What are /r/mullvadvpn's favorite Products & Services?

From 3.5 billion Reddit comments

I wouldn't regret switching to a service that actually does what it claims.

Unfortunately bad actors also know that Mullvad is the best, thus some sites ending up blocking some IPs. You'll find one that works, keep trying and make sure to always visit the page to make sure the IP you are on isn't blacklisted.

They posted a bit about this when they updated the account number length a few years back.

> A newly created Mullvad account number is a 16-digit decimal in the "1000 0000 0000 0000" to "9999 9999 9999 9999" range. This allows for a total of 8.99 quadrilion possible account numbers. Assuming our customers are actively using 100,000 different accounts with us, one would need to guess on average 45 billion times in order to find a working account. This is practically impossible.

> Even the 12- and 13-digit numbers are actually 40 randomized bits and thus amount to 2^40 possible combinations, or 1,099,511,627,776. It would take, on average, 5.5 million tries in order to find a working account. This is still unlikely to happen because of the amount of guesses needed.

> We also take countermeasures against trying out many account numbers in a fast sequence, but due to the growing number of customers, it's time to increase the length.

Don't buy a VPN for 80 years lol. The Internet will be so different in 2100 that it will probably be unrecognisable, I doubt Mullvad will be around then, even tech giant like Google and Facebook may have fell by then

If you read their three "big data" articles, they are informing you that it is almost impossible to stay truly anonymous on the internet. Those articles are pretty informative, and I may change my browsing habits as a result.

What Mullvad is telling all their users here is that if you want to retain a fixed, assigned port that you have used in the past, you are providing one more collection data point that can be used with "big data" (it's not very big!!) to track you down. But if you need to keep using that fixed port, you are reducing your privacy. So, they recommend that you pay for your Mullvad service anonymously with cash to give yourself as much privacy as you get with a fixed port.

You should be cheering on Mullvad instead of dissing them!

I have been with other VPNs in the past, and none of those were as proactively informative and straight-forward communicating to their customers about privacy as Mullvad. The very post you mentioned is an excellent example of how they are reaching out to their customers about privacy, and letting the customers know that if they are putting their privacy at risk by retaining this feature.

Mullvad is the best, hands down.

Rick

PS: Always pay for your Mullvad with cash, guys! 👻

Have to say the blocking is nowhere near sufficient. A more comprehensive list is required, like a full OISD or Pengelana. If that's not possible on a technical level, I hope Mullvad consider giving iOS users the ability to add DoH strings (as opposed to IP addresses) in the Use Custom DNS Server section of their app, so that we can employ providers like AdHole, BlahDNS, NextDNS, etc. Still, I'd much prefer Mullvad to handle it internally, as I trust them more than the other DNS services.

I'm not technically literate, so if anyone reads this and agrees, please file an issue on that github link provided in Mullvad's blog post, suggesting better blocklists.

Cheers.

It is possible to get Mullvad using Monero, Mullvad partnered that sells Mullvad vouchers for Monero.

I honestly feel like Mullvad is super cheap. $5 for 5 devices is awesome.

NordVPN is $12 for 6 devices ($2/device)

ProtonVPN is $5 for 2 devices ($2.5/device)

ExpressVPN is $13 for 5 devices ($2.6/device)

Here is the answer from the Mullvad blog: “Can't someone guess my account number? A newly created Mullvad account number is a 16-digit decimal in the "1000 0000 0000 0000" to "9999 9999 9999 9999" range. This allows for a total of 8.99 quadrilion possible account numbers. Assuming our customers are actively using 100,000 different accounts with us, one would need to guess on average 45 billion times in order to find a working account. This is practically impossible.”

“What if someone were to successfully guess my account number? In short, that person would then be able to use Mullvad VPN for free since an account is allowed to make up to five connections simultaneously.

If you suspect this is happening, contact our support team to change your account number. Doing so will make your old account number invalid and anyone else who has it will not be able to connect with it.

If you're worried that somebody with your account number will be able to eavesdrop on your traffic through the VPN tunnel, don't be! The encryption key is only available on your device.

Apart from this, a stolen account number should have minimal, if any, impact on privacy or otherwise. This is because no personal information is made available by the account number or when you connect to the service. The only details available are the expiry time and which ports are forwarded (if any).

This by itself should not pose an issue, but if someone has also obtained other information about you, it could be sensitive. In the average case it should not be a problem, but for the very paranoid (or for those whose threat model says otherwise), not forwarding any ports is an option.

The most important think you can do to avoid any of the issues above is to keep your account number secret.”

In addition to Bitwarden or KeePassXC for an extra layer of security, I recommend 2FA with Aegis for Android and Raivo OTP for iOS.

