[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-5588":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":23,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":16,"starSnapshotCount":16,"syncStatus":17,"lastSyncTime":35,"discoverSource":36},5588,"mullvadvpn-app","mullvad\u002Fmullvadvpn-app","mullvad","The Mullvad VPN client app for desktop and mobile","https:\u002F\u002Fmullvad.net\u002F",null,"Rust",7162,487,83,100,0,2,21,109,11,88.57,"GNU General Public License v3.0",false,"main",[26,27,28,29,30,31],"electron","nodejs","openvpn","rust","vpn","wireguard","2026-06-12 04:00:25","# Mullvad VPN desktop and mobile app\n\nWelcome to the Mullvad VPN client app source code repository.\nThis is the VPN client software for the Mullvad VPN service.\nFor more information about the service, please visit our website,\n[mullvad.net](https:\u002F\u002Fmullvad.net) (Also accessible via Tor on our\n[onion service](http:\u002F\u002Fo54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion\u002F)).\n\nThis repository contains all the source code for the\ndesktop and mobile versions of the app. For desktop this includes the system service\u002Fdaemon\n([`mullvad-daemon`](mullvad-daemon\u002F)), a graphical user interface ([GUI](desktop\u002F)) and a command\nline interface ([CLI](mullvad-cli\u002F)). The Android app uses the same backing system service for the\ntunnel and security but has a dedicated frontend in [android\u002F](android\u002F). iOS consists of a\ncompletely standalone implementation that resides in [ios\u002F](ios\u002F).\n\n## Releases\n\nThere are built and signed releases for macOS, Windows, Linux and Android available on\n[our website](https:\u002F\u002Fmullvad.net\u002Fdownload\u002F) and on\n[GitHub](https:\u002F\u002Fgithub.com\u002Fmullvad\u002Fmullvadvpn-app\u002Freleases\u002F). The Android app is also available\non [Google Play] and [F-Droid] and the iOS version on [App Store].\n\n[Google Play]: https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=net.mullvad.mullvadvpn\n[F-Droid]: https:\u002F\u002Ff-droid.org\u002Fpackages\u002Fnet.mullvad.mullvadvpn\u002F\n[App Store]: https:\u002F\u002Fapps.apple.com\u002Fus\u002Fapp\u002Fmullvad-vpn\u002Fid1488466513\n\nYou can find our code signing keys as well as instructions for how to cryptographically verify\nyour download on [Mullvad's Open Source page].\n\n### Platform\u002FOS support\n\nSee [Supported Platforms](docs\u002Fsupported-platforms.md) for details on which operating\nsystems, versions and architectures are supported, and which ones are covered by our\nautomated test suite.\n\n## Features\n\nHere is a table containing the features of the app across platforms. This is intended to reflect\nthe current state of the latest code in git, not necessarily any existing release.\n\n| | Windows | Linux | macOS | Android | iOS |\n|-----------------------------------------|:-------:|:-----:|:-----:|:-------:|:---:|\n| WireGuard | ✓ | ✓ | ✓ | ✓ | ✓ |\n| Quantum-resistant tunnels | ✓ | ✓ | ✓ | ✓ | ✓ |\n| [DAITA] | ✓ | ✓ | ✓ | ✓ | ✓ |\n| WireGuard multihop | ✓ | ✓ | ✓ | ✓ | ✓ |\n| WireGuard over TCP | ✓ | ✓ | ✓ | ✓ | ✓ |\n| WireGuard over Shadowsocks | ✓ | ✓ | ✓ | ✓ | ✓ |\n| WireGuard over QUIC | ✓ | ✓ | ✓ | ✓ | ✓ |\n| Lightweight WireGuard Obfuscation (LWO) | ✓ | ✓ | ✓ | ✓ | |\n| Split tunneling | ✓ | ✓ | ✓ | ✓ | |\n| Custom DNS server | ✓ | ✓ | ✓ | ✓ | ✓ |\n| Content blockers (Ads etc) | ✓ | ✓ | ✓ | ✓ | ✓ |\n| Optional local network access | ✓ | ✓ | ✓ | ✓ | ✓\\* |\n| [Externally audited](.