https://mullvad.net/en/help/install-mullvad-app-linux
Trying to install VPN and these are the instructions Mullvad is giving me. This is ridiculous. There must be a more simple way. I know how to follow the instructions but I have no idea what I’m doing here. Can’t I just download a file and install it? I’m on Ubuntu.
It’s less complicated than it looks like. The text is just a poorly written mess, full of options (Fedora vs. Ubuntu, repo vs. no repo, stable vs. beta), and they’re explaining how to do this through the terminal alone because the interface that you have might be different from what they expect. And because copy-pasting commands is faster.
Can’t I just download a file and install it? I’m on Ubuntu.
Yes, you can! In fact, the instructions include this option; it’s under “Installing the app without the Mullvad repository”. It’s a bad idea though; then you don’t get automatic updates.
A better way to do this is to tell your system “I want software from this repository”, so each time that they make a new version of the program, yours get updated.
but I have no idea what I’m doing here.
I’ll copy-paste their commands to do so, and explain what each does.
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list sudo apt update sudo apt install mullvad-vpn
The first command boils down to “download this keyring from the internet”. The keyring is a necessary file to know if you’re actually getting your software from Mullvad instead of PoopySoxHaxxor69. If you wanted, you could do it manually, and then move to the /usr/share/keyrings directory, but… it’s more work, come on.
The second command tells your system that you want software from repository.mullvad.net. I don’t use Ubuntu but there’s probably some GUI to do it for you.
The third command boils down to “hey, Ubuntu, update the list of packages for me”.
The fourth one installs the software.
Thanks for the explanation. However trying to run the first command gives me sudo: curl: command not found
So I’m stuck right there in the first step lol
I would have guessed that Ubuntu would install it by default since its a very common way to get stuff from the internet (when in the terminal), but apparently not (the other option is
wget
which is most likely installed, but that uses a different way to get the stuff).You should be able to install curl with
sudo apt install curl
You have two options: install
curl
(check @TrickDacy@lemmy.world’s comment) or do it manually. Installing curl is the easiest.If you want to do it the hard way (without the terminal), here’s how:
- Download the file
https://repository.mullvad.net/deb/mullvad-keyring.asc
from your web browser. - Open your file browser as administrator. There’s probably some link for that in the Menu.
- Move the file that you just downloaded to the directory
/usr/share/keyrings/
Really appreciate your replies dude. So many are being a bit of an jerks here, but you (and few other) have been really helpful.
You’re welcome.
I think that people being jerks take for granted how confusing this might be, if you’re new; we (people in general) tend to take vocab that we already know for granted, as well as solutions for small problems. …except that it doesn’t work when you’re starting out, and we all need to start out somewhere, right.
- Download the file
So usually people do install Linux software from trusted software repositories. Linux practically invented the idea of the app store a full ten years before the first iPhone came out and popularized the term “app.”
The problem with the Mullvad VPN is that their app is not in the trusted software repositories of most Linux distributions. So you are required to go through a few extra steps to first trust the Mullvad software repositories, and then install their VPN app the usual way using
apt install
or from the software center.You could just download the “.deb” file and double click on it, but you will have to download and install all software security updates by hand. By going through the extra steps to add Mullvad to your trusted software repository list, you will get software security updates automatically whenever you install all other software updates on your computer.
Most Linux distros don’t bother to make it easy for you to add other trusted software repositories because it can be a major security risk if you trust the wrong people. So I suppose it is for the best that the easiest way to install third-party software is to follow the steps you saw on the website.
Download the .deb and double click it. https://mullvad.net/en/download/app/deb/latest
People seem to be making this a more difficult job than it needs to be. Yeah I get we’re powerusers but can’t we drop that for 2 minutes while giving advice so a new user can actually get a job done quickly? Windows EXEs don’t automatically update either. Sure it might not be the best way to do it but it’s fast and not confusing. (EDIT: Apparently this specific program actually has it’s own auto updater)
Things take time to learn. Throwing all of the existing knowledge of repo management at a new user at once does not work.
