mullgate turns your Mullvad subscription into authenticated SOCKS5, HTTP, and HTTPS proxies for selected apps. it is built for people who want one command surface for setup, named exit locations, exposure control, and app-level routing without sending the whole machine through a VPN.
the main setup path is mullgate setup. on a real terminal it opens a guided flow that collects your Mullvad account number, proxy credentials, route aliases, bind posture, and optional HTTPS settings, then persists canonical config plus the derived runtime artifacts needed for start, status, and doctor. if you prefer automation, the same surface also supports a fully non-interactive env-driven setup path.
documentation | npm | github
if you want Mullvad-backed proxy access without replacing your computer's normal network path, mullgate gives you a practical path.
- expose authenticated SOCKS5, HTTP, and HTTPS proxy endpoints from your own Mullvad subscription
- route only the traffic you choose instead of tunneling the whole machine
- keep one CLI for setup, named exits, runtime checks, and diagnostics
- stay in control of the host and credentials instead of depending on a hosted relay service
mullvad's socks5 proxy is a socks5 endpoint inside the mullvad vpn tunnel. you connect to mullvad first, then manually point an app or browser at that proxy.
mullgate is a local operator layer built around a mullvad subscription. it provisions named exits, exposes authenticated socks5, http, and https proxy entrypoints on your machine, and gives you one cli surface for setup, exposure control, runtime checks, and failure diagnostics.
the goal is not "replace mullvad's proxy page with another set of manual steps." the goal is to give self-hosters a managed proxy gateway that uses mullvad exits without forcing the whole machine through the vpn.
the hard part is that mullvad only gives each account 5 wireguard devices. once you want multiple real routed exits, that limit becomes an architectural constraint, which is why mullgate is more than a thin wrapper around mullvad's socks5 proxy.
mullgate currently requires Node.js 22+.
install from npm for the normal path, or use a GitHub release standalone binary/archive when you want a pinned platform artifact.
curl -fsSL https://raw.githubusercontent.com/Microck/mullgate/main/scripts/install.sh | sh
mullgate --helpirm https://raw.githubusercontent.com/Microck/mullgate/main/scripts/install.ps1 | iex
mullgate --helpnpm install -g mullgate
pnpm add -g mullgate
bun add -g mullgatefor an interactive setup flow:
mullgate setupfor non-interactive setup, start from .env.example and then run:
mullgate setup --non-interactive
mullgate config hosts
mullgate start
mullgate status
mullgate doctormullgate is currently a Linux-first runtime with truthful cross-platform install, config, and diagnostics surfaces.
| platform | install | config path / status / doctor |
full runtime execution |
|---|---|---|---|
| Linux | Supported | Supported | Supported |
| macOS | Supported | Supported | Partial |
| Windows | Supported | Supported | Partial |
macOS and Windows can install the CLI and report config/runtime state truthfully, but the current Docker-first multi-route runtime still depends on Linux host-networking behavior. use Linux for the full setup and live runtime path.
| command | purpose |
|---|---|
mullgate setup |
guided or non-interactive Mullvad-backed setup that persists canonical config and derived runtime artifacts |
mullgate start |
re-render artifacts, validate them, and launch the Docker runtime bundle |
mullgate status |
inspect saved runtime state, runtime artifacts, live Docker Compose state, and exposure entrypoints |
mullgate doctor |
run deterministic diagnostics for config, runtime, bind, DNS, and last-start failures |
mullgate config path |
print active config/state/cache/runtime paths plus platform support posture |
mullgate config hosts |
print hostname to bind-IP mappings and the copy/paste hosts block |
mullgate config exposure |
inspect or update loopback, private-network, and public exposure posture |
mullgate config validate |
validate rendered wireproxy config and refresh runtime validation metadata |
set up two named exits and inspect the generated hostname mappings:
export MULLGATE_ACCOUNT_NUMBER=123456789012
export MULLGATE_PROXY_USERNAME=alice
export MULLGATE_PROXY_PASSWORD='replace-me'
export MULLGATE_LOCATIONS=sweden-gothenburg,austria-vienna
mullgate setup --non-interactive
mullgate config hostsstart the runtime and inspect its current posture:
mullgate start
mullgate status
mullgate doctoruse one of the exposed routes from another client or shell:
curl \
--proxy socks5h://sweden-gothenburg:1080 \
--proxy-user "$MULLGATE_PROXY_USERNAME:$MULLGATE_PROXY_PASSWORD" \
https://am.i.mullvad.net/json- documentation site
- usage guide
- publishing guide
- multi-exit architecture spec
.env.example- documented setup inputs for local runs
this project is unofficial and not affiliated with, endorsed by, or connected to Mullvad VPN AB. it is an independent, community-built tool.