Checking connection...

CLI commands for using WireGuard


Last updated: 12 December 2019

This command line interface (CLI) guide explains how to connect to Mullvad's WireGuard® servers by using the terminal.

If you’re using the Mullvad VPN app, follow our guide on how to turn on WireGuard in the app.


You need

  • macOS or Linux
  • version 2019.6 or newer of the Mullvad VPN app – download it here
  • to use the terminal.

1. Open the terminal

Open a terminal window.

2. Do you have a key pair?

Check if you already have a key pair.

mullvad tunnel wireguard key check

3. No key pair? Generate one.

This command will generate a new key pair but will not return any information.

mullvad tunnel wireguard key generate

4. New key pair? Wait.

If you generated a new key pair, you may need to wait up to two minutes before it starts working. If the Mullvad app fails to connect in the following steps, you still need to wait.

5. Turn on WireGuard

This command enables WireGuard.

mullvad relay set tunnel wireguard any

Once you run this command, you can use the app just as you normally would.

6. Use WireGuard in the app

Launch the app. In the location menu, choose any available country, city, or server. The locations that don't have WireGuard servers will be greyed out and unavailable for selection.

7. Turn off WireGuard

This terminal command will disconnect you from WireGuard.

mullvad relay set tunnel openvpn any

If you're connected to the app when you turn off WireGuard, notice that the app will automatically reconnect in order to implement this new configuration.


I get "BLOCKED CONNECTION" when I launch the app.

Simply choose another location. This just means that when you previously used the app, before turning on WireGuard, you were connected to a location that doesn't have a WireGuard server.

"WireGuard" is a registered trademark of Jason A. Donenfeld.