Trying to install VPN and these are the instructions Mullvad is giving me. This is ridiculous. There must be a more simple way. I know how to follow the instructions but I have no idea what I’m doing here. Can’t I just download a file and install it? I’m on Ubuntu.
It’s copy and pasting 5 lines into the terminal and hitting enter. It’s not that hard. If it’s not worth the 15 seconds of ‘work’ you probably don’t need the software that badly.
And it’s not the default. Usually you shouldn’t add random software sources and download software from some websites. Your Linux package manager should be the source for software. (Software Manager / Store / Synaptics, … whatever Ubuntu calls it) It installs software with one or two clicks with the mouse, the software there is tested and tied into the rest of the systems and tens of thousands of packages are available. No malware guaranteed, and updates are handled automatically.
And with other Operating systems it’s also ridiculous: You need to find the website of some software, avoid malware and copycats that advertise similar software with ads, click download, click ‘yes’ I accept a download with a harmful extension. Then you need to open the file manager and double click on it. Then a window opens and you need to click ‘next’. Accept the terms. Give permission to install and maybe remove a few ticks and choose a location. I’d say it’s about the same amount of work and the downside is it doesn’t necessarily handle updates and security fixes.
I think Ubuntu doesn’t have Mullvad available in their own repository. I took another approach and imported their settings/profile into the VPN/network manager that is available per default on many Linux distributions. No install required at all. But importing the settings isn’t easier, so YMMV here. And I think you have to create a profile for each and every country/endpoint which is a bit cumbersome, depending on what you’re trying to do with the VPN.
It’s copy and pasting 5 lines into the terminal and hitting enter. It’s not that hard. If it’s not worth the 15 seconds of ‘work’ you probably don’t need the software that badly.
Telling people to just run random code they found on the internet and don’t understand is really bad advice.
But how do you think you install software on Windows? You download a random installer from the internet and double-click it. The installer is an executable file and runs some code on your computer to set up the software. I’d argue it’s exactly the same.
In the one instance you copy and paste code and run it. In the other instance you execute an installer that also contains the random code. And you can’t even have a look what happens.
The real issue is: You have to trust the vendor. If you don’t trust Mullvad, don’t run their 5 lines of code. But you then also shouldn’t install their software and not run their windows installer. I don’t see a way around this ‘trust’ issue.
The proper way of course would be a standardised process that also confines the software into containers with minimal permissions. Something like Android Apps. In theory you could add a default update process so the vendor just needs to define an update server in the (apk) installer file. Google didn’t do this, but they want people to use their Play Store. And I don’t think we have a permission system that is actively used on any of the major desktop operating systems, anyways.
As others have already pointed out, a lot of Linux software is installed from repositories in a standard way, and once you do that, it updates automatically.
However, as you’ve already discovered, there’s more than one way to install Linux software. Repositories are still the most common way, but installing single .deb’s (Debian based distributions) or .rpms (RedHat packaging format) is still there and there are more like Snap, Flatpak and Appimage. You can also often just download the source and compile it yourself. It’s a very diverse ecosystem, not like the controlled worlds of WIndows and Mac.
In this case you can download the .deb file, and pretty sure you can even install it through the file manager, just like in Windows (I don’t use Ubuntu, but I think it will just start GUI installation if you double-click on a .deb file).
But lot of things in Linux are still done through the terminal, like changing configurations and, yes, installing things.
Getting used to it takes a while, especially if you’re not used to modern Windows administration through PowerShell.
The important part is trying to figure out what each of the commands do and that the output actually means. Software that supports Linux normally has very clear instructions (like in this case), but it does require willingness to change habits, technical curiosity and some trial and error (patience). It’s not quite as polished experience as the commercial OS’s. There’s still a lot of rough edges for the user.
And click the “download .deb” button (It says underneath “Works on Ubuntu 20.04+, Debian 11+ (64bit only)”. As long as your Ubuntu is up-to-date, this will work fine)
you get a file (“MullvadVPN-2023.6_amd64.deb”) you can run just like on Windows (similar to MullvadVPN-2023.6.exe)
opening the file should open a GUI for installing the file
Keep in mind, to update Mullvad VPN, you would need to download a newer .deb file (after an update is released). It shows the latest version above the download buttons, below the “Mullvad VPN for Linux text” This is the same as how it is on Windows
Edit: This is not intended as good advice, just a simple way to install Mullvad VPN. The smartest solution would be to add the repo.
