Checking connection...

CLI commands for using WireGuard

WIREGUARD

Last updated: 3 December 2019


This command line interface (CLI) guide is for macOS and Linux users who want to connect our WireGuard® servers.

Support for Windows will be added as soon as it is ready.
 
If you’re using the Mullvad VPN app, you might want to read our app guide instead which has instructions for using WireGuard in the app.

Requirements

You need

  • macOS or Linux
  • version 2019.6 or newer of the Mullvad VPN app – download it here
  • to use the terminal.

1. Open the terminal

Open a terminal window.

2. Do you have a key pair?

Check if you already have a key pair.

mullvad tunnel wireguard key check

3. No key pair? Generate one.

This command will generate a new key pair but will not return any information.

mullvad tunnel wireguard key generate

4. New key pair? Wait.

If you generated a new key pair, you may need to wait up to two minutes before it starts working. If the Mullvad app fails to connect in the following steps, you still need to wait.

5. Turn on WireGuard

This command enables WireGuard.

mullvad relay set tunnel wireguard any

Once you run this command, you can use the app just as you normally would.

6. Use WireGuard in the app

Launch the app. In the location menu, choose any available country, city, or server. The locations that don't have WireGuard servers will be greyed out and unavailable for selection.

7. Turn off WireGuard

This terminal command will disconnect you from WireGuard.

mullvad relay set tunnel openvpn any

If you're connected to the app when you turn off WireGuard, notice that the app will automatically reconnect in order to implement this new configuration.

FAQ

I get "BLOCKED CONNECTION" when I launch the app.

Simply choose another location. This just means that when you previously used the app, before turning on WireGuard, you were connected to a location that doesn't have a WireGuard server.

"WireGuard" is a registered trademark of Jason A. Donenfeld.