How to set up a Mysterium VPN Node

Jul 13, 2018 · 5 min read
Image for post
Image for post

What is Mysterium?

Mysterium is a decentralized VPN powered by Blockchain. It’s an Open Sourced Network allowing anyone to rent their unused Network traffic, while providing a secure connection for those in need.

Mysterium is currently undergoing an open TestNet where anyone with the necessary software can set up a Node within the network to act as an endpoint for users traffic. You can see stats of the current TestNet here. This shows the current status of Nodes on the network, where they are based, and how much traffic the network is pushing.

How can I get involved?

Operating a Mysterium Node is straightforward and simple, thanks to the use of the Docker container engine. Docker is available to run on Linux, Windows, and macOS.

  • Linux, Windows, or macOS operating system.
  • Minimum 1GB of RAM
  • A decent internet connection to give VPN users the best experience.

Docker has installation guides for Linux, Windows, and macOS, below are the links to these installation guides. For Linux I would suggest the linked Digital Ocean tutorial due to its ease of following.

Now you have Docker installed, in your Terminal or CLI run:

docker pull mysteriumnetwork/mysterium-node

This pulls down the Docker container for the Mysterium Node from the Docker repository, this can be found here for reference.

Now you have the Mysterium Node image on your machine, it is time to create a container with it!

Note: You may need administrative privileges to run these commands.

If you are on Linux run the following:

docker run --cap-add NET_ADMIN --net host --publish "1194:1194" --name mysterium-node -d mysteriumnetwork/mysterium-node --agreed-terms-and-conditions

If you are on Windows or macOS run the following:

docker run --cap-add NET_ADMIN --net default --publish "1194:1194/udp" --name mysterium-node -d mysteriumnetwork/mysterium-node --agreed-terms-and-conditions

And that is it! You should now have the Mysterium Node up on running as a Docker container on your system. To check if it is running run the following command:

docker ps -a

You should see an entry that resembles the following.

Image for post
Image for post
Output of docker ps -a

As you can see, mysterium-node is running successfully.

Finally, check the logs of the container to verify that your Node has registered it’s identity with the Mysterium Authentication servers. Run the following command.

docker logs -f mysterium-node

You should see a line that contains information similar to below, but with your own unique identity.

[Mysterium.api] Identity registered: 0x4cd126119cd14e38c90e34dd8b6e0e2174b71123
[Mysterium.api] Proposal pinged for node: 0x4cd126119cd14e38c90e34dd8b6e0e2174b71123

If you make note of you identity, such as the one in the above example of0x4cd126119cd14e38c90e34dd8b6e0e2174b71123 and open the Mysterium TestNet page, you can find your node in the “Last Available Nodes” column on the left, were you can see usage statistics of your specific Node.

If you see all of this, then your node is up and running on the network, and you are officially part of the worlds first decentralized blockchain VPN!

Firewall and Port Forwarding Rules

If your machine has an active firewall, you will need to make sure that the Mysterium Node is allowed through it. To do this you need to allow the UDP port 1194.

On Linux, you may also need to check if ip_forward is enabled. To do that run the following commands.

check ip_forward status:

cat /proc/sys/net/ipv4/ip_forward

enable ip_forward if disabled:

sysctl -w net.ipv4.ip_forward=1

It also might be that default firewall forward policy is set to DROP. In that case try setting it to ACCEPT. Generic way to do it, provided there are no other interfering rules:


If the system that you run your Mysterium Node on is not directly connected to the internet, with it’s own IP address (such as a personal machine on a home network) then you will need to port forward on your networks router.

Below is a brief example of port forwarding and why it would be needed.

Port forwarding rule example: PUBLIC_IP:1194 -> NODE_IP:1194

Assuming that system running Mysterium Node doesn’t have external interface with a public IP. E.g. My publicly visible ip is [78.X.Y.Z] and my laptop’s local ip [], so I port forwarded 78.X.Y.Z:1194 -> in router, which I have access to.

You can find specific information on how to port forward on your router by searching Port Forwarding followed by the make and model of your router.

Running the Mysterion Client

Now you have a Node up, you want to also use the other Nodes hosted by the community! This is where Mysterion, the VPN client comes in. Currently this client is only compatible with macOS. The download for the .dmg file can be found here.

EDIT: Windows client is now available!

Once installed you can select what Node you want your traffic to forward to from the drop-down list. This is also a good opportunity to test if you can access your own Node from the client. Look though the list until you see your Node identifier, and connect to it from there.

Need more help?

If you need more help with any of the steps, there is a wiki with common issues on the Mysterium Github, located here.

You can also join our Telegram community for help from our community!



Please be sure to follow and subscribe to the following:

Medium —

Rules & FAQ
中文 / Chinese
Español / Spanish

Mysterium Network

Decentralized VPN built on blockchain …

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store