mullvadvpn-app

This release is desktop (Windows, macOS and Linux) only.

Please note that a lot of desktop changes happened in 2020.4-beta1 but the binaries were never published. So see that changelog also for the full list of changes since the last desktop release.

Added

• Add possibility to create account in the desktop app.
• Add possibility to pay with voucher in the desktop app.

Android

• Add WireGuard MTU setting.

Changed

• Allow fc00::/7 instead of fd00::/8 in the firewall when local network sharing is enabled.
  Should unblock all unique local addresses.
• Upgrade from Electron 7 to Electron 8.
• Formalize what operating system versions we support in the readme. In practice
  this means dropped support for Android 5 and 6 and Fedora 28 and 29 right away, Ubuntu 16.04
  support will end as soon as Ubuntu 20.04 comes out.

Windows

• Windows 7 only: Address packet loss issues with OpenVPN on some systems by reverting the TAP
  adapter driver to an older NDIS 5 driver.

Initial release for iOS (iPhone). Supports...

• Establishing WireGuard tunnels
• Selecting and changing location and servers
• See account expiry
• Purchase more VPN time via in-app purchases
• See the current WireGuard key in use and how long it has been used
• Generate a new WireGuard key to replace the old

This release is Android only

Added

• Add signal handlers on Linux, macOS and Android to better log critical faults with the daemon.
• Add WireGuard MTU setting to desktop app.
• Add option to receive notifications about new beta releases.

Android

• Add option to enable auto-connecting behavior
• Include an initial relay list in the APK so that the app can connect to the VPN even if it fails
  to connect to the API after it is installed.
• Add a reconnect button to disconnect and connect again without closing the tunnel device to avoid
  leaking any data during the reconnection.
• Add quick settings tile to control the tunnel state.
• Enable IPv6 traffic through the tunnel.

Changed

• Prefer WireGuard when tunnel protocol is set to auto on Linux and MacOS.
• Wait for tunnel state machine to properly shut down, cleaning up the firewall properly on Windows
  during the daemon shutdown.
• Switch to new logo.
• Show better message when the app failed to block all connections after an error.

Fixed

• Fix bug that could lead to Javascript error dialog to appear upon the desktop app termination.
• Fix rendering glitch in the map and improve the map's resource usage.

macOS

• Fix firewall rules to properly handle DNS requests over TCP when "Local network sharing" is
  disabled. Previously DNS requests over TCP would timeout.

Android

• Fix notification action button not working when requesting to connect the tunnel after being
  disconnected for a long time.
• Make the settings screen scrollable, so that the quit button is reachable on small screens.
• Fix connectivity listener leak causing possible battery usage increase.
• Fix crash that could sometimes happen when restarting the background service.
• Fix incorrect location information sometimes shown in main screen.

Windows

• Fix bug where failing to initialize the route manager could cause the daemon to get stuck in a
  blocked state. This only affected WireGuard.

Security

• When upgrading or reinstalling while connected, exit the daemon in a blocking state to prevent
  unintended leaks. This only affects upgrades from this release.

Windows

• Fix issue in daemon where the block_when_disconnected setting was sometimes not honored when
  stopping the daemon. I.e. traffic could flow freely after the daemon was stopped.

Android

• Fix issue where IPv6 traffic could leak outside of the tunnel.

This release is identical to 2020.3-beta1, see that change log for all changes since last stable release.

Security

• Fix stack overflow caused by WireGuard key rotation timers. When the daemon crashed it was
  restarted automatically. But it did not connect (depending on settings), leaving a leak.

This release is identical to 2020.2-beta1, see that change log for all changes since last stable release.

Added

• Add reconnect button to the desktop app.
• Add monochrome option for the tray icon on Windows and Linux.
• Show OS notification when account is close to expiry on desktop platforms.
• Warn users running old app versions when creating problem report.

Android

• Add option to enable or disable local network sharing.
• Show account history in login fragment

Changed

• Change project copyright and company name from Amagicom AB to Mullvad VPN AB
• Only reconnect when settings change if a relevant tunnel protocol is used.
• Adjust padding of tray icon on Windows and Linux to better match other icons.
• Change the zoomlevel of the map in the desktop app to make it less zoomed in.
• Bundle new API IP with the app (Old: 193.138.218.73, new: 193.138.218.78)

Removed

• Remove city/country labels on map in the desktop app.

Fixed

• Fix app sometimes getting stuck in connecting state when using WireGuard.

