Preparing for Mullvad WireGuard Setup
Verify your Mullvad login information
If you are not already a Mullvad user Sign Up Now.
Log in to your account on the Mullvad website.
Select Manage ports and WireGuard Keys displayed on the account page.
DD-WRT Router Setup for Mullvad WireGuard
Navigate to Setup > Tunnels
Enter Mullvad WireGuard settings
1. Click Add Tunnel.
2. Set Tunnel to Enable.
3. Select Wireguard from the dropdown.
4. Click Add Peer.
5. Set Endpoint to Enable.
6. Set Router Allowed IP’s via tunnel and Use Pre-shared Key to Disable.
7. Click Generate Key.
8. Set Advanced Settings to Enable.
9. Copy the Local Private Key.
10. In a new tab (leave the DD-WRT settings opened), go to your Mullvad Account and click Manage Ports and WireGuard Keys.
11. Click WireGuard configuration file.
12. Select Linux as your Platform.
13. Click Manage Keys.
14. Paste the copied Local Private key to the Manage WireGuard Keys field and click Import Keys.
15. Select your Country, City, and Server number that you want to connect to.
16. Click Advanced Settings.
17. Set the Tunnel Traffic to Only IPv4.
18. Click Download File.
19. Open the config file that was downloaded to your computer with NotePad or Notepad++ for Windows or TextEdit for Mac.
20. In the downloaded config file under [Interface] enter the Address into the IP Addresses/Netmask(CIDR) field in the DD-WRT settings.
Certain DD-WRT builds will show two separate fields here: IP Address and Subnet Mask. If that is the case set the IP Address field to the Address without the /32 added and set the Subnet Mask to 255.255.255.255
21. In the config file under [Peer] copy the PublicKey and paste it into the Peer Public Key field in the DD-WRT Settings.
22. In the config file under [Peer] copy the Endpoint and paste it into the Endpoint Address field.
23. At the bottom of the page click Save and then click Apply Settings.
Enter Mullvad WireGuard Commands
Navigate to Administration > Commands
1. Copy and paste the text below and click Save Startup.
sleep 30 echo "Update route table on startup..." WGSERVER=$(/usr/sbin/nvram get oet1_rem0) WANGW=$(/usr/sbin/nvram get wan_gateway) WANIF=$(/usr/sbin/nvram get wan_iface) route add -host $WGSERVER gw $WANGW dev $WANIF route del default route add default dev oet1 ip route flush cache mkdir -p /tmp/etc/config ln -s /tmp/custom.sh /tmp/etc/config/wg-route-fix.wanup echo "... Done route table update."
2. Copy and paste the text below and click Save Custom.
#!/bin/sh sleep 5 echo "Update route table on wanup ..." WGSERVER=$(/usr/sbin/nvram get oet1_rem0) WANGW=$(/usr/sbin/nvram get wan_gateway) WANIF=$(/usr/sbin/nvram get wan_iface) route add -host $WGSERVER gw $WANGW dev $WANIF route del default route add default dev oet1 ip route flush cache echo "... Done route table update."
3. Copy and paste the text below and click Save Firewall.
WANIF=$(/usr/sbin/nvram get wan_iface)
iptables -t nat -I POSTROUTING -o oet1 -j MASQUERADE
iptables -I FORWARD -i br0 -o $WANIF -m state –state NEW -j REJECT –reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -p tcp -o $WANIF -m state –state NEW -j REJECT –reject-with tcp-reset
Set Mullvad DNS servers
Navigate to Setup > Basic Setup
Set Static DNS 1 to 10.64.0.1
Set Static DNS 2 to 193.138.218.74
Click Apply Settings.
Reboot the FlashRouter
Navigate to Administration > Management
Scroll to the bottom of the page and click the red Reboot Router button. Wait for the FlashRouter to reboot and then reconnect.
Verify a successful Mullvad connection
Navigate to Setup > Tunnels
- You should see Endpoint, Latest handshake, and Transfer in the WireGuard status area.
- Visit Mullvad’s IP Check to verify your status as using Mullvad.
Back up your settings
Navigate to Administration > Backup
- Click the Backup button.
- A file named nvrambak.bin will be saved to your computer.
- You can load nvrambak.bin to restore your settings in the event of a reset.