\u002Faudits) | ✓ | ✓ | ✓ | ✓ | ✓ |\n\n\\* The local network is always accessible on iOS with the current implementation\n\n[DAITA]: https:\u002F\u002Fmullvad.net\u002Fen\u002Fblog\u002Fintroducing-defense-against-ai-guided-traffic-analysis-daita\n\n## User security, privacy and anonymity\n\nThis app is a privacy preserving VPN client. As such it goes to great lengths to stop traffic\nleaks. And basically all settings default to the more secure\u002Fprivate option. The user has to\nexplicitly allow more loose rules if desired. See the [dedicated security document] for details\non what the app blocks and allows, as well as how it does it.\n\n[dedicated security document]: docs\u002Fsecurity.md\n\n## Secure development\n\nSince the security of the users of the app is a top priority, by extension the security\nof the development and release process also becomes a top priority. This is something we work\nactively on.\n\n[![OpenSSF Best Practices](https:\u002F\u002Fwww.bestpractices.dev\u002Fprojects\u002F9411\u002Fbadge)](https:\u002F\u002Fwww.bestpractices.dev\u002Fprojects\u002F9411)\n\n### Git signatures\n\nAll merge commits to the main branch must be PGP (gpg) signed in git. This signs off the entire\nfeature branch. The individual commits in the feature branch do not need to be signed,\nunless they change one or more of the files deemed extra important.\n\nThe list of files requiring signatures to every commit that change them is defined in the\n[`verify-locked-down-signatures`](.github\u002Fworkflows\u002Fverify-locked-down-signatures.yml)\nworkflow.\n\n### Audits, pentests and external security reviews\n\nThis app is audited by external security experts and penetration testers every second year.\nWe also carry out feature specific audits for certain security critical features and changes.\n\nThe results of these audits are always made public in their unredacted original form, for\nfull transparency towards the users. See the [audits readme](.\u002Faudits\u002FREADME.md) for this.\n\nMoreover, we welcome any individual to review the security of this app and submit any found\nissue to us. See [SECURITY.md](SECURITY.md) for more.\n\n## Checking out the code\n\nThis repository contains submodules needed for building the app. However, some of those submodules\nalso have further submodules that are quite large and not needed to build the app. So unless\nyou want the source code for all submodules you should avoid a recursive clone of the repository.\nInstead clone the repository normally and then get one level of submodules:\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fmullvad\u002Fmullvadvpn-app.git\ncd mullvadvpn-app\ngit submodule update --init\n```\n\nOn Android, Windows, Linux and macOS you also want to checkout the wireguard-go submodule:\n```bash\ngit submodule update --init wireguard-go-rs\u002Flibwg\u002Fwireguard-go\n```\nFurther details on why this is necessary can be found in the [wireguard-go-rs crate](.\u002Fwireguard-go-rs\u002FREADME.md).\n\nWe sign every merge commit to the `main` branch as well as our release tags.\nIf you would like to verify your checkout, you can find our developer keys on\n[Mullvad's Open Source page].\n\n### Binaries submodule\n\nThis repository has a git submodule at `dist-assets\u002Fbinaries`. This submodule contains binaries and\nbuild scripts for third party code we need to bundle with the app, such as Wintun.\n\nThis submodule conforms to the same integrity\u002Fsecurity standards as this repository. Every merge\ncommit should be signed. And this main repository should only ever point to a signed merge commit\nof the binaries submodule.\n\nSee the [binaries submodule's](https:\u002F\u002Fgithub.com\u002Fmullvad\u002Fmullvadvpn-app-binaries) README for more\ndetails about that repository.