Mullvad settings

Could someone provide a basic list of instructions for setting up Mullvad? I have my own but not certain if it’s good enough to browse the internet with a high degree of anonymity. I used their web site to check for DNS and WebRTC leaks as well as IP blacklistings. Test results came back successful and without any issues. I do need some help with Mullvad application and modem(router?) port forwarding. Any info or tips would be greatly appreciated.

Hey, to understand all the Mullvad settings I suggest you to read through their article.
And if you want to use the BitTorrent protocol please first make sure that you have the correct settings (all explained in a in the meanwhile deleted Mullvad article from their website).

I personally use these settings for normal internet browsing AND gaming:

Settings → Preferences

  • Kill Switch enabled (because it’s enabled by default)
  • Launch app on start-up enabled
  • Auto-connect enabled
  • Block ads enabled
  • Block trackers enabled
  • Block malware enabled
  • Block adult content enabled
  • Block gambling enabled
  • Local network sharing enabled (because I wanna access my Raspberry Pi, but disable that if you are on a public network!)
  • Notifications enabled
  • Monochromatic tray icon disabled
  • Start minimized disabled
  • Beta program disabled

Settings → Advanced

  • Enabled IPv6 disabled
  • Always require VPN enabled (because I don’t like being without VPN unless I am using Tor)
  • Tunnel protocol WireGuard (faster than OpenVPN for me)
    I only use Split tunneling sometimes for Chromium when a website does not like that I am being on VPN, like my bank or PayPal

Settings → Advanced → WireGuard settings

  • Port Automatic (I don’t need to use specific ports)
  • Enable Multihop enabled (traffic gets routed into one server and out another making it harder to trace and I personally still have a good ping (50 - 60 ms))
  • IP version IPv4
2 Likes

I can only include 2 links because I am a new user, so here is the answer for your question about port forwarding:

They have an article here about port forwarding and a VPN YouTuber has a full video about it explaining how to set it up here for torrenting, but the progress is the same for whatever you want to do with port forwarding.

If you want to run Mullvad on your router, here are some guides:
OpenWrt routers and Mullvad VPN
DD-WRT routers and Mullvad VPN
Asus Merlin and Mullvad VPN
Using pfSense with Mullvad

1 Like

Something you should understand is that masking your IP address is only one part of the online privacy equation. Marketers/advertisers have long realized many people use commercial VPNs and have turned to fingerprinting as another data collection measure.

This is not to discourage you from using a VPN, just trying to help you understand it’s not a privacy panacea and to think more about the bigger picture.


That being said, port forwarding with mullvad is only really useful when you’re hosting some service you want to be accessible from outside your home network. I use OPNSense for my network firewall & router, with mullvad on it covering my whole network, and have yet to need port forwarding except for the previously mentioned scenario. Torrents work just fine for me and I have UPnP disabled.

great information thank you both.

Are you a bot?
Just wondering because of you said:

You’re probably reading this because you’ve asked what VPN service to use, and this is the answer.

It’s a copy and paste from the Github link at the bottom. It’s really well known article and it has some good points, but I think that it offers kind a binary point of view. VPN has completely valid use cases and it’s a great tool (especially Mullvad), but you have to be aware of it’s functions and limitations. It’s not a silver bullet for anonymity, security or privacy.

1 Like

I only asked to see what Mullvad setting ppl use. Not a long drawn out anti VPN rant.

This isn’t a place for nuance :angry:

I’ve been rereading the comment and your reply but I fail to see what you’re referring to surely this is a joke and I’m out of the loop or you don’t want nuance and only want facts on in the forum?

This was very useful and informative thank you personally I don’t block anything but I will experiment. Kill switch is actually called “lock-down” currently and it’s not called a kill switch the mullvad linux app has a kill switch built in lock down actually cuts off the internet entirely if mullvad isn’t running. What kill switch does is block the internet if the vpn cuts out or if you switch to a different country. I think multihop is over the top for me since my traffic is already going through a trusted provider but I would love to hear someone make a case for it!

1 Like

It is a joke yes :stuck_out_tongue:

Oh I have not got any notification about an update, I am still running version 2022.4 :grimacing:, maybe that is why I have not heard of “lock-down” yet.
Now I updated to 2022.5 and noticed that I have to rewrite my whole first post here :joy:

As you already said the always enabled Kill switch is to prevent traffic from leaking outside of the VPN tunnel if the network stops working or if the tunnel fails and with Lockdown Mode enabled you have to be connected to a Mullvad VPN server to be able to reach the internet.
Pretty much the same as the “Always require VPN” setting in version 2022.4.

I also thought that, but I tested different Entry and Exit servers and also with multihop disabled and the results were pretty much the same.
With multihop enabled I always got an average ping of around 60 ms and with multihop disabled I have around 58 ms and since I only play a few games where the ping does not really matter and for browsing and streaming the 2 ms difference also does not really matter.

Do you mean your internet service provider? May I ask which one?

I meant mullvad “trusted provider” haha. Yeah you’re right it is always on vpn that got renamed. You can use this command to update it’s what I use. I had to find this on some random stack overflow page.
Fedora

wget --content-disposition https://mullvad.net/download/app/rpm/latest

and for debian

wget --content-disposition https://mullvad.net/download/app/deb/latest

Now again for version 2022.5 of the Mullvad VPN desktop app for Linux (the settings above are for version 2022.4):

Settings → VPN settings

  • Launch app on start-up enabled
  • Auto-connect enabled
  • Local network sharing enabled (because I wanna access my Raspberry Pi, but disable that if you are on a public network!)
  • Block ads enabled
  • Block trackers enabled
  • Block malware enabled
  • Block adult content enabled
  • Block gambling enabled
  • Enabled IPv6 disabled
  • Kill Switch enabled (because it’s enabled by default)
  • Lockdown mode enabled (because I don’t like being without VPN unless I am using Tor)
  • Tunnel protocol WireGuard (faster than OpenVPN for me)

Settings → VPN settings → WireGuard settings

  • Port Automatic (I don’t need to use specific ports)
  • Obfuscation Off (because I don’t need that when I am at home, but maybe when traveling to somewhere like China or UAE etc. where VPN might be blocked)
  • Enable Multihop enabled (traffic gets routed into one server and out another making it harder to trace and I personally still have a good ping (50 - 60 ms))
  • IP version IPv4
  • MTU Default

I only use Split tunneling sometimes for Chromium when a website does not like that I am being on VPN, like my bank or PayPal, and I also do not use the Beta program.

Thank you, but normally I just download the .deb (works on Ubuntu 20.04+ and Debian 10+ (64 bit only)) from their download page, verify the signatures and update it.

Until there is a flatpak for mullvad I could maybe make a script to auto update the app and I forgot about signatures. Maybe the script could grab both and ask for user intervention to verify them or do them automatically.

great Idea if you are bored have nothing to do, I also thought about doing that before but right now I am just too busy (and maybe too lazy :joy:).
Damn I should really start looking for a project again to get back into scripting.
But I don’t think that has anything to do with the topic of this article what we are writing about.

I’m not even good at it I’m just messing around in bash on github idk even know how I would do I just would like to do it. I know IVPN has a flatpak so come on mullvad step up to the podium.