Mullvad is a VPN service offered by Amagicom AB that utilizes multiple protocols to protect users from snoopers. The service also employs a variety of methods to further ensure subscribers’ privacy and security each time they go online. Mullvad is an interesting service that has a high standard for privacy, is pretty fast and gets you into Netflix most of the time. It's also unique in that it accepts hard cash as payment. Mullvad does not work well with US Netflix. It is a fast VPN that we highly recommend for ultra-secure web browsing and anonymous P2P file-sharing, but the company doesn’t actively try to unblock streaming sites and only two of Mullvad’s 25 US servers currently unblock Netflix with any degree of reliability.
- Mullvad can’t unblock any foreign Netflix libraries. We recommend using ExpressVPN. At the time of writing, it unblocks more than 10 libraries including Netflix Japan, plus many other services like Hulu, Amazon Prime Video, and ITV Hub.
- See full list on vpnpro.com.
Mullvad is a VPN service based in Sweden which uses OpenVPN and WireGuard.
Installation
The new official GUI client is available as mullvad-vpnAUR.
After installation you will need to enable and start the systemd service
mullvad-daemon.service
.Alternatively you can use the old client or either OpenVPN or WireGuard with a configuration file for Mullvad as explained in #Manual configuration.
Manual configuration
If you do not want to use the Mullvad app you can set it up manually with standard Linux software. Mullvad supports the OpenVPN and WireGuard protocols. Mullvad themselves advise to use WireGuard. However, using OpenVPN may be preferable since for instance the GNOME GUI can handle OpenVPN graphically, which makes it easy to see that the VPN is being used, or switching between VPN servers.
No matter if you opt for OpenVPN or WireGuard, if you use NetworkManager you may want to set up dnsmasq to decrease DNS-lookup times and also decreasing risk of DNS leakages. Follow the steps under DNS_caching_and_conditional_forwarding. Mind you, using dnsmasq together with the Mullvad app will result in poorer performance as NetworkManager can't manage per-interface configs via dnsmasq.
Using OpenVPN
First make sure the packages openvpn and openresolv are installed, then proceed to download Mullvad's OpenVPN configuration file package from their website (under the 'other platforms' tab) and unzip the downloaded file to
/etc/openvpn/client/
. From here you can either use the GNOME GUI for networking which uses [NetworkManager] and provides a neat interface, or you can use systemd to start it automatically at boot.Using The GNOME Network GUI
Make sure the package networkmanager-openvpn is installed. Then open the GNOME Settings, and select Network. Click on the '+' by the VPN section, and choose 'Import from file'. Choose the config file that you have downloaded from Mullvad. Note that you should download the files for Android, not the ones for Linux. Repeat this step for all of the servers you want to add. Now the VPN connections will show up in the roll down menu in the top right corner, below the primary network connections. At this point you manually have to flick the switch to connect to one of the servers. You may want to choose one of the VPN servers to connect to automatically when connected to the internet, using these steps in NetworkManager#Automatically connect to VPN
Using systemd
Rename
mullvad_linux.conf
for a shorter name to be used with the systemd service later:In order to use the nameservers supplied by Mullvad, update-resolv-conf script is being called upon starting and stopping the connection with OpenVPN to modify resolv.conf to include the correct IP addresses. This script is also included in the Mullvad configuration zipfile, but should be moved to
/etc/openvpn/
to match the path specified in the Mullvad configuration file:The script can be kept updated with the openvpn-update-resolv-conf script, which also contains a fix for DNS leaks.
After configuration the VPN connection can be managed with
[email protected]
. If the service fails to start with an error like Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
, you might need to reboot the system to enable OpenVPN creating the correct network device for the task.Enabling a Kill Switch
To enable a Kill Switch function to prevent data leakage in case the VPN connection goes down, you can use iptables as explained in the Mullvad OpenVPN on Linux page, under Enabling a Kill Switch.
Using WireGuard
Install the wireguard-tools package. Log in to Mullvad with your account and then go to the Wireguard-config page. Choose Linux as platform, then click generate key to generate a public key. In a terminal, issue the following command to generate a private key:
Mullvad Port Forwarding
Click on 'Manage keys' on the Mullvad WireGuard config page, and insert the private key you just generated into the field that says 'Enter private key', and click on 'import key'. Fill out step 3 on the website and download the file. Unzip the file you downloaded to get one or several config files depending on your selections in step 3. With these config files you can use the terminal interface of NetworkManager, nmcli.
To add a WireGuard connection from a config-file, issue following command in terminal:
If the file was called WG1.conf a connection called WG1 should have been added.