Finally, Mullvad have proved that they don't log and the security of their infrastructure is, despite vulnerabilities, quite good and is being improved, no vulnerabilities seem to have been found for WireGuard, success !

Mullvad is not for streaming services, especially Netflix the majority of vpn`s are currently blocked with Netflix. You could buy a streaming bundle with torguard this includes residential US IP addresses,they are less likely to be blocked, but I doubt it's 100% guaranteed long term

Umm, probably yes?

I'm not sure why you would want to pay that far in advance though. Even Mullvad would probably advise paying for shorter times, maybe 1 year at a time. I wouldn't pay that far in advance for a service that may/may not still be around that long. And it's not like Mullvad has your info to issue a refund if they needed to anyway.

I think half the battle is recognition. When you talk about Nord and Express to the mainstream, the name recognition immediately kicks in, and so they trust them more right off the bat. When bringing up Mullvad, I think some are initially skeptical because they have not heard of it before, and don’t want to get scammed by some no-name VPN. The more name recognition Mullvad has, the more that Privacy enthusiasts are able to convince VPN using friends/family to make the switch.

Mullvad is really lacking when it comes to VoD or streaming services but its not really there forte. I use windscribe for video services geolocation stuff but mulvad for privacy. I trust it a lot more.

I recently purchased Mullvad. The account-number (as the one and only credential) threw me off too. But, the more I thought about it, I think it makes sense as perfect privacy. I.e., it's *all* in your hands.

If there were userids, passwords, secret questions... that would be more personally-identifying information Mullvad would have to keep about you (and tied to your account). One person (you) would want to change their userid. Someone else would forget their userid (and want to be able to look it up by email address.). Someone else would forget their email address and want to change it using "secret questions" (which someone else will have forgotten the answers they gave).

Mullvad would have to have large account-management & -support teams by the time that's sorted out. (Then one of them becomes pretexted by their boyfriend who works for Belgian Intelligence urges, "could you just tell me ipissed's email address? C'mon. Just between us.").

You're right that having a single, visible credential is alarming (seems odd by normal standards). But, it's the most secure thing you can have. And, it probably saves you money. I bet if Mullvad offered a normal account system, they'd charge you twice as much per month just to cover the cost of supporting all the "I forgot my...." interactions.

I'm not getting any issues with those sites. I find that it's fairly normal for it to happen on streaming services like Netflix, but it's rare that it happens on other sites.

When you got a page telling you it was banned, did it say why? Sometimes the IP is banned because it belongs to a VPN, but sometimes it's because someone else using Mullvad has been banned from the site for breaking that site's rules.

This is a great option because I prefer to only use Mullvad owned servers, and with this option, I can be sure that I’m always connected to these servers. I hope this feature will soon arrive at mobile as well!

Just use a different server if the one you are on blocks a site you need

If I can't access sites on Mullvad on my usual locations or they start blocking bitorrent then it'll be time to move to a new VPN again

The guide was available just less than a month ago as I used it myself. When conversing with Mullvad help they gave me the link and explained that they don't make it visible anymore as they don't want to rock the boat. It looks like they finally removed it entirely. I used the Wayback Machine to retrieve it.

It will be the same as other providers if you don't setup port forwarding. A simple thing to do is to open a port on a specific city on Mullvad port panel and then set the same port on your server (sshd_config), then you will be able to use the Mullvad IP that use your server to connect trough SSH.

I agree 100%. I've paid for NordVPN for even a year, and decided it was shitty. It was so horrible, that I switched to Mullvad about halfway through my subscription. Imagine if I had bought their 3 year subscription. I highly respect Mullvad's fair model.

>So basically you ask them to log traffic from users? Because 1000 people connected to one particular server doesn’t necessarily mean high traffic 😉 not every user is torrenting of playing Netflix from another country.

Load balancing can be done without logging users.

Mullvad and any VPN will for sure run network diagnostics on the servers ( isnt related to user data )

Mullvad publish the lists they use. They are very transparent. It's in their blog somewhere. It's a DNS based blocklist built around easylist.

Proton don't, or didn't, so you've got no way to know what they block. I recall seeing them asked on Reddit and their own forum and they played coy and cited "security" reasons for not disclosing the block lists. That might have changed in the year or so since.

from mullvad faq:

How do I enable the kill switch?

The app doesn’t have a kill switch setting because the function is built in and can never be disabled. If your network suddenly stops working or if the tunnel fails for any reason, Mullvad automatically protects your traffic from leaking outside of the VPN tunnel until your connection is reestablished.

I thought you were quoting this or something else from the mullvad site

> I'm assuming the bank has out-dated IP listings for geographic locations; is that a fair guess

More likely your bank detects you're on a VPN, doesn't allow it.

Try a different Mullvad server. Sometimes they aren't "known" that way yet.

