Set up Mullvad VPN on FreshTomato

Mullvad offers an outdated setup guide for FreshTomato. Trying to follow the official guide I have encountered some pitfalls.

The following guide is an attempt to avoid having the next person trying to spend to much time troubleshooting their setup

The guide uses FreshTomato Version 2021.7.

We start in our FreshTomato Admin UI. Available via 192.168.1.1 by default or depending on your setup.

Choose OpenVPN Client under VPN Tunneling.

Basic Tab

Choose a server in their server list to use in Server Address/Port. The username is your Account without spaces. The password is m.

Should the Server Address/Port ever change you can learn the new values when downloading the OpenVPN configuration files in a later step. Then checking the contents of the mullvad_*.conf file.

Advanced Tab

In comparison to the mullvad guide we remove

ping-restart 60
ping 10

and thus only use

persist-key
persist-tun
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA

as Custom Configuration

If we keep the settings hitting Start now later will fail without any explanation in the UI.

Troubleshooting is possible in the log.

It states

Keys Tab

Due to choosing Username/Password Authentication in the Basic Tab only Certificate Authority will be visible here.

Download the OpenVPN configuration files. Unzip the files and copy the contents of mullvad_ca.crt into the Certificate Authority.

Routing Policy Tab

Hit Add after setting Type, Value and Kill Switch.

If not hitting add, only Save, the Routing Policy will not be active later.

Hit Start Now

If Start Now does not change into Stop Now and no statistics are visible in the Status Tab check the Router Logs.

Check on mullvad.net if your setup is correct.