How to set up OpenVPN on OpenWRT using the router's web interface

In this article, you will learn how to configure the Surfshark Open VPN tunnel on your OpenWRT router through the router's web interface.

Note: if you would prefer to set it up via the terminal instead, please check out our guide on how to set up OpenVPN on an OpenWRT router.

You will learn how to:

  1. Find your login details 
  2. Choose a Surfshark server
  3. Configure the OpenVPN client
  4. Make sure your connection is successful 


Find your login details


  1. Enter the Surfshark dashboard page and generate your credentials for OpenVPN by following these steps: click on VPN > Manual Setup > Router > OpenVPN.

    You may need to log in when you enter this page. In that case, simply enter your email and password and press "Log in."

  2. Once you're there, make sure that you are in the Credentials tab and click on Generate credentials. It is a good idea to keep this tab open for now, as we'll need it later.



Choose a Surfshark server


  1. Go to the Locations tab (on the same page) and locate the server that you wish to connect to.

  2. Click on the download icon to the right of the server name and click on Download UDP. 


Configure the OpenVPN client

  1. Firstly, enter your OpenWRT router's web interface by entering its local OP address into your internet browser's URL bar. By default, the IP address is The username is root.

    If it is your first time set up, no password is set. You can set it up by clicking on System > Administration.

  2. Once you log in, select System and then click on Software.

  3. Next, click on Update lists, and then wait for the process to finish. Once it does, click Dismiss.

    Now, you will see a list of all the packages you have installed in your OpenWRT router.

    We will have to install the following packages by typing in their name in the Filter field and then clicking Install...

  4. Click Save & Apply and refresh the router page. A new tab, called VPN, should be visible now. Click on it and choose OpenVPN from the dropdown menu.

    Under the OVPN configuration file upload section, name the VPN connection in the Instance name field. You can name it whatever you like. In our case, we named it surfshark_uk_lon. Next, click on the Browse button and select the downloaded server file by pressing Upload.

  5. In the OpenVPN instances tab, click the Edit button next to the connection instance you have just created.

  6. In the field lower below, enter your credentials from the first step.

  7. Now, you need to copy the path to the credentials file that is given by writing it next to the auth-user-pass line in the Config file.

  8. Click the Save button once done.

  9. Now, click the Network tab at the top of the page, choose Interfaces, and select Add new interface... Name it "surfsharktun".

  10. Click on the Protocol dropdown menu and select Unmanaged.

  11. In the Interface drop-down, enter the name tun0 at the bottom -- custom -- field and press the Enter key.

  12. Now, click the Create interface and Save buttons. After, choose the Network tab at the top again, and head to the Firewall section. When there, click the Add button and adjust it like so:

    1) Name it vpnfirewall;
    2) Set the Input option as Reject;
    3) Leave Output as Accept and Forward as Reject;
    4) Check the Masquerading option;
    5) Check the MSS clamping option;
    6) From the Covered Networks drop-down menu, choose surfsharktun;
    7) In the Allow forward from source zones drop-down menu, choose lan;
    8) Click the Save button.

  13. In the Zones section, find the zone named lan and click on the Edit button.

  14. In the Allow forward to destination zones drop-down menu, check the surfsharktun entry and make sure to click Save after.

  15. Click on the Network tab at the top of the page again and select DHCP and DNS.

  16. In the General Settings tab, find the DNS forwarding option and enter Surfshark DNS addresses there. The addresses are and

  17. Now go to the Resolv and Hosts Files tab, check the Ignore resolve file checkbox, and click the Save & Apply button.

  18. Lastly, head back to the VPN tab and select OpenVPN. In the OpenVPN instances section, check the Enable option next to the Surfshark option in the list. Then, click on the Save & Apply button.

  19. Now, all you have to do is press Start next to the Surfshark instance, and you'll be connected. Once you wish to disconnect, press Stop.

Make sure your connection is successful


It's always recommended to check whether your connection was successful after setting up a VPN for the first time. This can be easily done by doing an IP leak test and a DNS leak test, which is available on our website.

You may also be interested in:

  1. How to make sure if my connection was successful
  2. How to set up a router with Surfshark
  3. How to check if your router supports VPN



Was this article helpful?
Thank you for your feedback!