IMO if you're using Mullvad because you think it affords you great privacy using another provider in front of it doesn't seem like a very smart idea. If you want a cheaper VPN I would just go elsewhere tbh

Yes, that message can be safely ignored. If you want to silence it, add disable-occ to the custom options 　

>does Mullvad plan to update the guide any time soon for the current release of pfsense?

It would be better to email them

Good concept, inadequate implementation.

Their blocking is based on EasyList, and nothing else. EasyList is a good foundational blocklist, but it's nowhere near enough on its own. Until Mullvad provides the ability to include custom blocklists, or select multiple lists, this isn't very useful.

I think it depends on how much you trust the provider. If I’m already using Mullvad as my vpn provider, I put my trust on them, so I have no problem that my dns requests are resolved to their servers. If I don’t use their vpn it depends on if your trust Mullvad or other providers (like quad9) more

I've only been using Mullvad for 2 months now, so I have no idea what "soon" means on Mullvads website - But it seems extremely cumbersome to do split tunneling the current way () on a Windows system. I would very much like Mullvad to have this sort of interface on a Windows pc. Other than that though, I am loving this VPN.

Also, if anyone knows, how long have the "soon" text been on the Windows client? Thanks much.

This is what Mullvad says about this.

Why can't I see the CPU load or Network utilization of a VPN server ?

The reason we do not provide this is because it would then give users a false sense of which server they should select. We try to ensure that all our servers have lots of capacity both in terms in Network and CPU If there happen to be performance variations on a given server, it is very likely not because of the server itself. It is most often because of internet routing issues. Try switching to another server hosted by a different hosting provider.

From:

​

>Can't someone guess my account number?
A newly created Mullvad account number is a 16-digit decimal in the "1000 0000 0000 0000" to "9999 9999 9999 9999" range. This allows for a total of 8.99 quadrilion possible account numbers. Assuming our customers are actively using 100,000 different accounts with us, one would need to guess on average 45 billion times in order to find a working account. This is practically impossible.
Even the 12- and 13-digit numbers are actually 40 randomized bits and thus amount to 2^40 possible combinations, or 1,099,511,627,776. It would take, on average, 5.5 million tries in order to find a working account. This is still unlikely to happen because of the amount of guesses needed.
We also take countermeasures against trying out many account numbers in a fast sequence, but due to the growing number of customers, it's time to increase the length.

The article also addresses the question "What if someone were to successfully guess my account number?"

So, relax! Your account number is not going to be "brute forced" in the near future.

This is because of how Apple deals with with the network after waking up from sleep. It won’t publish routes to the routing table until it’s been able to verify itself as online by pinging apple servers, which would have to traverse the tunnel, which isn’t up yet, because the routes aren’t published.

It’s a catch 22 really and it’s not something that Mullvad can fix without leaking traffic outside of the tunnel.

Source:

Maybe what you'd be better off trying is,while you're connected to Mullvad, use a separate browser for twitch and connect that browser to the socks5 proxy for whatever server you're connecting to to see if that'd help you out? You're still using Mullvad, just an IP prolly not many people use.

I'd say the main two things are...

• Bind qBittorent interface to only the Mullvad adapter (you can see a general example here so that it will never try to download over your normal connection
• Turn on Always On VPN setting in Mullvad (if it suits your set up)

This definitely isn't a Mullvad problem. People use their cc to pay for Mullvad subscriptions every day without the issues you're describing. They use a secure payment gateway for cc processing, and there haven't been any other similar reports of fraudulent activity after use. If you haven't already you should cancel your card and request a replacement. Going forward, you might also want to use a service that issues virtual cc numbers for online use instead of using your actual card number to make purchases.

You will find easy to use instructions on Mullvad's homepage under "Getting started with Mullvad". It is Ubuntu friendly. I use it every day. There is a killswitch - you will find it in application settings. Good luck!

A tweet from Mullvad Network issues.

Once you install the Mullvad app a desktop shortcut should appear. You can use that to open the app.

When the app is running there is a little symbol on the right side of the taskbar that looks like a lock you can press that to bring up the app.

If these don't appear you could go directly into the Mullvad folder. It should be located in program files. Just open the exe file.

Thanks for letting me know. I'll make sure to get my reading glasses from Walmart tomorrow.

But no, seriously. I'm gonna talk about a VPS if I feel it's useful to the user. I'm sure the the Mullvad community won't care, and quite frankly, neither do I. I pay for the service, after all. 🙃

Is there a specific thing you want to find out from the trial?

For what it’s worth I have been using Mullvad the past few months and it’s been excellent. Port forwarding works a treat. Over WireGuard I get blistering quick speeds. I have nothing but good things to say about them.

