Back to Guides

Linux OpenVPN Installation

OpenVPN Installation instructions. Please keep in mind that OpenVPN versions below 2.3.10 will perform worse, so make sure that you run a later version.

Linux General (follow these steps for all Linux dists)

  1. Click on Download and then iOS, Android and other platforms
  2. Enter your account number , select a country and then click on "Get Config" to save the configuration file.
  3. Open up a terminal and change directory to where you downloaded the file (usually ~/Downloads/)
  4. Issue: unzip mullvadconfig*.zip


Ubuntu 16.04 / 14.04 and Debian 7/8/9 (Follow Linux General first)

  1. Open a terminal and issue "sudo apt-get update && apt-get upgrade"
  2. Issue: "sudo apt-get install openvpn"
  3. copy mullvad.crt, mullvad.key, mullvad_linux.conf, ca.crt, crl.pem to /etc/openvpn/  (use sudo)
  4. start openvpn with "sudo service openvpn start" or "sudo openvpn --config /etc/openvpn/mullvad_linux.conf"

Fedora 25/26 (Follow Linux General First)

Since newer Fedora versions use Wayland instead of X  it will display an error when starting the Mullvad client with sudo mullvad ,  this can be solved by starting the client with just mullvad and then enter your password when prompted for it.

Add MULLVAD_USE_GTK3 environment variable to handle wxPython 3 differently.

This should make the client work on Fedora 25. Set the environment variable to "yes" or "no" to toggle between the modes.


Fedora 23/24 (Follow Linux General First)

  1. Open a terminal and issue:  "sudo dnf install openvpn resolvconf"
  2. copy mullvad.crt, mullvad.key, mullvad_linux.conf, ca.crt, crl.pem and update-resolv.conf to /etc/openvpn/
  3. issue "sudo chmod 755 /etc/openvpn/update-resolv.conf"
  4. start openvpn with "sudo service openvpn start" or "sudo openvpn --config /etc/openvpn/mullvad_linux.conf"



Configuration Changes:

Changing to a specific server (from default se servers to specifically se1 in this example)

  1. Edit mullvad_linux.conf
  2. Replace the first "remote 1300" with "remote 1300" or the IP address: "remote 1300"
  3. Save and then restart OpenVPN.


Kill Switch:

This will assume your network interfaces are on eth* and that you want to connect to our Swedish or Dutch servers and your DNS is set to use our public one. Add or Replace the IP ranges or IP addresses to the servers you wish to use. is for our public DNS.

sudo iptables -P OUTPUT DROP
sudo iptables -A OUTPUT -o tun+ -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -d -j ACCEPT
sudo iptables -A INPUT -s -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p udp -m multiport --dports 53,1300,1194,1195,1196,1197 -d,,, -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p tcp -m multiport --dports 53,443 -d,,, -j ACCEPT
sudo iptables -A OUTPUT -o eth+ ! -d -p tcp --dport 53 -j DROP

sudo ip6tables -P OUTPUT DROP
sudo ip6tables -A OUTPUT -o tun+ -j ACCEPT




Adding Obfsproxy support (Debian/Ubuntu)

sudo apt-get update && apt-get upgrade
sudo apt-get install git libevent-dev libssl-dev dh-autoreconf
git clone
cd obfsproxy-legacy/
sudo ./ && ./configure && make
sudo make install

Then launch obfsproxy
obfsproxy obfs2 socks

edit mullvad_linux.conf and then add
socks-proxy 10194

Set the remote server to use a port between 8500 and 9499, using TCP and BF-CBC as cipher, make sure you comment out other proto, remote or cipher options.
remote 8700
cipher BF-CBC
proto tcp



Q. I have disabled IPv6 and OpenVPN exits out with a fatal error.
A. Edit the OpenVPN configuration and do these changes

  1. Replace proto udp with proto udp4 and proto tcp with proto tcp4
  2. Add pull-filter ignore "route-ipv6"
  3. Add pull-filter ignore "ifconfig-ipv6"