SSH and Mullvad VPN

BRIDGES

Viimeksi päivitetty: 23 joulukuu 2020


SSH tunneling is one method of using bridges to get around a restrictive firewall. It is available for Windows, Linux, and OS X. It exists on port 22.

In this guide, we take you through the steps to use SSH tunneling to connect to Mullvad's VPN servers. This involves logging in to our bridge servers and then running a local SOCKS proxy that you can connect OpenVPN to, we will connect to the bridge server 193.138.218.71 in our examples, you can change this to one of our other bridges.

Configure SSH SOCKS5

Linux and macOS

In a terminal, issue ssh -f -N -D 1234 mullvad@193.138.218.71.

When you connect to a bridge for the first time, you will be asked to accept the unique fingerprint for each server. You can view the fingerprints in our Servers list (uncheck OpenVPN and WireGuard).

The authenticity of host 'se-mma-br-001.mullvad.net (193.138.218.71)' can't be established.
ED25519 key fingerprint is SHA256:LuBJ1HTfEWNQsvDc5tZrwoG+CokMypcflLMObEnCeMg.
Are you sure you want to continue connecting (yes/no)?

Type 'yes' to save the fingerprint.

You will then be prompted to enter a password. Type in 'mullvad'.

After entering the password you will be returned to the prompt and the process will run in the background.

Windows

Follow the instructions below using the PuTTY client. (Note: Mullvad has not performed an audit of PuTTY. Downloading software via an untrusted third party could potentially mean acquiring unwanted malware, adware, and/or backdoors.)

  1. Click on Session. In the Host Name (or IP Address) field, enter 193.138.218.71 In the Port field, enter 22.
  2. Click on Connection SSH Tunnels. Enter 1234 as source port. Select "Dynamic" and then click "Add".
  3. Click on Connection SSH. Enable "Don't start a shell or command at all".
  4. Click on Connection Data. In the Auto-login username field, enter mullvad.
  5. Click on Session and then enter a name under Saved sessions and click on Save. Double-click on the saved session.

Configure OpenVPN

You will need to use standalone OpenVPN instead of the Mullvad VPN app. The following instructions help you to configure OpenVPN to use the SSH proxy.

Don't have OpenVPN installed?

Follow our guides on how to install OpenVPN for your operating system:

Settings

  1. Be sure to download the configuration file with Connect via bridges enabled under Advanced settings.
  2. Edit the port on the socks-proxy line in the configuration file from 1080 to 1234 which we used above:
    socks-proxy 127.0.0.1 1234

Import the configuration file, and then connect with it using your OpenVPN client. Make sure that you have your SSH client running before you start the OpenVPN client (see instructions above).

Now you're all set!