Since I installed the WireGuard app rather than using the Mullvad one on mac, it's been a game changer. Original is around 650/490 and With Mullvad it's around 500/350 which is very good. With Mullvad app (140/110....).

Holy shit! This is it boys! I've been waiting for this feature for a long long time. I've just tested it with Plex on my home server... it works beautifully! I'm running everything (firefox & qbitorrent) through the tunnel except for Plex, Jellyfin and some other locally hosted apps and everything is working extremely well. P2P traffic is running through QBT perfectly while Plex is correctly displaying usage graphs showing bandwidth going from in and outside the network. I'm very happy. A huge thanks to the team! This is wonderful!

I had just bought a raspberry pi 4 yesterday to set up as a separate seed box because Mullvad was interfering with Plex and I wanted separate servers, one to host my local stuff and one to host my linux ISO seed box. To keep things clean. What great timing for this. Now i'm going to set it up as a pi hole instead.

Thanks dev team! You guys rock!

1. Privacy reason
2. Can't be managed by Mullvad (because third party)

Anyway, even if it's "faster", all DNS are local, unique per server and better for privacy since you stay around the Mullvad service and not using something external.

If you want to use Cloudflare DNS this is your choice and you can use it by turning on custom dns in the official app.

The OP of this thread copied the contents of an email he got from Mullvad in this thread.

It doesn't explicitly mention security, but as a Mullvad dev is seemingly recommending its use, I would assume there's no known security gaps.

As an aside, TIL contraindication.

Then I believe Mullvad with Shadowsocks manages to do the same thing. Mullvad can't do anything about websites blocking the IPs just because that's not how VPNs work.

Also, tor and VPNs are two different things that fundamentally work differently and are not interchangeable. There are also different use cases with tor. I'm not sure what exactly you want to do, but VPNs are pretty common these days so they really have no reason to block your connection. What makes VPNs "anonymous" is the fact they can't link your IP to the session, provided they don't keep logs. Even with torrents, your ISP will usually not care unless they receive a C&D letter. VPNs dramatically help with that.

Hope you find a satisfactory solution.

Mullvad privacy update: For payments made with credit card, PayPal, and cash we use a temporary token to connect the payment with a Mullvad account. From now on, we will save an unused token for 120 days and a used token for 40 days. This means that we won’t be able to help you recover an account 40 days after the last payment. Your payment trace will have been deleted.

So I believe you can pay with whatever payment method you want, just pay 1 year ahead and your data will be deleted in 120 days. Yeah, there is still will be a trace on your bank account/paypal, but who really cares, its just a purchase that will not trace to mullvad other than purchase amount. In addition, Mullvad do not store logs so even if anyone will request a data from them, there is nothing to share about you.

This is not something I'd recommend doing with some random person on the internet, I mean, feel free to do whatever you want but personally I don't think it's the best idea. If Mullvad is genuinely too expensive for you, I'd recommend splitting it with someone you know personally.

> Q: Does the app have a kill switch? > > The Mullvad app uses the "on-demand VPN" function in iOS which acts as a kill switch when the VPN is connected. It should not leak traffic as our VPN always appears as being "up". Future versions of the app may improve on this.

Your circumstances sound very similar to mine. Support suggested using OpenVPN TCP over pot 443. It worked for me but REALLY sucks because you can't get wireguard speeds. However, after trying other VPN's and experiencing the same thing Mullvad openvpn servers were the fastest.

For Mullvad :

• Use WireGuard
• Consider using owned servers because they tend to be more secure and have less latency
• In your browser, enable HTTPS mode only, a VPN does not encrypt unsecured connections, it only encrypts the connection between your device and the VPN server, but not between the VPN server and the website server
• Check for DNS leaks with this test

For torrenting :

• Use qBittorrent
• In the cog icon for options, go to Connexion tab and use TPC as a peer connection protocol and in the BitTorrent tab, enable anonymous mode
• In the Advanced tab, then under "Network Interface", select "Mullvad"

Hi, u/efilopial,

I had something similar on my Windows machine a while ago just after an update. Support gave me the following advice:

>Try to disconnect Mullvad and open the Device Manager in Windows. Then check under Network adapters if there is any wintun adapter or Mullvad Tunnel and in that case right click on it and uninstall it.
>
>If it doesn't help then change to WireGuard protocol in the Mullvad app settings and go the app settings > Advanced > WireGuard key > Regenerate key.

Delete of the wintun worked for me.
Hope this works for you too.

Most of Mullvad IPs are shadowbanned, but some do work if you have some time to find them. You can follow this guide I made a few months back if you use Firefox and Wireguard.

If you're using Mullvad, you shouldn't be scared of "risk for my IP being discovered" because others will only see the IP of the Mullvad VPN server you're currently using, not your real IP. Also, I honestly don't think it's a good idea to use any torrent client with DHT disabled as you'll lose most of the seeders (unless you're using a private torrent tracker of course, where DHT is effectively useless).

