Repository files navigation

Welcome to the Mullvad VPN client app source code repository.This is the VPN client software for the Mullvad VPN service.For more information about the service, please visit our website,mullvad.net (Also accessible via Tor on ouronion service).

This repository contains all the source code for thedesktop and mobile versions of the app. For desktop this includes the system service/daemon(mullvad-daemon), a graphical user interface (GUI) and a commandline interface (CLI). The Android app uses the same backing system service for thetunnel and security but has a dedicated frontend inandroid/. iOS consists of acompletely standalone implementation that resides inios/.

There are built and signed releases for macOS, Windows, Linux and Android available onour website and onGitHub. The Android app is also availableonGoogle Play andF-Droid and the iOS version onApp Store.

You can find our code signing keys as well as instructions for how to cryptographically verifyyour download onMullvad's Open Source page.

These are the operating systems and their versions that the app officially supports. It mightwork on many more versions, but we don't test for those and can't guarantee the quality orsecurity.

On Linux we test using the Gnome desktop environment. The app should, and probably does workin other DEs, but we don't regularly test those.

Here is a table containing the features of the app across platforms. This is intended to reflectthe current state of the latest code in git, not necessarily any existing release.

* The local network is always accessible on iOS with the current implementation

This app is a privacy preserving VPN client. As such it goes to great lengths to stop trafficleaks. And basically all settings default to the more secure/private option. The user has toexplicitly allow more loose rules if desired. See thededicated security document for detailson what the app blocks and allows, as well as how it does it.

This repository contains submodules needed for building the app. However, some of those submodulesalso have further submodules that are quite large and not needed to build the app. So unlessyou want the source code for OpenSSL, OpenVPN and a few other projects you should avoid a recursiveclone of the repository. Instead clone the repository normally and then get one level of submodules:

git clone https://github.com/mullvad/mullvadvpn-app.gitcd mullvadvpn-appgit submodule update --init

On Android, Windows, Linux and macOS you also want to checkout the wireguard-go submodule:

git submodule update --init wireguard-go-rs/libwg/wireguard-go

Further details on why this is necessary can be found in thewireguard-go-rs crate.

We sign every commit on themain branch as well as our release tags. If you would like to verifyyour checkout, you can find our developer keys onMullvad's Open Source page.

This repository has a git submodule atdist-assets/binaries. This submodule contains binaries andbuild scripts for third party code we need to bundle with the app. Such as OpenVPN, Wintunetc.

This submodule conforms to the same integrity/security standards as this repository. Every mergecommit should be signed. And this main repository should only ever point to a signed merge commitof the binaries submodule.

See thebinaries submodule's README for moredetails about that repository.

See thebuild instructions for help building the app on desktop platforms.

For building the Android app, see theinstructions for Android.

For building the iOS app, see theinstructions for iOS.

Seethis for instructions on how to make a new release.

• TALPID_FIREWALL_DEBUG - Helps debugging the firewall. Does different things depending onplatform:

  • Linux: Set to"1" to add packet counters to all firewall rules.
  • macOS: Makes rules log the packets they match to thepflog0 interface.
    • Set to"all" to add logging to all rules.
    • Set to"pass" to add logging to rules allowing packets.
    • Set to"drop" to add logging to rules blocking packets.

• TALPID_FIREWALL_DONT_SET_SRC_VALID_MARK - Set this variable to1 to stop the daemon fromsetting thenet.ipv4.conf.all.src_valid_mark kernel parameter to1 on Linux when a tunnelis established.The kernel config parameter is set by default, because otherwise strict reverse path filteringmay prevent relay traffic from reaching the daemon. Ifrp_filter is set to1 on the interfacethat will be receiving relay traffic, andsrc_valid_mark is not set to1, the daemon willnot be able to receive relay traffic.

• TALPID_FIREWALL_DONT_SET_ARP_IGNORE - Set this variable to1 to stop the daemon fromsetting thenet.ipv4.conf.all.arp_ignore kernel parameter to2 on Linux when a tunnelis established.The kernel config parameter is set by default, because otherwise an attacker who can send ARPrequests to the device running Mullvad can figure out the in-tunnel IP.

