Running a VPN on MidnightBSD requires a slightly different approach than on typical Linux distributions. MidnightBSD, a FreeBSD fork tailored for desktop users, uses the pkg package manager and the traditional /etc/rc.d scripts for service management. Its default desktop environment is MATE, though you’ll also find folks running Xfce or even KDE. Because there are no native Linux binaries, the best VPN providers for MidnightBSD are those offering ready-to-use OpenVPN or WireGuard configuration files, clear BSD documentation and minimal dependencies. After extensive testing, the top candidates are Mullvad, Proton VPN and IVPN.
Here’s why these stand out on MidnightBSD:
- Mullvad: Offers both OpenVPN and WireGuard configs, clear step-by-step guides for FreeBSD and a small, stateless client footprint.
- Proton VPN: Provides official .ovpn bundles, strong privacy policy and straightforward port forwarding guides that work on BSD.
- IVPN: Privacy-focused service with OpenVPN and WireGuard support, detailed Unix/BSD-oriented documentation and simple, minimal configuration files.
| VPN | Protocols | Official BSD Support | Kill Switch (pf-based) |
Server Locations | Website |
|---|---|---|---|---|---|
| Mullvad VPN | OpenVPN, WireGuard | Configuration files | Yes | 40 countries | Mullvad VPN |
| Proton VPN | OpenVPN | .ovpn bundles | Yes | 60 countries | Proton VPN |
| IVPN | OpenVPN, WireGuard | Manual configs | Yes | 40 countries | IVPN |
Installing and Configuring Mullvad VPN
Mullvad supports both OpenVPN and WireGuard. We’ll cover both methods. First, ensure your system is up to date:
pkg update pkg upgrade
OpenVPN Method
- Install
openvpnandwget(orfetch):
pkg install openvpn wget
- Download your Mullvad .ovpn config:
wget https://api.mullvad.net/www/new-service-settings/?account_number=YOUR_ACCOUNT_NUMBERwireguard=false -O mullvad.conf
- Bring up the VPN:
openvpn --config mullvad.conf
To run OpenVPN as a background service, copy /usr/local/etc/openvpn/sample to /usr/local/etc/openvpn/mullvad.conf and enable it in /etc/rc.conf:
sysrc openvpn_enable=YES sysrc openvpn_configfile=mullvad.conf service openvpn start
WireGuard Method
- Install
wireguard-toolsandcurl:
pkg install wireguard-tools curl
- Fetch your WireGuard config:
curl -o /usr/local/etc/wireguard/wg0.conf https://api.mullvad.net/www/new-service-settings/?account_number=YOUR_ACCOUNT_NUMBERwireguard=true
- Enable pf (if not already) and bring up wg0:
sysrc pf_enable=YES sysrc wireguard_interfaces=wg0 service wireguard start
Installing and Configuring Proton VPN
Proton VPN only offers OpenVPN, but provides easy-to-use bundles.
- Install OpenVPN:
pkg install openvpn
- Download the .ovpn bundle of your chosen server from the Proton VPN support site.
- Unpack and move files to
/usr/local/etc/openvpn/protonvpn:
tar xzf protonvpn_bundle.tar.gz mkdir -p /usr/local/etc/openvpn/protonvpn mv .ovpn /usr/local/etc/openvpn/protonvpn/ mv ca.crt /usr/local/etc/openvpn/protonvpn/
- Enable and start Proton VPN service:
sysrc openvpn_enable=YES sysrc openvpn_configfile=protonvpn/server-name.ovpn service openvpn start
Setting Up a pf-Based Kill Switch
To prevent leaks if the VPN drops, add a pf anchor. Create /etc/pf.d/vpn.kill with:
# vpn.kill - Block all except VPN interface
ext_if=em0
vpn_if=tun0 # or wg0 for WireGuard
set block-policy drop
block all
pass quick on lo0
pass on ext_if proto udp to any port {1194, 51820} keep state
pass out on vpn_if from any to any keep state
Then include it in /etc/pf.conf:
anchor vpn.kill all load anchor vpn.kill from /etc/pf.d/vpn.kill
Enable and reload pf:
service pf enable service pf reload
With those steps, Mullvad, Proton VPN and IVPN will integrate smoothly with MidnightBSD’s pkg system, MATE desktop or any window manager you choose, and you’ll enjoy secure, leak-protected connectivity tailored for a BSD environment.
Leave a Reply