You're on /r/mullvadvpn what do you think people will say?

Anyway here's a thread with many reasons why Mullvad is a top recommended VPN provider. Hope it helps.

I've been able to successfully play multi-player games with Mullvad enabled without too much impact. Not for any specific reason other than forgetting to disconnect before starting the game. I only saw a few millisecond increase in ping. I also happen to live very close to the Mullvad server I was connected to, so it probably improved the experience. If you are trying to play a highly competitive game where ping matters, I probably wouldn't suggest it, since you are introducing a middleman which could cause more intermittent lag depending on the amount of traffic going through the VPN node. But it's been perfectly fine for me on more casual online games. Just be sure to connect via Wireguard to a server close by and with high bandwidth capacity so you are less likely to be affected by other user's traffic. You can find the server bandwidth stats on the Mullvad website's server list.

Firstly, nice work!

​

Just some feedback as a UX designer:

• Connection type is redundant since both Android and iOS display it in the status bar
• Date doesn't really add a lot of value to Mullvad since the application is not time-dependent
• It would be nice to toggle the VPN on and off directly from the widget
• It would be nice to see the name (e.g. ch7-wireguard) of where you're connecting to and maybe the location (e.g. Zurich, Switzerland) either in addition to the IP address or in lieu of it so the user at least knows whether they're using Wireguard and what country they're connecting to since IP addresses aren't readable
• The amount of data use shown up front is a cool idea for a larger widget and I like what you did with it there

​

I'm sure you've thought of these things and are just limited by the third-party app though.

Currently that impossible to implement because Mullvad don't have API for developers. Another thing is Apple limitations to all widgets. Apple don't allow real time widget because of battery life. Min refresh rate for third party widget are 15 min. So ya until Apple change this we can't develop that.

Fair, but allow me to respond:

1. Never tested in court but audited, which PIA hasn't been.
2. It's not the same service.
3. There are have been more: Perfect Privacy, ExpressVPN, VyprVPN and NordVPN.
4. So does Mullvad, and it's a static one unlike PIA.
5. Sure but that's where the no logging policy comes in, as well as the Mullvad advantage of having their own node in blockchain rather than using BitPay like most others do.

Since we're talking about PIA, you conveniently omitted they were acquired by Kape which itself is a huge red flag.

Most commercial VPNs know who you are, you send all your Internet traffic to one server and they can do whatever they want with it, they have your payment information that can be linked to you, your email address, the VPN can be compromised and or deliberately to be used for surveillance or data analyse / collections, Tesonet which is one of the owners of NordVPN runs a data-harvesting service, we don't know what they do with his data exactly, maybe for statistics or for resale to data brokers, Tesonet is located in Lithuania where the laws in favor of privacy on the Internet are bad, this concerns a lot of free VPNs because it's their main source of revenue, but we've already seen that with paid providers like HMA, many providers already lied about their privacy policy, even if you use HTTPS, the VPN can use DPI at the entrance of the servers to sniff out the traffic and the encryption stops at the exit of the server, that say today 95% of the websites we actually visit are encrypted by HTTPS, so the VPN has no security advantage most of the time, but DPI can be used on any terminal, add the deployment of middleboxes, Cloudflare thinks it is a widespread practice, it's about intercepting and analyzing HTTPS traffic, it weakens its security and trust.

What is needed is that SNI and OCSP should at least be encrypted by default to hide domain names, but the cloudflare project with ECHI is just a project at the moment, DNS over HTTPS only encrypts DNS, its only real use is to bypass very rudimentary censorship means based on DNS blocking.

Mullvad has a model and commitment that sets them apart from other providers, I have only seen IVPN adopt a similar model, ProtonVPN clould be an good choice.

The way accounts work with Mullvad is different to most providers. They don't store your personal details like your name or e-mail address so it doesn't really matter all that much if someone else gets into your account.

It could be argued that it provides an extra level of anonymity because it can't be known with absolute certainty who owns or has access to any account.

If someone does manage to access your account, the worst that's likely to happen is, if they are online at the same time as you, they'll be taking up one of your five connection slots.

I don't think geo-hopping is related to your protocol. Generally, websites will make out where you're from based on the endpoint IP as well as cookies

I still find it puzzling how you can access Netflix as it never works for me on Mullvad; only their Originals are shown and able to stream which is expected behavior. On a related note, I set up a VPN through AWS, and Netflix plays just fine but again, it's only a matter of time before that is taken down too!

