Wireguard with 2023/V

Travel comfortably on the Internet with Mullvad

Egg, May 18, 2024: Anyone who travels often knows the problem. Depending on the location (country), certain services are no longer available because so-called GEO blockers (geographical blocks) are activated. With AVMultimedia 2023/V, Wireguard is now available. Together with Mullvad, this is an ideal combination for surfing the Internet quickly and easily anywhere in the world, anonymously and country-specifically. By way of introduction, these instructions require AVMultimedia 2024/V of the new generation. The current ArchivistaBox systems do not (yet) include this functionality.

What is Wireguard and what is Mullvad?

A private network (VPN) changes your own computer address (IP) to the outside world (internet). Under Linux, services such as OpenVPN or Wireguard exist for this purpose. The latter service is particularly useful because Wireguard works much faster than OpenVPN. A VPN connection is established from the current computer to a remote computer. This can be your own server/computer on which access is to take place.

In addition to “private” use, there are also commercial VPN services that allow the Internet to be used via the VPN service. These VPN providers usually provide many hundreds or even thousands of computers that can be used to surf the net. This is possible, for example, when the Swiss television website (srf.ch) is accessed in Austria to watch films via PlaySRF. These can only be accessed if the call is made from a server in Switzerland. And this is exactly where VPN services come in. The VPN provider can be used to “pretend” that your own computer is located in Switzerland (or any other country), even if your own computer is currently located abroad.

Well-known VPN services are protonvpn.com, mullvad.net or nordvpn.com. In order to be able to use the servers of these services, which are distributed all over the world, fees of approx. 3 to 10 euro per month are charged. ProtonVPN could be used with the previous AVMultimedia and ArchivistaBox systems. Unfortunately, it has no longer been possible to use protonvpn-cli for some time. For this reason, an alternative had to be found.

Mullvad has a very simple user concept. A sixteen-digit number is generated at the beginning. All activities are carried out via this number. A usage fee of 5 euros is charged per month for five devices. The service must be “activated” via the generated number, i.e. the account must be “topped up”. Cash, bank transfers, crypto and credit cards are accepted. After activation, the services are available for the activated period.

Clients are available for many operating systems such as iOS, Android, Windows, Mac and Linux. However, Linux support is only provided for current Ubuntu, Debian and Fedora versions. All others, i.e. including AVMultimedia (Devuan), can use Mullvad via OpenVPN and/or Wireguard. As mentioned at the beginning, Wireguard works significantly faster than OpenVPN. For this reason, Mullvad is presented below in combination with Wireguard.

Setting up Mullvad with AVMultimedia 2024/V

The process for setting up Mullvad on AVMultimedia is described below. It is expected that there is local access to an AVMultimedia installation.

Note: The following explanations assume that a 16-digit ID with credit exists. If no such ID exists, it can be created at https://mullvad.net/de/account/create. Once the ID has been created (once), it must be topped up with credit and stored securely. Mullvad cannot be used without the 16-digit ID. This would be/is all the more “dramatic” if a higher credit balance has been activated on the ID. Without the ID, the corresponding credit is “lost”.

After logging in to mullvad.net with the 16-digit number, goto the menu item ‘Wireguard configuration’ (1st step).

Click on the button ‘Generate key’ (2nd step). You will then find an entry under ‘Wireguard key’. An entry must be activated under ‘Select a country’. The option ‘All countries’ is recommended (3rd step). This allows all Mullvad servers to be used.

Click the ‘Download zip archive’ (4th step) button at the bottom of the page. The file ‘mullvad_wireguard_linux_all_all.zip’ will now be downloaded to the folder ‘/home/archivista/data’. The utility program for Mullvad can now be started:

The desired Mullvad server can be easily selected via the utility program:

The desired country can be selected directly by entering the first few letters (e.g. ch). The desired location can be activated by clicking on ‘Proceed’ and a confirmation click. If Mullvad should no longer “work”, this can be done with the ‘OFF’ option.

