How to set up OpenVPN on Keenetic router

In this tutorial, you will learn how to set up an OpenVPN connection on your Keenetic router.

To proceed, you will need a Keenetic router that supports VPN connections and an active Surfshark subscription. You can see the available plans on Surfshark's pricing page. 

You will learn how to:

  1. Get your credentials
  2. Choose a Surfshark server
  3. Configure the OpenVPN client
  4. Ensure that the connection is successful

Get your credentials

NOTE: These are not your regular credentials, such as your email and password.

  1. Enter the Surfshark login page and log in. Then, click on VPN > Manual Setup > Router > OpenVPN to generate your credentials.

  2. Once there, make sure that you are in the Credentials tab and click on Generate credentials.

    NOTE: Keep this tab open as we'll need it later.


Choose a Surfshark server


  1. Open the same page on another browser tab, go to the Locations tab, and locate the server that you wish to connect to.

  2. Click on the download icon to the right of the server name and click on Download UDP


Configure the OpenVPN client


  1. Enter your Keenetic router's interface. To do so, open a browser and enter this address into the URL bar:

    You can also enter the Gateway IP address into the URL bar. By default, it is

  2. Proceed to log in to your router.

    Default username: admin
    Default password: 1234

  3. Open the downloaded .ovpn configuration file with a text editor, such as Notepad or Notepad++.

  4. In the configuration files, we will have to delete all directives except the 4th line with the server address: remote 1194

    After opening the file, you should be greeted with a similar view:

  5. Proceed to delete the highlighted areas:

  6. Next up, scroll down if needed and delete the highlighted lines before the line OpenVPN Static Key V1:

  7. We will need to add the following lines into the configuration:

    tun-mtu 1500

    tun-mtu-extra 32
    mssfix 1450
    ping 15
    ping-restart 0
    reneg-sec 0
    remote-cert-tls server
    pull-filter ignore "block-outside-dns"
    verb 3
    cipher AES-256-GCM
    auth SHA512
    key-direction 1

  8. The certificates should still be left in the file below:

  9. Now, you will have to enter the Surfshark service credentials (refer to Get your credentials section in this article).

    Input them amongst the lines <auth-user-pass> and </auth-user-pass>

  10. Save the edited file.

  11. Get back to your Keenetic router’s Web Interface and go to Internet > Other connections > VPN connections and click on Create connection:

  12. The connection settings window opens. Select Type (protocol) > OpenVPN.

  13. Return to the open .ovpn file. Highlight the contents of the file and copy the configuration to the clipboard:

  14. Go back to the tunnel configuration. Paste the configuration from the clipboard in the OpenVPN configuration field. Enable Use for accessing the Internet, fill in the Connection name field, and enable Obtain routes from the remote side.

  15. Click Save.

  16. Turn on the configured VPN tunnel. If everything is configured correctly, the tunnel will have a Ready status:

  17. Next, under Connection priorities, configure Internet access via the OpenVPN connection you have created. Go to the Connection priorities menu, click on Add policy, and specify a policy name in the empty field.

    In our example, the
    openvpn-provider policy is intended to provide access exclusively through the Surfshark OpenVPN connection.

  18. In the right column (Connection), you need to mark only this connection and save the settings:

  19. On the Connection priorities page, click on the Policy bindings tab. The option Show all objects allows you to display all devices registered in local segments and the local network segments configured on the router.

  20. By holding down the Ctrl key on your keyboard, you can select multiple objects with the mouse. In our example, only one object (host MYHOST) needs to be moved to the previously added 'openvpn-provider' policy.

    In other words, you must select the devices that are affected by the VPN tunnel:


Ensure the connection is successful


We always recommend checking if Surfshark VPN is working after setting it up for the first time. You can easily do it by performing Surfshark IP leak test and a DNS leak test. For your convenience, both are available on our website.

You may also be interested in:

Was this article helpful?
Thank you for your feedback!