Even though it requires a bit of effort, installing a VPN on a router is always a good idea. That’s because you’ll get to protect your Web connection at its source, which means that your entire household will be covered at once. However, there are plenty of things to keep in mind before going into this process, especially if you want to do it the right way. Don’t worry – we’re here to guide you all the way through. So, welcome to our guide on how to set up a VPN on a router in 2020.
Before we dive into this article, we have a few useful pointers. As you can imagine, there are two equally important parts to setting up a VPN on a router. First, you need to have a router that supports VPNs, as not just about any router will do the job. And then, you need a VPN service compatible with routers, and once again – not just about any VPN will do the job. For this purpose, we recommend ExpressVPN, as this is genuinely the best VPN in 2020, and it’s also compatible with a vast range of routers.
And now, let’s show you how to set up a VPN on a router. Some of you might already be in this process up to a certain point, so let’s show you the required steps. You can click on any of the following links to jump to that specific segment.
- Step #1: Find a VPN-Compatible Router
- Step #2: Subscribe to a Router-Compatible VPN Service
- Step #3: Flash Your Router (Using DD-WRT Firmware)
- Step #4: Access Your Router
- Step #5: Obtain OVPN Files From Your VPN Service
- Step #6: Set Up a VPN on Your Router (via OpenVPN)
In case you’d like to start from scratch, this is where your journey begins. Here’s all you need to know about how to set up a VPN on a router in 2020.
Step #1: Find a VPN-Compatible Router
First, you need to handle the hardware side of this process. It means that you must have a router that supports running a VPN service. In general, average home routers won’t do this job, as they need dedicated CPUs (processors) and enough storage to run custom firmware. With this said, the chances are that you’ll need to buy a new router.
What Types of VPN-Compatible Routers Are There?
There are two possible routes to take here. Keep in mind that depending on which way you choose, this will alter the rest of this process. So, let’s explore these options
Routers With Stock Firmware: First, we have routers that support VPN services out-of-the-box. These usually come with their own stock firmware that you can access via your Internet browser. Then, you’ll get to tweak all kinds of settings, as well as install a VPN service. VPN-ready routers are made by well-known manufacturers such as Netgear, ASUS, Linksys, TP-Link, and more – so they’re suitable for average users. However, they don’t usually give you the same level of customization as the group of routers described below. Feel free to check the best VPN-ready routers available right now.
Routers Compatible With Open Source Firmware: Some routers come with their firmware, but they also allow other types of firmware to be installed (flashed). It means that you’ll install custom firmware on these (like DD-WRT, for example) and, therefore, greatly expand their set of features. DD-WRT is known for adding tons of useful features, so this could be a good way to buy a relatively cheap router and then unleash its full power via custom firmware. There are other types of custom firmware as well, such as Open-WRT, Tomato, and more – but keep in mind that those are compatible with a limited range of routers.
Should You Buy a Router With Stock Firmware or a Flash-Ready Router?
So, you might be wondering which route you should take? Well, since you’re already considering to install a VPN on a router, we bet you’ll want to get everything that your router offers. With this said, buying a flash-ready router seems like the best option – and you have many models at your disposal, available in different price ranges.
Important: Flashing your router (installing DD-WRT) will void its warranty. Therefore, make sure to enter this process while being aware of any risks involved.
To find the best router aligned with all your needs, you can check our guide on how to choose a VPN router. Of course, we have some concrete recommendations as well. Here are the best cheap DD-WRT routers, best routers under $50, best routers $100, and if you want truly the best – check out the overall best DD-WRT routers.
Remember that prior to buying any router, you should check its compatibility with DD-WRT by using the firmware’s official database. You can search by manufacturer or model, so make sure to do your research to avoid any problems later on. You can also check the official list of supported devices by DD-WRT.
Good to Know: Keep in mind that there are “VPN Server Compatible” and “VPN Client Compatible” routers. The first type allows you to create your own VPN server so that you can access your home connection from anywhere. However, for the purpose of installing and running a VPN service (what we’re talking about in this article), you need a “VPN Client Compatible” router.
Step #2: Subscribe to a Router-Compatible VPN Service
Once you get a router that supports running a VPN service, you need to find and subscribe to a suitable VPN service. Lucky for you, there are plenty of options out there – and we’re here to help you pick the best one.
