Checking connection...

Split tunneling with Mullvad VPN

CONNECTIVITY

Last updated: 7 December 2019


The term "split tunneling" is used to describe when you want some of your programs to use the VPN while allowing the rest of your traffic to travel via your regular Internet connection. This guide explains how to set up split tunneling.

You will use SOCKS5 proxies for the programs that you want to travel via the VPN.

Warning: FireFox does leak DNS requests outside the SOCKS5 proxy even if you have remote DNS enabled, make sure you have set your system to use a DNS that is going through the VPN to not risk leaking DNS requests to your ISP*

Linux using OpenVPN

Edit Mullvad_xx.ovpn / mullvad_linux.conf / mullvad_config_xx.conf and add

route-nopull
route 10.0.0.0 255.0.0.0
route 193.138.218.74 255.255.255.255

Reconnect.

Follow the SOCKS5 guide guide for how to configure your clients that should go out via the VPN.

Windows using OpenVPN

Copy mullvad_windows.conf.ovpn to the desktop, then edit it to add the following:

route-nopull
route 10.0.0.0 255.0.0.0
route 193.138.218.74 255.255.255.255

Save it, and then copy it back to C:\program files\openvpn\config\ or C:\program files(x86)\openvpn\config\

Click Yes on the permission requester.

Reconnect.

Follow the SOCKS5 guide for how to configure your clients that should go out via the VPN.

MacOS using Tunnelblick

Edit the file OSX/Mullvad.tblk/mullvad_osx.conf found inside the mullvadconfig_xx.zip 

Add the following options to it:

route-nopull
route 10.0.0.0 255.0.0.0
route 193.138.218.74 255.255.255.255

Save the file, and then import this profile into Tunnelblick

Follow the SOCKS5 guide for how to configure your clients that should go out via the VPN.

How to route everything via the VPN except certain IP addresses

In this example we will not route www.chalmers.se through the VPN.

First figure out the IP address that you want to go outside the VPN tunnel, in this case it is www.chalmers.se

Open up a terminal / command prompt and run nslookup www.chalmers.se.

It should respond with

Server:        10.137.8.1
Address:    10.137.8.1#53

Non-authoritative answer

Name:    www.chalmers.se
Address: 129.16.71.10

As you can see, it only has one IP address, 129.16.71.10, so we will add this using OpenVPN.

  1. Edit the OpenVPN configuration / Profile
  2. Add route 129.16.71.10 255.255.255.255 net_gateway
  3. Save changes.
  4. Restart OpenVPN connection.

Troubleshooting

  1. Are you able to ping 10.8.0.1?  If you get responses then the connection to the VPN server is working.
  2. Are you not able to get DNS lookups through? In a terminal window, run nslookup sunet.se and check which server it tries to use as well.
  3. Either set your DNS to 10.8.0.1 or 193.138.218.74 to make sure the DNS requests goes via the VPN tunnel.
  4. If your browser works with SOCKS5 enabled works but fails without, then it is most likely a DNS issue.