Tomato is a custom firmware for routers that offers OpenVPN protocol support which will be used to connect to Surfshark servers following this tutorial. You can install Tomato on a variety of routers. To check if your router supports Tomato firmware, please check this article. If it does, you can install it by following these instructions. Please note, that Surfshark is not to be held responsible for any damage done to the router or void of warranty that could be caused by flashing your router.
If you run into any difficulties while installing Tomato on your router, feel free to contact our customer support team by following this article.
After installing custom firmware on your router, you should access the Tomato's configuration panel by entering your Default Gateway in your browser's address bar (by default it is 192.168.1.1) and typing your authentication credentials (you can find them in your router's user manual).
This guide was made using the following firmware: Tomato Version: 3.5-140.
Now please follow these steps to set up Surfshark on your router using the OpenVPN protocol:
At first, you will need to get Surfhark service credentials. Those are the credentials, different from the ones that you use to log in to our website or the app. To find them, go to the login page of our website, here https://account.surfshark.com/ and log in.
Once you log in, go to Devices -> Manual, scroll down to the bottom of the page. You will find your service credentials there.
1. Open the VPN > OpenVPN Client tab.
2. In the Basic settings tab enter the following information:
Start with WAN: Checked;
Interface Type: TUN;
Protocol: UDP or TCP;
Server Address: Enter the hostname of the server you wish to connect to. You can get it by navigating to the following link: https://account.surfshark.com/setup/manual ;
Port: 1194 if you selected UDP or 1443 for TCP connection;
Authorization mode: TLS;
Username/Password Authentication: Checked;
Username: Your Surfshark Service username that you have collected in the beginning
Password: Your Surfshark Service password that you have collected in the beginning
Username Authen. Only: Unchecked;
Extra HMAC authorization (tls-auth): Outgoing (1);
Create NAT on tunnel: Checked.
3. Now select the Advanced settings tab and enter the following options:
Poll interval: 0;
Redirect Internet traffic: Checked;
Accept DNS configuration: Strict;
Encryption cipher: None;
TLS Renegotiation Time: -1;
Connection retry: -1;
Verify server certificate (tls-remote): Unchecked;
In the Custom Configuration please enter the following:
4. Select the Keys tab and open the configuration file, that you download from the following link: https://account.surfshark.com/setup/manual. In the Static key enter the text from <tls-auth> to </tls-auth> block. Make sure to include -----BEGIN OpenVPN Static key V1----- and -----END OpenVPN Static key V1----- lines as well. In the Certificate Authority enter the text from <ca> to </ca> block. Make sure to include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.
6. Apply the changes by pressing Save button at the bottom of the settings page. To establish a connection with a Surfshark server, press the Start VPN Client 1 at the top right corner (if you have an older client, you should find Start button at the bottom of the setup) . To make sure you have connected successfully, please check the Status tab and this article.
To prevent DNS leaks, you may also configure your DNS addresses. To do so, please open Basic Settings > Network. In the WAN Settings tab, change the DNS Server to Manual and enter the following addresses:
That's it! You have now successfully connected to Surfshark via OpenVPN protocol using the Tomato firmware and should not experience any DNS leaks.