How to set up OpenVPN on DD-WRT router

In this tutorial, you will learn how to set up a DD-WRT VPN using the DD-WRT OpenVPN client interface.

To begin with, you need an active Surfshark subscription, which you can find on Surfshark’s pricing page.

NOTE: Your router must have at least 8 MB of flash memory to maintain the VPN connection.

We will cover the following:

  1. Get your credentials

  2. Choose a Surfshark server

  3. Configure the OpenVPN client

  4. Connect to the VPN
  5. Ensure that the connection is successful

 

Get your credentials


NOTE: These are not your regular credentials, such as your email and password.

  1. Enter the Surfshark login page and log in. Then, click on VPN > Manual Setup > Router > OpenVPN to generate your credentials.


  2. Once there, make sure that you are in the Credentials tab and click on Generate credentials.

    NOTE: Keep this tab open as we'll need it later.

 

Choose a Surfshark server

 

  1. Open the same page on another browser tab, go to the Locations tab, and locate the server that you wish to connect to.


  2. Click on the download icon to the right of the server name and click on Download UDP
     

 

Configure the OpenVPN client

 

  1. Open your router’s control panel by entering your router's IP address in the URL bar in your browser. By default, the IP address usually is 192.168.1.1

    If it doesn't work, try the following:

    192.168.2.1 (Linksys/ Asus routers)
    192.168.10.1 (Buffalo routers)
    192.168.11.1 / 192.168.30.1 (Motorola and some others)

  2. Wet up Surfshark’s DNS servers. In the DD-WRT control panel, open the Setup tab, scroll down to the Network Address Server Settings (DHCP) and enter the following information:

    Static DNS 1 — 162.252.172.57
    Static DNS 2 — 149.154.159.92
    Static DNS 3 — 0.0.0.0 (default)
    Use DNSMasq for DHCP — Checked
    Use DNSMasq for DNS — Checked
    DHCP-Authoritative — Checked


    Then, click Save and Apply Settings.

    configure_dns.png

  3. Click on the Service tab, select VPN, and find the OpenVPN client. Make sure that it is Enabled.
    enable_Ovpn_client.png

  4. Enter the following information:

    Server IP/Name — Enter the server hostname (refer to Choose Surfshark server section of this tutorial)
    Port — 1194
    Tunnel Device — TUN
    Tunnel Protocol — UDP
    Encryption Cipher — None
    Hash Algorithm — SHA-512
    User Pass Authentication — Enable
    Username — Your Surfshark service username (refer to Get your credentials section of this guide)
    Password — Your Surfshark service password (refer to Get your credentials section of this guide)

    NOTE: If there are no Username and Password fields, fill in the other fields as specified in this tutorial and proceed to step 3.1.

    Advanced Options – Enable (this will enable additional options);
    TLS Cipher – None
    LZO Compression – Disabled
    NAT – Enable


    We recommend that you avoid changing any other fields.
    configure_the_OpenVPN_client.png

     

    4.1 (OPTIONAL, depending on step 4.)

    If you do not see any fields to enter your credentials, please advance to Administration > Commands, and enter these commands:


    echo "USERNAME
    PASSWORD" > /tmp/openvpncl/user.conf
    /usr/bin/killall openvpn
    /usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon

    Please make sure to replace USERNAME and PASSWORD with your Surfshark service credentials (refer to the Get your credentials section of this article)

    4.2 Click Save Startup, and return to the previous VPN tab.

    4.3 Add this line to the field of Additional Config:
    auth-user-pass /tmp/openvpncl/user.conf
  5. In Additional Config field enter these commands:

    remote-cert-tls server
    remote-random
    nobind
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    persist-key
    persist-tun
    ping-timer-rem
    reneg-sec 0
    cipher AES-256-GCM
    auth SHA512
    log /tmp/vpn.log

     

  6. Copy the Certificate from here and paste it into CA Cert field.
    -----BEGIN CERTIFICATE-----
    MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV
    BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS
    b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE
    BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv
    b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o
    SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua
    Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C
    c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp
    FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI
    yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn
    TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe
    ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t
    tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP
    SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m
    iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z
    CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD
    ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw
    DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z
    S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf
    ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+
    303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q
    5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx
    KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK
    ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG
    EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq
    X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087
    FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC
    LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI
    623cSEC3Q3UZutsEm/UplsM=
    -----END CERTIFICATE-----
  7. Copy the Static key from here and paste it to the TLS Auth Key field.
    -----BEGIN OpenVPN Static key V1-----
    b02cb1d7c6fee5d4f89b8de72b51a8d0
    c7b282631d6fc19be1df6ebae9e2779e
    6d9f097058a31c97f57f0c35526a44ae
    09a01d1284b50b954d9246725a1ead1f
    f224a102ed9ab3da0152a15525643b2e
    ee226c37041dc55539d475183b889a10
    e18bb94f079a4a49888da566b9978346
    0ece01daaf93548beea6c827d9674897
    e7279ff1a19cb092659e8c1860fbad0d
    b4ad0ad5732f1af4655dbd66214e552f
    04ed8fd0104e1d4bf99c249ac229ce16
    9d9ba22068c6c0ab742424760911d463
    6aafb4b85f0c952a9ce4275bc821391a
    a65fcd0d2394f006e3fba0fd34c4bc4a
    b260f4b45dec3285875589c97d3087c9
    134d3a3aa2f904512e85aa2dc2202498
    -----END OpenVPN Static key V1-----

  8. Make sure you have entered everything correctly, click Save, and Apply Settings.
    apply_settings_button.png

 

Connect to the VPN

 

Once you click the Apply Settings after configuring your OpenVPN client, your DD-WRT VPN router connects to the VPN automatically.

  1. To disconnect from the VPN, go to Services > VPN > OpenVPN client and disable the OpenVPN Client. To reconnect, enable it again.

  2. To make sure you have connected to the VPN, go to Status > OpenVPN. If the connection was successful, you should see this:
    ddwrtstatus.png

 

Ensure the connection is successful

 

We always recommend checking if Surfshark VPN is working after setting it up for the first time. You can easily do it by performing Surfshark IP leak test and a DNS leak test. For your convenience, both are available on our website.

Stay safe at all times

Protect your home network with a VPN on your router





You may also be interested in:

Was this article helpful?
Thank you for your feedback!