6 name v6-north-local rule 400 description 'Drop Invalid state'
set firewall ipv6 name v6-north-local rule 400 protocol 'all'
set firewall ipv6 name v6-north-local rule 400 state 'invalid'
set firewall ipv6 name v6-north-south default-action 'drop'
set firewall ipv6 name v6-north-south enable-default-log
set firewall ipv6 name v6-north-south rule 100 action 'accept'
set firewall ipv6 name v6-north-south rule 100 description 'Accept Established/Related'
set firewall ipv6 name v6-north-south rule 100 protocol 'all'
set firewall ipv6 name v6-north-south rule 100 state 'established'
set firewall ipv6 name v6-north-south rule 100 state 'related'
set firewall ipv6 name v6-north-south rule 200 action 'accept'
set firewall ipv6 name v6-north-south rule 200 description 'Accept ICMP'
set firewall ipv6 name v6-north-south rule 200 protocol 'icmpv6'
set firewall ipv6 name v6-north-south rule 300 action 'drop'
set firewall ipv6 name v6-north-south rule 300 description 'Drop Invalid state'
set firewall ipv6 name v6-north-south rule 300 protocol 'all'
set firewall ipv6 name v6-north-south rule 300 state 'invalid'
set firewall ipv6 name v6-south-local default-action 'drop'
set firewall ipv6 name v6-south-local enable-default-log
set firewall ipv6 name v6-south-local rule 100 action 'accept'
set firewall ipv6 name v6-south-north default-action 'drop'
set firewall ipv6 name v6-south-north enable-default-log
set firewall ipv6 name v6-south-north rule 100 action 'drop'
set firewall ipv6 name v6-south-north rule 100 destination group address-group 'google-ipv6-dns'
set firewall ipv6 name v6-south-north rule 100 destination group port-group 'dnsports'
set firewall ipv6 name v6-south-north rule 100 protocol 'tcp'
set firewall ipv6 name v6-south-north rule 200 action 'drop'
set firewall ipv6 name v6-south-north rule 200 destination group address-group 'google-ipv6-dns'
set firewall ipv6 name v6-south-north rule 200 destination group port-group 'dnsports'
set firewall ipv6 name v6-south-north rule 200 protocol 'udp'
set firewall ipv6 name v6-south-north rule 300 action 'accept'
set firewall zone local default-action 'drop'
set firewall zone local from north firewall ipv6-name 'v6-north-local'
set firewall zone local from north firewall name 'north-local'
set firewall zone local from south firewall ipv6-name 'v6-south-local'
set firewall zone local from south firewall name 'south-local'
set firewall zone local local-zone
set firewall zone north default-action 'drop'
set firewall zone north from local firewall ipv6-name 'v6-local-north'
set firewall zone north from local firewall name 'local-north'
set firewall zone north from south firewall ipv6-name 'v6-south-north'
set firewall zone north from south firewall name 'south-north'
set firewall zone north interface 'eth1'
set firewall zone north interface 'pppoe0'
set firewall zone north interface 'wg100'
set firewall zone south default-action 'drop'
set firewall zone south from local firewall ipv6-name 'v6-local-south'
set firewall zone south from local firewall name 'local-south'
set firewall zone south from north firewall ipv6-name 'v6-north-south'
set firewall zone south from north firewall name 'north-south'
set firewall zone south interface 'eth0'
set firewall zone south interface 'wg0'
set interfaces ethernet eth0 address 'xxx.xxx.50.129/25'
set interfaces ethernet eth0 description 'VLAN314'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:5e'
set interfaces ethernet eth1 address 'xxx.xxx.42.189/24'
set interfaces ethernet eth1 description 'Static Interface'
set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:a8'
set interfaces ethernet eth2 description 'PPPoE Interface'
set interfaces ethernet eth2 hw-id 'xx:xx:xx:xx:xx:9d'
set interfaces loopback lo
set interfaces pppoe pppoe0 authentication password xxxxxx
set interfaces pppoe pppoe0 authentication username xxxxxx
set interfaces pppoe pppoe0 default-route-distance '1'
set interfaces pppoe pppoe0 description 'PPPoE Connection'
set interfaces pppoe pppoe0 ip adjust-mss 'clamp-mss-to-pmtu'
set interfaces pppoe pppoe0 source-interface 'eth2'
set interfaces wireguard wg0 address 'xxx.xxx.44.1/30'
set interfaces wireguard wg0 description 'VPN to OCIDNS'
set interfaces wireguard wg0 mtu '1420'
set interfaces wireguard wg0 peer ocidns address 'xxx.xxx.250.21'
set interfaces wireguard wg0 peer ocidns allowed-ips 'xxx.xxx.44.2/32'
set interfaces wireguard wg0 peer ocidns allowed-ips 'xxx.xxx.44.0/24'
set interfaces wireguard wg0 peer ocidns persistent-keepalive '15'
