Back to Guides

Mullvad client - Advanced options

In advanced settings in the Mullvad client, you can set the values for options manually in order to control how Mullvad clients operates. This is for advanced users and conflicting settings can block the client from functioning at all. Save a copy of the original settings before you start to change the advanced settings. Also write down your account number in a safe place. Read the bottom of the page to find out how to reset to the default values.



This blocks all IPv4 and IPv6 DNS queries from port 53 except on OpenVPN TAP interface. it uses WFP on Windows.
Accepted values: True, False
Default: True
Comment: Invokes the Windows Filtering Platform to block all DNS traffic on interfaces other than the tunnel interface. In practice, this means that DNS Leaks, both the original problem and the one introduced in Windows 8 and 10, is prevented by OpenVPN itself. This option will be enabled by default in version 57 but can be disabled in the advanced settings. The original 'Stop DNS Leaks' setting will remain for the time being and will work just as before. Note that this new feature is only available for Windows. The advanced setting for toggling this feature is present in all versions but has no effect on other platforms.



This determines the protocol you will use when connecting, UDP or TCP.
On servers running OpenVPN 2.4.0 port 80 TCP and ports 1301 UDP, 1302 UDP are also available with all ciphers
Accepted values: any, udp, tcp
Default: any



Blocks all local networks, i.e. all traffic goes via Mullvad VPN
Accepted values: True, False
Default: False
Comment: This parameter was introduced in order to prevent DNS hijacking. Having it set to True is the most secure option, but remember that no local resources (like your WiFi connected printer) will work.



Automatically connects to a VPN server when you start the mullvad client.
Accepted values: True, False
Default: True



This determines cipher used  - aes256 or bf128 (AES only works with port 1300,1301,1302 and 1197, all other ports use bf128 on version 61 or older)
(However it will default to AES-256-GCM on any port if using Mullvad client version 62 or later)
Accepted values: any, aes256, bf128
Default: any



This blocks incoming UDP packets received on other interfaces to go out via TAP adapter, it uses WFP on windows.
Accepted values: True, False
Default: True



This is where you can set to connect to a specific server if you want, like (replace * with the server you wish to use)
Accepted values: any, * , IP address to a server
Default: any



This determines the port you will connect to us. (port 443 TCP only, all others UDP)
Accept values: any,  1300,1301,1302 1194, 1195, 1196, 1197, 443, 8499-9499, 53, 80
Default: any



This sets the TCP/UDP socket send buffer size
Accepted values: 8192 - 67108864
Default: auto
Comment: auto = 131072. Larger buffers may improve speeds when connected to a server far away or when having a very fast connection.



In auto mode it will try to detect Deep Packet Inspection
Accepted values: auto, yes, no
Default: auto
Comment: Obfsproxy is a tool that attempts to circumvent censorship, by transforming the VPN traffic between the client and the server. This way, censors, who usually monitor traffic between the client and the server, will see innocent-looking transformed traffic instead of the actual traffic. In auto mode, the client tries to detect when it is needed,  If you don't use auto, you also have to fill the parameters: port, cipher, protocol, server and make sure location is not in conflict with server selected.


stop_dns_leaks  (previously hard_dns)

This corresponds to "Stop DNS Leaks" in the GUI
Accepted values: True, False
Default: True
Comment: All DNS traffic is routed via Mullvad public DNS server, this in order to not leek information to a public DNS server about what sites you are visiting. This works in two different ways: 1. Sets your DNS pointer to our DNS server, so if your traffic for some reason ends up on the public internet it goes to our server. 2. All our VPN servers hijack calls to our public DNS server and the DNS request is process on a local DNS server installed on that VPN server (leaks less information and process requests significantly faster).



This corresponds to "Country" in the GUI, lets you select which exit country you wish to use (xx is any)
Accepted values: xx, de, nl, se, ca, us, sg,dk,no,gb,lt
Default: se
Comment: xx = any country



The time the client waits for a successful OpenVPN connection before trying to connect to another server in seconds.
Accepted values: any number
Default: 35



Is set to True when "Tunnel IPv6" is checked in the GUI, if set to false IPv6 will be blocked.
Accepted values: True, False
Default: True



This corresponds to "Block internet on connection failure" in the GUI, this is the kill switch.
Accepted values: True, False
Default: False
Comment: With this set to True, if the Mullvad Client fails to connect for any reason - your internet connection will be blocked - Even the Mullvad home page to manage an expired account! If you close the Mullvad client or click on disconnect the routes will be restored and internet will not be blocked any more.



This is your account number.
Accepted values: "youraccountnumber" (just numbers)
Default: your account number


Recover default settings

  1. Write down your account number, it will be lost in the process
  2. Close the Mullvad Client
  3. Delete the Mullvad settings file (replace USERNAME with your name
    Windows - C:\Users\USERNAME\AppData\Local\mullvad\mullvad\settings.ini
    Linux - ~/.config/mullvad/settings.ini
    OSX - ~/Library/Application Support/mullvad/settings.ini
  4. Start the Mullvad Client.
  5. Select existing account, and enter your account number