Back to Guides

Linux OpenVPN Installation

OpenVPN Installation instructions. Please keep in mind that OpenVPN versions below 2.4.0 will perform worse, so make sure that you run a later version.

Linux General (follow these steps for all Linux dists)

  1. Click on Download Client.
  2. Click on Instructions and configuration files found under iOS, Android and other platforms.
  3. Select Linux as platform by using the drop-down menu.
  4. Enter your account number , select a region and then click on Download to save the configuration file.
  5. Open up a terminal and change directory to where you downloaded the file (usually ~/Downloads/)
  6. Issue: unzip mullvad_config_xx.zip (where xx is the region you selected)

Keep in mind, having it installed as a service means that it will start when you boot up your computer, if you do not want this behaviour then disable it by changing /etc/default/openvpn and then make sure "AUTOSTART=none" is set, you will then have to manually start OpenVPN each time. (sudo service openvpn restart)

 

Ubuntu 16.04 / 14.04 and Debian 7/8/9 (Follow Linux General first)

  1. Open a terminal and issue "sudo apt-get update && apt-get upgrade"
  2. Issue: "sudo apt-get install openvpn"
  3. copy mullvad_ca.crt, mullvad_crl.pem, mullvad_xx.conf and mullvad_userpass.txt  to /etc/openvpn/  (use sudo)
  4. start openvpn with "sudo service openvpn start" or "sudo openvpn --config /etc/openvpn/mullvad_linux.conf"

Ubuntu 16.04 or newer using Network-manager

  1. Open a terminal and issue "sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome"
  2. Open a browser and go to https://mullvad.net
  3. Click on Download client
  4. Click on then under iOS, Android and other platforms click on "Instructions and configuration files"
  5. Select Android as platform using the drop-down menu.
  6. Enter your account number, select a country and then click on Download to save the configuration file.
  7. Network manager does not like inline crl, so please open the downloaded configuration file in an editor and remove the inline crl, remove "<crl-verify>"  and everything after to  "</crl-verify>" (including that line)   and then save it.
  8. Click on the Network icon
  9. Click on VPN-Connections -> Configure VPN
  10. Click on Add
  11. Select Import a saved vpn configuration
  12. navigate to where you saved the downloaded file, select it and then click open
  13. Enter your mullvad account number as in the User name field and enter "m" in the password field
  14. Click on Save
  15. sudo nano -w /etc/NetworkManager/NetworkManager.conf and change "dns=dnsmasq" to "#dns=dnsmasq" and save.
  16. Issue "sudo service network-manager restart" in a terminal
  17. Click on Network icon -> VPN Connections -> Mullvad_** where ** is the country you selected  to connect.

 

Fedora 23/24 (Follow Linux General First)

 

  1. Open a terminal and issue:  "sudo dnf install openvpn resolvconf"
  2. copy mullvad_ca.crt, mullvad_crl.pem, mullvad_xx.conf and mullvad_userpass.txt update-resolv.conf to /etc/openvpn/  (use sudo)
  3. issue "sudo chmod 755 /etc/openvpn/update-resolv.conf"
  4. start openvpn with "sudo service openvpn start" or "sudo openvpn --config /etc/openvpn/mullvad_linux.conf"

 

 

 

Configuration Changes:

Changing to a specific server (from default se servers to specifically se1 in this example)

  1. Edit mullvad_config_xx.conf  (replace xx with the country/region you selected)
  2. Replace the first "remote se.mullvad.net 1300" with "remote se1.mullvad.net 1300" or the IP address: "remote 185.65.132.102 1300"
  3. Save and then restart OpenVPN.

 

Kill Switch:

This will assume your network interfaces are on eth* and that you want to connect to our Swedish or Dutch servers and your DNS is set to use our public one. Add or Replace the IP ranges or IP addresses to the servers you wish to use. 193.138.219.228 is for our public DNS.

sudo iptables -P OUTPUT DROP
sudo iptables -A OUTPUT -o tun+ -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
sudo iptables -A INPUT -s 255.255.255.255 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p udp -m multiport --dports 53,1300,1194,1195,1196,1197 -d 185.65.132.0/24,185.65.134.0/24,185.65.135.0/24,193.138.219.0/24 -j ACCEPT

sudo iptables -A OUTPUT -o eth+ -p udp -m multiport --dports 1301,1302 -d 185.65.132.0/24,185.65.134.0/24,185.65.135.0/24,193.138.219.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p tcp -m multiport --dports 53,443 -d 185.65.132.0/24,193.138.219.0/24,185.65.134.0/24,185.65.135.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ ! -d 193.138.219.228 -p tcp --dport 53 -j DROP

sudo ip6tables -P OUTPUT DROP
sudo ip6tables -A OUTPUT -o tun+ -j ACCEPT

 

Troubleshooting:

 

Q. I have disabled IPv6 and OpenVPN exits out with a fatal error.
A. Edit the OpenVPN configuration and do these changes

  1. Replace proto udp with proto udp4 and proto tcp with proto tcp4
  2. Add pull-filter ignore "route-ipv6"
  3. Add pull-filter ignore "ifconfig-ipv6"