Back to Guides

SSH and Mullvad VPN

SSH tunneling is one method of using bridges to get around a restrictive firewall.

SSH tunneling is available for Windows, Linux, and OS X. It exists on port 22.

In this guide, we take you through the steps to use SSH tunneling to connect to Mullvad's VPN servers. This involves logging in to our bridge servers and then running a local SOCKS proxy that you can connect OpenVPN to, we will connect to the bridge server 193.138.219.43 in our examples, you can change this to one of our other bridges.
 

Configure SSH SOCKS5

Linux and macOS

In a terminal, issue ssh -f -N -D 1234 mullvad@193.138.218.71

When you connect for the first time to each bridge, you will be asked to accept the fingerprint for each server, keep in mind that each server has it's unique fingerprint, and they are shown in our list of bridges

The authenticity of host 'se-mma-br-001.mullvad.net (193.138.218.71)' can't be established.
ED25519 key fingerprint is SHA256:LuBJ1HTfEWNQsvDc5tZrwoG+CokMypcflLMObEnCeMg.
Are you sure you want to continue connecting (yes/no)?

Type 'yes' to save the fingerprint.

You will then be prompted to enter a password. Type in 'mullvad'.

After entering the password you will be returned to the prompt and the process will run in the background.
 

Windows

Follow the instructions below using the PuTTY client. (Note: Mullvad has not performed an audit of PuTTY. Downloading software via an untrusted third party could potentially mean acquiring unwanted malware, adware, and/or backdoors.)

  1. Click on Session. In the Host Name (or IP Address) field, enter 193.138.218.71 In the Port field, enter 22.
  2. Click on Connection SSH Tunnels. Enter 1234 as source port. Select "Dynamic" and then click "Add".
  3. Click on Connection SSH. Enable "Don't start a shell or command at all".
  4. Click on Connection Data. In the Auto-login username field, enter mullvad.
  5. Click on Session and then enter a name under Saved sessions and click on Save. Double-click on the saved session.
     

For OpenVPN users

If you are using OpenVPN instead of the Mullvad client, the following instructions help you to configure OpenVPN to use the SSH proxy.

Don't have OpenVPN installed?
Follow our guides on how to install OpenVPN for your Operating system:

Be sure to download the configuration for port 443.

Open your OpenVPN configuration file
After you have installed OpenVPN, open the OpenVPN configuration file for your operating system:

  • Windows: mullvad_windows.conf.ovpn
  • Linux: mullvad_linux.conf
  • OSX: mullvad_osx.conf  (found inside the OSX subdirectory and then Mullvad.tblk/).

Edit the OpenVPN configuration file
Add the following to the file:

socks-proxy 127.0.0.1 1234
route 193.138.218.71 255.255.255.255 net_gateway
route 209.58.185.59 255.255.255.255 net_gateway
route 185.213.152.66 255.255.255.255 net_gateway
route 185.65.134.119 255.255.255.255 net_gateway
route 91.90.44.10 255.255.255.255 net_gateway
route 185.236.200.82 255.255.255.255 net_gateway

Now you're all set!