\n\n## Building the app\n\nSee the [build instructions](BuildInstructions.md) for help building the app on desktop platforms.\n\nFor building the Android app, see the [instructions](.\u002Fandroid\u002Fdocs\u002FBuildInstructions.md) for Android.\n\nFor building the iOS app, see the [instructions](.\u002Fios\u002FBuildInstructions.md) for iOS.\n\n## Releasing the app\n\nSee [this](Release.md) for instructions on how to make a new release.\n\n## Environment variables used by the service\n\n* `TALPID_FIREWALL_DEBUG` - Helps debugging the firewall. Does different things depending on\n platform:\n * Linux: Set to `\"1\"` to add packet counters to all firewall rules.\n * macOS: Makes rules log the packets they match to the `pflog0` interface.\n * Set to `\"all\"` to add logging to all rules.\n * Set to `\"pass\"` to add logging to rules allowing packets.\n * Set to `\"drop\"` to add logging to rules blocking packets.\n\n* `TALPID_FIREWALL_DONT_SET_SRC_VALID_MARK` - Set this variable to `1` to stop the daemon from\n setting the `net.ipv4.conf.all.src_valid_mark` kernel parameter to `1` on Linux when a tunnel\n is established.\n The kernel config parameter is set by default, because otherwise strict reverse path filtering\n may prevent relay traffic from reaching the daemon. If `rp_filter` is set to `1` on the interface\n that will be receiving relay traffic, and `src_valid_mark` is not set to `1`, the daemon will\n not be able to receive relay traffic.\n\n* `TALPID_FIREWALL_DONT_SET_ARP_IGNORE` - Set this variable to `1` to stop the daemon from\n setting the `net.ipv4.conf.all.arp_ignore` kernel parameter to `2` on Linux when a tunnel\n is established.\n The kernel config parameter is set by default, because otherwise an attacker who can send ARP\n requests to the device running Mullvad can figure out the in-tunnel IP.\n\n* `TALPID_DNS_MODULE` - Allows changing the method that will be used for DNS configuration.\n By default this is automatically detected, but you can set it to one of the options below to\n choose a specific method.\n\n * Linux\n * `\"static-file\"`: change the `\u002Fetc\u002Fresolv.conf` file directly\n * `\"resolvconf\"`: use the `resolvconf` program\n * `\"systemd\"`: use systemd's `resolved` service through DBus\n * `\"network-manager\"`: use `NetworkManager` service through DBus\n\n * Windows\n * `iphlpapi`: use the IP helper API\n * `netsh`: use the `netsh` program\n * `tcpip`: set TCP\u002FIP parameters in the registry\n\n* `TALPID_DISABLE_LOCAL_DNS_RESOLVER` - Set this variable to `1` to disable the local DNS resolver\n (macOS only).\n\n* `TALPID_NEVER_FILTER_AAAA_QUERIES` - Set this variable to `1` to never ignore DNS AAAA queries\n (macOS only).\n\n* `TALPID_FORCE_USERSPACE_WIREGUARD` - Forces the daemon to use the userspace implementation of\n WireGuard.\n\n* `TALPID_DISABLE_OFFLINE_MONITOR` - Forces the daemon to always assume the host is online.\n\n* `TALPID_CGROUP2_FS` - On Linux, forces the daemon to look for the cgroup2 filesystem at the\n specified path, instead of `\u002Fsys\u002Ffs\u002Fcgroup`. The cgroup2 used for split tunneling will be created\n in this directory.\n\n* `TALPID_NET_CLS_MOUNT_DIR` - On Linux, forces the daemon to mount the `net_cls` controller in the\n specified directory if it isn't mounted already. This will only have an effect on older systems\n where cgroup v1 is used for split tunneling.\n\n* `MULLVAD_MANAGEMENT_SOCKET_GROUP` - On Linux and macOS, this restricts access to the management\n interface UDS socket to users in the specified group. This means that only users in that group can\n use the CLI and GUI. By default, everyone has access to the socket.