2nd Edit: While this is how Mullvad provides their software, it is never ideal to install random .deb packages or add third party repos without being sure that the ones who provided the package/repo is trustworthy.
It might not be good advice, but that was not what OP asked for.
My comment was meant as a beginner-friendly way to install Mullvad VPN on Ubuntu, and not unsolicited advice telling them to learn something that should not be needed for daily computer usage. And while adding the repo might be the better solution, that would require the use of the terminal, and as multiple people have proven to me, that wouldn’t be a friendly way to introduce Linux to someone just starting out.
You don’t teach someone to swim, by dropping them in the middle of the pacific.
Many, perhaps even most, installation guides for software use commands because the graphical alternatives can vary wildly between desktops and distributions. So using commands in guides is usually the more likely to work.
That said, what Mullvad does is stupid. The downloadable deb and rpm files should just initialize the update repository. That is what Google does with their Chrome download. Basically download the file, double click on it, confirm installation. That’s it. Users don’t need to do that manually for Chrome.
Luckily, there are only a few cases remain for this type of installation. Most regular things should be either in your distribution’s regular repository or on Flathub.
This is one of the hardest walls for people to jump over mentally, from scavenging the internet for binaries to using a package manager.
I think ideally one should understand what they’re doing, I think that if you did you would realise it’s not hard, just different from what you’re used to. Usually you install things using the graphical package manager, of which there are a lot, since I don’t know which one you are using nor have I used any of them in a long while, I’ll use the terminal as an example (same reason the site uses terminal commands), but all of this is almost assuredly possible via GUI.
To install things you usually do sudo apt install , this is a huge advantage on Linux, it works similar to your phone in that everything gets updated together but also it installs dependencies separately, which means that instead of having 10 copies of the same library for 10 programs that use it (like on Windows) you get a single one, which is part of the reason binaries are smaller on Linux.
The problem with this approach is that some programs are NOT listed there, the only programs there are the ones the maintainers of your distro (Ubuntu in this case) can review and approve. So you can have a lot of different solutions for this:
The first and most obvious for Windows users is to download the .deb from the website and just run that like you would a binary on windows, i.e. double-clicking it, or from the terminal you can run sudo dpkg -i . This works, but you lose the advantages of a package installed via your package manager, i.e. you would get the same experience as on windows, so it’s not ideal.
The second way is the one they’re describing, essentially you’re adding a new repository to the package manager, that the people who wrote the program are maintaining (instead of Ubuntu guys), this is a two step process, sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc that command is downloading the file https://repository.mullvad.net/deb/mullvad-keyring.asc and putting it in /usr/share/keyrings/mullvad-keyring.asc, this is needed because repositories are not trusted by default, that would be a security nightmare, you can do this via GUI if your problem is with the terminal , just download the file and copy it to that location, it’s just harder to explain than giving you a command. Then it’s adding the repository to the repository list, the command is echo “deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main” | sudo tee /etc/apt/sources.list.d/mullvad.list that command has a lot to unwrap, in essence it’s editing the file /etc/apt/sources.list.d/mullvad.list and writing a line like deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=amd64] https://repository.mullvad.net/deb/stable focal main" there, but because the guy who wrote this doesn’t know your architecture (e.g. amd64) nor your version (e.g. focal) he wrote a command that gets that information from your system, you can instead write the file yourself if you know those. Then install via package manager as normal.
There’s a third way which is more recent which is install via snap/flatpak which is similar to install via package manager, except you don’t add new repos.
There’s a fourth way which is manually, usually when you compile stuff you install them manually.
I know it’s a lot to take in, but I’m of the opinion that if you understand what’s happening it makes things easier.
Just as an addendum to your answer. In the command writing to mullvad.list the | sudo tee /etc/apt/sources.list.d/mullvad.list is using two helpful linux utilities to modify the command. The first is the | which is called a pipe and connects the text output of one program to the text input of another. The pipe is connecting the output of echo which simply prints a string, in this case composed of the outputs of several other commands to the program tee. Tee which is given admin privileges by the sudo takes an input stream and splits it between two files. In this case those are mullvad.list and since no other was provided stdout the output pipeline of the terminal running the command.