Mullvad tends to focus more on privacy and not streaming so if you're looking for the latter then you may be let down. The best VPN for streaming is perhaps Windscribe as they have rather intelligent DNS proxies (check out ControlD) that can proxy residential IPs for making streaming services like Netflix work. However, their support isn't the most prompt and their service isn't particularly focused for highly censored environments (like where I am where nearly no commercial VPN works and hence why I had setup an instance through AWS!)

Netflix in the past few months got smart and blocked many of these VPNs and as pessimistic as I may sound, this may be the death blow for streaming Netflix unfortunately

Your best bet is to use the OpenVPN (assuming since you use 10.8.0.1 which is the OpenVPN shadowsocks proxy) client using configuration files from Mullvad. You can check split tunneling instructions here.

In practical terms related to privacy and security, I don't think it makes a difference. The servers are all configured the same, and run on RAM. I suppose you could make the argument that the privacy laws in one country may be more favorable than another, but that's a theoretical difference, not a practical one. In practice, if the government came knocking, the data Mullvad can provide is the same no matter the country, which is virtually none as they don't log customer traffic.

They don't get to choose is the request is lawful, but law enforcement agencies attempt to get data all the time anyway. Look at when Apple was asked to decrypt an iPhone and they looked at the request, decided it was unlawful and refused to do it.

The statement above just means that Mullvad will check every request (probably with the help of a lawyer) to see whether they should comply.

Yes its a problem because they actually say ”we will comply with the law”. There are other vpn that says ”we will ignore any requests from goverments” basically because they are placed in a country where there are no such laws that vpn provider will ”comply” with.

I dont want push other vpn companies for free ad so you will have to find them searching a little. Mullvad i have heard much good about and they are often recommended because they have so good reputation. If they where based in a country where they have no obligation to comply with anything than it would be the perfect vpn.

I'm so happy this is finally on Windows. I stream quite often on GeforceNOW and it gets annoying having to turn the vpn on and off. Now it's done automatically via split tunneling, while keeping all other apps safely in the vpn tunnel.

Good stuff Mullvad!

I have a similar setup. I run Mullvad on the router.

I also have a raspberry pi running wireguard. When I leave my home WiFi, tasker triggers a profile on my android that turns off WiFi and connects to my home VPN server on the pi.

So apart from the time it takes to transfer my connection from WiFi to cellular, I'm always connected to Mullvad.

I can also use my adguard home instance on the same pi to get on the go ad blocking

Mullvad won't send you push notifications every 2 days which you can't disable on android. :)

Also it's much more stable and faster for me here than NordVPN was. Plus there's no fake "discount" for the 2 years plan which will run out in a few days but start again and again...

Torguard works pretty good with their streaming bundle. I've had it nearly 2 years now without issue. Tho i won't be renewing and just started using mullvad with plex sonarr etc. More convenient for me.

users paying cash are presumably trying to hide their identity. If one connects from home Mullvad may not know your credit card # but they know the home IP.

home IP

-> ISP

-> user

I think the extent of it is going into qBitTorrent settings and choosing the network interface associated with the Mullvad VPN.

It's not an explicit integration between the two softwares per se (i.e. Mullvad didn't make a qB plugin). It's just VPN software will create a network interface on your machine, and qB supports binding to just one interface by selecting it from a dropdown in settings.

I understand now. If what you want to do is prevent your ISP from seeing your dns requests, that’s great.

If you use NextDNS through their app, that effectively builds an encrypted channel, so you will be fine. Your ISP won’t see anything.

If you configure http-over-dns in Firefox (e.g. to use any of the services listed) all dns requests from Firefox as you surf the web, will be encrypted to that service. Your ISP won’t see dns requests from the browser.

If you use Mullvad app and have the VPN tunnel up in your PC, machine, or mobile phone, the DNS requests go through the vpn tunnel and are resolved by the mullvad dns server. Your ISP won’t see anything.

Tl,dr.: You don’t even need advanced dns options like DNS-over-Https in this case. All those cases will hide dns requests from your ISP. They’ll just see ip packets.

How would you change your account number without Mullvad affirming it's really the true account holder? Or, are you asking for the person who acquired your number to have that ability too? In which case, how would you change it after they change it?

These things usually have unintended consequences. You're wanting to fix a potential problem. When Mullvad does that ("that guy makes a lot of sense. Why don't we do that?") then someone else will complain that their account stopped working. Mullvad will investigate and see that it was renamed (the owner didn't even know they were surveilled). Then people will be complaining that Mullvad allowed this to happen(!) So, then Mullvad adds secret questions.

Maybe the situation could be safely improved without turning into the parade of horribles I've described. Some kind of two-factor for account access/management. The account number and a string (a pin) that doesn't display as you type it. (But, still, that turns into administration headaches. Someone will want to change that string. I suppose Mullvad could have a hard/fast rule that that string/pin can't be changed nor recovered if lost. That would at least give protection against prying eyes.).

