Back to Guides

Linux OpenVPN Installation

OpenVPN Installation instructions. Please keep in mind that OpenVPN versions below 2.3.10 will perform worse, so make sure that you run a later version.

Linux General (follow these steps for all Linux dists)

  1. Click on Download and then iOS, Android and other platforms
  2. Enter your account number , select a country and then click on "Get Config" to save the configuration file.
  3. Open up a terminal and change directory to where you downloaded the file (usually ~/Downloads/)
  4. Issue: unzip mullvadconfig*.zip

 

Ubuntu 16.04 / 14.04 and Debian 7/8/9 (Follow Linux General first)

  1. Open a terminal and issue "sudo apt-get update && apt-get upgrade"
  2. Issue: "sudo apt-get install openvpn"
  3. copy mullvad.crt, mullvad.key, mullvad_linux.conf, ca.crt, crl.pem to /etc/openvpn/  (use sudo)
  4. start openvpn with "sudo service openvpn start" or "sudo openvpn --config /etc/openvpn/mullvad_linux.conf"
     

 

Fedora 23/24 (Follow Linux General First)

  1. Open a terminal and issue:  "sudo dnf install openvpn resolvconf"
  2. copy mullvad.crt, mullvad.key, mullvad_linux.conf, ca.crt, crl.pem and update-resolv.conf to /etc/openvpn/
  3. issue "sudo chmod 755 /etc/openvpn/update-resolv.conf"
  4. start openvpn with "sudo service openvpn start" or "sudo openvpn --config /etc/openvpn/mullvad_linux.conf"

 

 

Configuration Changes:

Changing to a specific server (from default se servers to specifically se1 in this example)

  1. Edit mullvad_linux.conf
  2. Replace the first "remote se.mullvad.net 1300" with "remote se1.mullvad.net 1300" or the IP address: "remote 185.65.132.102 1300"
  3. Save and then restart OpenVPN.

 

Kill Switch:

This will assume your network interfaces are on eth* and that you want to connect to our Swedish or Dutch servers and your DNS is set to use our public one. Add or Replace the IP ranges or IP addresses to the servers you wish to use. 193.138.219.228 is for our public DNS.

sudo iptables -P OUTPUT DROP
sudo iptables -A OUTPUT -o tun+ -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
sudo iptables -A INPUT -s 255.255.255.255 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p udp -m multiport --dports 53,1300,1194,1195,1196,1197 -d 185.65.132.0/24,185.65.134.0/24,185.65.135.0/24,193.138.219.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p tcp -m multiport --dports 53,443 -d 185.65.132.0/24,193.138.219.0/24,185.65.134.0/24,185.65.135.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ ! -d 193.138.219.228 -p tcp --dport 53 -j DROP

sudo ip6tables -P OUTPUT DROP
sudo ip6tables -A OUTPUT -o tun+ -j ACCEPT

 

 

 

Adding Obfsproxy support (Debian/Ubuntu)

sudo apt-get update && apt-get upgrade
sudo apt-get install git libevent-dev libssl-dev dh-autoreconf
git clone https://git.torproject.org/debian/obfsproxy-legacy.git
cd obfsproxy-legacy/
sudo ./autogen.sh && ./configure && make
sudo make install

Then launch obfsproxy
obfsproxy obfs2 socks 127.0.0.1:10194

edit mullvad_linux.conf and then add
socks-proxy-retry
socks-proxy 127.0.0.1 10194

Set the remote server to use a port between 8500 and 9499, using TCP and BF-CBC as cipher, make sure you comment out other proto, remote or cipher options.
remote se.mullvad.net 8700
cipher BF-CBC
proto tcp