EDIT:
In the interest of further completeness. Another utility used in those commands is the command substitution operator of sh. So when the terminal is interpretting text $(some command) gets substituted out for the text output by the command in the parentheses. It is another common way of connecting commands on the shell to allow for more flexible and powerful commands.
The problem is that for most users, when their setup is completed they won’t need to play with it for a while so after that any time they need to install something new through the terminal it means losing time to find instructions again.
Nothing is learned, to the eyes of a casual users it’s just meaningless entries getting copy/pasted and it’s information getting repeated again and again and again just with slightly different entries for each program. Meanwhile “how to install a program on Windows” would basically require one page on the whole internet to cover 99% of situations: “Download the install file, double click it, follow the on screen instructions to automatically install the program”.
The problem is that for most users, when their setup is completed they won’t need to play with it for a while so after that any time they need to install something new through the terminal it means losing time to find instructions again.
Which is why it’s better to understand what you’re doing than blindly copying pasting. You won’t need to remember these since whatever you want to install if it’s not on the repos you’ll have to google it same as if you were on Windows.
Also on Windows the steps are: Download the install file, double click it, follow the on screen instructions to automatically install the program, then every week or so go back to the website, check if a new version was released, if so download it and install it again. If the configuration would be destroyed by doing this first, make a backup first, if the new version is not backwards compatible for configuration move the existing configuration changes so that you get the new default after install and can apply your changes afterwards.
That’s closer to the truth, and you need to do that weekly for every one of the dozen or hundreds of programs a person has, no wonder people don’t update their programs on Windows and become susceptible to lots of exploits over time.
Also, read my option 1, which is what most websites offer you first, i.e. download a .deb and run it which is the equivalent of Windows, with all of its downsides. For example if you go to that website that OP posted and click on downloads you can select Windows, Mac or Linux, and you can download an installer that way and be done with it. But only Linux has a better option that takes a couple more steps but saves you lots of time in the future.
then every week or so go back to the website, check if a new version was released, if so download it and install it again
Don’t know what kind of program you’re running but… No.
Also if you want adoption you need to make your product easy to use and not ask them to become experts at how things work. Do you think all bike riders know how to adjust their derailer or even care to know? No, because people have other things they care about. Same guess 6 for computers, if Linux requires users to understand how to do things manually in the terminal then the “year of the Linux computer” will never happen.
the “year of the Linux computer” will never happen.
It won’t, that’s fine. People who don’t want to lean anything about computers use iOS and Android now. And that’s fine. I never want Linux distros to become like that.
Don’t know what kind of program you’re running but… No.
My Linux has updates every week, which means that if I was on Windows to keep everything the same up to date I would need to check every website to see which app released this week, maybe this week Firefox had a new release, maybe next week it’s mullvad VPN, and next week is the NVIDIA driver, but if I hadn’t checked all of them I would not know which ones have a new release.
Also if you want adoption you need to make your product easy to use and not ask them to become experts at how things work
Agreed, but also you should have options so that power users can take advantage of it.
Do you think all bike riders know how to adjust their derailer or even care to know?
Do you think that bikes should not have gears since most people don’t know how they work? No, because even if you don’t understand the mechanics you can understand the general terms, and even if you don’t understand gears you can just not use them, same as a package manager. Options is always better.
if Linux requires users to understand how to do things manually in the terminal then the “year of the Linux computer” will never happen.
It doesn’t require it, you’re ignoring the fact that OP could have just clicked download and download an installer same as he would on Windows. But if you can use the terminal and understand package managers you can use Linux in a way that Windows is impossible, if you can’t you can still use Linux in the same way you would windows with all of the sales downsides.
Asking why something is the way it is makes you more of a “Linux user” than many.
You make a valid criticism; there’s definitely a learning curve to installing software if you choose to do it that way (since it’s not similar to other OSs), and it’s not automatically explained to new users by using the OS.
Here’s the understanding of it I’ve come to, if you’re interested:
Like others have said, the .deb file would be the equivalent of an .exe file on Windows. Like many .exe files, unless they include an auto-updater, they won’t automatically update.
