You can set up Proton VPN on your AsusWRT-Merlin router so that all devices that connect to the internet though it will be protected by Proton VPN.
How to set up Proton VPN OpenVPN on AsusWRT-Merlin routers
1. Open your Asus router’s admin panel by typing its local IP address into your browser’s URL bar. By default, the address is 192.168.1.1, but you may have changed it when you set up the router.
If you don’t know your router’s IP address, you can log in using the URL: router.asus.com
2. Go to Advanced settings → VPN.
3. Select the VPN Client tab and choose OpenVPN.
4. Log in to your Proton VPN account and go to Downloads → OpenVPN configuration files. Select Router for the platform and download the OpenVPN configuration file of your choice.
5. Back to your Asus router’s admin page, upload the selected OpenVPN configuration file:
6. After clicking Upload, the configurations from the file should autofill many of the setting fields (protocol, server address, port, authentication method, certificate settings, and custom configuration). You will need to fill in the remaining settings:
- Interface type: TUN
- Protocol: selected protocol from ovpn file (should autofill)
- Server address and port: leave autofilled
- Accept DNS configuration: Exclusive
- Create NAT on tunnel: Yes
- Inbound Firewall: Block
- Authorization Mode: TLS
- Username/password authentication: yes
- Username and password: Your OpenVPN username and password (NOT your regular Proton VPN username and password. You can find these credentials in your Proton VPN account by going to Account → OpenVPN/IKEv2 username).
- Username and password Auth only: yes
Crypto Settings: Check if Keys and Certificates have been prefilled from ovpn file (that field should have static key and certificate authority fields prefilled while all other fields are blank). If this is the case, leave everything as is.
- Log verbosity: up to you
- Compression: disabled
- TLS Renegotiation time: 0
- Connection retry attempts: up to you
- Verify Server Certificate Name: No
- Force Internet traffic through tunnel: Yes
- Custom configuration: leave prefilled
7. Fill in description, choose Yes next to Automatic start at boot time, and press Apply on the bottom of the page.
8. After these settings have been applied, enable Service state in Client control. You should now see your new IP address next to the service state.