explaingit

mullvad/mullvadvpn-app

7,078RustAudience · developerComplexity · 5/5Setup · hard

TLDR

The complete open-source code for the Mullvad VPN app, a privacy-first VPN client for Windows, macOS, Linux, Android, and iOS using WireGuard, with censorship bypass, ad blocking, and traffic obfuscation built in.

Mindmap

mindmap
  root((Mullvad VPN))
    Platforms
      Windows Linux macOS
      Android
      iOS
    Privacy Features
      WireGuard tunnels
      DAITA noise
      Traffic obfuscation
    Extra Features
      Split tunneling
      Multihop routing
      Ad and tracker blocking
    Security
      Independent audits
      Signed commits
      Restrictive defaults
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Study a production-grade VPN client implementation with WireGuard, kill switches, and split tunneling in Rust.

USE CASE 2

Audit the full security model of a commercially deployed privacy app, code and independent audit reports are both public.

USE CASE 3

Contribute to censorship bypass features like Shadowsocks or QUIC obfuscation in an active open-source VPN project.

USE CASE 4

Build on the Mullvad daemon codebase to create a custom VPN client for a restricted or enterprise network environment.

Tech stack

RustWireGuardAndroidiOSShadowsocksQUIC

Getting it running

Difficulty · hard Time to first run · 1day+

Requires Rust toolchain plus platform-specific build tools for each target OS, GPU not needed but build is complex.

In plain English

This repository contains the complete source code for the Mullvad VPN client application. Mullvad is a paid VPN service focused on privacy, and this code is what runs on your device to create encrypted tunnels, block unwanted traffic, and keep your internet activity private from outside observers. The app is available on Windows, Linux, macOS, Android, and iOS. On desktop platforms, it is made up of three parts: a background service that handles the actual network tunneling, a graphical interface you interact with, and a command-line tool for users who prefer typing commands. The Android version uses the same background service but has its own separate interface. The iOS version is a fully independent implementation. Pre-built, signed versions are available on the Mullvad website, Google Play, F-Droid, and the iOS App Store. For the tunneling itself, the app uses WireGuard, a modern protocol for creating encrypted network connections. On top of that base, it adds several features aimed at users in more restrictive environments: the ability to route traffic through multiple servers before reaching its destination (multihop), options to disguise the VPN traffic as ordinary web traffic to bypass censorship (via Shadowsocks, QUIC, or TCP), and a feature called DAITA that adds noise to traffic patterns to make it harder for outside parties to analyze what you are doing even when they can see that you are using a VPN. It also supports split tunneling, which lets you decide which apps go through the VPN and which do not, custom DNS servers, and built-in blockers for ads and trackers. Security is treated as a core design priority. All settings default to the most restrictive option, requiring users to explicitly loosen anything. The codebase is audited by independent security firms every two years, and the full unredacted results are published publicly. Merge commits on the main branch require cryptographic signatures. The core networking code is written in Rust, a language known for memory safety.

Copy-paste prompts

Prompt 1
How do I build and run the Mullvad VPN daemon locally on Linux for development and testing?
Prompt 2
How does mullvadvpn-app implement the DAITA traffic noise feature to prevent VPN traffic pattern analysis?
Prompt 3
Walk me through how the Mullvad app handles multihop routing, what happens at the network level when traffic routes through two servers?
Prompt 4
I want to understand how split tunneling works in mullvadvpn-app on Linux, which Rust files handle the traffic routing rules?
Prompt 5
How does mullvadvpn-app disguise VPN traffic as ordinary web traffic using the Shadowsocks or QUIC obfuscation modes?
Open on GitHub → Explain another repo

← mullvad on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.