As others have mentionned downloading the .deb and running it will also work, but I feel nobody gave your a tldr of why you may want to follow those instructions instead, so here it is:
Those instructions configure your package manager (apt) with a new repository for this application.
The upside to that is that anytime you will look for updates, this app will also get updated.
It’s a bit more work up front, but it can pay off when you have dozens of app updating as part of normal system operations.
Imagine a world where windows updates would also update all your software, that’s what this is.
The comment section here is a perfect example of why people don’t use Linux
This comment here is a prefect example of being unhelpful and inflammatory.
You added nothing to the conversation but instead tried to be “clever” by doing the same tired old “angsty Linux vs. Windows shtick” that’s been around for as long as GNU/Linux was a thing.
Other people at least offered an explanation or suggestion.
No, he’s 100% correct
100% correct about what? That people trying to offer different bits of advice/explanations are driving people away? Even if some of the advice is not the best/contradict one another, it’s still support being given to another user.
Comments like these don’t say or do much of anything. They just finger wag and scold people for not being the “100% best Linux representative” they can be. Believe it or not, people who are in Linux communities aren’t a monolith of perfect technological wisdom and understanding.
My problem isn’t even with the basis behind the comment which I actually somewhat agree with. It’s just framed in a cowardly way that obnoxiously blames community members for driving people away.
So yes comments like these are useless and the people who make them are lazy.
Clearly, for you, it’s a bitter pill. I get it.
Yes. I’m genuinely unsure how it could be any easier. It’s just add the repo and install.
But I suppose it’s a lot if you don’t know what anything means, so I’ll try to explain it at a super basic level. Sorry if this is patronising, I can’t ascertain your experience level so I have to make an assumption.
The first thing it asks you to do is:
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
Hm. Okay so I guess before even deciphering the command, you have to know how Linux works. So on Linux, the first word is the name of the application you want to use, and everything afterwards is stuff that you pass along to the application. It’s up to the application to program in the behaviour for interpreting the words that come after the first word. So “sudo” is the name of the application you’re using, and all that other stuff is stuff you’re telling Linux to tell that other application.
Okay, so what is sudo? sudo is short for Super User Do. It’s an application that does something (sudo) as the super user (sudo). Super User is like admin on Windows. So it’s for when you want to make system level changes or want to override permission limitations. In the past, or at a basic level, you would switch user, make the change, then switch back to your personal user. But with sudo you can borrow the permissions of the super user for the purposes of that one command and everything works smoother that way.
The way you use sudo is you run the application by typing sudo, then you type in a second application and what you want that application to do, then sudo starts that other application and gives it the instructions you asked to be passed on. The second application in this case is curl.
For example, on Windows you might do
sudo photoshop open C:\users\winuser\documents\restrictedfile.psd
to open a file in Photoshop that the Windows admin decided you aren’t allowed to open.Let’s look at the command again.
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
Sudo is to get super permissions and doesn’t actually tell you what the command does. The application that is actually being run in this command is curl. curl goes to a url and sees it. So it basically just means download whatever is at this URL. Here the URL is
https://repository.mullvad.net/deb/mullvad-keyring.asc
All that other stuff in this command is technically curl specific, so you have to check how curl works to know what it does. But it does follow Linux conventions very closely, therefore a normal Linux user who has never used curl could still guess what it does with 100% accuracy and would probably use it correctly for the first time without checking how to use it. If you want to learn how to use it, you can use the included manual programman
, by typingman curl
, and as a convention, almost every Linux application will tell you how to use it if you use the -h or --help flags by typingcurl -h
orcurl --help
.In this case, curl takes flags, these are -fsSLo, that’s 5 different flags. A flag is like a mode switch for an application, it’s specified with adding a hyphen and the trigger word. The hyphen is useful because an application like curl might want a file path
/usr/share/keyrings/mullvad-keyring.asc
and a URLhttps://repository.mullvad.net/deb/mullvad-keyring.asc
, so by adding the hyphen, the application knows that fsSLO is not part of the file path, but is instead specific instructions you’re giving the application. This is a normal convention on Linux, similar to how Windows applications normally program the X button in the corner to close the window.For curl specifically, by default curl doesn’t save the file, it just displays it in the terminal. So the most basic version of the command would be
curl https://repository.mullvad.net/deb/mullvad-keyring.asc
and nothing else. Let’s look at what the flags do.
