Mullvad VPN App 4.2 setup guide

Lilly7585 · December 30, 2025, 10:42am

In case it’s helpful for others, here’s the steps I took to get Mullvad VPN app working in a dedicated appVM using Fedora 42 minimal:

Create new template from unaltered Fedora 42 minimal template, open root terminal

$ sudo dnf install qubes-core-agent-networking qubes-core-agent-network-manager qubes-core-agent-dom0-updates network-manager-applet

You’ll need to type “y” and then hit Enter to proceed
Bind directories for Mullvad’s configurations

$ sudo mkdir -p /etc/qubes-bind-dirs.d
$ echo 'binds+=( '\'''/etc/mullvad-vpn''\'' )' | sudo tee /etc/qubes-bind-dirs.d/50_user.conf

From Using Mullvad VPN on Qubes OS | PrivSec - A practical approach to Privacy and Security
Install Mullvad VPN;

$ sudo dnf config-manager addrepo --from-repofile=https://repository.mullvad.net/rpm/stable/mullvad.repo
$ sudo dnf install mullvad-vpn

You’ll need to type “y” and enter to proceed at some point
Fix DNS issues (see here: Using Mullvad VPN on Qubes OS | PrivSec - A practical approach to Privacy and Security)

$ nano /etc/systemd/system/dnat-to-ns.service

Paste below:

[Unit]
Description=Run /usr/lib/qubes/qubes-setup-dnat-to-ns
StartLimitIntervalSec=0

[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl restart systemd-resolved
ExecStart=/usr/lib/qubes/qubes-setup-dnat-to-ns

$ nano /etc/systemd/system/dnat-to-ns.path

Paste below:

[Unit]
Description=Run /usr/lib/qubes/qubes-setup-dnat-to-ns when /etc/resolv.conf changes

[Path]
PathChanged=/etc/resolv.conf
Unit=dnat-to-ns.service

[Install]
WantedBy=multi-user.target

$ sudo mkdir -p /etc/systemd/system/systemd-resolved.conf.d/
$ nano /etc/systemd/system/systemd-resolved.conf.d/override.conf

Paste below:

[Unit]
StartLimitIntervalSec=0

$ sudo systemctl enable dnat-to-ns.path

Shutdown template
Create new AppVM using the template created above, with networking = sys-firewall and CHECK “launch settings after creation” and CHECK “Provides network access to other qubes” in “Advanced”
Qube settings (leave everything else as-is);
- Check “Start qube automatically on boot”
- Private storage size = 5GB
- Advanced: Uncheck “include in memory balancing” (leave initial mem at 400 and 2 CPU)
- Services: add “network-manager” and “qubes-firewall”
- Applications: add “Mullvad VPN”
Start Mullvad appVM, log into Mullvad VPN and configure settings, then configure other appVMs to use the Mullvad AppVM as network