Android

• Fix crash when removing the service from foreground on Android versions below API level 24.
• Fix crash that happened in certain situations when retrieving the relay list.
• Fix crash caused by initialization race condition.

Windows

• Fix "exhausted namespace" installation error on some non-English systems.

Security

• Stop DNS leak that could happen on all desktop platforms if "Local network sharing" was enabled
  and the device had a default DNS resolver on the local private network. The leak could happen
  during these states: While connecting, when blocked due to an error happening and when
  disconnected if the "block when disconnected" setting was enabled.
  This issue has been present on all previous versions of the app.

Windows

• Prevent DNS leak that could happen while connected if "Local network sharing" was enabled
  and the device had a default DNS resolver on the local private network. This issue was
  only present in the 2020.1 release.

This release is identical to 2020.1-beta1, see that change log for all changes since last stable release.

Added

• Add translations for Finnish and Danish.
• Copy WireGuard key when clicking on it.

Windows

• Sign all binaries in the app instead of just the installer.

Changed

• Increase OpenVPN ping timeout from 20 to 25 seconds. Might make working tunnels disconnect
  a bit less frequently.
• Use traffic data from WireGuard to infer connectivity, instead of continuously pinging.
  Should improve stability of the connection and reduce power use.
• Update wireguard-go to v0.0.20200121
• Remove WireGuard keys from accounts when they are removed from the local account history.
• Upgrade from Electron 6 to Electron 7.
• Disable WireGuard protocol option if there's no WireGuard key.

Android

• Wait for traffic to be routed through the tunnel device before advertising blocked state.
• Connect automatically if MullvadVpnService is started with an intent which
  has the android.net.VpnService action. Effectively, this should enable
  Always On behavior on Android versions where it's supported.
• Allow notification to be dismissed when the UI is not shown and the tunnel is disconnected.

Windows

• Use a branded TAP driver for OpenVPN to prevent conflicts with other software and solve issues
  related to driver upgrades. Also use the NDIS 6 driver on Windows 7.
• Be more aggressive when installing routes, in effect taking ownership of existing duplicate route
  entries. This allows the daemon to initialize properly even if a previous instance did not have a
  clean shutdown.

Fixed

• Don't try to replace WireGuard key if account has too many keys already.
• Fix bogus update notification caused by an outdated cache.
• Fix layout issues when showing messages in WireGuard key view.
• Fix translation of "System default" after selecting "System default" in language settings.

Windows

• Fix regression due to which a TAP adapter issue was not given as the specific block reason when
  the tunnel could not be started.
• Fix occasional failure to shut down the old daemon process during installation by killing it if
  necessary.
• Make WireGuard work with IPv6 enabled even if there is no functioning TAP adapter for OpenVPN.
• Restart daemon when coming back from system hibernation with terminated user session, since
  it's perceived as a cold boot from the user's perspective, so the app should act accordingly.
• Change the optimization level for releases from the default value to s, as a temporary fix for
  the system service crashing on Windows for newer CPU models.

Android

• Fix notification message to not show null version when version check cache is stale right
  after an update.
• Fix null pointer exception when connectivity event intent has no network info.
• Fix fast loop trying to fetch location and preventing the device from sleeping. This should
  improve battery life in some cases.
• Fix crash when starting the app right after quitting it.
• Restart background service if it stops responding.
• Fix crash when VPN permission is revoked, either manually or by starting another VPN app.
• Fix crash caused by local JNI reference table overflow after running for a long time.
• Dismiss notification after service has stopped.
• Don't show missing connectivity error message in WireGuard key management screen if a
  reconnection is expected to happen.
• Fix showing new key as invalid immediately after regeneration.

Linux

• DNS management with static /etc/resolv.conf will now work even when no
  /etc/resolv.conf exists.

Security

• Add automatic key rotation for WireGuard (every 7 days by default). This limits the potential
  for an attacker to correlate traffic with a public key and identity, and reduces the harm of
  software that might leak the private tunnel IP (since it is no longer fixed).

Windows

• Stop OpenVPN from loading C:\etc\ssl\openssl.cnf on start. This file was being loaded when an
  OpenVPN tunnel was being created. Any user could create the file, and the process loading it runs
  as the SYSTEM user. Since the config file allows loading arbitrary code, it was an attack vector
  allowing local unprivileged users to run code as SYSTEM.

macOS

• Limit macOS firewall rules to only allow UDP packets in the rules meant to enable being a DHCPv4
  server when local network sharing is enabled.

