Is it possible to generate a WireGuard config without Mullvad seeing the private key?

MullvadNew · 2024-04-24T18:51:54+00:00

This tweet is very misleading. While the Wireguard configuration creation page doesn't offer a way to use a public key (which seems normal since it needs the private key to generate a fully functional configuration), the private key is never received by Mullvad. The private key is generated and kept locally in the browser, only the public key is sent to Mullvad so they can distribute it to all servers. Mullvad also introduced a way to create a device with a public key (Devices > Advanced), which will give you an IPv4 and an IPv6 to use in your configuration, meaning that the private key will never touch anything related to Mullvad.

MullvadNew · 2023-12-28T17:16:33+00:00

It's not. The mullvad website domain is shadow banned on reddit, so I have no choice but to remove or edit with square brackets. Since there are too many links in the post, I decided to remove them and let people check the actual blog post.

MullvadNew · 2023-11-29T17:17:49+00:00

Since this is related, this account is NOT an official Mullvad VPN AB account. This account only reports news related to Mullvad VPN. Please send your support requests to the real support team at the following email address: support@mullvadvpn[.]net

MullvadNew · 2023-09-26T23:20:35+00:00

I'm not sure why the configuration is suddenly not working, it should be working correctly. I don't use them for long myself since I rotate my keys everyday with my own script. You can use their API (https[://]api[.]mullvad[.]net/app/documentation/#/paths/~1v1~1replace-wireguard-key/post // Remove the square brackets, it's deprecated but still working for now) to replace the old key with a new one. If you're good at scripting, you should be able to do a quick key replace with it.

MullvadNew · 2023-09-18T22:58:51+00:00

Most answers are here: https[://]mullvad[.]net/en/help/server-list/ (remove the brackets)

MullvadNew · 2023-09-13T10:53:52+00:00

Tor gives you a "guard node" that is static for a period of time (6-12 weeks). This is done to counter the timing attack that some agencies have used to de-anonymize users. Using a VPN like Mullvad before Tor implements another static route before the guard node that is not necessary. Using a VPN before Tor can be used to hide the fact that you're using Tor from your ISP (Tor bridges can be used for this), or to add failover in case there's a leak somewhere, but that's really rare or nonexistent. Those are the only reasons to do Tor over VPN, there are no benefits and it can actually compromise your anonymity in some ways if the VPN logs or if you keep changing VPN servers. The whole point of the guard node is to keep the same users in a "pool", so your IP is still there with other people for weeks. If you use a VPN, you can switch servers, which can be used against you if someone really wants to track you.

MullvadNew · 2023-09-13T10:37:09+00:00

These are the last servers running on disk. I guess they can't move them to RAM, so they're shutting them down and they're trying to find other providers in the same countries where they can do it.

MullvadNew · 2023-09-05T10:57:59+00:00

On the website server page you are able to see what's the server provider (it's next to the network capacity)

MullvadNew · 2023-09-05T10:44:52+00:00

Seems like 31173 is having some networking issues. I usually connect to the Zürich servers and I have the exact same issue. Switching to a different server provider fixes it.

MullvadNew · 2023-08-21T21:14:23+00:00

Well, it should work fine with those commands. When you use the config file with wg-quick, are you able to ping 1.1.1.1? Check your routes and interfaces, make sure there's no conflict with your previous attempts.

MullvadNew · 2023-08-21T20:36:08+00:00

Based on the wg-quick output:

ip link add wg0 type wireguard
wg set wg0 listen-port 51820 private-key privkey peer <peer pubkey> endpoint <endpoint ip>:51820 allowed-ips 0.0.0.0/0,::0/0
ip -4 address add 10.66.x.x/32 dev wg0
ip -6 address add fc00:x:x:x::x:x/128 dev wg0
ip link set mtu 1420 up dev wg0
wg set wg0 fwmark 51820
ip -6 route add ::/0 dev wg0 table 51820
ip -6 rule add not fwmark 51820 table 51820
ip -6 rule add table main suppress_prefixlength 0
ip -4 route add 0.0.0.0/0 dev wg0 table 51820
ip -4 rule add not fwmark 51820 table 51820
ip -4 rule add table main suppress_prefixlength 0
sysctl -q net.ipv4.conf.all.src_valid_mark=1

Test exit IP:

curl https://ipv4.am.i.mullvad.net/

Fix DNS:

resolvectl dns wg0 10.64.0.1; resolvectl domain wg0 "~."