How to Find a Good VPN for Your Router?
As you can imagine, you need to be very picky when choosing a VPN. However, your search can easily get overwhelming since there are hundreds of VPNs out there. So, we’ll tell you about the most important aspects of a reliable VPN service.
- OpenVPN (Router) Compatibility: Remember to take a look at what kinds of VPN protocols are on offer. You should find OpenVPN among those, as this is the safest VPN protocol right now. Generally, you should be able to install a VPN on a router if any of the following protocols are listed: PPTP and OpenVPN. To be on the safe side, don’t forget to double-check if your chosen VPN allows its users to run it on a router.
- Strategically Placed Servers: You’ll get the best possible performance if you connect to a server that isn’t overly far from your physical location. It means that VPNs with plenty of servers should be prioritized. When searching for a VPN, don’t forget to check the exact locations of its servers before getting your subscription.
- Stable & Reliable Performance: In general, VPNs will slow down the speed of your Internet connection. Every VPN performs differently, so you can check our guide to the fastest VPNs to get an idea of what to expect.
- Extra Features & Functionalities: Do you want to unblock media streaming platforms? Or maybe you want to download torrents? This isn’t something that every VPN allows, so make a list of “extra” features you need and inquire about those features before reaching the final decision.
- Money-Back Guarantees: And lastly, keep in mind that VPNs come with money-back guarantees of up to 45 days. In case anything goes wrong, or in case you’re not happy with the chosen VPN, you can always have your money returned.
What’s the Best Router-Compatible VPN?
So far, we’ve tested dozens of VPN services, and you’ll find plenty of hands-on reviews on our website. Based on our experience, the best VPN right now is ExpressVPN. This especially goes for those looking to install a VPN on a router.
ExpressVPN comes with other 3,000 servers, can unblock just about any website (including media streaming platforms), and brings high-end protection for your data. You can use up to five simultaneous connections, and there’s no data logging involved. To learn more, don’t forget to check our hands-on ExpressVPN review.
Step #3: Flash Your Router (Using DD-WRT Firmware)
Important Note: This step is only required if you decide to flash your router and install DD-WRT (as we advised you to do above). Once again, keep in mind that DD-WRT will add plenty of new functionalities to your router, which is why this is the preferred method for more experienced users. In case you’ve decided to buy a VPN-ready router (with stock firmware), you can skip this step as you’re ready to access your router.
Flashing your router, in this specific case, means installing third-party firmware. You can think of it as your router’s operating system. Once installed, you can access DD-WRT by accessing your router (via your Web browser). That’s how you can configure its settings, set up a VPN, and plenty more.
It would be pointless to give you all the required steps here, as you should turn to DD-WRT’s official website. That’s where you’ll find an up-to-date guide on installing DD-WRT, available in several languages (English, Spanish, French, German, Chinese, and more). This way, you’ll get to see the latest information available. So, go ahead and check out how to install DD-WRT on your router.
We also have another useful piece of information. When installing DD-WRT, make sure to stick to the official instructions closely. Don’t interrupt this process in any way, as this could lead to “bricking” your device – which could permanently damage your router. However, even if something unexpected happens, there’s no need to worry. There are numerous methods to recover from a bad flash. The provided link will take you to DD-WRT’s official explanation.
Step #4: Access Your Router
Installing a VPN on your router is done by accessing your router as an administrator. So, before you can initialize this process, you need to know your router’s IP address, as well as the administrative user’s username and password.
How to Find a Router’s IP Address?
In general, router manufacturers use a group of default IP addresses for their routers. It means that you can try with the following IPs: 192.168.0.1, 192.168.1.1, 192.168.2.1, or 192.168.1.100. If that doesn’t help, you can do a Google search based on your router’s model. And also, you can find your router’s IP via your computer, and here’s how.
Here’s How to Find Your Router’s IP Address on Windows
There are different methods of revealing your default gateway IP on Windows. However, the simplest one is by using Windows’ Command Prompt.
- Open “Command Prompt” on your Windows PC. You can do this by opening the Start Menu and typing “Command Prompt”.
- You should now see a window with a black background and old-school letters. Type in “ipconfig” and hit Enter on your keyboard.
- This will list all your network adapters. Make sure to find your router on this list, and you’ll see its IP address next to “Default Gateway.”
