How to Install a VPN on Your Router
While most people install a VPN on their computer or phone, many are not aware that you can install a VPN on your router.
Routers usually operate at the network layer, so having a VPN installed on your router secures any device within your network, provides encrypted traffic, and reroutes all of your devices through another country.
If you want to use a VPN on many devices, installing one on your router might be the best solution.
Although a bit more work is initially required, the process is pretty simple. This guide is will show you how to install a VPN on your router (home or office) without much hassle.
It takes about three easy steps to complete: The very first step is to sign up for a VPN service with a reputable service provider. The second is to install DD-WRT firmware on your router (otherwise known as flashing). The last step is to configure VPN client on your DD-WRT ready router in order to connect to a VPN service.
Sign up with a VPN service provider
Before you begin, you need to subscribe to a reputable VPN service. Your router will be connected to this service once it is DD-WRT ready. You need a good trustworthy VPN service to connect to as much as you need a good router. Fortunately, we have a detailed article devoted to choosing a good VPN service.
You should look for a VPN provider whose terms of service allows for installation on a router, offers unlimited bandwidth with no general throttling or service-specific throttling, and offers multiple exit nodes in the country you want to connect from. We recommend these VPN providers that meet the criteria.
Once the signup process is complete, you will receive a welcome email from your VPN provider with access to your exclusive account area using your chosen username and password. For the purpose of this guide, we will be using NordVPN.
Install DD-WRT on your router
Installing DD-WRT on your router will allow it to function as a VPN client, which will enable it to connect to a VPN server.
DD-WRT is an alternative open Source firmware suitable for a great variety of wireless (WLAN) routers and access points such as those from D-Link, TP-Link, Linksys, Netgear, Asus, and others. It was designed as an enhanced replacement for OEM firmware while providing a great number of capabilities.
You can think of firmware as software that operates the router. The firmware also enables us to configure the NordVPN service on the router.
Without DD-WRT firmware, it is impossible to set up a VPN service on a router. Upgrading your router firmware to DD-WRT lifts limitations built-in to the default firmware and transforms it into a powerful business-class router with advanced functionalities including OpenVPN (known for its strong encryption algorithms and ciphers).
If your existing router is not pre-installed with DD-WRT, you’ll need to install it yourself through a process known as flashing. It is a simple process but can be very tricky; doing it incorrectly can leave you with a router that you have to discard. In the event of such, vpnMentor shall not be held responsible or liable for any resulting damages.
Please be aware that flashing your router with a third party firmware may invalidate your device’s warranty (if any); refer to your device’s warranty policies regarding this. Depending on your router hardware specifications, you may also experience Internet speed losses when using a VPN connection due to low router CPU power required to process VPN encryption.
Before you commence the flashing process, you first have to check that your router is DD-WRT supported. Secondly, please note the following required pre-conditions before upgrading your router firmware:
- Do not upgrade your router firmware over a wireless Internet connection, only use a wired connection.
- Do a hard reset on your router before you upgrade the firmware following the ‘30/30/30 procedure ’.
- Unless otherwise specified, use Internet Explorer to access the router administrative interface.
Once these necessary prerequisites are in place, you can begin with the DD-WRT installation process.
If you are uncomfortable with DD-WRT installation on your router, you can purchase a DD-WRT ready (pre-installed) router. Though usually more pricey than the normal routers, Buffalo Technology, Netgear, Asus, and Linksys offer pre-installed customized versions of DD-WRT firmware for some of their routers.
Configure VPN client on your DD-WRT router
Once you have completed DD-WRT installation on your router, the next step is to configure OpenVPN client on the router to enable it to connect to your VPN service or server. There are two possible ways to achieve this: The GUI method and the Script method. For this guide, we will be using the GUI method, which is recommended for most users. Follow the steps below to configure VPN client on your DD-WRT router:
- Go to your VPN provider website and log in to your VPN account area to download setup files.
- Click on the DD-WRT.OVPN configuration files link. A folder will download to your computer containing a full list of NordVPN server locations. Once downloaded, extract the contents of this folder to your computer.