set interfaces wireguard wg0 peer ocidns port '40195'
set interfaces wireguard wg0 peer ocidns public-key 'xxxxxxxx'
set interfaces wireguard wg0 port '40195'
set interfaces wireguard wg0 private-key xxxxxx
set interfaces wireguard wg100 address 'xxx.xxx.11.77/32'
set interfaces wireguard wg100 description 'MullVad'
set interfaces wireguard wg100 peer mullvad address 'xxx.xxx.153.66'
set interfaces wireguard wg100 peer mullvad allowed-ips 'xxx.xxx.0.0/0'
set interfaces wireguard wg100 peer mullvad persistent-keepalive '15'
set interfaces wireguard wg100 peer mullvad port '51816'
set interfaces wireguard wg100 peer mullvad public-key 'xxxxxx'
set interfaces wireguard wg100 private-key xxxxxx
set load-balancing wan flush-connections
set load-balancing wan interface-health eth1 failure-count '2'
set load-balancing wan interface-health eth1 nexthop 'xxx.xxx.42.1'
set load-balancing wan interface-health eth1 success-count '2'
set load-balancing wan interface-health eth1 test 100 resp-time '5'
set load-balancing wan interface-health eth1 test 100 target 'xxx.xxx.144.100'
set load-balancing wan interface-health eth1 test 100 ttl-limit '10'
set load-balancing wan interface-health eth1 test 100 type 'ping'
set load-balancing wan interface-health pppoe0 failure-count '2'
set load-balancing wan interface-health pppoe0 nexthop 'dhcp'
set load-balancing wan interface-health pppoe0 success-count '2'
set load-balancing wan interface-health pppoe0 test 100 resp-time '5'
set load-balancing wan interface-health pppoe0 test 100 target 'xxx.xxx.4.4'
set load-balancing wan interface-health pppoe0 test 100 ttl-limit '10'
set load-balancing wan interface-health pppoe0 test 100 type 'ping'
set load-balancing wan rule 103 destination address 'xxx.xxx.44.0/30'
set load-balancing wan rule 103 exclude
set load-balancing wan rule 103 inbound-interface 'eth0'
set load-balancing wan rule 103 protocol 'all'
set load-balancing wan rule 103 source address 'xxx.xxx.50.128/25'
set load-balancing wan rule 104 destination address 'xxx.xxx.44.0/24'
set load-balancing wan rule 104 exclude
set load-balancing wan rule 104 inbound-interface 'eth0'
set load-balancing wan rule 104 protocol 'all'
set load-balancing wan rule 104 source address 'xxx.xxx.50.128/25'
set load-balancing wan rule 201 destination address 'xxx.xxx.153.66/32'
set load-balancing wan rule 201 failover
set load-balancing wan rule 201 inbound-interface 'eth0'
set load-balancing wan rule 201 interface eth1 weight '100'
set load-balancing wan rule 201 interface pppoe0 weight '10'
set load-balancing wan rule 201 protocol 'all'
set load-balancing wan rule 202 destination address 'xxx.xxx.250.21/32'
set load-balancing wan rule 202 failover
set load-balancing wan rule 202 inbound-interface 'eth0'
set load-balancing wan rule 202 interface eth1 weight '100'
set load-balancing wan rule 202 interface pppoe0 weight '10'
set load-balancing wan rule 202 protocol 'all'
set load-balancing wan rule 202 source address 'xxx.xxx.50.128/25'
set load-balancing wan rule 203 destination address 'xxx.xxx.144.0/24'
set load-balancing wan rule 203 failover
set load-balancing wan rule 203 inbound-interface 'eth0'
set load-balancing wan rule 203 interface eth1 weight '100'
set load-balancing wan rule 203 interface pppoe0 weight '10'
set load-balancing wan rule 203 protocol 'all'
set load-balancing wan rule 203 source address 'xxx.xxx.50.128/25'
set load-balancing wan rule 204 destination address 'xxx.xxx.28.0/24'
set load-balancing wan rule 204 failover
set load-balancing wan rule 204 inbound-interface 'eth0'
set load-balancing wan rule 204 interface eth1 weight '100'
set load-balancing wan rule 204 interface pppoe0 weight '10'
set load-balancing wan rule 204 protocol 'all'
set load-balancing wan rule 204 source address 'xxx.xxx.50.128/25'
set load-balancing wan rule 205 destination address 'xxx.xxx.30.0/24'
set load-balancing wan rule 205 failover
set load-balancing wan rule 205 inbound-interface 'eth0'
set load-balancing wan rule 205 interface eth1 weight '100'
set load-balancing wan rule 205 interface pppoe0 weight '10'
set load-balancing wan rule 205 protocol 'all'
set load-balancing wan rule 205 source address 'xxx.xxx.50.128/25'
set load-balancing wan rule 300 failover
set load-balancing wan rule 300 inbound-interface 'eth0'
set load-balancing wan rule 300 interface eth1 weight '100'
set load-balancing wan rule 300 interface pppoe0 weight '10'
set load-balancing wan rule 300 protocol 'all'
