How to Set Up a VPN on Your Router

Secure all your home's devices at once

Router Advanced VPN configuration

The most direct way to get your entire network behind a VPN is to connect through your router. When you connect to a VPN on your router, all the traffic coming out of your router and onto the Web goes through the VPN. That way, everything connected through the router is also using the VPN. Configuring your network this way also effectively bypasses your VPN’s device cap, as long as those devices are on your local network.

Before You Can Use a VPN With Your Router

There is a catch. Not all routers support VPN connections. Only certain routers support VPN connections from the factory. Some brands, like ASUS, tend to be better, but that doesn’t apply to all models. If you want to stick with your router’s current firmware, look into whether it supports a VPN. You should be able to find the information in the devices user manual or possibly in a description of the router online.

There is another option that many VPN users opt for. You can install custom firmware on your router that certainly will support a VPN. It isn’t hard to do, and it may even open up other options on your router that you’ll find useful. But you can’t just install a custom firmware like DD-WRT or Tomato on any router. Again, you should look to make sure that your router is supported.

Once you have your router set up and capable of using a VPN, you can move forward. Remember there will be differences between routers, so be patient and try to account for any variations.

Download Your OpenVPN Configuration

Almost all routers use OpenVPN to connect to a VPN service. Thankfully, nearly every VPN service provides the OpenVPN configuration files that you can use to connect with your router.

The process of actually getting the configuration files differs from service to service, but the general idea is the same.

  1. Sign in to your VPN account.

  2. If your service has an account dashboard, go there. Look around for a router setup or download section. Not every service explicitly supports routers, but they do provide OpenVPN configurations for Linux. Look for Linux support next. Chances are, you’ll have luck there. Some VPNs are more straightforward, and actually have an OpenVPN page.

  3. If you’re not having any luck, try a Google search for your VPN provider and “router,” “Linux,” or “OpenVPN.” Usually, the page you’re looking for is one of the top results.

  4. If you’re still not having any luck, contact your VPN provider’s support, and they’ll either point your in the right direction or give your the files directly. They usually come in a ZIP archive.

  5. Once you have the ZIP, unpack it somewhere convenient for you to use later. The files you’re going to be working with have the .ovpn file extension.

Configure Your Router

Now that you have the OpenVPN configuration files, you’re ready to sign in to your router, and set up a connection.  

  1. Open your browser, and navigate to your router’s web interface. Unless you’ve set up something custom, most routers have a default IP address of 192.168.1.1. Just enter the IP into your browser’s address bar like you’re visiting a normal website.

    Router status page on Tomato
  2. Sign in to your router. Hopefully, you already set up an admin user for your router, and you know the login information. If not, you’ll need to find the default login credentials for your router. They’re usually available in your router’s manual or on the manufacturer’s website.

  3. Find your router’s VPN configuration page. The location of the page will be different, depending on your router. On DD-WRT, you can find the VPN sub-tab under the Services tab.

    Router status page with VPN options on Tomato

    On Advanced Tomato, there’s a VPN tab under the main menu on the left side of the screen. Select that, to reveal the options below. Choose OpenVPN Client.

    For ASUS routers, there’s a VPN tab under the Advanced Settings heading on the side menu. On that page, choose the VPN Client tab at the top.

    Other routers will be different, but you can either have a look around yourself or look up your model.

  4. From here, the goal is to fill out the form on your router’s VPN client page. Open the .ovpn configuration file that you downloaded from your VPN provider that you want to connect to. Begin copying all the information from the file into the form on your router. Make sure everything matches up perfectly. Otherwise, your connection to the VPN server will be rejected.

    Router OpenVPN client page Tomato

    Some routers, like ones running Tomato, will break the configuration up across multiple tabs. Be sure to get absolutely everything detailed in the .ovpn file, including the keys. Copy the keys exactly as they appear in the file, beginning at “-----BEGIN CERTIFICATE-----” and ending with “-----END CERTIFICATE-----” It’s essential that you get everything.

  5. When you’re certain that your router’s configuration matches the file precisely, finalize it with whichever option your router has. On most, it’ll be either Save or Apply.

    Router with OpenVPN client config on Tomato
  6. On one of your devices that’s not already connected to a VPN, open a browser, and navigate to DNS Leak Test. Take a look at the location that’s displayed. If it matches the VPN that you just set up on your router, everything is working. Run the leak test to ensure that the connection isn’t leaking. If it is, you may need to configure your device to use the router as a DNS server.

    DNS Leak Test