\n\n* `MULLVAD_BACKTRACE_ON_FAULT` - When enabled, if the daemon encounters a fault (e.g. `SIGSEGV`),\n it will log a backtrace to stdout, and to `daemon.log`. By default, this is disabled in\n release-builds and enabled in debug-builds. Set variable to `1` or `0` to explicitly enable or\n disable this feature. Logging the backtrace causes heap allocation. Allocation is not signal safe,\n but here it runs in the signal handler. This is technically undefined behavior and therefore\n disabled by default. This usually works, but enable at your own risk.\n\n### Development builds only\n\n* `MULLVAD_API_HOST` - Set the hostname to use in API requests. E.g. `api.mullvad.net`.\n\n* `MULLVAD_API_ADDR` - Set the IP address and port to use in API requests. E.g. `10.10.1.2:443`.\n\n* `MULLVAD_API_DISABLE_TLS` - Use plain HTTP for API requests.\n\n* `MULLVAD_CONNCHECK_HOST` - Set the hostname to use in connection check requests. E.g. `am.i.mullvad.net`.\n\n* `MULLVAD_ENABLE_DEV_UPDATES` - Enable version checks in development builds.\n\n### Setting environment variables\n\n#### Windows\n\nUse `setx` from an elevated shell:\n\n```bat\nsetx TALPID_DISABLE_OFFLINE 1 \u002Fm\n```\n\nFor the change to take effect, restart the daemon:\n\n```bat\nsc.exe stop mullvadvpn\nsc.exe start mullvadvpn\n```\n\n#### Linux\n\nEdit the systemd unit file via `systemctl edit mullvad-daemon.service`:\n\n```ini\n[Service]\nEnvironment=\"TALPID_DISABLE_OFFLINE_MONITOR=1\"\n```\n\nFor the change to take effect, restart the daemon:\n\n```bash\nsudo systemctl restart mullvad-daemon\n```\n\n#### macOS\n\nUse `plutil`:\n\n```bash\nsudo plutil -replace EnvironmentVariables -json '{\"TALPID_DISABLE_OFFLINE_MONITOR\": \"1\"}' \u002FLibrary\u002FLaunchDaemons\u002Fnet.mullvad.daemon.plist\n```\n\nFor the change to take effect, restart the daemon:\n\n```bash\nlaunchctl unload -w \u002FLibrary\u002FLaunchDaemons\u002Fnet.mullvad.daemon.plist\nlaunchctl load -w \u002FLibrary\u002FLaunchDaemons\u002Fnet.mullvad.daemon.plist\n```\n\n## Environment variables used by the desktop frontend\n\n* `MULLVAD_PATH` - Allows changing the path to the folder with the `mullvad-problem-report` tool\n when running in development mode. Defaults to: `\u003Crepo>\u002Ftarget\u002Fdebug\u002F`.\n* `MULLVAD_DISABLE_UPDATE_NOTIFICATION` - If set to `1`, notification will be disabled when\n an update is available.\n\n\n## Command line tools for Electron app development\n\n- `$ npm run develop` - develop app with live-reload enabled\n- `$ npm run lint` - lint code\n- `$ npm run pack:\u003COS>` - prepare app for distribution for your platform. Where `\u003COS>` can be\n `linux`, `mac` or `win`\n- `$ npm test` - run tests\n\n\n## Tray icon on Linux\n\nThe requirements for displaying a tray icon vary between different desktop environments. If the\ntray icon does not appear, try one of the following methods:\n\n### GNOME\n\nIf you're using GNOME, you might have to install additional GNOME shell extensions to display the tray icon properly.\n\nWe recommend `AppIndicator and KStatusNotifierItem Support`. It can be installed via GNOME's extension website:\nhttps:\u002F\u002Fextensions.gnome.org\u002Fextension\u002F615\u002Fappindicator-support\u002F\n\n### Other desktop environments\n\nTry installing one of these packages using the system's package manager:\n- `libappindicator3-1`\n- `libappindicator1`\n- `libappindicator`\n\n## Repository structure\n\n### Electron app and electron-builder packaging assets\n- **desktop\u002Fpackages\u002Fmullvad-vpn\u002F**\n - **assets\u002F** - Graphical assets and stylesheets\n - **src\u002F**\n - **main\u002F**\n - **index.ts** - Entry file for the main process\n - **renderer\u002F**\n - **app.tsx** - Entry