SOCKS5 proxy

CONNECTIVITY

Dernière mise à jour: 9 septembre 2020


Using our SOCKS5 proxies can further minimize your computer's identity from being revealed and reduce CAPTCHAs. This guide explains why SOCKS5 is beneficial and how to use it.

What this guide covers

Overview

With the SOCKS5 proxy on all of Mullvad's VPN servers, you can further minimize your computer's identity from being revealed. This simple yet powerful feature also reduces CAPTCHAs.

For advanced users, the proxy is located on IP 10.8.0.1 (OpenVPN) or 10.64.0.1 (WireGuard), port 1080.

The SOCKS5 proxy is only accessible when you are connected to Mullvad.

Why the proxy is beneficial

You may already be familiar with the Mullvad app's built-in "kill switch" safety feature. In other words, in the event that the Mullvad connection is terminated, all of your Internet traffic is automatically blocked, ensuring that your traffic is not accidentally leaked outside of our secure tunnel.

However, what happens if you've forgotten to start the Mullvad app? This is where using the SOCKS5 proxy comes in handy, to act as back-up protection.

How the proxy works

If you configure your browser, for example, to use the SOCKS5 proxy, it will direct all of your internet access via the proxy which is only accessible through Mullvad. So if you haven't turned on the app, your browser will prevent all internet access and therefore won't leak any information.

The proxy also works with routers and any other VPN used together with Mullvad's servers.

Reduced CAPTCHAs

Another benefit is a reduction in the amount of CAPTCHAs you will experience. Many websites and services require this identification when they detect traffic that originates from a VPN server. The proxy makes this detection more difficult.

Get started with the SOCKS5 proxy

Follow these steps to configure Firefox and Qbittorrent for using our SOCKS5 proxies.

WireGuard® users

If you are using WireGuard, you will need to replace 10.8.0.1 with 10.64.0.1 in the instructions below.

Firefox – newer versions

  1. In the Firefox menu, click on Edit (on some operating systems, click Tools).
  2. Click on Preferences (on some operating systems, click Options).
  3. Scroll down to Network Proxy.
  4. Click on Settings.
  5. Select Manual proxy configuration.
  6. Make sure HTTP/SSL and FTP proxy fields are empty.
  7. In the SOCKS Host: field, enter 10.8.0.1 with port 1080.
  8. Click on SOCKS v5 and enable Remote DNS or tick Proxy DNS when using SOCKS v5.
  9. Click on OK.

Firefox

To disable, go to step #5 and change the setting to No Proxy.

Firefox – older versions

  1. In the Firefox menu, click on Edit.
  2. Click on Preferences.
  3. Click on Advanced.
  4. Click on Network Settings.
  5. Select Manual proxy configuration.
  6. Make sure HTTP/SSL and FTP proxy fields are empty.
  7. In the SOCKS Host: field, enter 10.8.0.1 with port 1080.
  8. Click on SOCKS v5 and enable Remote DNS or tick Proxy DNS when using SOCKS v5.
  9. Click on OK.

To disable, go to step #5 and change the setting to No Proxy.

Firefox on Android

Note: The about:config settings page was removed from Firefox on Android and they are currently only available in Firefox Nightly (the development version of Firefox).

  1. Enter about:config in the address bar and click on Send.
  2. In the search field, enter proxy.
  3. Scroll down to network.proxy.socks and enter 10.8.0.1.
  4. Scroll down to network.proxy.socks_port and enter 1080.
  5. Change the value for network.proxy.socks_remote_dns to True.
  6. Change the value for network.proxy.socks_version to 5.
  7. Change network.proxy.type to 1.
  8. Clear the field for network.proxy.ftp.
  9. Clear the field for network.proxy.http.
  10. Clear the field for network.proxy.ssl.
  11. Click on the back button to save the changes.

 To disable, go to step #7 and change the setting to 5.

Chrome / Edge / Brave - Windows

You cannot set a SOCKS5 proxy directly in the Windows settings but you can modify your desktop shortcut to Chrome, (new) Edge or Brave and add this to the end of the Target:

When using WireGuard protocol:

 --proxy-server=socks5://10.64.0.1

When using OpenVPN protocol:

 --proxy-server=socks5://10.8.0.1

Make sure to include one empty space before the dashes.

Safari / Chrome / Edge / Brave - macOS

To add the SOCKS5 proxy to Safari, Chrome, Edge or Brave in macOS you open System Preferences > Network > click on the active (green) connection > Advanced... > Proxies > check "SOCKS Proxy" and enter the following.

When using WireGuard protocol:

SOCKS Proxy Server:
10.64.0.1 : 1080

When using OpenVPN protocol:

SOCKS Proxy Server:
10.8.0.1 : 1080

WireGuard and SOCKS5

 

All WireGuard servers have two SOCKS5 proxies listening on them:

  • The SOCKS5 proxy on 10.64.0.1 port 1080 is not reachable from other WireGuard servers.
  • The SOCKS5 proxy on 10.124.0.x to 10.124.1.x on port 1080 are reachable from other WireGuard servers. These IPs are unique for each WireGuard server. For instance, 10.124.0.1 is us1-wireguard.mullvad.net and 10.124.0.2 is se1-wireguard.mullvad.net.

To configure the one you want to use, follow the directions listed for Firefox or Qbittorrent but use 10.64.0.1 instead of 10.8.0.1 as the SOCKS5 host.

Multihop with SOCKS5

You can also use the SOCKS5 proxies to multihop. To do so, you can configure your browser or other program to exit from a server that is different from the one you connected to.

For instance, if you are connected to se1-wireguard.mullvad.net and then want to exit via us1-wireguard.mullvad.net, you would configure your browser/program to use us1-wg.socks5.mullvad.net on port 1080 as your exit node.

You can try this in a terminal (in the following examples, we are connected to se1):

Without SOCKS5 proxy

curl ifconfig.co
193.138.219.61

With SOCKS5 proxy running locally

curl ifconfig.co --socks5-host 10.64.0.1
193.138.219.60

With SOCK5 proxy running on another server

curl ifconfig.co --socks5-host nl1-wg.socks5.mullvad.net
185.65.134.190

"WireGuard" is a registered trademark of Jason A. Donenfeld.