Skip to main content

Mullvad VPN - Wireguard

First, we need to add a Wireguard interface in the Mikrotik router to auto-generate a key pair. We will copy the private key and import it into the Mullvad device configuration page. Mullvad will use the imported private key to generate a public key. Mullvad will use this public key to encrypt data packets back to the Mikrotik firewall.

interface/wireguard/add name=Mullvad

 

interface/wireguard/print 
Flags: X - disabled; R - running 
 0  R name="Mullvad" mtu=1420 listen-port=26477 private-key="qG7LMj39vPGUAX+FtFBZu5DVJH2q3nH6CSDa4ociPGM=" 
      public-key="Fea2vkJ2H2Tk0apEn7t2ivXx7ssTs+w23zkm3mOp+xo="

Once you have the private key from the Wireguard interface you'll need to login into Mullvad and browse to "My account" and then click on "Manage devices and ports". It should take you to a page that looks like the one shown below.

mullvad-devices.png

Next, you'll want to click on the "WireGuard configuration file" link. Your web page should look similar to the page below.

mullvad-private-import.png

Next, you'll take the private key you saved from your Mikrotik configuration and import it. Once your key is imported it should look similar to the image below.

mullvad-import-confirm.png

 

interface/wireguard/peers/add interface=Mullvad endpoint-address=68.235.43.82 endpoint-port=51820 allowed-address=0.0.0.0/0 public-k
ey="MRZsEblqO4wlq0WPnZgp5X9ex4Z2FHm9bljO/a/Mznk="

 

ip/address/add interface=Mullvad address=10.67.171.164/32

 

routing/table/add name=Mullvad fib

 

ip/route/add dst-address=0.0.0.0/0 gateway=Mullvad routing-table=Mullvad

 

ip/firewall/address-list/add list=Mullvad-VPN address=172.16.5.20

 

ip/firewall/mangle/add action=mark-routing chain=prerouting new-routing-mark=Mullvad passthrough=yes src-address-list=Mullvad-VPN

 

ip/firewall/nat/add action=masquerade chain=srcnat src-address-list=Mullvad-VPN

Back to top