From 1e5075d803265466689f697dcd8535759d7b9b07 Mon Sep 17 00:00:00 2001 From: Bradley Taunt Date: Wed, 16 Jul 2025 13:15:37 -0400 Subject: New Mullvad post, include OpenBSD section in about page --- index.md | 2 +- pages/about.md | 17 ++++++++-- posts/openbsd-mullvad.md | 74 ++++++++++++++++++++++++++++++++++++++++++++ public/images/mullvad-1.png | Bin 0 -> 153531 bytes public/images/mullvad-2.png | Bin 0 -> 119909 bytes 5 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 posts/openbsd-mullvad.md create mode 100644 public/images/mullvad-1.png create mode 100644 public/images/mullvad-2.png diff --git a/index.md b/index.md index 0a92d14..854cbc4 100644 --- a/index.md +++ b/index.md @@ -1,3 +1,3 @@ # Bradley Taunt -*...talks about software, design, and life.* +*...talks about software, design, life, and [OpenBSD](/about/#popular-openbsd-articles).* diff --git a/pages/about.md b/pages/about.md index 90a3c72..67e901f 100644 --- a/pages/about.md +++ b/pages/about.md @@ -8,14 +8,27 @@ I also actively maintain several [open source projects](/projects). Core tools are HTML, CSS, Ruby, JavaScript & PHP. Currently improving my skills with Rails & MongoDB. I also enjoy tinkering with basic shell scripts and [Unix systems](/public/images/unix.gif). -**Design Thought Experiments**: +## Popular OpenBSD Articles + +* [Installing OpenBSD on Linveo KVM VPS](/posts/openbsd-linveo/) +* [Building a Simple Router with OpenBSD](/posts/openbsd-router/) +* [Setup Mullvad VPN on OpenBSD via WireGuard](/posts/openbsd-mullvad/) +* [Dual Booting OpenBSD and Alpine Linux on a X220 ThinkPad](/posts/x220-dual-boot/) +* [Improving Laptop Battery Performance on OpenBSD](/posts/battery/) +* [Running VSCode in Chromium on OpenBSD](/posts/vscode/) +* [Setup an OpenBSD VM on macOS Using UTM](/posts/openbsd-mac-utm/) +* [Building rbenv on OpenBSD 7.5](/posts/Building_rbenv_on_OpenBSD_7.5/) +* [Fixing Jekyll's dart-sass Dependency on OpenBSD](/posts/Fixing_Jekyll__39__s_dart-sass_Dependency_on_OpenBSD/) +* [OpenBSD is a Cozy Operating System](/posts/OpenBSD_is_a_Cozy_Operating_System/) + +## Design Thought Experiments * [Stop Using Hamburger Menus (Sometimes)](/posts/hamburgers) * [Better Search Results](https://search.btxx.org) * [My Coffee Maker Just Makes Coffee](/posts/one-thing) * [Blog Anonymously](https://anon.btxx.org) -Elsewhere on the web: +## Elsewhere on the web - [Mastodon](https://mastodon.bsd.cafe/@bt) - [Lobsters](https://lobste.rs/~bt) diff --git a/posts/openbsd-mullvad.md b/posts/openbsd-mullvad.md new file mode 100644 index 0000000..81219f3 --- /dev/null +++ b/posts/openbsd-mullvad.md @@ -0,0 +1,74 @@ +# Setup Mullvad VPN on OpenBSD via WireGuard + +2025-07-16 + +I'm a big fan of Mullvad's approach on *true* privacy and very simple pricing. Most other VPNs market themselves for torrenting anonymously or using streaming services outside of your real location. These features are fine, but when a company is offering you 85% off a year subscription to their VPN - you can bet your bottom dollar they will sell you out in a heartbeat. + +Mullvad has only recently been [subject to a search warrant](https://mullvad.net/en/blog/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised) but even then *no customer data was obtained*. From the post: + +> Mullvad have been operating our VPN service for over 14 years. This is the first time our offices have been visited with a search warrant. + +Good stuff. Being able to pay anonymously with cash via mail drop-off is pretty great, too. + +But enough praise, let's walkthrough my Mullvad setup on my OpenBSD desktop. + +**Note:** The rest of this guide assumes you have already setup an account with Mullvad. + +## Installing & Configuring WireGuard + +Since there is no "native" Mullvad application for OpenBSD (which I consider a good thing!), we will need to run `wireguard` against our Mullvad configuration file directly. Don't worry, we'll get that config later. + +First we need to install WireGuard: + +~~~ +doas pkg_add wireguard-tools +~~~ + +Next we need to make our directory which will contain our soon-to-be generated configuration file: + +~~~ +doas mkdir /etc/wireguard +~~~ + +## Mullvad's WireGuard Configuration File Generator + +Login to your Mullvad account and navigate to **Downloads** > **WireGuard configuration**. On this page select **Linux** as your platform and then click **Generate key**. + +![The initial view for generating the WireGuard key in Mullvad](/public/images/mullvad-1.png) + +Mullvad will then ask you to customize your setup. Choose your desired country, location, and server. Below that you will see options for connection protocol, tunnel traffic, along with a section to customize your level of content blocking. Edit these as you see fit. + +![The web view showing detailed configuration options for the WireGuard settings](/public/images/mullvad-2.png) + +Once you're done just download the file (or scan the code). + +## Back to OpenBSD + +Now we make a new file called `wg0.conf` inside the `/etc/wireguard` directory we created previously. Copy the content from the Mullvad WireGuard file you downloaded and place it inside this file. It should look something like this: + +~~~ +[Interface] +# Device: Funny Device Name +PrivateKey = YOUR-PRIVATE-KEY +Address = 10.XX.XXX.XXX/32 +DNS = 100.XX.X.X + +[Peer] +PublicKey = YOUR-PUBLIC-KEY +AllowedIPs = 0.0.0.0/0 +Endpoint = 178.XXX.XXX.X:51820 +~~~ + +With that file created and saved, we can now start `wireguard`. There is no direct system call for WireGuard, instead we need to run the userspace tool `wg`: + +~~~ +doas wg-quick up wg0 +~~~ + +That's it! A quick test to see if it's working properly is to navigate to [mullvad.net](https://mullvad.net) and see what it reports at the top of the page. When you want/need to disable Mullvad, just run the same tool through `down`: + +~~~ +doas wg-quick down wg0 +~~~ + +Enjoy a more private browsing experience! \ No newline at end of file diff --git a/public/images/mullvad-1.png b/public/images/mullvad-1.png new file mode 100644 index 0000000..455ad9c Binary files /dev/null and b/public/images/mullvad-1.png differ diff --git a/public/images/mullvad-2.png b/public/images/mullvad-2.png new file mode 100644 index 0000000..5664e9f Binary files /dev/null and b/public/images/mullvad-2.png differ -- cgit v1.2.3-70-g09d2