-f is for fail.
-s is for silent. Both of these just change the behaviour of curl to give you less feedback and information. Mullvad probably chose to do this to make it more beginner friendly, ironically.
-S is for show error. There’s a difference between lower and upper case. Show error means that even though curl was asked to be quiet and not show what it’s doing, it should still let you know if there’s an error.
-L is for location, it’s to allow redirects. Mullvad chose to include this option so that the old instructions still work if the URL changes in the future or perhaps if you have a common typo in your command.
-o (output) writes the downloaded file to disk at the specific location./usr/share/keyrings/mullvad-keyring.asc
. The -o flag is the only one in this list that actually matters and changes what the application does. The rest is just there to be beginner friendly, but I think Mullvad made a mistake in including them personally, as I think they add to the confusion instead.As a standard Linux convention, flags can either be a single hyphen and a letter or two hyphens and a word or a hyphenated sentence. These are conventions and up to the application, but for curl and most applications you’ll use, both work. Similarly, curl and most applications let you use a single hyphen and then all your flags in a row, or separate them with spaces and new starting-hyphens.
curl -f --silent -S -L --output file.txt https://lemmy.ml
for example.Okay, so hopefully now you can read it a bit better. Let’s look at it again.
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
Wtf is that file and why do you need it in that folder? It’s downloading their encryption key to the folder where apt (a different application we haven’t encountered yet) looks for encryption keys. You need this for cryptographic verification. It’s a safety measure, and more important for security software like Mullvad. It’s not mandatory for adding repositories.
So with this command, you borrow the super user’s permissions and you download a file and put it in a folder.
Okay, next part.
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
Okay, this one is actually pretty complicated! Similar to above, how they added all those superfluous flags that make curl quieter, this is another case of the mullvad help-article-writers choosing to make the experience of copy/pasting the commands more seamless by sacrificing legibility.
But let’s go through it anyway. It’ll be a super quick crash course in how to use Linux.
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
Echo is an application that repeats whatever you type at it. If you run
echo hi
it’ll outputhi
into the terminal. Deb is an application that installs .deb packages. These are like .msi files on Windows. It’s specific to Ubuntu and certain other Linux distros. The stuff that follows echo is a command.deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main
, if you run it on its own, it does something. But because you wrote echo first, it’s only words that are being printed in the terminal. We’ll look at what it’s supposed to do in a minute. After that part, comes a pipe|
, this is very important, then a second command.sudo tee /etc/apt/sources.list.d/mullvad.list
.Okay, we’ll break this down backwards.
sudo
you already know. It’s just an application that starts another application. In this casetee
. tee is an application that takes whatever you give it and writes it to a file. It’s called tee because it’s like a t-split, it both writes to a file and to the terminal at the same time, so you can monitor what’s being written. It’s specifically designed to be used with a pipe.Wtf is a pipe? A pipe
|
is a built in Linux function that let’s you take the output from one application and feed it to another. In this case, the stuff you had before the pipe was a echo command. So the output is what you asked echo to echo back to you.deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main"
. That means that tee is writing this command (without the echo part in front of it, because that’s your command, not the output from an application) into the file located at/etc/apt/sources.list.d/mullvad.list
. Tee by default overwrites whatever was already in the file, and in this case, a mode-switch flag wasn’t used to ask it to not do that. So if that file already existed (which it doesn’t), it would now be deleted and replaced with what you echo’d into it.deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main"
.What is
/etc/apt/sources.list.d/mullvad.list
? That’s a file that belongs toapt
.apt
is your package manager, we’ll loop back to that. The/etc
folder is somewhere applications put their files, rather than where the user is supposed to put their files. Having the user’s files separately like that helps with knowing which files you care about when it comes to backups and system migrations and things like that. So inside /etc, apt gets it’s own folder, and inside that folder it created sources.list.d, and inside that folder, you’re now creating a file for mullvad. In this file is the definition of the new repository you’re adding.[Cutting this up to two parts because API limit]
Genuinely sure it couldn’t be easier
Instructions so long it takes up two comments
These aren’t instructions. The instructions are 3 lines and provided by the vendor.
