How to Configure and Use NordVPN on Tomato

All the Tomato custom firmware users can run the OpenVPN client of NordVPN on the router to get a secure web connection on all connected devices. But if you’re not sure of whether or not your router runs on Tomato firmware, preview the complete list of supported routers before proceeding. However, here we've prepared a step-by-step guide to help you understand how to download, install, and use NordVPN on Tomato. Have a look.

1. First, visit the NordVPN website.

2. Then, click the Grab the Deal button and choose a VPN subscription on the upcoming screen.

3. You need to fill in the required details next to complete your purchase.

4. Wait for a confirmation on your subscription.

5. Once you get that, visit 192.168.1.1 or 192.168.0.1 to access the login page of your router.

6. Next, click VPN Tunneling from the left side menu and choose OpenVPN Client from the drop-down. 

7. Now, set the below options as mentioned- 

  • Start with WAN - Check
  • Interface Type - Choose TUN.
  • Protocol - Select either UDP or TCP, depending on your preferences.
  • Server Address/Port: In the first field, enter the hostname of the VPN server you want to connect to in your desired location. And, in the second field, enter port number 1194 if you've picked UDP earlier and 443 for TCP. 
Note

You can find this hostname by clicking here and entering the location you want to connect to. Alongside, download the config file under Show available protocols, depending on TCP or UDP, which protocol you've picked.

NordVPN server hostname
  • Firewall - Automatic
  • Authorization Mode - TLS
  • Username/Password Authentication - Check and enter your NordVPN service credentials in the associated fields.
Note

You can find these credentials in your NordVPN online dashboard under Advanced configuration. 

NordVPN service credentials
  • Username Authen. Only - Uncheck
  • Extra HMAC authorization (tls-auth) - Choose Outgoing (1)
  • Create NAT on tunnel - Check
OpenVPN Client Configuration on Tomato
Note

Some Tomato routers don't provide dedicated fields for entering OpenVPN configuration. In that case, navigate to Administration> Scripts and enter the command below into the Init field. [Replace the 'username' and 'password' with your credentials.]

echo username > /tmp/password.txt
echo password >> /tmp/password.txt
chmod 600 /tmp/password.txt

8. Now, click the Advanced tab and enter the below configuration-

  • Poll Interval: 0
  • Redirect Internet traffic: Check
  • Accept DNS configuration: Strict
  • Encryption cipher: AES-256-CBC
  • Compression: Disable
  • TLS Renegotiation Time: -1
  • Connection retry: -1
  • Verify server certificate: Uncheck
  • Custom Configuration:
remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
auth sha512
#log /tmp/vpn.log
#Delete `#` in the line below if your router does not have credentials fields
#auth-user-pass /tmp/password.txt
OpenVPN custom configuration on tomato

9. Open the Keys tab next; also, open the .ovpn configuration file for the VPN server you've picked with any text editor.

10. Next, under the Keys tab, enter the details as mentioned below-

  • Static key - paste text from <tls-auth> to </tls-auth>
  • Certificate Authority - paste text from <ca> to </ca>
NordVPN key setup on Tomato

11. Click the Save button next and choose Start Now to establish a connection. 

12. You can visit the Status page to confirm whether or not you've successfully set up a connection. 

13. You can also prevent the DNS leaks by configuring your router to use NordVPN DNS servers; for that, enter the below details under Basic> Network> WAN Settings-

  • DNS Server: Choose Manual
  • DNS 1: 103.86.96.100
  • DNS 2: 103.86.99.100
NordVPN DNS server setup

14. You can also set up the NordVPN Kill Switch on your router to ensure your anonymity stays protected even when the connection drops. 

15. For that, first navigate to Administration> Scripts, and under Firewall, paste any of the following scripts depending on your requirements-

  • If you want every client in LAN to drop the internet connection when the VPN connection drops, use the below script:
WAN_IF=`nvram get wan_iface`
iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset
iptables -I FORWARD -i br0 -p udp -o $WAN_IF -j REJECT --reject-with udp-reset
  • And, if you want only a specific IP address to drop the internet access when your VPN disconnects, use the below script:
WAN_IF=`nvram get wan_iface`
iptables -I FORWARD -i br0 -s `ip address` -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -s `ip address` -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset
iptables -I FORWARD -i br0 -s `ip address` -p udp -o $WAN_IF -j REJECT --reject-with udp-reset

That's all! Now you know how to configure and use NordVPN on Tomato firmware-based routers. If you've further queries, drop us a comment through the below button. Thanks for reading!

Latest
How to Watch Junior Bake Off 2023 (Season 8) Online from Anywhere
Get ready to watch juniors show off their baking skills! Junior Bake Off 2023 (Season 8) is all set to be aired!...
How to Watch How I Met Your Father Season 2 Online from Anywhere
How I Met Your Father Season 2 is set to hit the screens pretty soon. We have the premiere date, plot, cast,...
How to Watch Better Date Than Never Online: Stream the Dating Docuseries from Anywhere
Are you a docuseries lover? If so, we have a piece of exciting news! Better Date Than Never, a new six-episode series,...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari