Back to Guides

Mullvad client - Advanced options

In advanced settings in the Mullvad client, you can set the values for options manually in order to control how Mullvad clients operates. This is for advanced users and conflicting settings can block the client from functioning at all. Save a copy of the original settings before you start to change the advanced settings. Also write down your account number in a safe place. Read the bottom of the page to find out how to reset to the default values.



This blocks all IPv4 and IPv6 DNS queries from port 53 except on OpenVPN TAP interface. it uses WFP on Windows.
Accepted values: True, False
Default: True
Comment: Invokes the Windows Filtering Platform to block all DNS traffic on interfaces other than the tunnel interface. In practice, this means that DNS Leaks, both the original problem and the one introduced in Windows 8 and 10, is prevented by OpenVPN itself. This option will be enabled by default in version 57 but can be disabled in the advanced settings. The original 'Stop DNS Leaks' setting will remain for the time being and will work just as before. Note that this new feature is only available for Windows. The advanced setting for toggling this feature is present in all versions but has no effect on other platforms.



This determines the protocol you will use when connecting, UDP or TCP.
Accepted values: any, udp, tcp
Default: any



Blocks all local networks, i.e. all traffic goes via Mullvad VPN
Accepted values: True, False
Default: False
Comment: This parameter was introduced in order to prevent DNS hijacking. Having it set to True is the most secure option, but remember that no local resources (like your WiFi connected printer) will work.



Automatically connects to a VPN server when you start the mullvad client.
Accepted values: True, False
Default: True



This determines cipher used  - currently only AES256 is supported.
(It will default to AES-256-GCM on any port if using Mullvad client version 62 or later)
Accepted values: any, aes256
Default: any



This blocks incoming UDP packets received on other interfaces to go out via TAP adapter, it uses WFP on windows.
You might need to set block_incoming_udp to False if you wish to access local printers / fileshares.
Accepted values: True, False
Default: True



This is where you can set to connect to a specific server if you want, like (replace * with the server you wish to use)
Accepted values: any, * , IP address to a server
Default: any



This determines the port you will connect to us. (port 443 and port 80 uses TCP only, all others UDP)
Accept values: any,  1300,1301,1302,1194,1195,1196,1197,443,53,80
Default: any



This sets the TCP/UDP socket send buffer size
Accepted values: 8192 - 999999
Default: auto
Comment: auto = 131072. Larger buffers may improve speeds when connected to a server far away or when having a very fast connection.


stop_dns_leaks  (previously hard_dns)

This corresponds to "Stop DNS Leaks" in the GUI
Accepted values: True, False
Default: True
Comment: All DNS traffic is routed via Mullvad public DNS server, this in order to not leek information to a public DNS server about what sites you are visiting. This works in two different ways: 1. Sets your DNS pointer to our DNS server, so if your traffic for some reason ends up on the public internet it goes to our server. 2. All our VPN servers hijack calls to our public DNS server and the DNS request is process on a local DNS server installed on that VPN server (leaks less information and process requests significantly faster).



This corresponds to "Country" in the GUI, lets you select which exit country you wish to use (xx is any)
Accepted values: xx, de, nl, se, ca, us, sg, dk, no, gb, fi, at, au, bg, cz, fr, hk, hu, it, pl, ro, es, ch, jp, be
Default: se
Comment: xx = any country



The time the client waits for a successful OpenVPN connection before trying to connect to another server in seconds.
Accepted values: any number
Default: 35



Is set to True when "Tunnel IPv6" is checked in the GUI, if set to false IPv6 will be blocked.
Accepted values: True, False
Default: True


kill_switch (previously called delete_default_route)

This corresponds to "Block internet on connection failure" in the GUI, this is the kill switch.
Accepted values: True, False
Default: False
Comment: With this set to True, if the Mullvad Client fails to connect for any reason - your internet connection will be blocked - Even the Mullvad home page to manage an expired account! If you close the Mullvad client or click on disconnect the routes will be restored and internet will not be blocked any more.



This is your account number.
Accepted values: "youraccountnumber" (just numbers)
Default: your account number



This is an option that is used if you want to pass extra options to the OpenVPN process, can be used for instance for split tunneling, or Multihop, and to correct MTU issues. For instance if you want to set mssfix to 1300 you would then set custom_ovpn_args = --mssfix 1300

Accepted values: (please visit the OpenVPN manual for all options)
This will break in many cases if OpenVPN does not handle the argument.
(not set)


Recover default settings

  1. Write down your account number, it will be lost in the process
  2. Close the Mullvad Client
  3. Delete the Mullvad settings file (replace USERNAME with your name
    Windows - C:\Users\USERNAME\AppData\Local\mullvad\mullvad\settings.ini
    Linux - ~/.config/mullvad/settings.ini
    OSX - ~/Library/Application Support/mullvad/settings.ini
  4. Start the Mullvad Client.
  5. Select existing account, and enter your account number