#+title: Connecting to a Random Mullvad Wireguard Host #+date: 2023-01-23 ** Mullvad Wireguard :PROPERTIES: :CUSTOM_ID: mullvad-wireguard :END: If you're using an OS that does not support one of Mullvad's apps, you're likely using the Wireguard configuration files instead. If not, the first step is to visit Mullvad's [[https://mullvad.net/en/account/#/wireguard-config][Wireguard configuration files]] page and download a ZIP of the configuration files you want to use. Personally, I downloaded all configuration files across the world and chose my connections using the script below. Once the files are downloaded, unzip them and move them to your preferred location: #+begin_src sh cd Downloads unzip mullvad_wireguard_linux_all_all.zip mkdir ~/mullvad && mv ~/Downloads/*.conf ~/mullvad/ #+end_src ** Creating a Script to Connect to a Random Host :PROPERTIES: :CUSTOM_ID: creating-a-script-to-connect-to-a-random-host :END: Once you have a folder of Wireguard configuration files from Mullvad, you can create a script to randomly connect to any one of the locations. Start by creating a shell script - mine is called =vpn.sh=. #+begin_src sh nano ~/vpn.sh #+end_src Within this script, you can paste the following info. Note that I specify =us-*= in my script, which means that it will only consider US-based VPN locations. You can alter this or simply change it =*= to consider all locations. #+begin_src sh #!/bin/sh ls /home/$USER/mullvad/us-* |sort -R |tail -n 1 |while read file; do # Replace `doas` with `sudo` if your machine uses `sudo`, # or remove `doas` if users don't need to su to run wg-quick doas wg-quick up $file; printf "\nCreated Mullvad wireguard connection with file: $file"; printf "\n\nPrinting new IP info:\n" curl https://am.i.mullvad.net/connected done #+end_src Once you've modified the script to your liking, add executable permissions and run the script: #+begin_src sh chmod +x ~/vpn.sh ~/vpn.sh #+end_src The output should look like the following: #+begin_src txt doas (user@host) password: # ... The script will process all of the iptables and wg commands here Created Mullvad wireguard connection with file: /home/user/mullvad/us-nyc-wg-210.conf Printing new IP info: You are connected to Mullvad (server country-city-wg-num). Your IP address is 12.345.678.99 #+end_src That's all there is to it. You can see your new location and IP via the =printf= and =curl= commands included in the script. You can also go to the [[https://mullvad.net/en/check/][Connection Check ​| Mullvad]] page to see if you are fully connected to Mullvad and if any leaks exist. #+caption: Mullvad Connection Check [[https://img.cleberg.net/blog/20230123-random-mullvad-wireguard/mullvad_check.png]] ** Disconnecting from the Wireguard Connection :PROPERTIES: :CUSTOM_ID: disconnecting-from-the-wireguard-connection :END: If you forget which connection you're using, you can execute the following command to see where Wireguard is currently connected: #+begin_src sh wg show #+end_src This command will show you the Wireguard interfaces and should output a connection like so: =interface: us-lax-wg-104=. Once you have this, just disconnect using that files' full path: #+begin_src sh wg-quick down /home/user/mullvad/us-lax-wg-104.conf #+end_src I have a TODO item on figuring out how to easily export an environment variable that contains the configuration file's full name, so that I can just execute the following: #+begin_src sh # Ideal situation if I can export the $file variable to the environment wg-quick down $file #+end_src If you have an idea on how to do this, email me!