Simple, right? Unfortunately, it wasn’t quite that simple. Before reading on, please note that the following section is intended for those interested in the technical background. All others may “skip” directly to the next but one section.

Why the Mullvad tool for AVMultimedia was created

Unfortunately, the path to integrating Mullvad was not quite so straightforward. First, we tried to get the original Mullvad Linux package to work. As a Debian package, it can certainly be installed on Devuan. Unfortunately, the installation fails because the following calls are hardcoded in /var/lib/dpkg/info/mullvad-vpn.postinst in the bash file:

systemctl enable "/usr/lib/systemd/system/mullvad-daemon.service"
systemctl start mullvad-daemon.service || echo "Failed to start mullvad-daemon.service"
systemctl enable "/usr/lib/systemd/system/mullvad-early-boot-blocking.service"

The Mullvad Deamon can also be started manually. This is done with :

/usr/bin/mullvad-daemon -v

Now the service is started, but unfortunately the operating system is again “hard-coded” and the Mullvad service fails:

[ERROR] Error: Failed to reset firewall policy
Caused by: Error while processing an incoming netlink message
Caused by: Operation not supported (os error 95)

A request to Mullvad support only led to the explicit exclusion of any support for other Linux systems. Well then, a tool for AVMultimedia was developed. The program should run on all Linux systems. For those who are interested in the technology, here is the code:

#!/usr/bin/perl
use strict;
my $tit="AVMultimedia";
$tit="ArchivistaBox" if -e "/etc/mysql";
my $servers=`ls -1 /etc/wireguard/*.conf`;
$servers =~ s/(\.conf)//g;
my $msg_ok="Proceed";
my $msg_ok2="OK";
my $msg_cancel="Cancel";
my $msg_mullvad="Choose VPN-Server";
my $msg_none="OFF";
my $msg_err="Please first create wireguard conf for mullvad at mullvad.net";
my $lang=`cat /proc/cmdline | grep 'lang.en'`;
if ("$lang" eq "") {
  $msg_ok="Ausführen";
  $msg_cancel="Abbrechen";
  $msg_mullvad="VPN-Server wählen";
  $msg_none="AUS";
  $msg_err="Bitte auf mullvad.net Wireguard-Konfiguration erstellen";
}
my $files=`ls -1 /home/archivista/data/mullvad_wireguard_linux_*.zip`;
my @files = split(/\n/,$files);
my $file = $files[0];
my $pwire = "/etc/wireguard";
system("unzip -d $pwire -o \"$file\"") if -e "$file" && -d "$pwire";
my $current=`ls -1 /etc/wireguard/*.conf 2>/dev/null`;
if ($current eq "") {
  my $err="yad --window-icon=\"input-keyboard\" \\\n".
    "--width=400 --title=\"$tit\" \\\n".
    "--window-icon=\"\" --text=\"$msg_err\" \\\n".
    "--borders=10 --button=\"$msg_ok2\":0";
  system($err);
  exit 0;
}
$current =~ s/(\.conf)//g;
$current =~ s/(\/etc\/wireguard\/)//g;
my @servers = split(/\n/,$current);
my $server = "";
my $mullconf = "/etc/mullvad.conf";
$server = `cat $mullconf` if -e $mullconf;
chomp $server;
my $out = "$server $msg_none";
$out = $msg_none if $server eq "";
foreach my $key (@servers) {
  chomp $key;
  next if $key eq $server;
  $out .= " $key";
}
my $cmd = "yad --window-icon=\"input-keyboard\" \\\n".
  "--width=320 --height=480 --title=\"$tit\" \\\n".
  "--borders=10 --seperator --regex-search --search-column=1 \\\n".
  "--column=\"$msg_mullvad\" --list= $out \\\n".
  "--button=\"$msg_cancel\":1 --button=\"$msg_ok\":0";
my $res=`$cmd`;
if ($res ne "") {
  $res =~ s/\n//g;
  $res =~ s/\|//g;
  my $res1="yad --window-icon=\"input-keyboard\" \\\n".
    "--width=400 --title=\"$tit\" \\\n".
    "--window-icon=\"\" --text=\"$msg_mullvad: $res?\" \\\n".
    "--borders=10 --button=\"$msg_cancel\":1 --button=\"$msg_ok\":0";
  my $ret=system($res1);
  if ($ret==0) {
    if ($res eq $msg_none) {
      system("wg-quick down $server");
      system("rm -f $mullconf") if -e $mullconf;
    } else {
      if ($server ne $msg_none && $server ne "") {
        system("wg-quick down $server")
      }
      system("wg-quick up $res");
      system("echo -n \"$res\" >$mullconf");
    }
  }
}

