Split tunneling websites with Mullvad

I recently found out about Mullvad SOCKS5 proxies. You can connect to any Mullvad wireguard node and then use SOCKS5 proxy inside that VPN tunnel to exit from different node. You can only use proxies while VPN is turned on. It seems that Mullvad has achieved this by creating a mesh that allows their every node to connect directly to each other through a VPN. This is a really useful feature! Let’s say you want to visit a website that is only allowed in UK and visit a US based website that has blocked all EU connections due to GDPR while living in Finland. You could switch VPN servers based on which website you want to connect to but that is quite cumbersome. You also might not want to route all traffic through a VPN. This is how I use Mullvad SOCKS5 and Firefox Multi-Account Containers to split tunnel specific websites.

Wireguard

First we need to setup wireguard connection as proxies are only accessible via internal Mullvad ip addresses. Go to Mullvad wireguard config page and download your configuration. By default wireguard will route all your connections through Mullvad servers. I only want to route my proxies through Mullvad so I’ll edit AllowedIPs line to AllowedIPs = 10.124.0.0/23, 10.64.0.1/32 and remove DNS line completely. All proxy nodes have ip address in network 10.124.0.0/23 except the node you’re connected to which has ip of 10.64.0.1/32.

Firefox Multi-Account containers

The Firefox Multi-Account Containers extension lets you carve out a separate box for each of your online lives – no more opening a different browser just to check your work email! Under the hood, it separates website storage into tab-specific Containers. Cookies downloaded by one Container are not available to other Containers. You can even integrate individual Containers with Mozilla VPN to protect your browsing and location. – Firefox Multi-Account Containers

You can use Containers with Mozilla VPN which is actually Mullvad under the hood. I haven’t used Mozilla VPN so I cannot say what excatly are the differences. In addition to Mozilla VPN you can also specify proxies for each Container. You need to give the extension permission to control proxy settings. Head over to Multi-Account Containers extension preferences and check Allow extension to control proxy settings.

If you’re new to the Multi-Account Containers I recommend you read the docs. Basically you can specify that specific domains are always opened in specific Containers. You can also manually open a specific Container and start browsing inside that Container.

Now let’s create a new Container named USA-PROXY. We’ll use this Container to connect to websites through USA endpoint. You can find Mullvad proxy addresses from servers page. Click the wireguard server that you want exit from and you should be able to see socks5 proxy address column. For example us101-wireguard node has SOCKS5 service running on us101-wg.socks5.mullvad.net:1080 address. Now go to the Containers settings and apply the proxy server to the Container: Manage Containers > USA-PROXY > Advanced proxy settings > socks://us101-wg.socks5.mullvad.net:1080 > Apply to Container. Now you can use this Container to browse the internet through a USA endpoint.

Other browsers

You can also use cross-browser extensions like FoxyProxy to specify which proxy server to use for each domain.