Passer au contenu principal

About our servers

Connectivity 

Dernière mise à jour:

Our Servers page has a complete list of our VPN servers and technical details about them. We believe that transparency is one important component of a trustworthy VPN provider, which is why we include the information that we do.

If you have further questions about our servers please contact our Support Team by email: support@mullvadvpn.net

Our server list page has filters that can be used to sort by:

  • Server type (OpenVPN, WireGuard, Bridge)
  • Server status (Online, Offline)
  • Server messages (No messages, Messages)
  • Ownership (Owned, Rented)
  • DAITA Support (Yes, No)

You can also use the following fields to search or filter on a more granular level:

  • Hostname
  • Country
  • City
  • Provider

Rented vs owned

All of our VPN servers run from RAM, with no persistent storage. They are all either owned by us or dedicated servers that we rent. We have physical control over the servers that we own.

Our rented servers are not shared with anyone else. We do not use virtual servers or virtual locations. All our servers are physically located in the locations in which they are listed.  Servers appearing to be located elsewhere will be because of an outdated GeoIP database.

Server status

Servers marked as offline may have messages attached for planned maintenance, though there are cases where servers are not available due to unforeseen circumstances (such as power outages, natural disasters or hardware failures).

Server configuration & management

All our servers have a base configuration security and hardening configuration. Differing server types are then configured identically, i.e. all WireGuard servers will be configured using the same configuration.
Prior to allowing customers to connect we perform a series of sanity checks on all servers to ensure their state.

Passwords, certificates, and private keys for our VPN servers are unique for each server. In the unlikely event that one of these were to be extracted, only that individual server would be affected. We have stringent rules on access levels to servers, configuration, credentials and all areas relating to our VPN servers.

Isolated remote management

We use remote management which resides behind bastion hosts. Any authorized staff member needing to use the remote management software (IPMI, iLO, iDRAC) on these servers must first connect to the bastion host.

Remote management is used to initially prepare a server to run from RAM using our STBoot bootloader, to reboot or shutdown a server. Once a VPN is online, all external peripherals (via USB, firewire) are disabled by our Linux kernel, this means that even with physical access, no keyboards, mice or USB devices will function at all.

Limited access for hosting providers

Hosting providers never have direct access to the operating system or the software running on the server itself. If we need their help in rebooting and reinstalling faulty servers, the provider uses remote management.

Improved performance through collaboration

We work closely with 31173 Services who host a number of our owned servers. With these servers we actively invest time on network performance and connectivity. With 31173 we have established fiber wavelengths between Amsterdam and Frankfurt, London, Paris, Malmö, and Zurich in order to improve performance and reduce latency.

A better future for server management

The management software provided by computer manufacturers are closed source and riddled with bugs and security vulnerabilities. We want that to change, so that’s why we are actively involved in creating a future with open-source firmware and System Transparency.

All our VPN servers run using principles from System Transparency, all run from RAM and none of them store any logs. We have our own custom Linux kernel which we tune for both performance and privacy, we run the latest Ubuntu LTS and actively improve the configurations and deployment methods in use.