SSH and Mullvad VPN
SSH tunneling is one method of using bridges to get around a restrictive firewall.
SSH tunneling is available for Windows, Linux, and OS X. It exists on port 22.
In this guide, we take you through the steps to use SSH tunneling to connect to Mullvad's VPN servers. This involves logging in to our bridge servers and then running a local SOCKS proxy that you can connect OpenVPN to, we will connect to the bridge server 18.104.22.168 in our examples, you can change this to one of our other bridges.
Configure SSH SOCKS5
Linux and macOS
In a terminal, issue
ssh -f -N -D 1234 firstname.lastname@example.org
When you connect for the first time to each bridge, you will be asked to accept the fingerprint for each server, keep in mind that each server has it's unique fingerprint, and they are shown in our list of bridges
The authenticity of host 'se-mma-br-001.mullvad.net (22.214.171.124)' can't be established.
ED25519 key fingerprint is SHA256:LuBJ1HTfEWNQsvDc5tZrwoG+CokMypcflLMObEnCeMg.
Are you sure you want to continue connecting (yes/no)?
Type 'yes' to save the fingerprint.
You will then be prompted to enter a password. Type in 'mullvad'.
After entering the password you will be returned to the prompt and the process will run in the background.
Follow the instructions below using the PuTTY client. (Note: Mullvad has not performed an audit of PuTTY. Downloading software via an untrusted third party could potentially mean acquiring unwanted malware, adware, and/or backdoors.)
- Click on Session. In the Host Name (or IP Address) field, enter 126.96.36.199 In the Port field, enter 22.
- Click on Connection → SSH → Tunnels. Enter 1234 as source port. Select "Dynamic" and then click "Add".
- Click on Connection → SSH. Enable "Don't start a shell or command at all".
- Click on Connection → Data. In the Auto-login username field, enter mullvad.
- Click on Session and then enter a name under Saved sessions and click on Save. Double-click on the saved session.
For OpenVPN users
If you are using OpenVPN instead of the Mullvad client, the following instructions help you to configure OpenVPN to use the SSH proxy.
Don't have OpenVPN installed?
Follow our guides on how to install OpenVPN for your Operating system:
- Install OpenVPN on Windows
- Install OpenVPN on Linux
- Use OpenVPN on OSX (with Tunnelblick or Viscosity).
Be sure to download the configuration for port 443.
Open your OpenVPN configuration file
After you have installed OpenVPN, open the OpenVPN configuration file for your operating system:
- Windows: mullvad_windows.conf.ovpn
- Linux: mullvad_linux.conf
- OSX: mullvad_osx.conf (found inside the OSX subdirectory and then Mullvad.tblk/).
Edit the OpenVPN configuration file
Add the following to the file:
socks-proxy 127.0.0.1 1234
route 188.8.131.52 255.255.255.255 net_gateway
route 184.108.40.206 255.255.255.255 net_gateway
route 220.127.116.11 255.255.255.255 net_gateway
route 18.104.22.168 255.255.255.255 net_gateway
route 22.214.171.124 255.255.255.255 net_gateway
route 126.96.36.199 255.255.255.255 net_gateway
route 188.8.131.52 255.255.255.255 net_gateway
Now you're all set!