This is a step-by-step guide to setting up Proton VPN on your DD-WRT router.
If you set up your VPN account to work on your router, you can protect the online activity of each device connected to your WiFi. Below we explain how to get Proton VPN to work on your DD-WRT router.
You can skip this setup process by purchasing a pre-configured router from FlashRouters. FlashRouters makes it easy for anyone to have VPN security for all of the Internet-connected devices in their home, including smart phones, SmartTVs, and gaming consoles. No matter what Proton VPN plan you use, you can configure your router to work with your Proton VPN account. If you buy a Proton VPN pre-configured router, you will only need to enter your Proton VPN OpenVPN credentials.
Regardless of whether you are setting your router up yourself or using a pre-configured router, you will need your OpenVPN config files.
1. Basic router settings
Log in to your DD-WRT Administrative Interface, usually accomplished using your browser and opening the IP of your router (per default 192.168.1.1 or similar).
Navigate to Setup → Basic Setup.
Under Network Address Server Settings (DHCP), set the DNS values to the following Proton VPN DNS addresses:
(The DNS values depend on which transport protocol you want to use, either UDP or TCP. Learn more about UDP vs. TCP.)
If you are using UDP:
Static DNS 1 = 10.8.8.1 Static DNS 2 = 0.0.0.0 Static DNS 3 = 0.0.0.0 (default) Use DNSMasq for DHCP = Checked Use DNSMasq for DNS = Checked DHCP-Authoritative = Checked
NOTE: If you are a FREE user and using FREE servers to configure your router, you will have to use 10.8.0.1 for Static DNS 1
If you are using TCP:
Static DNS 1 = 10.7.7.1 Static DNS 2 = 0.0.0.0 Static DNS 3 = 0.0.0.0 (default) Use DNSMasq for DHCP = Checked Use DNSMasq for DNS = Checked DHCP-Authoritative = Checked
NOTE: If you are a FREE user and using FREE servers to configure your router, you will have to use 10.7.0.1 for Static DNS 1
Then, Save and Apply settings.
2. Disabling IPV6
Navigate to Setup > IPV6 and set IPv6 to Disable, then Save & Apply Settings. (this is a recommended step to make sure you get no IP leaks)
3. Open the desired *.ovpn config file with a text editor, such as Notepad.
In our example, we chose de-03.protonvpn.com.udp1194.ovpn as an example.
4. Configuring the OpenVPN service
Navigate to Service > VPN.
Under OpenVPN Client, set Start OpenVPN Client = Enable
Then set the necessary fields as follows:
Server IP/Name = copy the value in the line starting with 'remoteʼ, excluding the port number at the end, e.g., 220.127.116.11 or de.protonvpn.com Port = copy the value following the server IP address. For example, 1194 or 443 Tunnel Device = TUN Tunnel Protocol = copy the value from the proto line, e.g., UDP or TCP Note: If you are using 10.8.8.1 or 10.8.0.1 as "Static DNS 1" in Step 1, then select UDP for Tunnel Protocol. If you are using 10.7.7.1 or 10.7.0.1 as "Static DNS 1" in Step 1, then select TCP for Tunnel Protocol. Encryption Cipher = AES-256-CBC Hash Algorithm = SHA-512 User Pass Authentication = Enable Username, Password = Your OpenVPN credentials If the Username and Password fields are missing, fill in the remaining fields and continue with step 5.1 Advanced Options = Enable (this will enable additional options) TLS Cipher = None LZO Compression = No NAT = Enable
Note 1: To find your OpenVPN username and password, go to your Proton Account. These are not the same as your regular Proton Account username and password.
Note 2: to use our NetShield DNS filtering feature, append the suffix +f1 to your Username to block malware, or +f2 to block malware, ads, and trackers (for example 123456789+f2).
Options not mentioned above should be kept with default values.
4.1. (Optional, depending on step 5.)
If the Username and Password fields are missing, go to Administration > Commands, and enter this code:
echo "YOURUSERNAME YOURPASSWORD" > /tmp/openvpncl/user.conf /usr/bin/killall openvpn /usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon
Replace YOURUSERNAME and YOURPASSWORD with your respective OpenVPN login and OpenVPN password. If you do not know your OpenVPN credentials see this article.
Click Save Startup, and return to the previous VPN tab.
5. In Additional Config box either enter or copy/paste these commands:
tls-client remote-cert-tls server remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ping-timer-rem reneg-sec 0
# Delete ‘#’ in the line below if your router does not have credentials fields and you followed step 4.1:
# auth-user-pass /tmp/openvpncl/user.conf
6. Copy the CA Cert into the respective field.
Be sure the entire text gets pasted in, including
—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines.
7. Copy the TLS Auth Key field into the respective field.
Be sure the entire text gets pasted in, including
—–BEGIN OpenVPN Static key V1—– and —–END OpenVPN Static key V1—– lines.
8. After entering all this data, Save and Apply Settings
9. To Verify the VPN is Working, go to Status > OpenVPN
Under State, you should see the message: Client: CONNECTED SUCCESS.
10. To create a kill-switch:
Go into Administration > Commands, and enter this script:
WAN_IF=`nvram get wan_iface` iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset iptables -I FORWARD -i br0 -p udp -o $WAN_IF -j REJECT --reject-with udp-reset
Then select Save Firewall, Go into Administration > Management > Reboot router.