- In case you get too many results while using Command Prompt, you can use the following command instead: “ipconfig | findstr “Default Gateway” and press Enter.
Here’s How to Find Your Router’s IP Address on macOS
Don’t worry – we didn’t forget our readers who use macOS. This operating system allows you to check your router’s gateway IP easily, so follow these steps.
- Go to System Preferences > Network.
- On the left side of the screen, make sure to choose the network you’re using. Then, click on “Advanced” on the left side of this interface.
- Finally, make sure to select the “TCP/IP” tab, and this is where you’ll see your router’s IP address, clearly displayed as “Router: (a string of numbers).”
How to Find a Router’s Username and Password?
Once you find the correct IP, feel free to input it in your Web browser (just like when you’re browsing the Internet), and you should be asked for your username and password. Once again, this information depends on your router’s model, so here are the most common combinations of usernames and passwords:
- admin – admin;
- admin – password;
- admin – [leave blank];
- [leave blank] – password;
- [leave blank] – [leave blank];
- admin- 12345;
In case none of the above-mentioned suggestions work, you should turn your search to Google. Try searching for your router’s default username and password while also using your router’s exact model name.
Good to Know: Everything said in this segment applies to those who haven’t changed their router’s default username and password. If that’s the case and if you can’t remember your custom credentials, you can do a hard reset of your router. This is done by finding the “Reset” button on the router (usually on the back) and holding it down for 30 seconds.
Step #5: Obtain OVPN Files From Your VPN Service
We have one more step before we get to installing a VPN on your router. You need to gather certain information from your VPN, along with OVPN files of the servers you plan on using. Once again, we’ll use ExpressVPN to show you how this is done, especially since this VPN comes with perhaps the most polished user account dashboard.
- Log-in to your account on ExpressVPN’s website. You can do this by opening the VPN’s website and clicking on “My Account.” Fill out your credentials and proceed.
- Now, click on “Set Up Other Devices” and then make sure to select “Manual Configuration” on the left side of the screen. Then, take a look at the right.
- This is where “OpenVPN” should be selected by default. You’ll see your OpenVPN username and password – so make sure to keep this page open, as you’ll need that information soon enough.
- If you scroll down, you’ll also see a list of servers that ExpressVPN offers. By clicking on individual servers, you’ll get to download individual OVPN files. So, click on the server you’d like to use, and you’ll download its OVPN file to your computer.
Good to Know: So, you’ve downloaded the required OVPN file, and you can now see your OpenVPN username and password. Make sure to either copy your credentials somewhere or simply leave this Web page open – as you’ll need this information soon enough.
Step #6: Set Up a VPN on Your Router (via OpenVPN)
Finally, you can proceed to access your router and install your VPN. In case you have a VPN-ready router (with stock firmware), you’ll need to stick to your device’s manual. Our recommendation is to visit your router manufacturer’s website, especially their customer support pages.
As mentioned above, many of you are going to use DD-WRT – the most powerful type of custom firmware for a large number of routers. So, what follows is our guide to installing a VPN on a DD-WRT router.
- You first need to access your DD-WRT router’s VPN settings. So, log-in to your router (by using its IP, username, and password) to reveal its settings panel.
- Then, select “Services” from the main menu and click on the “VPN” sub-tab.
- Scroll down until you see the “OpenVPN Client” segment. Make sure to enable it by clicking on the “Enable” box. This should reveal a set of options beneath, so let’s review what needs to be done here.
Right now, you should be looking at a long list of options and fields. Since there are two types of DD-WRT firmware (with and without UPA – User Pass Authentication), we now need to split this guide into two different routes.
Install VPN on DD-WRT Versions With User Pass Authentication
Newer DD-WRT versions come with user pass authentication, so we’ll explain what to expect from this interface. Here’s how to set up the options you’ll see on your screen.
- Server IP/Name: This depends on the server you’ve chosen previously. Right-click on the OVPN file you’ve downloaded and open it in a text editor. Look at the top and copy the text you’ll see next to “remote.”
- Port: Again, look for the port number in the OVPN file you’ve downloaded. This is a string of numbers on the right side of the server address.
- Tunnel Device: Select “TUN.”
- Tunnel Protocol: Select “UDP.”
- Encryption Cipher: Needs to be set to “AES-256 CBC.”
