Back to Guides

Linux OpenVPN Installation

OpenVPN Installation instructions. Please keep in mind that OpenVPN versions below 2.3.10 will perform worse, so make sure that you run a later version.

Linux General (follow these steps for all Linux dists)

  1. Click on Download and then iOS, Android and other platforms
  2. Click on the "Other platforms" tab
  3. Enter your account number , select a country and then click on "Get Config" to save the configuration file.
  4. Open up a terminal and change directory to where you downloaded the file (usually ~/Downloads/)
  5. Issue: unzip mullvadconfig*.zip

 

Ubuntu 16.04 / 14.04 and Debian 7/8/9 (Follow Linux General first)

  1. Open a terminal and issue "sudo apt-get update && apt-get upgrade"
  2. Issue: "sudo apt-get install openvpn"
  3. copy mullvad.crt, mullvad.key, mullvad_linux.conf, ca.crt, crl.pem to /etc/openvpn/  (use sudo)
  4. start openvpn with "sudo service openvpn start" or "sudo openvpn --config /etc/openvpn/mullvad_linux.conf"

Ubuntu 16.04 or newer using Network-manager

  1. Open a terminal and issue "sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome"
  2. Open a browser and go to https://mullvad.net
  3. Click on Download client
  4. Click on then under iOS, Android and other platforms click on "Instuctions and configuration files"
  5. Click on Android tab
  6. Enter your account number, select a country and then click on "Get Config" to save the configuration file.
  7. Network manager does not like inline crl, so please open the downloaded configuration file in an editor and remove the inline crl, remove "<crl-verify>"  and everything after to  "</crl-verify>" (including that line)   and then save it.
  8. Click on the Network icon
  9. Click on VPN-Connections -> Configure VPN
  10. Click on Add
  11. Select Import a saved vpn configuration
  12. navigate to where you saved the downloaded file, select it and then click open
  13. Click on Save
  14. sudo nano -w /etc/NetworkManager/NetworkManager.conf and change "dns=dnsmasq" to "#dns=dnsmasq" and save.
  15. Issue "sudo service network-manager restart" in a terminal
  16. Click on Network icon -> VPN Connections -> Mullvad_** where ** is the country you selected  to connect.

Fedora 25/26 (Follow Linux General First)

Since newer Fedora versions use Wayland instead of X  it will display an error when starting the Mullvad client with sudo mullvad ,  this can be solved by starting the client with just mullvad and then enter your password when prompted for it.

Add MULLVAD_USE_GTK3 environment variable to handle wxPython 3 differently.

This should make the client work on Fedora 25. Set the environment variable to "yes" or "no" to toggle between the modes.

 

Fedora 23/24 (Follow Linux General First)

  1. Open a terminal and issue:  "sudo dnf install openvpn resolvconf"
  2. copy mullvad.crt, mullvad.key, mullvad_linux.conf, ca.crt, crl.pem and update-resolv.conf to /etc/openvpn/
  3. issue "sudo chmod 755 /etc/openvpn/update-resolv.conf"
  4. start openvpn with "sudo service openvpn start" or "sudo openvpn --config /etc/openvpn/mullvad_linux.conf"

 

 

 

Configuration Changes:

Changing to a specific server (from default se servers to specifically se1 in this example)

  1. Edit mullvad_linux.conf
  2. Replace the first "remote se.mullvad.net 1300" with "remote se1.mullvad.net 1300" or the IP address: "remote 185.65.132.102 1300"
  3. Save and then restart OpenVPN.

 

Kill Switch:

This will assume your network interfaces are on eth* and that you want to connect to our Swedish or Dutch servers and your DNS is set to use our public one. Add or Replace the IP ranges or IP addresses to the servers you wish to use. 193.138.219.228 is for our public DNS.

sudo iptables -P OUTPUT DROP
sudo iptables -A OUTPUT -o tun+ -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
sudo iptables -A INPUT -s 255.255.255.255 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p udp -m multiport --dports 53,1300,1194,1195,1196,1197 -d 185.65.132.0/24,185.65.134.0/24,185.65.135.0/24,193.138.219.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p tcp -m multiport --dports 53,443 -d 185.65.132.0/24,193.138.219.0/24,185.65.134.0/24,185.65.135.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ ! -d 193.138.219.228 -p tcp --dport 53 -j DROP

sudo ip6tables -P OUTPUT DROP
sudo ip6tables -A OUTPUT -o tun+ -j ACCEPT

 

 

 

Adding Obfsproxy support (Debian/Ubuntu)

sudo apt-get update && apt-get upgrade
sudo apt-get install git libevent-dev libssl-dev dh-autoreconf
git clone https://git.torproject.org/debian/obfsproxy-legacy.git
cd obfsproxy-legacy/
sudo ./autogen.sh && ./configure && make
sudo make install

Then launch obfsproxy
obfsproxy obfs2 socks 127.0.0.1:10194

edit mullvad_linux.conf and then add
socks-proxy-retry
socks-proxy 127.0.0.1 10194

Set the remote server to use a port between 8500 and 9499, using TCP and BF-CBC as cipher, make sure you comment out other proto, remote or cipher options.
remote se.mullvad.net 8700
cipher BF-CBC
proto tcp

 

Troubleshooting:

Q. I have disabled IPv6 and OpenVPN exits out with a fatal error.
A. Edit the OpenVPN configuration and do these changes

  1. Replace proto udp with proto udp4 and proto tcp with proto tcp4
  2. Add pull-filter ignore "route-ipv6"
  3. Add pull-filter ignore "ifconfig-ipv6"