How to set up Proton VPN on a DD-WRT router using OpenVPN
You can set up Proton VPN on your router, which will protect every device that connects to the internet through that router. In this guide, we take a step-by-step look at how to set up Proton VPN on a DD-WRT router(new window) using the OpenVPN VPN protocol.
We also have guides for setting up Proton VPN on a wide selection of other popular routers.
Learn how to install Proton VPN on different routers
To skip this setup process, you can purchase a pre-configured router from FlashRouters(new window).
Before starting, you’ll need the following:
- A computer that’s connected to your LAN network so that you can access your DD-WRT router’s web interface(new window). To do this, enter the address provided by your router’s manufacturer into your browser’s URL bar. For example, most Linksys and Asus routers use the address 192.168.1.1.
- Your OpenVPN username and password. These are different from your regular Proton VPN username and password. To find them, sign in to account.protonvpn.com and go to Account → OpenVPN / IKEv2 username.
Note that this guide is for newer versions of DD-WRT. If you’re running an older version of DD-WRT, please update your firmware(new window) to the latest version.
How to set up Proton VPN on a DD-WRT router
1. Create an OpenVPN configuration file
Sign in to Proton VPN using your Proton Account username and password at account.protonvpn.com, go to Downloads → OpenVPN configuration files, and download an OpenVPN configuration file. Be sure to Select Platform: Router.
Learn how to download an OpenVPN configuration file from Proton VPN
To configure DD-WRT, you’ll need the IP address and port number of the VPN server. These can be found on the first remote line listed in the certificate. The first number is the IP address, and the second number is the port number. In the example below, the IP address is 185.159.157.6, and the port number is 51820
You’ll also need the OpenVPN Static key. This starts with —–BEGIN OpenVPN Static key V1—- and ends with —–END OpenVPN Static key V1—–.
And finally, you’ll need the TLS certificate(new window) from this config file. To find it, open the downloaded OpenVPN config file in a text editor and look for the text that starts with —–BEGIN CERTIFICATE—- and ends with –—-END CERTIFICATE—–.
2. Disable IPv6 on your router
This step is recommended to prevent IP leaks.
Open your DD-WRT router’s web interface(new window) in a browser window. Go to Setup → IPV6 → IPV6 Support → IPV6 and toggle the Disable button on. Now click Save, then Apply Settings.
3. Configure the OpenVPN service
Go to Services → VPN → OpenVPN Client and configure the following settings:
- Enable Client: Enable
- CVE-1029-14899 Mitigation: Enable
- Server IP / Name: Port: Enter the IP address and port number of the VPN server. These can be found on the first remote line listed in the certificate (see Step 1 for more details)
- Tunnel Device: TUN
- Tunnel Protocol: UDP or TCP. You selected this when you created your OpenVPN configuration files. You can also find it in the config file on the line starting proto.
- Encryption Cipher: AES-256-GCM
- Hash Algorithm: SHA-256
- First Data Cipher: AES-256-GCM
- Second Data Cipher: CHACHA20-POLY1305
- Third Data Cipher: –
- User Pass Authentication: Enable
- Username, Password: Your OpenVPN username and password. Remember: These are different from your regular Proton VPN username and password.
- TLS Cipher: –
- Compression: Disable
- NAT: Enable
- Tunnel MTU Setting: 1500
- Additional Config: paste the following settings into the box:
remote-cert-tls server remote-random nobind mssfix 0 persist-key persist-tun reneg-sec 0
- TLS / Static Key Choice: TLS Crypt
- TLS key: Paste in the OpenVPN Static key from the OpenVPN configuration file (see Step 1)
- CA Certificate: Paste in the TLS certificate from your OpenVPN config file (see Step 1)
To enable additional features, add the following suffixes to your OpenVPN username.
- NetShield Ad-blocker: +f1
- NetShield Ad-blocker advanced (also blocks malware and trackers): +f2
Leave all other options at their default values. When you’re done, click Save, then Apply Settings.
To verify the VPN is working, go to Status → OpenVPN → State. You should see the message: Client: CONNECTED SUCCESS.
You can also test if the VPN is working by visiting ip.me(new window) from any device on your network.