Avalanchego Validator + Mullvad VPN + WireGuard

Okay Guys and Gals, if you care about privacy and you’re running a local home node, I wanted to share a VPN setup that I have been using and testing for some time with my Validator. It seems to work well. It costs me about $5.50/mo; well worth it in my opinion. Okay, here we go:

  1. Set up an account at mullvad.net (your choice if you want to do a reoccuring plan or pay monthly (you can even use crypto if you so choose)).

  2. Install the CLI version of the Mullvad client on Ubuntu by following these directions: https://mullvad.net/en/help/install-mullvad-app-linux/

  3. Specify your account, Select a location, and Select a specific WireGuard server by following these instructions: https://mullvad.net/en/help/how-use-mullvad-cli/

  4. Turn on WireGuard by typing: mullvad relay set tunnel-protocol wireguard (as specified in the following instructions: https://mullvad.net/en/help/cli-command-wg/ )

  5. Go into your mullvad.net account and assign your automatically created key a port forward to the same country and city that you assigned to your Validator above (as specified in the following instructions in the Adding a Port section: https://mullvad.net/en/help/port-forwarding-and-mullvad/ )

  6. Go into your Avalanchego service startup file ( sudo nano /etc/systemd/system/avalanchego.service ) and update your startup to include --public-ip=xxx.xxx.xxx.xxx --staking-port=xxxxx. Your IP address for Avalanchgo will be the address after running this command: ‘curl https://am.i.mullvad.net/connected’ and the new port will be the one that mullvad.net assigned to you, which is the numerical digits in the Active Ports section in your account. (Please note: The curl command above may only work when Mullvad is running. I haven’t yet tested if it works works when Mullvad isn’t running). (Be sure to sudo systemctl daemon-reload when done updating) Alternatively, if you do not start Avalanchego with a service, be sure to add the previous parameters when we restart Avalanchego later. I noticed that the --dynamic-public-ip parameter does NOT work in this setup once Mullvad is running. It breaks the startup of Avalanchego. It looks like the lookup to opendns doesn’t work/breaks so it won’t let Avalanchego start.

  7. Important–before connecting the VPN! Enable LAN access for Mullvad if you’re remoting into your validator using Putty or something similar, otherwise you’ll be locked out and can only access your machine via the physical terminal, by following the instructions here: https://mullvad.net/en/help/how-use-mullvad-cli/

  8. Type the Connect command for Mullvad ( mullvad connect )

  9. Restart your Avalanchego service, or if you’re not running as a service, restart Avalanchego with the new paramaters above. Again, don’t use the --dynamic-public-ip parameter otherwise it won’t start.

  10. Check everything out to be sure it is all working. You can check Mullvad by typing mullvad status per the following instructions: https://mullvad.net/en/help/how-use-mullvad-cli/ . Check that other Validators can see and is talking to your Validator (which they should be able to assuming the port parameter matches what is being port forwarded to you from Mullvad, and the public ip paramaters matches the printout of this command: curl https://am.i.mullvad.net/connected).

  11. If you’re happy with the setup, go ahead and set up the Mullvad Auto-connect on start-up by typing mullvad auto-connect set on per the following instructions: https://mullvad.net/en/help/how-use-mullvad-cli/

For those of you who run a local home node, and were looking for somthing like this, I hope you found this small How-To helpful! Good luck =)

***Edited to update what your node’s IP address should be.


I noticed that after 7 days, Mullvad changed the external public IP in the city I was connected to. Unfortunately, even after updating the --public-ip= parameter, my node was receiving connections from the original IP address which was maxing out my CPU usage.

In order to fix this, I simply added another port forward to a new city and updated Mullvad to connect to a server in the new city, and updated the two Avalanchego parameters and restarted Avalanchego. This fixed the max CPU issue. I will monitor and update how often this occurs. But if it happens every 7 days, I’ll just switch back and forth between the two cities. Small inconvenience for good privacy.

1 Like

Thanks for the tutorial! I’ve been using Mullvad for a while without problem.
Just want to add a few things, maybe someone will find them useful:

  1. Mullvad app doesn’t support ARM system (such as Raspberry Pi) but you can install WireGuard and still use Mullvad. This link should be helpful for the alternative setup https://mullvad.net/en/help/wireguard-and-mullvad-vpn/

  2. If you want to check your port forwarding setting, you can type nc -l -p XXX (XXX being your port) and in a separate terminal do curl https://ipv4.am.i.mullvad.net/port/XXX, or use services like https://ismyportopen.com/ to see if your IP and port is visible.

1 Like