Back to Guides

Bridges and proxies with Mullvad CLI (Mullvad App)

In this guide you will install a bridge client on your computer that connects to one of Mullvads bridge servers using the SSH Protocol. Using this bridge the Mullvad app can then access Mullvads VPN servers that are for some reason blocked from being directly accessed. The bridge client will run locally on your computer and Mullvad will access it via the local address 127.0.0.1 and a port, in this case the port 1234.

The Mullvad App will work with any SOCKS5 proxy.

You can even run your own remote server and client (locally) that uses a different set of protocols that might work better for you, and then use that to connect to our VPN servers.

We use SSH in this guide connecting to the bridge server se-mma-br-001.mullvad.net with IP: 193.138.218.71 using the Mullvad command line inteface (CLI). Please refer to our list of bridge servers and their locations in order to use another bridge.

Make sure you have downloaded and installed the latest app version (this only works with version 2018.5 or later).

 

Setting up SSH in Linux och macOS

In a terminal, issue ssh -f -N -D 1234 mullvad@193.138.218.71

 

Setting up SSH in Windows

Download KiTTY (a putty fork) from FossHub.

Run KiTTY and then configure it with the following settings:

  1. Click on Session. In the Host Name (or IP Address) field, enter "193.138.218.71". In the Port field, enter "22".
  2. Click on Connection → SSH → Tunnels. Enter "1234" as source port. Select Dynamic and then click Add.
  3. Click on Connection → SSH. Enable "Don't start a shell or command at all".
  4. Click on Connection → Data. In the Auto-login username field, enter "mullvad".
  5. In the Auto-login password field enter "mullvad".
  6. Click on Session and then enter a name under Saved sessions and click on Save. Double-click on the saved session.
     

First-time connection to a bridge

When you connect for the first time to each bridge, you will be asked to accept the fingerprint for that server (see our list of bridges)
This is what it looks like when connecting via Linux

The authenticity of host 'se-mma-br-001.mullvad.net (193.138.218.71)' can't be established.
ED25519 key fingerprint is SHA256:LuBJ1HTfEWNQsvDc5tZrwoG+CokMypcflLMObEnCeMg.
Are you sure you want to continue connecting (yes/no)?

 

Configuring Mullvad VPN app to use the proxy settings

Open a terminal (Linux / macOS or a command prompt (Windows)

  • Windows, navigate to C:\Program Files\Mullvad VPN\resources
  • Linux nagivate to /opt/Mullvad VPN/resources/  or simply type mullvad
  • macOS navigate to /Applications/Mullvad VPN.app/Contents/Resources/

Issue:

mullvad tunnel openvpn proxy set local 1234 193.138.218.71 22

Make the Mullvad VPN connect by either using the GUI or by running mullvad connect in the command prompt
 

Removing the proxy setting

Open a command prompt or terminal and then issue:

mullvad tunnel openvpn proxy unset

 

Multihop connections

By connecting via one location using our bridges and exiting via another location, you will enable so-called multihopping.

Multihop connections offer higher levels of anonymity and privacy. This is because adversaries would need to launch sophisticated, timed attacks against the traffic in multiple locations and in different jurisdictions simultaeously. However, this additional security comes at the cost of slower performance due to the additional 'hop' that your traffic takes.

 

Other Bridge methods (protocols)

Shadowsocks
Shadowsocks is an open-source proxy project intended to circumvent internet censorship. It is high performing and has support for new ciphers.

  • Available for: Windows, Linux, OS X
  • Ports: 443, 1234, 1235, 1236

Follow our Shadowsocks guide for more information on how to install Shadowsocks instead of SSH. The Shadowsocks guide will use the bridge 185.65.134.66 (instead of 193.138.218.71) and the local port 1080 (instead of 1234)

For instance:
mullvad tunnel openvpn proxy set local 1080 185.65.134.66 443