OpenVPN installation on Linux
Other VPN software Linux OpenVPN Installation Desktop
آخرین بهروزرسانی:
This terminal-based guide walks you through the steps to connect to Mullvad VPN servers using OpenVPN.
Installation instructions
Follow the instructions for your particular Linux distribution below.
Ubuntu / Debian - using the terminal
- In a browser, navigate to our Configuration files page.
- Follow the instructions on that page to download a configuration file. (Make sure to enable "Use IP addresses")
- Open up a terminal and navigate to the directory where you downloaded the file (usually ~/Downloads/).
- Open a terminal and issue the command
unzip xxxx_xx.zip
(replace xxxx_xx.zip with the name of the file you downloaded). - Issue
sudo apt-get update && sudo apt-get upgrade
. - Issue
sudo apt-get install openvpn
. - Copy the following files to /etc/openvpn/ (use
sudo
):- mullvad_ca.crt
- mullvad_xx.conf
- mullvad_userpass.txt
- Start OpenVPN with either
sudo service openvpn start
orsudo nohup openvpn --config /etc/openvpn/mullvad_xx.conf
(where xx is the country or region you selected). - To check whether or not you are connected to Mullvad, you can run
curl https://am.i.mullvad.net/connected
.
Ubuntu - using NetworkManager
- Open a terminal and issue
sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome
. - In a browser, navigate to our Configuration files page.
- Fill out the form. Under Platform, Android needs to be selected. (Make sure to enable "Use IP addresses")
- Click Download to save the configuration file.
- Click on the Network icon.
- Click on VPN-Connections > Configure VPN.
- Click on Add.
- Select Import a saved vpn configuration.
- Navigate to where you saved the downloaded file, select it and then click open.
- In the user name field, enter your Mullvad account number (without any spaces).
- In the password field, enter "m".
- Click Save.
- Issue
sudo nano -w /etc/NetworkManager/NetworkManager.conf
and change "dns=dnsmasq" to "#dns=dnsmasq", then save. - Issue
sudo service network-manager restart
in a terminal. - Click on Network icon > VPN Connections > Mullvad_xx ("xx" is the country you selected to connect).
Fedora - using the terminal
- Navigate to our Configuration files page.
- Follow the instructions on that page to download a configuration file. (Make sure to enable "Use IP addresses")
- Open up a terminal and navigate to the directory where you downloaded the file (usually ~/Downloads/).
- Run the command
unzip xxxx_xx.zip
(replace xxxx_xx.zip with the name of the file you downloaded). - Issue
sudo dnf install openvpn resolvconf
. - Copy the following files to /etc/openvpn/ (use
sudo
):- mullvad_ca.crt
- mullvad_xx.conf
- mullvad_userpass.txt
- update-resolv-conf
- Issue
sudo chmod 755 /etc/openvpn/update-resolv-conf
- Start OpenVPN with either
sudo service openvpn start
orsudo nohup openvpn --config /etc/openvpn/mullvad_xx.conf
(where xx is the country or region you selected). - To check whether or not you are connected to Mullvad, you can run
curl https://am.i.mullvad.net/connected
.
Switching to a different server
In this example, we are changing from the default se server to the se-got-001 server.
- Open your .conf file (for example, mullvad_config_se.conf).
- Replace the first "remote se.mullvad.net 1300" with either "remote se-got-001.mullvad.net 1300" or "remote 185.213.154.131 1300" (the second example uses the server's IP address).
- Save the file and then restart OpenVPN.
Disabling auto-start
By default, OpenVPN will be installed as a service, meaning that it will automatically start when you boot up your computer. You can disable this behavior by changing /etc/default/openvpn so that "AUTOSTART=none" is set.
You will then have to manually start OpenVPN each time, with the command sudo service openvpn restart
.
Enabling a kill switch
This example assumes that your network interfaces are on eth* and that you want to connect to our Swedish or Dutch servers.
Issue the following in a terminal, replacing the IP ranges or IP addresses with the servers you wish to use. Make sure to check "Use IP addresses" in the advanced settings of the OpenVPN generator. Also note that outgoing ping (ICMP) requests will be blocked outside of the tunnel so you cannot ping the VPN server.
sudo iptables -P OUTPUT DROP
sudo iptables -A OUTPUT -o tun+ -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
sudo iptables -A INPUT -s 255.255.255.255 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p udp -m multiport --dports 53,1300:1302,1194:1197 -d 141.98.255.0/24,193.138.218.0/24,45.83.220.0/24,185.213.152.0/24,185.213.154.0/24,185.65.135.0/24,185.65.134.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p tcp -m multiport --dports 53,443 -d 141.98.255.0/24,193.138.218.0/24,45.83.220.0/24,185.213.152.0/24,185.213.154.0/24,185.65.135.0/24,185.65.134.0/24 -j ACCEPT
sudo ip6tables -P OUTPUT DROP
sudo ip6tables -A OUTPUT -o tun+ -j ACCEPT
Troubleshooting
I have disabled IPv6 and OpenVPN exits with a fatal error.
Edit the OpenVPN configuration and make the following changes:
- replace proto udp with proto udp4.
- replace proto tcp with proto tcp4.
- add pull-filter ignore "route-ipv6"
- add pull-filter ignore "ifconfig-ipv6"
Permission issue on /etc/resolv.conf
Issue sudo chmod 755 /etc/openvpn/update-resolv-conf
Is your browser leaking?
Use our Connection check to see if your browser is leaking information and therefore jeopardizing your privacy. This can occur even while connected to Mullvad.