Passa al contenuto principale
 

SSH and Mullvad VPN

Bridges Windows Linux macOS Desktop Multihop Censorship circumvention 

Ultimo aggiornamento:

If you are unable to connect to Mullvad VPN using Shadowsocks bridges or WireGuard Obfuscation then you can try to use SSH tunneling to connect to a Mullvad bridge server. This uses port 22. The Mullvad app or OpenVPN will then connect with that through a local SOCKS proxy server.

What this guide covers

Option 1: Using the Mullvad app (in Linux or Windows)

Making a SSH tunnel and SOCKS proxy server

In these examples we will connect to the bridge server se-got-br-001 (185.213.154.117), but you can change this to any of our bridge servers which you can find our Servers list.

Linux (using SSH)

In a Terminal, run the following command:

mullvad-exclude ssh -f -N -D 1234 mullvad@185.213.154.117

When you connect to a bridge server for the first time, you will be asked to accept the unique fingerprint. You can find the fingerprints in our Servers list. You will see a message similar to this:

The authenticity of host '185.213.154.117 (185.213.154.117)' can't be established.
ED25519 key fingerprint is SHA256:m4+gZjHCthQbRg6EU0+9jkuesn/J970YKV8m/K/UzRk.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type yes to save the fingerprint.

You will then be prompted to enter a password. Type in mullvad.

After entering the password you will be returned to the prompt and the process will run in the background.

If you want to connect to another bridge server then first stop the ssh process using killall ssh.

Windows (using PuTTY)

  1. Download and install PuTTY.
  2. Click on Session.
    In the Host Name (or IP Address) field, enter 185.213.154.117.
    In the Port field, enter 22.
  3. Click on Connection SSH Tunnels. Enter 1234 as source port. Select "Dynamic" and then click Add.
  4. Click on Connection SSH. Enable "Don't start a shell or command at all".
  5. Click on Connection Data. In the Auto-login username field, enter mullvad.
  6. Click on Session and then enter a name under Saved sessions and click on Save. Double-click on the saved session and then click on Accept in the security alert window. When asked for a password enter mullvad.

Then exclude PuTTY using Split tunneling in the Mullvad app settings:

  1. Go to the Mullvad app settings by clicking on the gear icon in the top right corner of the app.
  2. Click on Split tunneling.
  3. Scroll down to the bottom and click on Find another app.
  4. Browse to C:\Program Files\PuTTY and double-click on putty.exe to exclude it.
  5. Open PuTTY and connect to the session you saved before.

Connect with the Mullvad app

In a Terminal or Command Prompt, run the following commands.

Mullvad 2024.1 and newer:

mullvad bridge set custom set socks5 local 1234 185.213.154.117 22

Mullvad 2023.6 and older:

mullvad bridge set custom local 1234 185.213.154.117 22

All versions:

mullvad relay set tunnel-protocol openvpn

mullvad bridge set state on

mullvad connect

Verify your connection with the Mullvad connection check.

Option 2: Using OpenVPN app (Linux, macOS and Windows)

Making a SSH tunnel and SOCKS proxy server

In these examples we will connect to the bridge server se-got-br-001 (185.213.154.117), but you can change this to any of our bridge servers which you can find our Servers list.

Linux and macOS (using SSH)

In a Terminal, run the following command:

ssh -f -N -D 1234 mullvad@185.213.154.117

When you connect to a bridge server for the first time, you will be asked to accept the unique fingerprint. You can find the fingerprints in our Servers list. You will see a message similar to this:

The authenticity of host '185.213.154.117 (185.213.154.117)' can't be established.
ED25519 key fingerprint is SHA256:m4+gZjHCthQbRg6EU0+9jkuesn/J970YKV8m/K/UzRk.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type yes to save the fingerprint.

You will then be prompted to enter a password. Type in mullvad.

After entering the password you will be returned to the prompt and the process will run in the background.

If you want to connect to another bridge server then stop the ssh process using killall ssh.

Windows (using PuTTY)

  1. Download and install PuTTY.
  2. Click on Session.
    In the Host Name (or IP Address) field, enter 185.213.154.117.
    In the Port field, enter 22.
  3. Click on Connection SSH Tunnels. Enter 1234 as source port. Select "Dynamic" and then click Add.
  4. Click on Connection SSH. Enable "Don't start a shell or command at all".
  5. Click on Connection Data. In the Auto-login username field, enter mullvad.
  6. Click on Session and then enter a name under Saved sessions and click on Save. Double-click on the saved session and then click on Accept in the security alert window. When asked for a password enter mullvad.

Connect with OpenVPN

This part of the guide uses the OpenVPN app instead of the Mullvad VPN app. The following instructions will show you how to configure OpenVPN to use the SSH proxy.

First follow our guides on how to install OpenVPN for your operating system:

After installing OpenVPN follow these instructions:

  1. Go to our OpenVPN configuration file generator and click on Advanced settings and enable Connect via bridges.
  2. In the downloaded config file, edit the port on the socks-proxy line in the configuration file from 1080 to 1234 which we used above: socks-proxy 127.0.0.1 1234
  3. Make sure that you have your SSH client running (see instructions above).
  4. Use the configuration file to connect with your OpenVPN client.
  5. Verify your connection with the Mullvad connection check.