If you at any point want to delete the connection, issue the command:
Mullvad Down
To actually start the WireGuard tunnel, issue command:
Make sure the connection is listed when you run nmcli:
You might want to verify that the private and public keys are correct and corresponds with what you got from your VPN provider:
DNS leaks
By default, the Mullvad OpenVPN configurations allow DNS leaks and for usual VPN use cases this is an unfavorable privacy defect. Mullvad's new GUI client automatically stops DNS leaks by removing every DNS server IP from the system configuration and replacing them with an IP pointing out to Mullvad's own non-logging DNS server, valid during the VPN connection. This fix can also be applied with the plain OpenVPN method by configuring resolv.conf to use only the Mullvad DNS server IP specified on their website.
The resolv.conf update script version in openvpn-update-resolv-conf implements a different fix for the leaks by using the exclusive interface switch
-x
when running the resolvconf
command, but this might cause another form of DNS leakage by making even every local network address resolve via the DNS server provided by Mullvad, as noted in the script's GitHub issue page.Automatic configuration
vopono supports automatically generating configuration files for Mullvad, allowing you to instantly run applications via Mullvad connections in temporary network namespaces.
Both OpenVPN and Wireguard connections are supported. Shadowsocks is supported for OpenVPN connections, and port forwarding is supported for Wireguard connections.
See also
Retrieved from 'https://wiki.archlinux.org/index.php?title=Mullvad&oldid=643281'
Mullvad
Overall User Rating – (Jump to user reviews)
Website: www.mullvad.net
Price: $5 / Month
Our Rating: – 71.6%
Protection: 5/5
Software / GUI: 3/5
Features: 2/5
Speed: 3/5
Ease of Use: 4/5
Service Overview and Reviews
Protocols: OpenVPN, PPTP
Mullvad Download
Service: Mullvad offers an unlimited VPN service with servers in 22 countries.
Software is available in Windows, Mac and Linux and you can also get a version for iOS and Android.
The software is basic allowing you to choose which server to connect to and includes and auto-disconnect option.
Mullvad accept Bitcoins and there is a limited free 3 hour trial.
Privacy: Mullvad don’t log any users activity. See their Policy/Terms/FAQ
![Mullvad Mullvad](/uploads/1/1/7/8/117880993/862370197.jpg)
Our Thoughts: A small VPN network that is big on privacy but our test results were a bit disappointing on P2P with speed fluctuating wildly during download. No UK servers.
Mullvad User Reviews
Please rate Mullvad from your own experience via the form at the bottom of this page.
Mullvad Speed Test Results
Mullvad Speed Test
Below you can see our testing results for Mullvad. For more details of how we conduct our speed tests go to VPN Speed Tests
Test PC #1 – United States – OS (Mac OSX) – ISP (Cox)
SpeedTest.net (Firefox) | Location | Ping | Download | Upload |
Not Using VPN | United States | 21 | 30.53 | 11.43 |
OpenVPN | Germany | 181 | 4.1 | 3.77 |
OpenVPN | Sweden | 213 | 4.19 | 0.58 |
Download Test (Curl) | Location | File Size | Av. Speed/sec | Time/mins |
Not Using VPN | United States | 845M | 1605k | 08:59 |
OpenVPN | Germany | 845M | 898k | 16:03 |
OpenVPN | Sweden | 845M | 667k | 21:36 |
P2P Test (Transmission) | Location | File Size | Av. Speed/sec | Time/mins |
Not Using VPN | US | 800.1Mb | 1.96Mb | 06:49 |
OpenVPN | Germany | 800.1Mb | 0.79Mb | 16:55 |
OpenVPN | Sweden | 800.1Mb | 0.95Mb | 13:58 |
Test PC #2 – United Kingdom – OS (Win 7) – ISP (Sky)
SpeedTest.net (Firefox) | Location | Ping | Download | Upload |
Not Using VPN | United Kingdom | 41 | 10.56 | 0.93 |
OpenVPN | Germany | 125 | 7.54 | 0.98 |
Download Test (Curl) | Location | File Size | Av. Speed/sec | Time/mins |
Not Using VPN | United Kingdom | 783M | 1228k | 10:52 |
OpenVPN | Germany | 783M | 1195k | 11:10 |
P2P Test (uTorrent) | Location | File Size | Av. Speed/sec | Time/mins |
Not Using VPN | United Kingdom | 753Mb | 1.1Mb | 11:24 |
OpenVPN | Germany | 753Mb | 0.38Mb | 34:05 |
Note: The handshake protocol (MSCHAP_V2) used by many PPTP connections has been cracked and therefore PPTP could now be considered unencrypted. For maximum security use OpenVPN or L2TP.