Routers
How to set up a router with Surfshark How to set up WireGuard on GL.iNet router(3.x firmware) How to set up WireGuard on Keenetic router How to check if your router supports VPN What routers are not supported? How to set up WireGuard on FRITZ!Box How to set up Surfshark VPN on an AsusWRT router How to set up WireGuard on Asus VPN Fusion How to set up OpenVPN on Asus VPN Fusion How to set up Surfshark VPN on DD-WRT router
  1. Surfshark Customer Support
  2. VPN Guides
  3. Getting started
  4. Routers

How to set up Surfshark on a Tomato router

Updated:

In this tutorial, you will learn how to configure a Surfshark VPN tunnel on your Tomato router.

 

You will learn how to:


To proceed, you need to have a router with Tomato firmware and an active Surfshark subscription


As for the Tomato firmware, you can install Tomato on a variety of routers. To check if your router supports Tomato firmware, please check this article. If it does, install it by following these instructions.

 

Find your login details



Here is how you can get your Surfshark service credentials:

 

  1. Go to this page. This is the page where you will find all the details required for a manual connection.

    You may need to log in before proceeding to this page. In that case, enter your email address and your password, then click Log in.

  2. Click on the Credentials tab on top. You will find the Surfshark service username and password there.

    mceclip0.png

    It is a good idea to keep this page open for now. You will need these credentials a bit later.


Choose a Surfshark server


Every server location has a hostname that you need to use on the router to connect to a particular server.

  1. Please switch to the Files section to find the list of all servers and their hostnames. Copy the hostname of your preferred location - you will use it a bit later. 

    mceclip1.png

    You will need the hostname of the VPN server. You can find the hostname below the flag icon of each location. If you wish to connect to Poland, copy the hostname for Poland - Warsaw or Poland - Gdansk servers. If you prefer connecting to Finland, copy the hostname of the Finland - Helsinki server.

  2. Now, download your location by using the button on the right side.

    mceclip2.png

  3. Once a prompt appears asking which protocol you prefer, select Download UDP to download the configuration file. 

    tomato4.png



 

Configure the OpenVPN client

 

  1. Log into your Tomato router using a browser. Open the VPN > OpenVPN Client tab.

    tomato5.png
  2. In the Basic settings tab, enter the following information:

    Start with WAN: Checked;
    Interface Type: TUN;
    Protocol: UDP or TCP;
    Server Address: Enter the hostname of the server you wish to connect to from the Choose a Surfshark server step.
    Port: 1194 if you selected UDP or 1443 for TCP connection;
    Firewall: Automatic;
    Authorization mode: TLS;
    Username/Password Authentication: Checked;
    Username: Your Surfshark Service username from the Find your login details step.
    Password: Your Surfshark Service password from the Find your login details step.
    Username Authen. Only: Unchecked;
    Extra HMAC authorization (tls-auth): Outgoing (1);
    Create NAT on tunnel: Checked.

    tomato6.png
  3. Now select the Advanced settings tab and enter the following options:

    Poll interval: 0;
    Redirect Internet traffic: Checked;
    Accept DNS configuration: Strict;
    Encryption cipher: None;
    Compression: Disabled;
    TLS Renegotiation Time: -1;
    Connection retry: -1;
    Verify server certificate (tls-remote): Unchecked;

    Under Custom Configuration, please enter the following:

    remote-cert-tls server
    remote-random
    nobind
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    persist-key
    persist-tun
    ping-timer-rem
    reneg-sec 0
    auth SHA512
    cipher AES-256-CBC
    log /tmp/vpn.log

    tomato7.png
  4. Select the Keys tab and open the configuration file (from the Choose a Surfshark server step) in a text editor. In the Static key enter the text from <tls-auth> to </tls-auth> block.

    Make sure to include -----BEGIN OpenVPN Static key V1----- and -----END OpenVPN Static key V1----- lines as well. In the Certificate Authority enter the text from <ca> to </ca> block. Make sure to include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

    tomato8.png
  5. Apply the changes by pressing the Save button at the bottom of the settings page.

    To establish a Surfshark server connection, press Start VPN Client 1 at the top right corner (if you have an older client, you should find the Start button at the bottom of the setup). To make sure your connection is successful, please check the Status tab and this article.

    To prevent DNS leaks, you may also configure your DNS addresses. To do so, please open Basic Settings > Network. In the WAN Settings tab, change the DNS Server to Manual and enter the following addresses:

    162.252.172.57
    149.154.159.92

    TomDNS.png

 

Congratulations - you have successfully installed and configured Surfshark VPN on your router!

 


You may also be interested in:

Was this article helpful?
Thank you for your feedback!