In this article, you will learn how to set up the OpenVPN client on a Tomato router.
To proceed, you first need an active Surfshark subscription. You can find the available plans on Surfshark’s pricing page.
As for the Tomato firmware, you can install it on various routers. To check if your router supports Tomato firmware, please check the official Tomato FAQ. If the router is supported, install it following Wiki Books Tomato Firmware/Installation and Configuration instructions.
Get your credentials
NOTE: These are not your regular credentials, such as your email and password.
-
Enter the Surfshark login page and log in. Then, click on VPN > Manual Setup > Router > OpenVPN to generate your credentials.
-
Once there, make sure that you are in the Credentials tab and click on Generate credentials.
NOTE: Keep this tab open as we'll need it later.
Choose a Surfshark server
-
Open the same page on another browser tab, go to the Locations tab, and locate the server that you wish to connect to.
- Click on the download icon to the right of the server name and click on Download UDP.
Configure the OpenVPN client
NOTE: Please be informed that depending on the Tomato router version, some button locations/names may be different, although the functionality is still the same.
-
Log into your Tomato router using a browser. Open the VPN > OpenVPN Client tab.
-
In the Basic settings tab, enter the following information:
Start with WAN: Checked
Interface Type: TUN
Protocol: UDP or TCP
Server Address: Enter the hostname of the server (refer to Choose a Surfshark server section of this article)
Port: 1194 if you selected UDP or 1443 for TCP connection
Firewall: Automatic
Authorization mode: TLS
Username/Password Authentication: Checked
Username: Your Surfshark service username (refer to Get your credentials section of this article)
Password: Your Surfshark service password (refer to Get your credentials section of this article)
Username Authen. Only: Unchecked
Extra HMAC authorization (tls-auth): Outgoing (1)
Create NAT on tunnel: Checked
Please make sure that the Username/PasswordAuthentification tick box is selected.
-
Now select the Advanced settings tab and enter the following:
Poll interval: 0
Redirect Internet traffic: Checked
Accept DNS configuration: Strict
Encryption cipher: None
Compression: Disabled
TLS Renegotiation Time: -1
Connection retry: -1
Verify server certificate (tls-remote): Unchecked
-
Under Custom Configuration, please enter the following:
remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
auth SHA512
cipher AES-256-CBC
log /tmp/vpn.log
Please be informed that due to different Tomato versions, it may be possible to automatically upload the configuration as a file for an easier setup.
-
Select the Keys tab and open the configuration file (refer to Choose a Surfshark server section of this article) in a text editor.
In the Static key, enter the text from <tls-auth> to </tls-auth> block.
Make sure to include -----BEGIN OpenVPN Static key V1----- and -----END OpenVPN Static key V1----- lines as well. In the Certificate Authority enter the text from <ca> to </ca> block. Make sure to include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.
-
Press the Save button at the bottom of the settings page.
To establish a Surfshark server connection, press Start VPN Client 1 at the top right corner (if you have an older client, you should find the Start button at the bottom of the setup).
Ensure the connection is successful
We always recommend checking if Surfshark VPN is working after setting it up for the first time. You can easily do it by performing Surfshark IP leak test and a DNS leak test. For your convenience, both are available on our website.
Should any DNS leaks occur, you can try to configure your DNS addresses manually. To do so, open Basic Settings > Network. In the WAN Settings tab, change the DNS Server to Manual and enter the following addresses:
162.252.172.57
149.154.159.92
You may also be interested in: