SSH and Mullvad VPN
Bridges Windows Linux macOS Desktop Multihop Censorship circumvention
Последнее обновление:
If you are unable to connect to Mullvad VPN using Shadowsocks bridges or WireGuard Obfuscation then you can try to use SSH tunneling to connect to a Mullvad bridge server. This uses port 22. The Mullvad app or OpenVPN will then connect with that through a local SOCKS proxy server.
What this guide covers
- Option 1: Using the Mullvad app (in Linux or Windows)
- - Linux (using SSH)
- - Windows (using PuTTY)
- Option 2: Using OpenVPN app (Linux, macOS and Windows)
- - Linux and macOS (using SSH)
- - Windows (using PuTTY)
Option 1: Using the Mullvad app (in Linux or Windows)
Making a SSH tunnel and SOCKS proxy server
In these examples we will connect to the bridge server se-got-br-001 (185.213.154.117), but you can change this to any of our bridge servers which you can find our Servers list.
Linux (using SSH)
In a Terminal, run the following command:
mullvad-exclude ssh -f -N -D 1234 mullvad@185.213.154.117
When you connect to a bridge server for the first time, you will be asked to accept the unique fingerprint. You can find the fingerprints in our Servers list. You will see a message similar to this:
The authenticity of host '185.213.154.117 (185.213.154.117)' can't be established. ED25519 key fingerprint is SHA256:m4+gZjHCthQbRg6EU0+9jkuesn/J970YKV8m/K/UzRk. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])?
Type yes
to save the fingerprint.
You will then be prompted to enter a password. Type in mullvad
.
After entering the password you will be returned to the prompt and the process will run in the background.
If you want to connect to another bridge server then first stop the ssh process using killall ssh
.
Windows (using PuTTY)
- Download and install PuTTY.
- Click on Session.
In the Host Name (or IP Address) field, enter 185.213.154.117.
In the Port field, enter 22. - Click on Connection → SSH → Tunnels. Enter 1234 as source port. Select "Dynamic" and then click Add.
- Click on Connection → SSH. Enable "Don't start a shell or command at all".
- Click on Connection → Data. In the Auto-login username field, enter mullvad.
- Click on Session and then enter a name under Saved sessions and click on Save. Double-click on the saved session and then click on Accept in the security alert window. When asked for a password enter mullvad.
Then exclude PuTTY using Split tunneling in the Mullvad app settings:
- Go to the Mullvad app settings by clicking on the gear icon in the top right corner of the app.
- Click on Split tunneling.
- Scroll down to the bottom and click on Find another app.
- Browse to
C:\Program Files\PuTTY
and double-click on putty.exe to exclude it. - Open PuTTY and connect to the session you saved before.
Connect with the Mullvad app
In a Terminal or Command Prompt, run the following commands.
Mullvad 2024.1 and newer:
mullvad bridge set custom set socks5 local 1234 185.213.154.117 22
Mullvad 2023.6 and older:
mullvad bridge set custom local 1234 185.213.154.117 22
All versions:
mullvad relay set tunnel-protocol openvpn mullvad bridge set state on mullvad connect
Verify your connection with the Mullvad connection check.
Option 2: Using OpenVPN app (Linux, macOS and Windows)
Making a SSH tunnel and SOCKS proxy server
In these examples we will connect to the bridge server se-got-br-001 (185.213.154.117), but you can change this to any of our bridge servers which you can find our Servers list.
Linux and macOS (using SSH)
In a Terminal, run the following command:
ssh -f -N -D 1234 mullvad@185.213.154.117
When you connect to a bridge server for the first time, you will be asked to accept the unique fingerprint. You can find the fingerprints in our Servers list. You will see a message similar to this:
The authenticity of host '185.213.154.117 (185.213.154.117)' can't be established. ED25519 key fingerprint is SHA256:m4+gZjHCthQbRg6EU0+9jkuesn/J970YKV8m/K/UzRk. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])?
Type yes
to save the fingerprint.
You will then be prompted to enter a password. Type in mullvad
.
After entering the password you will be returned to the prompt and the process will run in the background.
If you want to connect to another bridge server then stop the ssh process using killall ssh
.
Windows (using PuTTY)
- Download and install PuTTY.
- Click on Session.
In the Host Name (or IP Address) field, enter 185.213.154.117.
In the Port field, enter 22. - Click on Connection → SSH → Tunnels. Enter 1234 as source port. Select "Dynamic" and then click Add.
- Click on Connection → SSH. Enable "Don't start a shell or command at all".
- Click on Connection → Data. In the Auto-login username field, enter mullvad.
- Click on Session and then enter a name under Saved sessions and click on Save. Double-click on the saved session and then click on Accept in the security alert window. When asked for a password enter mullvad.
Connect with OpenVPN
This part of the guide uses the OpenVPN app instead of the Mullvad VPN app. The following instructions will show you how to configure OpenVPN to use the SSH proxy.
First follow our guides on how to install OpenVPN for your operating system:
After installing OpenVPN follow these instructions:
- Go to our OpenVPN configuration file generator and click on Advanced settings and enable Connect via bridges.
- In the downloaded config file, edit the port on the socks-proxy line in the configuration file from 1080 to 1234 which we used above:
socks-proxy 127.0.0.1 1234
- Make sure that you have your SSH client running (see instructions above).
- Use the configuration file to connect with your OpenVPN client.
- Verify your connection with the Mullvad connection check.