Mullvad's new GotaTun WireGuard implementation passes its first independent security audit – here's what you need to know

Mullvad's new WireGuard implementation, GotaTun, has undergone its first independent security audit.

The protocol is used in the VPN's Android apps and "no major vulnerabilities were found." Assured Security Consultants completed the audit at the beginning of 2026, and tests covered most, but not all, of GotaTun v0.2.0.

Mullvad VPN is challenger to the best VPNs and it makes privacy and security a priority above all else. GotaTun is written in Rust and was released in Decembner 2025. It aims to bring speed, efficiency, and reliability to VPN connections.

It supports privacy-features including Multihop and Defence Against AI-guided Traffic Analysis (DAITA). Mullvad's Android VPN app was the first to receive GotaTun, with further platform support coming in 2026.

"No major vulnerabilities found"

GotaTun's audit took place between January 19 and February 15, 2026, with Mullvad publishing the results on March 6, 2026.

DAITA, the GotaTun CLI, and "external dependencies" were not part of the audit. However, the rest of GotaTun v0.2.0 were subject to an assessment by Assured Security Consultants.

The group said "GotaTun has no major vulnerabilities," and two low severity issues were identified.

Most of the recommendations were fixed before the audit was published, including those for the low-severity findings. Mullvad said some of the notes "did not require immediate attention."

What were the findings?

With GotaTun, 24 bits of the WireGuard session identifiers were static. The remaining eight were "a predictable counter which increased with every new session." This deviates from WireGuard's own specification, which recommends generating a random 32-bit integer for each session.

Mullvad said this was inherited from BoringTun – the original WireGuard in Rust project – and it has been patched to conform to the WireGuard specification. Mullvad said the issue "likely did not provide much information to a passive observer" and it was one of the two "low" risk vulnerabilities.

The second low-risk vulnerability concerned packet padding. According to the WireGuard specification, packets should be padded prior to encryption, with their lengths divisible by 16. Mullvad confirmed it had updated its code "to always pad the payload before encrypting it."

It was noted that, "in most cases," GotaTun "did not correctly begin sending packets to the new address" if a user's IP address changed. It therefore wasn't handling the roaming of users correctly.

Mullvad said this doesn't affect the Mullvad VPN as its "servers never change IP addresses during an active WireGuard session." However, the VPN decided the issue was important enough to fix.

All Mullvad's fixes are available in GotaTUn v0.4.0. The VPN said it has "even more confidence in the reliability of GotaTun" following this audit. Its rollout across remaining platforms remains on track for 2026.

Mullvad published the full results of GotaTun's audit on its website.