set load-balancing wan rule 300 source address 'xxx.xxx.50.128/25'
set nat source rule 5005 outbound-interface name 'wg100'
set nat source rule 5005 source group address-group 'mullvad-al'
set nat source rule 5005 translation address 'masquerade'
set nat source rule 5010 outbound-interface name 'pppoe0'
set nat source rule 5010 source address 'xxx.xxx.50.128/25'
set nat source rule 5010 translation address 'masquerade'
set nat source rule 5020 outbound-interface name 'eth1'
set nat source rule 5020 source address 'xxx.xxx.50.128/25'
set nat source rule 5020 translation address 'masquerade'
set policy route mullvad interface 'eth0'
set policy route mullvad rule 10 description 'Local Destination'
set policy route mullvad rule 10 destination group network-group 'RFC1918'
set policy route mullvad rule 10 set table 'main'
set policy route mullvad rule 10 source group address-group 'mullvad-al'
set policy route mullvad rule 100 description 'Mullvad'
set policy route mullvad rule 100 set table '100'
set policy route mullvad rule 100 source group address-group 'mullvad-al'
set protocols static route xxx.xxx.0.0/0 next-hop xxx.xxx.42.1 interface 'eth1'
set protocols static route xxx.xxx.44.0/24 interface wg0
set protocols static route xxx.xxx.153.66/32 interface pppoe0 distance '220'
set protocols static route xxx.xxx.153.66/32 next-hop xxx.xxx.42.1 distance '1'
set protocols static route xxx.xxx.153.66/32 next-hop xxx.xxx.42.1 interface 'eth1'
set protocols static route xxx.xxx.2.0/24 interface pppoe0 distance '1'
set protocols static route xxx.xxx.2.0/24 next-hop xxx.xxx.42.1 distance '220'
set protocols static route xxx.xxx.2.0/24 next-hop xxx.xxx.42.1 interface 'eth1'
set protocols static route xxx.xxx.10.0/24 interface pppoe0 distance '1'
set protocols static route xxx.xxx.10.0/24 next-hop xxx.xxx.42.1 distance '220'
set protocols static route xxx.xxx.10.0/24 next-hop xxx.xxx.42.1 interface 'eth1'
set protocols static route xxx.xxx.250.21/32 next-hop xxx.xxx.42.1 interface 'eth1'
set protocols static table 100 description 'Mullvad Default Route'
set protocols static table 100 route xxx.xxx.0.0/0 interface wg100
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/0'
set service ntp allow-client xxxxxx '::/0'
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service router-advert interface eth0 default-lifetime '1000'
set service router-advert interface eth0 default-preference 'medium'
set service router-advert interface eth0 hop-limit '64'
set service router-advert interface eth0 interval max '600'
set service router-advert interface eth0 interval min '200'
set service router-advert interface eth0 link-mtu '1492'
set service router-advert interface eth0 prefix ::/64 preferred-lifetime '300'
set service router-advert interface eth0 prefix ::/64 valid-lifetime '900'
set service router-advert interface eth0 reachable-time '900000'
set service router-advert interface eth0 retrans-timer '0'
set service router-advert interface eth0 route ::/0 route-preference 'medium'
set service ssh listen-address 'xxx.xxx.50.129'
set service ssh port '22'
set system config-management commit-revisions '50'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system name-server 'xxx.xxx.28.65'
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
set system time-zone 'Asia/Kolkata'
vyos@vyos-pghome:~$
vyos@vyos-pghome:~$
vyos@vyos-pghome:~$
vyos@vyos-pghome:~$

Are you sure that no need to set nat with mullvad ?

NAT with mullvad is already setup. Is following not correct way??
Rule 5005 is for Mullvad

vyos@vyos-pghome# show nat | strip-private
 source {
     rule 5005 {
         description "Mullvad NAT"
         outbound-interface {
             name wg100
         }
         source {
             group {
                 address-group mullvad-al
             }
         }
         translation {
             address masquerade
         }
     }
     rule 5010 {
         outbound-interface {
             name pppoe0
         }
         source {
             address xxx.xxx.50.128/25
         }
         translation {
             address masquerade
         }
     }
     rule 5020 {
         outbound-interface {
             name eth1
         }
         source {
             address xxx.xxx.50.128/25
         }
         translation {
             address masquerade
         }
     }
 }
[edit]
vyos@vyos-pghome#

No masquerade nat. set the specific gateway ip address please. If you set masquerade It can’t find the right gateway.