- Hash Algorithm: Set to “SHA512.”
- User Pass Authentication: Enable this option.
- Username: You’ll find your OpenVPN username back on ExpressVPN’s website (which you should be active in the background if you haven’t closed it). You can reveal your username by logging to your account, choosing “Set Up Other Devices,” and then clicking on “Manual Configuration” – all done on ExpressVPN’s website.
- Password: Everything said in the previous bullet point applies to this one as well.
- Advanced Options: Select “Enable.”
- TLS Cipher: Set to “None.”
- L2O Compression: Select “Adaptive.”
- NAT: Feel free to enable this option.
- Tunnel UDP Fragment: Type in “1450.”
- Tunnel UDP MSS-Fix: Enable this option.
- nsCertType Verification: Make sure this box is checked.
Once you’re done setting up everything as shown above, feel free to proceed to configure your ExpressVPN keys and certificates.
Install VPN on DD-WRT Versions Without User Pass Authentication
Older versions of DD-WRT come with a slightly different set of options. So, if you can’t update your DD-WRT to a more recent version, make sure that everything is set as described below.
- First, search for the “Additional Config” text box You need to enter the following command there: “auth-user-pass /tmp/auth.txt”
- Server IP/Name: Open the OVPN file you’ve downloaded (in a text editor). You’ll find the server name next to “remote.”
- Port: Once again, you’ll find this information in the OVPN file you’ve downloaded, on the right side of your server address (this is a string of numbers, by the way).
- Tunnel Device: Set to “TUN.”
- Tunnel Protocol: Set to “UDP.”
- Encryption Cipher: Select “AES-256 CBC.”
- Hash Algorithm: Set to “SHA512.”
- User Pass Authentication: Enable this option.
- Username: This is your OpenVPN username, which you can find on ExpressVPN’s website once you login to your user account. As described above, you should have this page open in the background.
- Password: Check the previous bullet point, as that’s where you’ll find your password.
- Advanced Options: Feel free to enable this option.
- TLS Cipher: Set to “None.”
- L2O Compression: You can go with “Adaptive.”
- NAT: Enable this option.
- Tunnel UDP Fragment: Needs to be set to “1450.”
- Tunnel UDP MSS-Fix: Set to “Enable.”
- nsCertType Verification: Make sure to check this box.
Once done, proceed to configure your keys and certificates. This means that you should keep on reading this article, as we’ll explain how it’s done below.
Configure the Required Keys and Certificates
Don’t worry, we’re nearly done. The final step requires some copying and pasting – but make sure that you’re paying attention to what needs to be done.
First, make sure to look for the “Additional Config” field, where you’ll need to enter a set of commands, as displayed just below this paragraph. We’ll show them as bullet points, but feel free to enter them one by one, simply by adding a new row.
- fragment 1300
- msfix 1450
- keysize 256
Then, you’ll be asked for a “TLS Auth” key. Open the OVPN file you’ve downloaded from ExpressVPN’s website, and you can use any text editor for this purpose. You need to copy the text found between the <tls-auth> and </tls-auth> tags. Check out the following screenshot, and you’ll see what exactly needs to be copied.
For the “CA Cert” field, the process is similar to the previous step. However, this time around, you need to copy the text found between the <ca> and </ca> tags.
Then, we have two more fields. For the “Public Client Cert” key, copy the text between the <cert> and </cert>. And for the ‘Private Client Key,” copy everything between the <key> and </key> tags.
You’re now free to click “Save” and then click on “Apply Settings.” This will instruct your DD-WRT router to apply the newly added VPN settings, and this connection should be active the next time you restart your router.
If you use DD-WRT without User Pass Authentication, you also need to go to Administration > Commands and enter the following commands there. Keep in mind that you need to use your OpenVPN username and password here.
- echo USERNAMEHERE > /tmp/auth.txt
- echo PASSWORDHERE >> /tmp/auth.txt
Finally, you can now go to Administration > Management, and this is where you can reboot your router. Wait a couple of minutes until your router boots up and then connects to the newly added VPN server. Then, you can go to Status > OpenVPN to check if the VPN connection is active. That’s it!
So, you’ve finally reached the end of our guide on how to install a VPN on a router. If you have any questions, know that we’re always happy to help. So, feel free to post a comment below, and we’ll respond as soon as possible!