Fixed

• Fix improved WireGuard port selection

Windows

• Register 'NSI' service as a dependency of the daemon service.
• Set daemon service SID type as 'unrestricted'.
• Properly tear down routes after disconnecting from WireGuard relays.
• Fix bug that prohibited WireGuard from working over port 53.

Security

Linux

• Stop CVE-2019-14899 by dropping all packets destined
  for the tunnel IP coming in on some other interface than the tunnel.

The rest is identical to 2019.10-beta2, see that change log for all changes since last stable release.

Added

• Add mullvad relay set tunnel-protocol subcommand to the CLI to specify what tunnel protocol
  to use.
• Add mullvad reconnect subcommand to the CLI to make the app pick a new server and reconnect.

Windows

• Full WireGuard support, GUI and CLI.
• Install Wintun driver that provides the WireGuard TUN adapter.
• Remove Mullvad TAP adapter on uninstall. Also remove the TAP driver if there are no other TAP
  adapters in the system.

Android

• Add connectivity status check. Stopping the app from sitting in a reconnect loop while the
  device is offline.

Changed

• Notifications shown when connecting to a server include its location.
• Upgrade OpenVPN from 2.4.7 to 2.4.8.
• Upgrade OpenSSL from 1.1.1c to 1.1.1d.
• When using WireGuard without specifying a specific relay port, port 53 will be used after 2
  failed connection attempts for 2 out of 4 each successive connection attempts

Windows

• Use a larger icon in notifications on Windows 10.
• Only update DNS settings if updating would change the effective settings. This is a work-around
  to avoid invoking netsh unnecessarily and getting stuck in associated hangs.
• Don't restart the service immediately if it aborts several times in a row. Leave a window of ten
  minutes to allow for addressing the issue.
• Upgrade libsodium from 1.0.17 to 1.0.18.
• Upgrade NDIS 6 TAP driver from 9.21.2 to 9.24.2.

Fixed

Linux

• Improve stability on Linux by using the routing netlink socket in its own thread.
• When trying to use resolvconf for managing DNS, the daemon will check if
  dnsmasq is running and misconfigured.
• Improve stability on Linux by simplifying route management code.

Windows

• Detect removal of the OpenVPN TAP adapter on reconnection attempts.
• Improve robustness in path environment variable logic in Windows installer. Handle the case
  where the registry value type is incorrectly set to be a regular string rather than an expandable
  string.
• Fix suspend and resume issues with OpenVPN by upgrading the TAP driver.
• Minor adjustment in online/offline detection logic. This change addresses misbehaving drivers
  that report the adapter flags incorrectly.

Android

• Don't try to fetch location when the app knows that it has no connectivity. This should reduce
  wake-ups (improving battery life) and also fix very large log files consuming storage space.
• Fix crash when a new version event is received while the app is in the main screen.

Security

• Force OpenVPN to use TLS 1.2 or newer, and limit the TLS 1.3 ciphers to only the strongest ones.
  The Mullvad servers have never allowed any insecure ciphers, so this was not really a problem.
  Just one extra safety precaution.

This release is for Android only.

Added

Android

• Use authenticated URLs to go to wireguard key page on website.
• WireGuard key fragment has been made more similar to its desktop counterpart.

Fixed

• Fix bad file descriptor errors caused by sending a file descriptor between the daemon and the
  wireguard-go library.
• Recreate tun device after a fixed number of connection attempts on the same tun device. Breaks
  infinite reconnection loops on broken tun devices.

Added

• Add ability to submit vouchers from the CLI.

Linux

• Add a symlink for mullvad-problem-report directly in /usr/bin. So the tool is available.

Windows

• Install the OpenVPN certificate to avoid the TAP adapter driver installation warning on
  Windows 8 and newer.

Changed

Windows

• Rename the problem-report tool to mullvad-problem-report.

Fixed

• Fix Norwegian (Bokmal) language detection.
• Fix missing localizations when formatting date and time in Norwegian (Bokmal).
• Use authenticated URL to go to account page from expired account view.

macOS

• Remove mullvad and mullvad-problem-report symlinks from /usr/local/bin on uninstall.

The rest is identical to 2019.9-beta1, see that change log for all changes since last stable release.

Added

• Add ability to change the desktop GUI language from within Settings.
• Add ability to create new accounts from the CLI.

Windows

• Add CLI tools (the resource/ directory) to the system PATH.

macOS

• Notarize release builds with Apple. Making them run without warning on 10.15 Catalina.

Android

• Add settings button in launch and login screens. Making it possible to reach the problem report.
• Add support for Android 5.x Lollipop.
• Allow logging in without connectivity.