file for the renderer process\n - **routes.tsx** - Routes configurator\n - **transitions.ts** - Transition rules between views\n - **tasks\u002F** - Gulp tasks used to build app and watch for changes during development\n - **distribution.js** - Configuration for `electron-builder`\n - **test\u002F** - Electron GUI tests\n- **dist-assets\u002F** - Icons, binaries and other files used when creating the distributables\n - **binaries\u002F** - Git submodule containing binaries bundled with the app. See the README\n in the submodule for details\n - **linux\u002F** - Scripts and configuration files for the deb and rpm artifacts\n - **pkg-scripts\u002F** - Scripts bundled with and executed by the macOS pkg installer\n - **windows\u002F** - Windows NSIS installer configuration and assets\n\n\n### Building, testing and misc\n- **build-windows-modules.sh** - Compiles the C++ libraries needed on Windows\n- **build.sh** - Sanity checks the working directory state and then builds installers for the app\n\n### Mullvad Daemon\n\nThe daemon is implemented in Rust and is implemented in several crates. The main, or top level,\ncrate that builds the final daemon binary is `mullvad-daemon` which then depend on the others.\n\nIn general one can look at the daemon as split into two parts, the crates starting with `talpid`\nand the crates starting with `mullvad`. The `talpid` crates are supposed to be completely unrelated\nto Mullvad specific things. A `talpid` crate is not allowed to know anything about the API through\nwhich the daemon fetch Mullvad account details or download VPN server lists for example. The\n`talpid` components should be viewed as a generic VPN client with extra privacy and anonymity\npreserving features. The crates having `mullvad` in their name on the other hand make use of the\n`talpid` components to build a secure and Mullvad specific VPN client.\n\n\n- **Cargo.toml** - Main Rust workspace definition. See this file for which folders here are daemon\n Rust crates.\n- **mullvad-daemon\u002F** - Main Rust crate building the daemon binary.\n- **talpid-core\u002F** - Main crate of the VPN client implementation itself. Completely Mullvad agnostic\n privacy preserving VPN client library.\n\n\n## Vocabulary\n\nExplanations for some common words used in the documentation and code in this repository.\n\n- **App** - This entire product (everything in this repository) is the \"Mullvad VPN App\", or App for\n short.\n - **Daemon** - Refers to the `mullvad-daemon` Rust program. This headless program exposes a\n management interface that can be used to control the daemon\n - **Frontend** - Term used for any program or component that connects to the daemon management\n interface and allows a user to control the daemon.\n - **GUI** - The Electron + React program that is a graphical frontend for the Mullvad VPN App.\n - **CLI** - The Rust program named `mullvad` that is a terminal based frontend for the Mullvad\n VPN app.\n\n\n## File paths used by Mullvad VPN app\n\nA list of file paths written to and read from by the various components of the Mullvad VPN app\n\n### Daemon\n\nOn Windows, when a process runs as a system service the variable `%LOCALAPPDATA%` expands to\n`C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local`.\n\nAll directory paths are defined in, and fetched from, the `mullvad-paths` crate.\n\n#### Settings\n\nThe settings directory can be changed by setting the `MULLVAD_SETTINGS_DIR` environment variable.