A warrant canary in Sweden is useless:

"Under current Swedish law there is no way for them to force us to
secretly act against our users so a warrant canary would serve no
purpose. Also, we would not continue to operate under such conditions
anyway."

Mullvad also writes on their page that if they were magically forced to log users they would shutdown the service all together.

Monero converted to Bitcoin using a third-party swap service.

Mullvad doesn't accept Monero directly, but there have been community members who are selling Mullvad vouchers for Monero:

All activity conducted over Tor of course.

Exactly what u/QTrEIX said in their comment.

I just wanted to add my own take. I am an Australian Citizen presently living in Australia. As such I have a number of accounts related to my identity that are for services based in Australia. These include accounts like Credit Union Account, myGov & associated Online Services, & various others of similar category. Australia is a 5-eyes Country, but for those particular accounts I want to access from an Australian IP address. This is important especially for Financial Accounts. If I started connecting to them from random VPN IP addresses, then I'd probably get locked out quickly. So for that I have a dedicated VPN tunnel for those accounts. Everything is tunneled elsewhere & compartmentalized with a different WireGuard Key.

As always though: it comes back down to your Threat Model. I personally randomize my main VPN tunnel on VM bootup to randomly connect to one of the Mullvad WireGuard VPN servers.

I've used both, currently with TorGuard. Speeds in the U.S. for me have been the same, maxing out the connections I use (300 Mbps)

Privacy wise I'd say Mullvad is better, but TorGuard is definitely adequate. I believe DuckDuckGo endorses them. I also like their streaming IPs. TorGuard is cheaper and offers more so I use them, but either is good

I don't think that's a good idea. In today's society we're obsessed with "doing more" and that's not always the best solution to every problem.

I rather have Mullvad focussing all its efforts in delivering a great service, and nothing else.

Yes, of course. I was on a private tracker (MAM) and they show you the ip addresses that they see coming from you. My IPv4 was a Mullvad address, my IPv6 was my own ISP provided address. The admin brought it to my attention, I had overlooked it.

Mullvad multihop system is very simple to understand. When you create a configuration with multihop, you can see on the "Endpoint" line at the bottom that you have an IP and a port separated with a colon. The IP is the entry server, the port is the multihop port of the second server (exit). The private key is totally independent, you can have 2 config with the same key with a single server and a multihop (2 servers) one.

-- Mullvad app

ipv6 on, killswitch enabled, auto wireguard port, auto bridge mode, default mssfix (empty), 1280 Mtu Wireguard, opened port ~60500 (shared with OpenVPN)

-- Connection (qBittorrent)

protocol: tcp

port: port opened and shared with openvpn (on mullvad's website)

random port disabled, port redirection disabled

-- BitTorrent

DHT disabled

PeX disabled

Local discovery disabled

Allow encryption

Anonymous mode enabled

-- Advanced

network interface "wg-mullvad" (for wireguard)

optional IP address to bindt to: "All addresses"

OS Cache disabled

utp-tcp mixed mode algorithm "Prefer TCP"

Hey guys just wanted to let yall know I'm also having this exact issue (qBittorrent and tried a lot of different server locations). The port I had correctly running months ago suddenly stopped working a couple days ago.

I emailed Mullvad support, hopefully it's something they can fix!

You can't tell that it's easy to do without knowing how Mullvad operates their servers. Each VPN use their own tools to monitor and manage their servers and that can be even harder if it's something homemade or if they use a complicated infra (here. Choosing a few servers per region is not a simple log check, like I said before, it include all the tools linked to them and it's definitely more work that just checking at an app code.

I have no problem downloading from hosting sites by switching locations provided that I also clear cookies before revisiting the site from the new VPN location. (My lazy cheat is just to use multiple browsers.) This works with Mullvad but it also worked for two previous VPNs I used.

To be secure change your password and browsing habits. Mullvad is yet another layer to security, not the end all be all. Mullvad does protect from DNS leaks and has a kill switch. Be sure to use wireguard and it's a great VPN.

Well, there are other options..

You can search the web about creating a Virtual Machine (Or using a pre-built VM) where you activate Mullvad just within that VM. You'll want to make sure that the VM's network settings are correct.

Any apps you run inside that VM will go through the VPN, and then you can run everything else outside the VM.

How do you know that Mullvad only relies on EasyList? I think that was true for the first iteration but currently they also source from AdGuard and others. You can see on their Github:

I got a reply, and they're onto it:

> Hello,

> We are aware of this issue and our developers are looking into it.

> You can find the previous version here:

>

>Best regards,

Oh, you meant Multi-device beta on Whatsapp not on Mullvad! Yes, I have it and it's Android. But still don't see the the option on Mullvad that allows to access to devices on the same Wi-Fi network, only on Split Tunneling I see a list of local apps and I disabled the local Whatsapp app for now.