Changed

• Account and WireGuard keys links in the App will now log the user in automatically.
• Update FAQ URL to https://mullvad.net/help/tag/mullvad-app/.

Removed

• Remove support for MULLVAD_LOCALE environment variable.

Android

• Remove connect action button in notification when logged out.

Fixed

• Fix mullvad relay update to trigger a relay list download even if the existing cache is new.
• Don't include problem-report arguments in error logging. Stops user email from ending up in the
  log file on error.
• Fix handling of tunnel file descriptor for WireGuard. Duplicating and closing it correctly.

Android

• Show WireGuard key age in local timezone instead of UTC.
• Android 6 and older: Fix notification button icons.
• Fix collapsing tunnel information causing tunnel out IP address information to be lost.
• Various stability fixes.

Windows

• More adjustments in online/offline detection logic. Should prevent more users from being stuck
  in the offline state. Should also make the app notice network disconnects faster.

Updated translations for new strings in the app

The rest is identical to 2019.8-beta1, see that change log for all changes since last stable release.

Added

• Add ability to replace the WireGuard key with a new one. Allows manual key rotation.
• Show age of currently set WireGuard key.
• Add bridge selection under "Select location" view, when the bridge mode is set to "On".

Android

• Initial support for the Android platform.

Changed

• Decreased default MTU for WireGuard to 1380 to improve performance over 4G
• WireGuard key page now shows a label explaining why buttons are disabled when in a blocked state
• WireGuard key generation will try to replace old key if one exists.
• Show banner about new app versions only if current platform has changes in latest release.
• Don't make a GeoIP lookup by default in CLI status command. Add --location flag for enabling it.
• Sort relay locations and hostnames with natural sorting. Meaning se10 will show up after se2.
• Show inactive relays as disabled instead of hiding them completely from location selection list.
• Upgrade Electron from version 4 to version 6.

Windows

• Change uninstaller registry key name from Mullvad VPN to a generated GUID.

Fixed

• Fix old settings deserialization to allow migrating settings from versions older than 2019.6.
• Fix various small issues in GUI<->daemon communication.
• Make GUI WireGuard key verification resilient to failure.
• Fix issue where daemon would try and connect with UDP when the tunnel protocol is set to OpenVPN
  and the bridge mode is set to "On".
• Don't start ping monitor loop if first ping fails when checking WireGuard connection.
• Respect localization when sorting the relay locations list.

macOS

• Unregister the app properly from the OS when running the bundled uninstall.sh script.

Linux

• Fix bug in netlink parsing in offline detection code.

Removed

Windows

• Removed logic that implemented monitoring and enforcement of DNS settings.

Added

• Add more details to the block reason shown in GUI when the daemon fails to generate tunnel
  parameters.

Fixed

• Check and adjust relay and bridge constraints when they are updated, so no incompatible
  combinations are used.

The rest is identical to 2019.7-beta1, see that change log for all changes since last stable release.

Added

• Add new settings page for generating and verifying wireguard keys.
• Automatically generate and upload WireGuard keys on Linux and macOS.
• Allow activating and using WireGuard from the GUI under advanced settings on Linux and macOS.
• Add factory-reset CLI command for removing settings, logs and clearing the cache.

Changed

• Upgrade OpenVPN from 2.4.6 to 2.4.7.
• Upgrade OpenSSL from 1.1.0h to 1.1.1c.
• Upgrade wireguard-go library to v0.0.20190805.

Fixed

• Mark CLI bridge set state argument as required to avoid a crash.
• The VPN service on Windows will now be restarted when it crashes.
• Retry to connect when WireGuard tunnel fails due to a bad file descriptor.

Linux

• Improve resolv.conf based DNS management to detect changes to file.

Added

• Add simplified Chinese translations.

The rest is identical to 2019.6-beta1, see that change log for all changes since last stable release.

Added

• Add a switch to turn off system notifications under Preferences in the GUI.

Windows

• Add migration logic to restore lost settings after major Windows update.

macOS

• Add the Mullvad CLI frontend and problem report CLI tool to the PATH, so it can be
  run directly from a terminal.

Fixed

• Fix the mix of traditional and simplified Chinese. Separating them to two locales and fall back
  to English where translations are missing.

Windows

• Adjust network interface checks in offline detection logic. Prevents the app from being stuck
  in the offline state when the computer is in fact online.

Linux

• Fix some netlink packet parsing error in DNS handling.
• Improve offline check so if it fails, it always fails as online.