In this tutorial, you will learn how to configure a Surfshark VPN tunnel on your Tomato router.
You will learn how to:
To proceed, you need to have a router with Tomato firmware and an active Surfshark subscription.
As for the Tomato firmware, you can install Tomato on a variety of routers. To check if your router supports Tomato firmware, please check this article. If it does, install it by following these instructions.
Find your login details
Here is how you can get your Surfshark service credentials:
- Go to this page. This is the page where you will find all the details required for a manual connection.
You may need to log in before proceeding to this page. In that case, enter your email address and your password, then click Log in.
- Click on the Credentials tab on top. You will find the Surfshark service username and password there.
It is a good idea to keep this page open for now. You will need these credentials a bit later.
Choose a Surfshark server
Every server location has a hostname that you need to use on the router to connect to a particular server.
- Please switch to the Files section to find the list of all servers and their hostnames. Copy the hostname of your preferred location - you will use it a bit later.
You will need the hostname of the VPN server. You can find the hostname below the flag icon of each location. If you wish to connect to Poland, copy the hostname for Poland - Warsaw or Poland - Gdansk servers. If you prefer connecting to Finland, copy the hostname of the Finland - Helsinki server.
- Now, download your location by using the button on the right side.
- Once a prompt appears asking which protocol you prefer, select Download UDP to download the configuration file.
Configure the OpenVPN client
Log into your Tomato router using a browser. Open the VPN > OpenVPN Client tab.
In the Basic settings tab, enter the following information:
Start with WAN: Checked;
Interface Type: TUN;
Protocol: UDP or TCP;
Server Address: Enter the hostname of the server you wish to connect to from the Choose a Surfshark server step.
Port: 1194 if you selected UDP or 1443 for TCP connection;
Authorization mode: TLS;
Username/Password Authentication: Checked;
Username: Your Surfshark Service username from the Find your login details step.
Password: Your Surfshark Service password from the Find your login details step.
Username Authen. Only: Unchecked;
Extra HMAC authorization (tls-auth): Outgoing (1);
Create NAT on tunnel: Checked.
Now select the Advanced settings tab and enter the following options:
Poll interval: 0;
Redirect Internet traffic: Checked;
Accept DNS configuration: Strict;
Encryption cipher: None;
TLS Renegotiation Time: -1;
Connection retry: -1;
Verify server certificate (tls-remote): Unchecked;
Under Custom Configuration, please enter the following:
Select the Keys tab and open the configuration file (from the Choose a Surfshark server step) in a text editor. In the Static key enter the text from <tls-auth> to </tls-auth> block.
Make sure to include -----BEGIN OpenVPN Static key V1----- and -----END OpenVPN Static key V1----- lines as well. In the Certificate Authority enter the text from <ca> to </ca> block. Make sure to include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.
Apply the changes by pressing the Save button at the bottom of the settings page.
To establish a Surfshark server connection, press Start VPN Client 1 at the top right corner (if you have an older client, you should find the Start button at the bottom of the setup). To make sure your connection is successful, please check the Status tab and this article.
To prevent DNS leaks, you may also configure your DNS addresses. To do so, please open Basic Settings > Network. In the WAN Settings tab, change the DNS Server to Manual and enter the following addresses:
Congratulations - you have successfully installed and configured Surfshark VPN on your router!
You may also be interested in: