1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
#+title: Connecting to a Random Mullvad Wireguard Host on Boot
#+date: 2023-01-23
#+description: Learn how to connect to a random Mullvad Wireguard host on boot.
#+filetags: :linux:
* Mullvad Wireguard
If you're using an OS that does not support one of Mullvad's apps,
you're likely using the Wireguard configuration files instead.
If not, the first step is to visit Mullvad's
[[https://mullvad.net/en/account/#/wireguard-config][Wireguard
configuration files]] page and download a ZIP of the configuration files
you want to use.
Personally, I downloaded all configuration files across the world and
chose my connections using the script below.
Once the files are downloaded, unzip them and move them to your
preferred location:
#+begin_src sh
cd Downloads
unzip mullvad_wireguard_linux_all_all.zip
mkdir ~/mullvad && mv ~/Downloads/*.conf ~/mullvad/
#+end_src
*** Creating a Script to Connect to a Random Host
Once you have a folder of Wireguard configuration files from Mullvad,
you can create a script to randomly connect to any one of the locations.
Start by creating a shell script - mine is called =vpn.sh=.
#+begin_src sh
nano ~/vpn.sh
#+end_src
Within this script, you can paste the following info. Note that I
specify =us-*= in my script, which means that it will only consider
US-based VPN locations. You can alter this or simply change it =*= to
consider all locations.
#+begin_src sh
#!/bin/sh
ls /home/$USER/mullvad/us-** |sort -R |tail -n 1 |while read file; do
# Replace `doas` with `sudo` if your machine uses `sudo`,
# or remove `doas` if users don't need to su to run wg-quick
doas wg-quick up $file;
printf "\nCreated Mullvad wireguard connection with file: $file";
printf "\n\nPrinting new IP info:\n"
curl https://am.i.mullvad.net/connected
done
#+end_src
Once you've modified the script to your liking, add executable
permissions and run the script:
#+begin_src sh
chmod +x ~/vpn.sh
~/vpn.sh
#+end_src
The output should look like the following:
#+begin_src txt
doas (user@host) password:
# ... The script will process all of the iptables and wg commands here
Created Mullvad wireguard connection with file: /home/user/mullvad/us-nyc-wg-210.conf
Printing new IP info:
You are connected to Mullvad (server country-city-wg-num). Your IP address is 12.345.678.99
#+end_src
That's all there is to it. You can see your new location and IP via the
=printf= and =curl= commands included in the script.
You can also go to the [[https://mullvad.net/en/check/][Connection Check
| Mullvad]] page to see if you are fully connected to Mullvad and if any
leaks exist.
#+caption: Mullvad Connection Check
[[https://img.cleberg.net/blog/20230123-random-mullvad-wireguard/mullvad_check.png]]
* Disconnecting from the Wireguard Connection
If you forget which connection you're using, you can execute the
following command to see where Wireguard is currently connected:
#+begin_src sh
wg show
#+end_src
This command will show you the Wireguard interfaces and should output a
connection like so: =interface: us-lax-wg-104=.
Once you have this, just disconnect using that files' full path:
#+begin_src sh
wg-quick down /home/user/mullvad/us-lax-wg-104.conf
#+end_src
I have a TODO item on figuring out how to easily export an environment
variable that contains the configuration file's full name, so that I can
just execute the following:
#+begin_src sh
# Ideal situation if I can export the $file variable to the environment
wg-quick down $file
#+end_src
If you have an idea on how to do this, email me!
|
