Back to Guides

Linux OpenVPN Installation

OpenVPN Installation instuctions please keep in mind that OpenVPN versions below 2.3.10 will perform worse so make sure you run a later version.

Linux General

  1. Click on Download and then iOS, Android and other platforms
  2. Enter your account number , select a country and then click on "Get Config" to Save the configuration file.
  3. Open up a terminal and change directory to where you downloaded the file (usually ~/Downloads/)
  4. Issue: unzip mullvadconfig*.zip

 

Ubuntu 16.04 / 14.04 and Debian 7/8/9

  1. Open a terminal and issue "sudo apt-get update && apt-get upgrade"
  2. Issue: "sudo apt-get install openvpn"
  3. copy mullvad.crt, mullvad.key, mullvad_linux.conf, ca.crt, crl.pem to /etc/openvpn/
  4. start openvpn with "sudo service openvpn start" or "sudo openvpn --config /etc/openvpn/mullvad_linux.conf"
     

 

Fedora 23/24

  1. Open a terminal and issue:  "sudo dnf install openvpn resolvconf"
  2. copy mullvad.crt, mullvad.key, mullvad_linux.conf, ca.crt, crl.pem and update-resolv.conf to /etc/openvpn/
  3. issue "sudo chmod 755 /etc/openvpn/update-resolv.conf"
  4. start openvpn with "sudo service openvpn start" or "sudo openvpn --config /etc/openvpn/mullvad_linux.conf"

 

 

Configuration Changes:

Changing to a specific server (from default se servers to specifically se1 in this example)

  1. Edit mullvad_linux.conf
  2. Replace the first "remote se.mullvad.net 1300" with "remote se1.mullvad.net 1300" or the IP address: "remote 185.65.132.102 1300"
  3. Save and then restart OpenVPN.

 

Kill Switch:

This will assume your network interfaces are on eth* and that you want to connect to our Swedish servers and your DNS is set to use our public one. Add or Replace 185.65.132.0/24 with the IP address(es) or ranges to the servers you wish to use. 193.138.219.228 is for our public DNS.

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
sudo iptables -A INPUT -s 255.255.255.255 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p udp -m multiport --dports 53,1300,1194,1195,1196,1197 -d 185.65.132.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p tcp -m multiport --dports 53,443 -d 185.65.132.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p udp -m multiport --dports 53,1300,1194,1195,1196,1197 -d 193.138.219.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p tcp -m multiport --dports 53,443 -d 193.138.219.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ ! -d 193.138.219.228 -p tcp --dport 53 -j DROP

 

Adding Obfsproxy support (Debian/Ubuntu)

apt-get update && apt-get upgrade
apt-get install git libevent-dev libssl-dev dh-autoreconf
git clone https://git.torproject.org/debian/obfsproxy-legacy.git
cd obfsproxy-legacy/
sudo ./autogen.sh && ./configure && make
sudo make install

Then launch obfsproxy
obfsproxy obfs2 socks 127.0.0.1:10194

edit mullvad_linux.conf and then add
socks-proxy-retry
socks-proxy 127.0.0.1 10194

Set the remote server to use a port between 8500 and 9499, using TCP and BF-CBC as cipher, make sure you comment out other proto, remote or cipher options.
remote se.mullvad.net 8700
cipher BF-CBC
proto tcp