Bridges and proxies with Mullvad CLI (Mullvad app)
In this guide you will install a bridge client on your computer that connects to one of Mullvad's bridge servers using the SSH Protocol. Using this bridge, the Mullvad app can then access Mullvad's VPN servers that are for some reason blocked from being directly accessed.
The bridge client will run locally on your computer and Mullvad will access it via the local address 127.0.0.1 and a port, port 1234 in this case.
The Mullvad app will work with any SOCKS5 proxy.
You can even run your own remote server and client (locally) that uses a different set of protocols that might work better for you, and then use that to connect to our VPN servers.
We use SSH in this guide connecting to the bridge server se-mma-br-001.mullvad.net with IP: 220.127.116.11 using the Mullvad command line inteface (CLI). Please refer to our list of bridge servers and their locations in order to use another bridge.
Make sure you have downloaded and installed the latest app version (this only works with version 2018.5 or later).
Setting up SSH in Linux och macOS
In a terminal, issue
ssh -f -N -D 1234 email@example.com
Setting up SSH in Windows
Download KiTTY (a putty fork) from FossHub.
Run KiTTY and then configure it with the following settings:
- Click on Session. In the Host Name (or IP Address) field, enter "18.104.22.168". In the Port field, enter "22".
- Click on Connection → SSH → Tunnels. Enter "1234" as source port. Select Dynamic and then click Add.
- Click on Connection → SSH. Enable "Don't start a shell or command at all".
- Click on Connection → Data. In the Auto-login username field, enter "mullvad".
- In the Auto-login password field enter "mullvad".
- Click on Session and then enter a name under Saved sessions and click on Save. Double-click on the saved session.
First-time connection to a bridge
When you connect for the first time to each bridge, you will be asked to accept the fingerprint for that server (see our list of bridges)
This is what it looks like when connecting via Linux
The authenticity of host 'se-mma-br-001.mullvad.net (22.214.171.124)' can't be established.
ED25519 key fingerprint is SHA256:LuBJ1HTfEWNQsvDc5tZrwoG+CokMypcflLMObEnCeMg.
Are you sure you want to continue connecting (yes/no)?
Configuring Mullvad VPN app to use the proxy settings
Open a terminal (Linux / macOS or a command prompt (Windows)
- Windows, navigate to C:\Program Files\Mullvad VPN\resources
- Linux nagivate to /opt/Mullvad VPN/resources/ or simply type mullvad
- macOS navigate to /Applications/Mullvad VPN.app/Contents/Resources/
mullvad tunnel openvpn proxy set local 1234 126.96.36.199 22
Make the Mullvad VPN connect by either using the GUI or by running mullvad connect in the command prompt
Removing the proxy setting
Open a command prompt or terminal and then issue:
mullvad tunnel openvpn proxy unset
By connecting via one location using our bridges and exiting via another location, you will enable so-called multihopping.
Multihop connections offer higher levels of anonymity and privacy. This is because adversaries would need to launch sophisticated, timed attacks against the traffic in multiple locations and in different jurisdictions simultaeously. However, this additional security comes at the cost of slower performance due to the additional 'hop' that your traffic takes.
Other Bridge methods (protocols)
Shadowsocks is an open-source proxy project intended to circumvent internet censorship. It is high performing and has support for new ciphers.
- Available for: Windows, Linux, OS X
- Ports: 443, 1234, 1235, 1236
Follow our Shadowsocks guide for more information on how to install Shadowsocks instead of SSH. The Shadowsocks guide will use the bridge 188.8.131.52 (instead of 184.108.40.206) and the local port 1080 (instead of 1234)
mullvad tunnel openvpn proxy set local 1080 220.127.116.11 443