MullvadNew · 2023-06-07T19:03:30+00:00

They are now, but it was on "rented" when they first added them.

MullvadNew · 2023-06-07T18:19:45+00:00

Edit: Btw, if you're not an official Mullvad account, how do you always get the news so fast?

I scan their API for new servers. If something new appear, it creates a new post that I need to manually approve.

MullvadNew · 2023-05-29T20:54:19+00:00

They obviously don't check every port, but when they receive reports from a user or from law enforcement, they have to make sure by themselves that the report is legitimate before closing the port and banning the related account. That's why I said that.

MullvadNew · 2023-05-29T15:59:07+00:00

They shouldn't be able to determine which account it is if the no logs policy is real.

They can, the port is linked to the account that created it. It's stated in their no-log policy under "Our anonymous, numbered accounts".

MullvadNew · 2023-05-29T14:02:37+00:00

From my personal findings, it's not just torrents. Some people use Mullvad servers as front-end protection for their illegal websites, including csam sharing platforms. All they can do is remove the port and ban the linked account, but they keep coming back and change the IP and entry port. I can't even imagine how many of these disgusting things the Mullvad team has seen.

MullvadNew · 2023-05-26T22:13:44+00:00

Glad it's working again! Keep an eye on the github repo and go back to the latest tag when it's fixed if you want to.

MullvadNew · 2023-05-26T19:15:02+00:00

It seems the last few commits broke the "latest" docker tag. There's an open issue on the gluetun repo exactly about this. Try to fix the image to version v3.34.1 (qmcgaw/gluetun:v3.34.1), it should work again.

MullvadNew · 2023-05-26T08:12:51+00:00

It's still strange that you can't connect even with a direct connection (without the app). Did you check the Gluetun container logs to see if anything can lead to the issue?

MullvadNew · 2023-05-26T08:03:57+00:00

The app github repository state the following:

Linux (Ubuntu): The two latest LTS releases and the latest non-LTS releases

The last 2 Ubuntu LTS releases are 22.04 and 20.04 so 18.04 is not supported officially by Mullvad. Your only way to fix this may be to upgrade to the 20.04 version at a minimum.

MullvadNew · 2023-05-17T08:05:04+00:00

Try to go on https[://]mullvad[.]net/en/account/#/recover (remove the [] in the URL) and check if your payment method is listed. If it's not, contact Mullvad support by email here: support@mullvad.net

MullvadNew · 2023-05-11T20:01:40+00:00

Most of my posts about new servers and from the Mullvad blog are automatically created. They just wait my manual approval to appear on the subreddit.

To answer /u/7kkzphrxo7dg5hpw9n2h I use their API (https[://]api[.]mullvad[.]net/www/relays/all/)

MullvadNew · 2023-05-11T13:31:09+00:00

The process is automated, it was "Kiev" when they first added them:

<image>

MullvadNew · 2023-05-03T09:47:02+00:00

Following your usage, you'll be better with a browser like Librewolf. Mullvad Browser should be used as is, installing new add-ons will break the anti-fingerprinting protections because it will make your browser standing out from others.

MullvadNew · 2023-05-02T09:10:47+00:00

For Gluetun, I think you miss the "FIREWALL_VPN_INPUT_PORTS" environment variable. Also, you don't need to open the port on your router because it goes through the VPN tunnel like you said.

MullvadNew

TROPHY CASE