• TALPID_DNS_MODULE - Allows changing the method that will be used for DNS configuration.By default this is automatically detected, but you can set it to one of the options below tochoose a specific method.

  • Linux

    • "static-file": change the/etc/resolv.conf file directly
    • "resolvconf": use theresolvconf program
    • "systemd": use systemd'sresolved service through DBus
    • "network-manager": useNetworkManager service through DBus

  • Windows

    • iphlpapi: use the IP helper API
    • netsh: use thenetsh program
    • tcpip: set TCP/IP parameters in the registry

• TALPID_FORCE_USERSPACE_WIREGUARD - Forces the daemon to use the userspace implementation ofWireGuard on Linux.

• TALPID_DISABLE_OFFLINE_MONITOR - Forces the daemon to always assume the host is online.

• TALPID_NET_CLS_MOUNT_DIR - On Linux, forces the daemon to mount thenet_cls controller in thespecified directory if it isn't mounted already.

• MULLVAD_MANAGEMENT_SOCKET_GROUP - On Linux and macOS, this restricts access to the managementinterface UDS socket to users in the specified group. This means that only users in that group canuse the CLI and GUI. By default, everyone has access to the socket.

• MULLVAD_BACKTRACE_ON_FAULT - When enabled, if the daemon encounters a fault (e.g.SIGSEGV),it will log a backtrace to stdout, and todaemon.log. By default, this is disabled inrelease-builds and enabled in debug-builds. Set variable to1 or0 to explicitly enable ordisable this feature. Logging the backtrace cause heap allocation. Allocation is not signal safe,but here it runs in the signal handler. This in technically undefined behavior and thereforedisabled by default. This usually works, but enable at your own risk.

• MULLVAD_API_HOST - Set the hostname to use in API requests. E.g.api.mullvad.net.

• MULLVAD_API_ADDR - Set the IP address and port to use in API requests. E.g.10.10.1.2:443.

• MULLVAD_API_DISABLE_TLS - Use plain HTTP for API requests.

• MULLVAD_CONNCHECK_HOST - Set the hostname to use in connection check requests. E.g.am.i.mullvad.net.

Usesetx from an elevated shell:

setx TALPID_DISABLE_OFFLINE1 /m

For the change to take effect, restart the daemon:

sc.exe stop mullvadvpnsc.exestart mullvadvpn

Edit the systemd unit file viasystemctl edit mullvad-daemon.service:

[Service]Environment="TALPID_DISABLE_OFFLINE_MONITOR=1"

For the change to take effect, restart the daemon:

sudo systemctl restart mullvad-daemon

Useplutil:

sudo plutil -replace EnvironmentVariables -json'{"TALPID_DISABLE_OFFLINE_MONITOR": "1"}' /Library/LaunchDaemons/net.mullvad.daemon.plist

For the change to take effect, restart the daemon:

launchctl unload -w /Library/LaunchDaemons/net.mullvad.daemon.plistlaunchctl load -w /Library/LaunchDaemons/net.mullvad.daemon.plist

• MULLVAD_PATH - Allows changing the path to the folder with themullvad-problem-report toolwhen running in development mode. Defaults to:<repo>/target/debug/.
• MULLVAD_DISABLE_UPDATE_NOTIFICATION - If set to1, notification will be disabled whenan update is available.

• $ npm run develop - develop app with live-reload enabled
• $ npm run lint - lint code
• $ npm run pack:<OS> - prepare app for distribution for your platform. Where<OS> can belinux,mac orwin
• $ npm test - run tests

The requirements for displaying a tray icon varies between different desktop environments. If thetray icon doesn't appear, try installing one of these packages:

• libappindicator3-1
• libappindicator1
• libappindicator

If you're using GNOME, try installing one of these GNOME Shell extensions:

• TopIconsFix
• TopIcons Plus

• desktop/packages/mullvad-vpn/
  • assets/ - Graphical assets and stylesheets
  • src/
    • main/
      • index.ts - Entry file for the main process
    • renderer/
      • app.tsx - Entry file for the renderer process
      • routes.tsx - Routes configurator
      • transitions.ts - Transition rules between views
  • tasks/ - Gulp tasks used to build app and watch for changes during development
    • distribution.js - Configuration forelectron-builder
  • test/ - Electron GUI tests
• dist-assets/ - Icons, binaries and other files used when creating the distributables
  • binaries/ - Git submodule containing binaries bundled with the app. For example thestatically linked OpenVPN binary. See the README in the submodule for details
  • linux/ - Scripts and configuration files for the deb and rpm artifacts
  • pkg-scripts/ - Scripts bundled with and executed by the macOS pkg installer
  • windows/ - Windows NSIS installer configuration and assets
  • ca.crt - The Mullvad relay server root CA. Bundled with the app and only OpenVPN relayssigned by this CA are trusted

• build-windows-modules.sh - Compiles the C++ libraries needed on Windows
• build.sh - Sanity checks the working directory state and then builds installers for the app

The daemon is implemented in Rust and is implemented in several crates. The main, or top level,crate that builds the final daemon binary ismullvad-daemon which then depend on the others.

In general one can look at the daemon as split into two parts, the crates starting withtalpidand the crates starting withmullvad. Thetalpid crates are supposed to be completely unrelatedto Mullvad specific things. Atalpid crate is not allowed to know anything about the API throughwhich the daemon fetch Mullvad account details or download VPN server lists for example. Thetalpid components should be viewed as a generic VPN client with extra privacy and anonymitypreserving features. The crates havingmullvad in their name on the other hand make use of thetalpid components to build a secure and Mullvad specific VPN client.

• Cargo.toml - Main Rust workspace definition. See this file for which folders here are daemonRust crates.
• mullvad-daemon/ - Main Rust crate building the daemon binary.
• talpid-core/ - Main crate of the VPN client implementation itself. Completely Mullvad agnosticprivacy preserving VPN client library.

Explanations for some common words used in the documentation and code in this repository.

• App - This entire product (everything in this repository) is the "Mullvad VPN App", or App forshort.
  • Daemon - Refers to themullvad-daemon Rust program. This headless program exposes amanagement interface that can be used to control the daemon
  • Frontend - Term used for any program or component that connects to the daemon managementinterface and allows a user to control the daemon.
    • GUI - The Electron + React program that is a graphical frontend for the Mullvad VPN App.
    • CLI - The Rust program namedmullvad that is a terminal based frontend for the MullvadVPN app.

A list of file paths written to and read from by the various components of the Mullvad VPN app

On Windows, when a process runs as a system service the variable%LOCALAPPDATA% expands toC:\Windows\system32\config\systemprofile\AppData\Local.

All directory paths are defined in, and fetched from, themullvad-paths crate.

The settings directory can be changed by setting theMULLVAD_SETTINGS_DIR environment variable.

The log directory can be changed by setting theMULLVAD_LOG_DIR environment variable.

The cache directory can be changed by setting theMULLVAD_CACHE_DIR environment variable.

The full path to the RPC address file can be changed by setting theMULLVAD_RPC_SOCKET_PATHenvironment variable.

The desktop Electron app has a specific settings file that is configured for each user. The path isset in thedesktop/packages/mullvad-vpn/src/main/gui-settings.ts file.

Seegraphics README for information about icons.

Instructions for how to handle locales and translations are foundhere.

For instructions specific to the Android app, seehere.

Mullvad has used external pentesting companies to carry out security audits of this VPN app. Readmore about them in theaudits readme.

Copyright (C) 2025 Mullvad VPN AB

This program is free software: you can redistribute it and/or modify it under the terms of theGNU General Public License as published by the Free Software Foundation, either version 3 ofthe License, or (at your option) any later version.

For the full license agreement, see the LICENSE.md file

The source code for the iOS app is GPL-3 licensed like everything else in this repository.But the distributed app on the Apple App Store is not GPL licensed,it falls under theApple App Store EULA.