\n\n| Platform | Path |\n|----------|------|\n| Linux | `\u002Fetc\u002Fmullvad-vpn\u002F` |\n| macOS | `\u002Fetc\u002Fmullvad-vpn\u002F` |\n| Windows | `%LOCALAPPDATA%\\Mullvad VPN\\` |\n| Android | [`getFilesDir()`](https:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fandroid\u002Fcontent\u002FContext#getFilesDir()) |\n\n#### Logs\n\nThe log directory can be changed by setting the `MULLVAD_LOG_DIR` environment variable.\n\n| Platform | Path |\n|----------|------|\n| Linux | `\u002Fvar\u002Flog\u002Fmullvad-vpn\u002F` + systemd |\n| macOS | `\u002Fvar\u002Flog\u002Fmullvad-vpn\u002F` |\n| Windows | `C:\\ProgramData\\Mullvad VPN\\` |\n| Android | [`getFilesDir()`](https:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fandroid\u002Fcontent\u002FContext#getFilesDir()) |\n\n#### Cache\n\nThe cache directory can be changed by setting the `MULLVAD_CACHE_DIR` environment variable.\n\n| Platform | Path |\n|----------|------|\n| Linux | `\u002Fvar\u002Fcache\u002Fmullvad-vpn\u002F` |\n| macOS | `\u002FLibrary\u002FCaches\u002Fmullvad-vpn\u002F` |\n| Windows | `C:\\ProgramData\\Mullvad VPN\\cache` |\n| Android | [`getCacheDir()`](https:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fandroid\u002Fcontent\u002FContext#getCacheDir()) |\n\n#### RPC address file\n\nThe full path to the RPC address file can be changed by setting the `MULLVAD_RPC_SOCKET_PATH`\nenvironment variable.\n\n| Platform | Path |\n|----------|------|\n| Linux | `\u002Fvar\u002Frun\u002Fmullvad-vpn` |\n| macOS | `\u002Fvar\u002Frun\u002Fmullvad-vpn` |\n| Windows | `\u002F\u002F.\u002Fpipe\u002FMullvad VPN` |\n| Android | [`getNoBackupFilesDir()`](https:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fandroid\u002Fcontent\u002FContextWrapper#getNoBackupFilesDir()) |\n\n### Desktop Electron app\n\nThe desktop Electron app has a specific settings file that is configured for each user. The path is\nset in the `desktop\u002Fpackages\u002Fmullvad-vpn\u002Fsrc\u002Fmain\u002Fgui-settings.ts` file.\n\n| Platform | Path |\n|----------|------|\n| Linux | `$XDG_CONFIG_HOME\u002FMullvad VPN\u002Fgui_settings.json` |\n| macOS | `~\u002FLibrary\u002FApplication Support\u002FMullvad VPN\u002Fgui_settings.json` |\n| Windows | `%LOCALAPPDATA%\\Mullvad VPN\\gui_settings.json` |\n| Android | Present in Android's `logcat` |\n\n## Icons\n\nSee [graphics README](graphics\u002FREADME.md) for information about icons.\n\n## Locales and translations\n\nInstructions for how to handle locales and translations are found\n[here](.\u002Fdesktop\u002Fpackages\u002Fmullvad-vpn\u002Flocales\u002FREADME.md).\n\nFor instructions specific to the Android app, see [here](.\u002Fandroid\u002FREADME.md).\n\nFor instructions specific to the iOS app, see [here](.\u002Fios\u002Ftranslation\u002FREADME.md).\n\n# License\n\nCopyright (C) 2026 Mullvad VPN AB\n\nThis program is free software: you can redistribute it and\u002For modify it under the terms of the\nGNU General Public License as published by the Free Software Foundation, either version 3 of\nthe License, or (at your option) any later version.\n\nFor the full license agreement, see the LICENSE.md file\n\nThe source code for the iOS app is GPL-3 licensed like everything else in this repository.\nBut the distributed app on the Apple App Store is not GPL licensed,\nit falls under the [Apple App Store EULA].\n\n[Apple App Store EULA]: https:\u002F\u002Fwww.apple.com\u002Flegal\u002Finternet-services\u002Fitunes\u002Fdev\u002Fstdeula\u002F\n[Mullvad's Open Source page]: https:\u002F\u002Fmullvad.net\u002Fen\u002Fguides\u002Fopen-source\u002F\n","Mullvad VPN客户端应用程序为桌面和移动设备提供安全的虚拟私人网络服务。项目使用Rust语言编写,支持WireGuard协议,并具备量子抗性隧道、多跳连接及多种传输层协议选项如TCP、Shadowsocks和QUIC等高级功能。它还提供了轻量级WireGuard混淆、拆分隧道以及自定义DNS服务器设置等功能。适用于需要增强在线隐私保护与访问控制的各种场景,包括但不限于个人用户上网浏览、企业远程办公等。该项目开源且遵循GPLv3许可证,确保了软件的安全性和透明度。","2026-06-11 03:04:13","top_language"]