Set up Mullvad VPN on FreshTomato
Mullvad offers an outdated setup guide for FreshTomato. Trying to follow the official guide I have encountered some pitfalls.
The following guide is an attempt to avoid having the next person trying to spend to much time troubleshooting their setup
The guide uses FreshTomato Version 2021.7.
We start in our FreshTomato Admin UI. Available via 192.168.1.1 by default or depending on your setup.
Choose OpenVPN Client under VPN Tunneling.
Basic Tab
Choose a server in their server list to use in Server Address/Port
. The username is your Account without spaces. The password is m
.
Should the Server Address/Port ever change you can learn the new values when downloading the OpenVPN configuration files in a later step. Then checking the contents of the mullvad_*.conf
file.
Advanced Tab
In comparison to the mullvad guide we remove
ping-restart 60
ping 10
and thus only use
persist-key
persist-tun
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
as Custom Configuration
If we keep the settings hitting Start now later will fail without any explanation in the UI.
Troubleshooting is possible in the log.
It states
Keys Tab
Due to choosing Username/Password Authentication
in the Basic Tab only Certificate Authority will be visible here.
Download the OpenVPN configuration files. Unzip the files and copy the contents of mullvad_ca.crt
into the Certificate Authority.
Routing Policy Tab
Hit Add after setting Type
, Value
and Kill Switch
.
If not hitting add, only Save, the Routing Policy will not be active later.
Hit Start Now
If Start Now does not change into Stop Now and no statistics are visible in the Status Tab check the Router Logs.
Check on mullvad.net if your setup is correct.