- Now, open your router administrative interface. You can do that by typing your router’s IP address in your browser’s address bar. Refer to your router’s documentation for the default IP if you are unsure.
- First, you need to configure the network settings in order to ensure that your DD-WRT router can connect to the Internet. The IP address must be in a different network class than any other router within your network. To configure the network settings, navigate to Setup > Basic Setup, under ‘WAN Connection Type’ set it to ‘Automatic Configuration – DHCP and give your DD-WRT router a fixed local IP address under ‘Network Setup’ as shown in the diagram below. Under Network Address Server Settings (DHCP), set these NordVPN DNS addresses:
Static DNS 1 = 22.214.171.124
Static DNS 2 = 126.96.36.199
Static DNS 3 = 0.0.0.0 (default)
Use DNSMasq for DHCP = Checked
Use DNSMasq for DNS = Checked
DHCP-Authoritative = Checked
(If you have two routers within your network and your Internet service is managed by one of them (i.e your ISP Internet router/modem and DD-WRT router), make sure your DD-WRT router Local IP address is different from the main router’s IP. (In this case main router’s IP is 192.168.0.1, while the one we’re connecting to NordVPN server is accessible via 192.168.1.1). You’ll also need to connect the ISP router to your DD-WRT router via a cable after configuration. )
- Navigate to Setup > IPV6. Set IPv6 to Disable, then Save & Apply Settings. This is a recommended step in order to prevent possible IP leaks.
- Navigate to Service > VPN. Under ‘OpenVPN Client’, set ‘Start OpenVPN Client’ to ‘Enable’, to see the options necessary for this configuration. Then set the following as shown in the diagram below:
- If for whatever reason the Username and Password fields are missing, you can enable it by navigating to Administration > Commands, and enter the codes below:
NORDVPN_PASSWORD” > /tmp/openvpncl/user.conf
/usr/sbin/openvpn –config /tmp/openvpncl/openvpn.conf –route-up /tmp/openvpncl/route-up.sh –down-pre /tmp/openvpncl/route-down.sh –daemon
- Remember to replace NORDVPN_USERNAME and NORDVPN_PASSWORD with your respective NordVPN account credentials. Click ‘Save Startup’, and return to the previous VPN tab (Service > VPN).
- In ‘Additional Config’ box either enter or copy/paste the following codes verbatim:
#Delete `#` in the line below if your router does not have credentials fields and you followed the 3.1 step:
- Log on to your account area on your VPN provider website (in this case: ucp.nordvpn.com/login) to download the CA and TLS certificates from your ‘Downloads Area’. Using your favorite extractor (WinRar, 7-zip, etc.), unzip the files to your computer to enable you to gain access to the CA and TLS auth certificates folder.
- Using a text editor (such as Notepad or Notepad++), open the ‘CA.crt’ file of the server you chose to use.
- Copy the contents of the ‘CA.crt’ file into the CA Cert field as shown in Figure 3 above. Please ensure that the entire text gets copied and pasted in, including “—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–“ lines.
- Using a text editor (such as Notepad or Notepad++), open the ‘TLS.key’ file of the server you chose to use.
- Copy the contents of the ‘TLS.key’ file into the TLS Auth Key field as shown in Figure 3 above. Please ensure that the entire text gets copied and pasted in, including “—–BEGIN OpenVPN Static key V1—– and —–END OpenVPN Static key V1—–“ lines. After entering all these data, click ‘Save’ and then on ‘Apply Settings’ to complete the task.
- Lastly, you need to verify that the VPN is up and running, to do that, navigate to Status > OpenVPN. Under ‘State’, you should see the message: Client: CONNECTED SUCCESS. This shows that the set up was successful.
- If you wish to temporarily turn off your VPN, you may do so by switching the “Start OpenVPN Client” section to “Disable” under Services > VPN. All your settings will be preserved and you can return to this section at any time to turn the VPN back on.
Although flashing and configuring a VPN on a DD-WRT router demands some effort and patience, if you follow the above steps, you are unlikely to have any difficulties.
If you’re looking for a good VPN, these are the best ones to use with a router