Overview
Themullvad lockdown-mode command controls whether to block all network traffic when the VPN is disconnected. This provides a kill switch functionality to prevent unprotected connections.
Syntax
Subcommands
get
Display the current lockdown mode setting:set
Change the lockdown mode setting:on- Enable lockdown mode (block traffic when disconnected)off- Disable lockdown mode (allow traffic when disconnected)
Behavior
Lockdown Mode ON
When lockdown mode is enabled:- ✓ All network traffic is blocked when VPN is disconnected
- ✓ Prevents accidental IP address leaks
- ✓ Acts as a kill switch for VPN connection
- ✓ Only Mullvad daemon traffic is allowed (for reconnection)
- ✓ Local network access depends on lan settings
Lockdown Mode OFF
When lockdown mode is disabled:- Network traffic is allowed when VPN is disconnected
- Your real IP address is exposed when not connected
- Normal internet access when VPN is off
Examples
Check Current Setting
Enable Lockdown Mode
Disable Lockdown Mode
Use Cases
Maximum Privacy Protection
Enable lockdown mode to ensure you never accidentally leak your IP:- Automatically connects on startup
- Blocks all traffic if VPN disconnects
- Provides continuous VPN protection
Flexible Usage
Disable lockdown mode for flexibility:- You need internet access without VPN occasionally
- You want to manually control VPN connection
- Testing or troubleshooting network issues
Emergency Internet Access
If locked out of internet with lockdown mode enabled:Network Blocking Details
What Gets Blocked
With lockdown mode enabled and VPN disconnected:- All outbound internet traffic
- All inbound internet traffic
- DNS requests to non-VPN servers
- Applications cannot access the internet
What Stays Allowed
Even with lockdown mode enabled:- Mullvad daemon can connect to Mullvad API
- Local network access (if lan setting allows)
- Loopback traffic (localhost)
Exception: Local Network
Local network access depends on your lan configuration:Interaction with Other Settings
Auto-Connect
Lockdown mode works well with auto-connect:- VPN connects automatically on startup
- Traffic blocked until connection succeeds
- Reconnects automatically if connection drops
Split Tunneling
Lockdown mode affects split tunneling:- Excluded processes are also blocked when lockdown mode is active and VPN is disconnected
- To allow excluded processes internet access, disable lockdown mode
Comparison with Kill Switch
Lockdown mode is Mullvad’s implementation of a VPN kill switch:| Feature | Lockdown Mode |
|---|---|
| Blocks traffic when disconnected | ✓ |
| Prevents IP leaks | ✓ |
| Allows VPN reconnection | ✓ |
| Configurable | ✓ |
| Works across reboots | ✓ |
Related Commands
- connect - Connect to VPN
- disconnect - Disconnect from VPN
- auto-connect - Configure automatic connection
- lan - Configure local network access
- status - Check connection status
Exit Status
| Code | Description |
|---|---|
| 0 | Setting updated successfully |
| 1 | Failed to update setting |
Notes
- Lockdown mode is persistent across restarts
- The setting is stored in Mullvad daemon configuration
- Lockdown mode is enforced by firewall rules
- Local network access is controlled separately via lan command
- Mullvad daemon always has network access to reconnect
Troubleshooting
No Internet Access
If you have no internet access:-
Check lockdown mode status:
-
Check VPN status:
-
Either connect to VPN or disable lockdown mode:
Can’t Access Local Network
If local network is blocked:Source Reference
Implementation:mullvad-cli/src/cmds/lockdown.rs