The current code comprises under 80 lines and approx. 2600 bytes. With the exception of the location where the initial Mullvad wireguard configuration is “searched for”, the program can be used on any Linux operating system. This is in contrast to the official Mullvad Linux package. It requires a whopping 130 MByte on the hard disk and is only available and executable on a few Linux distributions (and even then only for certain versions).

At this point, the question may be raised as to why only Linux code is now programmed in such a way that it is tied to certain distributions. It would be very easy to write programs in such a way that they remain universally executable, but where there is no will, there is no way. And where there is a will, there is a way. This simply as a remark.

USB thettering and MullvadApp, if it doesn’t “work”

However, there is one restriction with the above procedure. With Mullvad (also with other services such as ProtonVPN or NordVPN), it is not possible to completely hide the fact that you are using a VPN network. Certain services (e.g. orf.at) check this and may refuse use.

If this is the case, these services can still be used by connecting the smartphone “in between”. The corresponding service is called USB thettering (only for Android or, LineageOS or /e/). The smartphone must be connected to the computer via a USB cable. USB thettering can now be activated:

   

After activating USB tunneling, the location can be changed in the Mullvad app (see above). The VPN service can now be used in AVMultimedia via the network tool (Windows key, then ‘Network tool’):

Note: The smartphone can only be used via USB if USB thettering is activated. If not, either the smartphone is not connected via USB at all or the USB cable is not suitable for use with the smartphone.

If everything is in the “green” range on the smartphone (USB thetering activated and location set in Mullvad), the use of the network secured in this way can be activated in AVMultimedia. To do this, use the Windows key (system menu) to call up the network tool and activate USB there. The root password must be entered once:

By clicking on the ‘Proceed’ button, you can use the Internet entirely via your smartphone. And once set up in this way, orf.at, for example, can also be “persuaded” to play the relevant content.

The question remains as to why it is still worth using Mullvad directly via AVMultimedia? Firstly, setting it up via USB tunneling requires more effort or necessarily an attached smartphone and secondly, the detour via the smartphone is usually much slower. In the vast majority of cases, Mullvad can be set up directly via AVMultimedia or the Wireguard protocol.

Conclusion: Flexible and with privacy on the Internet

The Wireguard solution presented here works from version 2024/V of the new generation (avmultimedia_2024.iso). However, the instructions also work on all Linux computers. In contrast to the GUI tool from Mullad, which only works for certain Debian, Ubuntu and Fedora versions, the solution presented here should be very universal, provided Wireguard is available.

Once installed, working with Mullvad is quite simple. AVMultimedia 2024/V also ensures that configuration files for the Mullvad servers are retained during a proper shutdown or startup.

A positive side effect of working with Mullvad is that the servers called up will never know the public IP address of the computer being used. This ensures a good level of privacy. Internal tests also showed a fast speed. In this sense, the monthly fee of 5 euros seems quite reasonable. Especially as Mullvad can be renewed on a monthly basis.

P.S: The update to 2023/V also includes an updated version of Freetube and fixes errors reported to ArchivistaBox (e.g. passwords with special characters).