I'm not in the UK and I've never been on EE so I'm not sure how helpful I can be, but I can say that Mullvad hasn't disconnected because of travel for me. On the other hand, it HAS disconnected when the app gets culled (by Android's process manager). Have you eliminated that as a potential cause for your disconnects?

If you respond to this comment to remind me, I will write out some important tips for you. I went through this recently to set up QBitTorrent with Mullvad. You can find the instructions that were deleted archived somewhere. Not sure why they aren’t on the Mullvad website anymore. There’s also some other things to keep in mind. Remind me and I’ll get you some tips when I’m off work.

Nord has both whitelist and blacklist tunnel options, a lot more flexibility. I agree it would be easier if I could say "just use the VPN for qbittorrent" instead of listing all the programs that I want Mullvad to skip.

Another problem with Mullvad split tunnelling is that the programs you add still use the Mullvad DNS rather than the prior system DNS so it still causes lots of compatibility issues. Can't use StreamFab with Mullvad on whether split-tunnelled or not, for example.

I didn't read it all, but skimming it I do have a few thoughts:

1. It does not sound like he is using Mullvad (with the way mullvad is configured, I would not expect a roaming IP),

2. Smartphones have a lot of sensors that can give away its position ,

3. You should expect that any "leak" between machines or qubes is just that... a leak... if you sign into a google account.... a GOOGLE ACCOUNT... with a GOOGLE OS... on a GOOGLE phone.... and then use the same account on a vpn-isolated qube... why would you NOT expect some sort of connection to be made? That is literally what the act of signing in is... making a connection.

4. No... "using one qube" is not any sort of improvement... security by compartmentalization is a thing, and one must only be aware that there are such things that can bypass it.... such as hot mics... shared screen resolutions, etc.... but most blatantly of all.... identifying yourself...

5. No.... I would not expect Mullvad to waste time responding to that.

There are various reasons why this could happen, such as DNS leaks, or browsers using DoH. However, since you’ve said that you’ve followed the Mullvad guide, the problem is most likely to be here. In order for pfblocker to work, DNS requests need to be going through pfsense inbuilt DNS resolver (Unbound). Mullvad’s guide does not take this into account, and instead uses the DHCP server to broadcast their remote DNS servers, which ultimately are not running pfblocker or any ad blocking of any kind. To fix your problem, you need to skip this step and instead add 192.168.1.1 in your DHCP DNS entry and ensure Unbound DNS resolver is running on your outgoing interfaces. Pfsense has plenty of documentation on how to do this correctly. If you wish to use Mullvad’s DNS servers still, you can use Unbound in forwarding mode, however I’d recommend for ultimate privacy to use Unbound as your only DNS resolver and send the requests down Mullvad tunnel. This brings me on to DNS hijacking, this is only applicable if you are sending your plain text DNS requests down the VPN tunnel. In this case, Mullvad will forward to their DNS servers. If you have DNSSEC (DNS Security) enabled in pfsense, this can cause DNS to fail as it detects that the requests are being hijacked - thus the reason why Mullvad have provided port 1400 to avoid this. TL;DR - To use pfblocker, ignore Mullvad’s guide with respect to DNS and follow pfsense guides to forcing DNS on your network. Send your DNS traffic down the tunnel to avoid leaking your IP over DNS and use port 1400 to prevent hijacking.

I don't mean to be rude, but this isn't a Mullvad problem per se and you probably should direct this to the pfsense crowd. Again, no offense meant.

Mullvad, as a VPN, do one thing and beside changing ports there isn't any wiggle room. This is a configuration problem on the pfsense side, hence my recommendation to direct your attention there.

From

How many computers or devices can I use my Mullvad VPN account on?

You can use your account on up to 5 devices.

I 'm using Mullvad on my android phone, a macbook air, an openwrt router and a windows 10 PC.

They have superb Wireguard support. As famous as it it WG is still underrated, you can do all sorts of awesome things with the user space version (netstack package very cool)

Mullvad allow you to generate configs for all servers with absolutely zero fuss, I’ve not used many other VPN providers, can anybody recommend others that also make getting plain WG configs straightforward?

Same problem here

Contacted Mullvad and they said to restart the service in

Can confirm that if you close the app (I have to force close it) then restart the service and launch the app it works without having to reinstall. What bothers me is I have to do this about 50% of the time to get MullVad working now. Been like it since the new version.

Just received an email from someone from mullvad.

"It seems Apple changed something with how the firewall works in the latest beta and this breaks our Mullvad app. I've forwarded it to our developers so they can investigate further.

In the meantime you can use native WireGuard or OpenVPN to connect to our service."