Chance that your Ubuntu version already supports OpenVPN and wireguard (check your settings -> network). If so, just download wireguard/OpenVPN config files from mullvad: https://mullvad.net/account/openvpn-config?platform=linux
This is a troll, clearly. Purge this guy.
?
More or less: yes.
It’s copy and pasting 5 lines into the terminal and hitting enter. It’s not that hard. If it’s not worth the 15 seconds of ‘work’ you probably don’t need the software that badly.
And it’s not the default. Usually you shouldn’t add random software sources and download software from some websites. Your Linux package manager should be the source for software. (Software Manager / Store / Synaptics, … whatever Ubuntu calls it) It installs software with one or two clicks with the mouse, the software there is tested and tied into the rest of the systems and tens of thousands of packages are available. No malware guaranteed, and updates are handled automatically.
And with other Operating systems it’s also ridiculous: You need to find the website of some software, avoid malware and copycats that advertise similar software with ads, click download, click ‘yes’ I accept a download with a harmful extension. Then you need to open the file manager and double click on it. Then a window opens and you need to click ‘next’. Accept the terms. Give permission to install and maybe remove a few ticks and choose a location. I’d say it’s about the same amount of work and the downside is it doesn’t necessarily handle updates and security fixes.
I think Ubuntu doesn’t have Mullvad available in their own repository. I took another approach and imported their settings/profile into the VPN/network manager that is available per default on many Linux distributions. No install required at all. But importing the settings isn’t easier, so YMMV here. And I think you have to create a profile for each and every country/endpoint which is a bit cumbersome, depending on what you’re trying to do with the VPN.
It’s copy and pasting 5 lines into the terminal and hitting enter. It’s not that hard. If it’s not worth the 15 seconds of ‘work’ you probably don’t need the software that badly.
Telling people to just run random code they found on the internet and don’t understand is really bad advice.
That statement is certainly true.
But how do you think you install software on Windows? You download a random installer from the internet and double-click it. The installer is an executable file and runs some code on your computer to set up the software. I’d argue it’s exactly the same.
In the one instance you copy and paste code and run it. In the other instance you execute an installer that also contains the random code. And you can’t even have a look what happens.
The real issue is: You have to trust the vendor. If you don’t trust Mullvad, don’t run their 5 lines of code. But you then also shouldn’t install their software and not run their windows installer. I don’t see a way around this ‘trust’ issue.
The proper way of course would be a standardised process that also confines the software into containers with minimal permissions. Something like Android Apps. In theory you could add a default update process so the vendor just needs to define an update server in the (apk) installer file. Google didn’t do this, but they want people to use their Play Store. And I don’t think we have a permission system that is actively used on any of the major desktop operating systems, anyways.
My favorite part of this thread is everyone just saying copy and paste the commands so it will work. Like we should totally get users into the habit of running random commands off the net as root.
I mean I agree that this is a new user nightmare, but we’ve been conditioning people for 30 years to download and run random .EXE files as admin too.
This post is proof that Linux desktop isn’t as good, perfect and polished as everyone says it is. Stop living in the delusion.
Do you even use Linux?
He’s using a shitty version of linux. I use Arch btw
Yes and I do and while it is great for infrastructure, magnitudes better than anything Microsoft ever offered as a reasonable desktop it’s a fucking a joke.
You’re deluded if you think that “everybody” let alone a large minority of people say that the Linux desktop is “good, perfect and polished”.
That’s a new one around here ahaha