A key difference I would like to point out is that Linux package managers often update and manage parts of the OS in addition to extra software. Windows and macOS both update their OS separately.
“Ubuntu Software Center” is similar to the “Microsoft Store” on Windows and the “App Store” on macOS. Like those, it’s user friendly and provides automatic updates, but it also doesn’t have every app. You can ensure those apps are safe because the company behind the OS verifies them.
“apt-get” is the default package manager for Ubuntu. That is the tool doing the heavy lifting underneath, and what those commands Mullvad gave are for.
Mullvad could have provided a script to download and run that executes those commands for you, but then you wouldn’t know what it’s doing, especially with it needing admin permission. With how security-oriented Mullvad’s brand is, I think that’s one potential reason they explain the steps and have the user do it instead.
Self-updating apps aren’t a big thing on Linux, so the Windows way isn’t an option…
The signing key is important for security reasons, so you definitely need to add that. After adding the repo you can just use Synaptic or whatever app store thingy Ubuntu uses.
Most of the time you shouldn’t need to fiddle with the command line and the apps you will need are available through the Software Centre and the entire process will work like on Windows.
For me, Linux was the first operating system I used that had an app store or software centre and I was pretty glad to not need to…
It’s less complicated than it looks like. The text is just a poorly written mess, full of options (Fedora vs. Ubuntu, repo vs. no repo, stable vs. beta), and they’re explaining how to do this through the terminal alone because the interface that you have might be different from what they expect. And because copy-pasting commands is faster.
Can’t I just download a file and install it? I’m on Ubuntu.
Yes, you can! In fact, the instructions include this option; it’s under “Installing the app without the Mullvad repository”. It’s a bad idea though; then you don’t get automatic updates.
A better way to do this is to tell your system “I want software from this repository”, so each time that they make a new version of the program, yours get updated.
but I have no idea what I’m doing here.
I’ll copy-paste their commands to do so, and explain what each does.
The first command boils down to “download this keyring from the internet”. The keyring is a necessary file to know if you’re actually getting your software from Mullvad instead of PoopySoxHaxxor69. If you wanted, you could do it manually, and then move to the /usr/share/keyrings directory, but… it’s more work, come on.
The second command tells your system that you want software from repository.mullvad.net. I don’t use Ubuntu but there’s probably some GUI to do it for you.
The third command boils down to “hey, Ubuntu, update the list of packages for me”.
I would have guessed that Ubuntu would install it by default since its a very common way to get stuff from the internet (when in the terminal), but apparently not (the other option is wget which is most likely installed, but that uses a different way to get the stuff).
You should be able to install curl with sudo apt install curl
Hmm… ProtonVPN team solved this in better way. They put the repo configuration stuff into DEB file, so it’s just a matter of double clicking it and clicking install on Debian-based and Ubuntu-based (I know Ubuntu is Debian-based) distros and then installing the ProtonVPN client through either GUI or CLI package manager, whichever you wish to use. More newbie-friendly.
Unfortunately, I also just learned they dropped support for Arch Linux :(
We’d love to support the new app for arch Linux but honestly we’re understaffed and don’t have the bandwidth to be supporting the same distros that we did before with the previous client (4 packages before vs 10 packages now). If anyone from the community is willing to make AUR packages for themselves and publish/maintain them we’re totally fine with that, as long as people keep in mind that it would be an unofficial version because we currently don’t support arch Linux with the new v4 app.
Hmm… ProtonVPN team solved this in better way. They put the repo configuration stuff into DEB file, so it’s just a matter of double clicking it and clicking install
I was wondering how they’d solve signature checking and key installation - and looking at their page they seem to recommend skipping checking package signatures which, to be honest, isn’t a super good practice - especially if you’re installing privacy software.
Please don’t try to check the GPG signature of this release package (dpkg-sig –verify). Our internal release process is split into several part and the release package is signed with a GPG key, and the repo is signed with another GPG key. So the keys don’t match.
I get it’s more userfriendly - and they provide checksums, so not a huge deal, especially since these are not official Debian packages, but the package signing has been around since 2000, so it’s pretty well established procedure at this point.
