diff --git a/mullvad.spec b/mullvad.spec
index 26d5322..edbbbb8 100644
--- a/mullvad.spec
+++ b/mullvad.spec
@@ -1,6 +1,6 @@
 Name:           3isec-qubes-mullvad-vpn
 Version:       	2024.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Set up a Mullvad qube and disposable template
 
 License:        GPLv3+
@@ -50,13 +50,15 @@ if [ $1 -eq 1 ]; then
   qubesctl --skip-dom0 --targets=sys-mullvad state.apply mullvad.configure
 elif [ $1 -eq 2 ]; then
   qubesctl --skip-dom0 --targets=template-mullvad state.apply mullvad.browser
+  qubesctl --skip-dom0 --targets=template-mullvad state.apply mullvad.browser_client
+  qubesctl --skip-dom0 --targets=sys-mullvad state.apply mullvad.configure
 fi
 
 %postun
-if [ $1 -eq 0 ]; then
-fi
 
 %changelog
+* Mon May 20 2024 unman <unman@thirdeyesecurity.org> - 2024.3.2
+- Make VPN settings persistent in sys-mullvad
 * Sat May 18 2024 unman <unman@thirdeyesecurity.org> - 2024.3.1
 - Update to Mullvad VPN 2024.3
 - Update to include new Mullvad Browser 13.0.15
diff --git a/mullvad/browser_client.sls b/mullvad/browser_client.sls
new file mode 100644
index 0000000..fa733a3
--- /dev/null
+++ b/mullvad/browser_client.sls
@@ -0,0 +1,17 @@
+/home/user/Downloads/mullvad_browser-linux-x86_64-13.0.15.tar.xz:
+  file.managed:
+    - source:
+      - salt://mullvad/mullvad-browser-linux-x86_64-13.0.15.tar.xz
+    - user: root
+    - group: root
+    - makedirs: True
+
+remove_mullvad_browser:
+  file.absent:
+    - name: /home/user/mullvad-browser
+
+mullvad-browser-linux-x86_64-13.0.15.tar.xz:
+  archive.extracted:
+    - name: /home/user
+    - source: /home/user/Downloads/mullvad_browser-linux-x86_64-13.0.15.tar.xz
+    - user: user
diff --git a/mullvad/configure.sls b/mullvad/configure.sls
index 202241c..05675d0 100644
--- a/mullvad/configure.sls
+++ b/mullvad/configure.sls
@@ -24,3 +24,10 @@
     - group: root
     - mode: '755'
     - makedirs: True
+
+# Make settings persistent using bind-dirs
+bind_mullvad_settings:
+  file.append:
+    - name: /rw/config/qubes-bind-dirs.d/50_user.conf
+    - text: "binds+=( '/etc/mullvad-vpn' )"
+    - makedirs: True
diff --git a/mullvad/start-mullvad-browser.desktop b/mullvad/start-mullvad-browser.desktop
index 856c957..ecf3d66 100644
--- a/mullvad/start-mullvad-browser.desktop
+++ b/mullvad/start-mullvad-browser.desktop
@@ -29,6 +29,6 @@ GenericName=Web Browser
 Comment=Mullvad Browser  is +1 for privacy and −1 for mass surveillance
 Categories=Network;WebBrowser;Security;
 Exec=sh -c '"/home/user/mullvad-browser/Browser/start-mullvad-browser" || ([ !  -x "/home/user/mullvad-browser/Browser/start-mullvad-browser" ] && "$(dirname "$*")"/Browser/start-mullvad-browser --detach)' dummy %k
-X-MullvadBrowser-ExecShell=./Browser/start-mullvad-browser 
+X-MullvadBrowser-ExecShell=./Browser/start-mullvad-browser
 Icon=/home/user/mullvad-browser/Browser/browser/chrome/icons/default/default128.png
 StartupWMClass=Mullvad Browser