The curl that ships with apt is ubiquitous enough that I trust doing sudo curl xxx yyy more than enough if it means avoiding typing curl xxx /tmp/yyy && sudo mv /tmp/yyy yyy
Frankly in this case even a simple bash script would do the trick. Have it check your distro, version, and architecture; if you got curl and stuff like this; then ask you if you want the stable or beta version of the software. Then based on this info it adds Mullvad to your repositories and automatically install it.
I like them, even for software installation. Partially because they’re lazy - it takes almost no effort to write a bash script that will solve a problem like this.
That said a flatpak (like you proposed) would look far more polished, indeed.
Hello new Linux user! So yes, your correct when installing apps on Linux sometimes you might need to do it via command line other times you’ll get a nice install file you can double click. It’s really down too the software manufacturers on how they choose to package it.
In general with Linux you’ll find there’s still a lot of command line usage compared to Windows or osx. On those platforms for most users they would barely touch a terminal except in some kind of bug fixing emergency.
Some distros come with their own app store built in (like the windows or osx app store) and allow you to install a bunch of apps via the gui.
What version of Linux did you go for out of interest? Some are much more beginner and use friendly than others.
There indeed is an app store from where I installed few apps before. I need to check if they have Mullvad there. I do much prefer installing apps thru a GUI. While I know how to follow instructions and copy & paste these commands into terminal, it’s frustrating as I have no idea what any of these does. I might just aswell be unknowingly installing a keylogger or something.
I have no idea what any of these does. I might just aswell be unknowingly installing a keylogger or something.
This actually applies to windows GUI installers just the same. You really don’t know what you’re installing either, although you do usually give it administrator permission to make changes to the system. In some way it’s even worse, it’s “running commands” and hiding it from you.
That is a good mindset and you should hold on to it. Of course a gui can install a keylogger for you just as easily if not more so.
Trusted install sources, usually called repositories, are the way. Chances of malware exist, but they would require some spectacular shenanigans or conspiracies to set up.
With a GUI you also don’t know what it does. Its the same situation, you just click a button that runs the code instead of copying and pasting the code in the terminal. (And I would say the latter is safer because it is more transparent (for those who want to figure it out)).
As a side note, dealing with adding repos and keys and all that is something I will never miss from apt. I use Arch and installing things is usually as simple as… well let me check.
<span style="color:#323232;">$ yay mullvad
</span><span style="color:#323232;">...
</span><span style="color:#323232;">2 aur/mullvad-vpn-bin 2023.6-1 (+86 1.36)
</span><span style="color:#323232;"> The Mullvad VPN client app for desktop
</span><span style="color:#323232;">1 aur/mullvad-vpn 2023.6-1 (+126 2.10)
</span><span style="color:#323232;"> The Mullvad VPN client app for desktop
</span><span style="color:#323232;">==> Packages to install (eg: 1 2 3, 1-3 or ^4)
</span><span style="color:#323232;">==> _
</span>
And it’s option 1. So easy. Type 1 and press enter and you’re done.
Both options will install the Mullvad client from the AUR. (If you use an arch derivative, that already tells you some things. If you don't, then you are missing some context.) The first option will install from binary, the second will compile from source. Which you choose is up to you.
If you blindly chose one over the other because you didn't know, worst case you end up being impatient if it takes awhile to compile from source.
Yeah, how Ubuntu is supposed to be noob friendly and continues to be recommended blows my mind. Seems like every stupid app you want to install needs you to add a ppa that is almost guaranteed to break on the next major update. And ugh snaps …
AFAIK, most distros will also have a package manager/software center where you install flatpaks (or snaps if you are on ubuntu). Think of flatpaks akin to mobile apps where everything needed is all together in one package. Not all apps will be flatpaked though, and VPNs tend to be nearly always direct binaries due to needing some higher level permissions than what flatpaks will allow.
Essentially, what im saying is no, not all apps need to be manually installed, but some might need to for one reason or another. And sometimes, knowing a little about how some of these apps are installed might actually help you understand linux a little more (it has in my case)
Normally you’d just run sudo apt install … but in this case you are adding a new repository so you have to follow the extra steps of adding the signing key and so on first.
Add comment