How to set up Proton VPN on a DD-WRT router using OpenVPN

Reading
4 mins
Category
Routers

You can set up Proton VPN on your router, which will protect every device that connects to the internet through that router. In this guide, we take a step-by-step look at how to set up Proton VPN on a DD-WRT router(new window) using the OpenVPN VPN protocol. 

Learn more about OpenVPN

We also have guides for setting up Proton VPN on a wide selection of other popular routers. 

Learn how to install Proton VPN on different routers

To skip this setup process, you can purchase a pre-configured router from FlashRouters(new window)

Before starting, you’ll need the following:

  • A computer that’s connected to your LAN network so that you can access your DD-WRT router’s web interface(new window). To do this, enter the address provided by your router’s manufacturer into your browser’s URL bar. For example, most Linksys and Asus routers use the address 192.168.1.1
  • Your OpenVPN username and password. These are different from your regular Proton VPN username and password. To find them, sign in to account.protonvpn.com and go to AccountOpenVPN / IKEv2 username.

Note that this guide is for newer versions of DD-WRT. If you’re running an older version of DD-WRT, please update your firmware(new window) to the latest version.

Learn more about why it’s important to keep your operating system (including router firmware) updated

How to set up Proton VPN on a DD-WRT router

1. Create an OpenVPN configuration file

Sign in to Proton VPN using your Proton Account username and password at account.protonvpn.com, go to DownloadsOpenVPN configuration files, and download an OpenVPN configuration file. Be sure to Select Platform: Router

Learn how to download an OpenVPN configuration file from Proton VPN 

To configure DD-WRT, you’ll need the IP address and port number of the VPN server. These can be found on the first remote line listed in the certificate. The first number is the IP address, and the second number is the port number. In the example below, the IP address is 185.159.157.6, and the port number is 51820

The IP address and port number of the VPN server

You’ll also need the OpenVPN Static key. This starts with —–BEGIN OpenVPN Static key V1—- and ends with —–END OpenVPN Static key V1—–.

The OpenVPN Static key

And finally, you’ll need the TLS certificate(new window) from this config file. To find it, open the downloaded OpenVPN config file in a text editor and look for the text that starts with —–BEGIN CERTIFICATE—- and ends with –—-END CERTIFICATE—–.

The OpenVPN TLS certificate

2. Disable IPv6 on your router

This step is recommended to prevent IP leaks. 

Open your DD-WRT router’s web interface(new window) in a browser window. Go to Setup IPV6IPV6 Support → IPV6 and toggle the Disable button on. Now click Save, then Apply Settings

Disable IPv6

3. Configure the OpenVPN service

Go to Services VPNOpenVPN Client and configure the following settings:

  • Enable Client: Enable
  • CVE-1029-14899 Mitigation: Enable
  • Server IP / Name: Port: Enter the IP address and port number of the VPN server. These can be found on the first remote line listed in the certificate (see Step 1 for more details)
  • Tunnel Device: TUN
  • Tunnel Protocol: UDP or TCP. You selected this when you created your OpenVPN configuration files. You can also find it in the config file on the line starting proto
  • Encryption Cipher: AES-256-GCM
  • Hash Algorithm: SHA-256
  • First Data Cipher: AES-256-GCM
  • Second Data Cipher: CHACHA20-POLY1305
  • Third Data Cipher:
  • User Pass Authentication: Enable
  • Username, Password: Your OpenVPN username and password. Remember: These are different from your regular Proton VPN username and password. 
  • TLS Cipher: –
  • Compression: Disable
  • NAT: Enable
  • Tunnel MTU Setting: 1500
  • Additional Config: paste the following settings into the box:
remote-cert-tls server
remote-random
nobind
mssfix 0
persist-key
persist-tun
reneg-sec 0
  • TLS / Static Key Choice: TLS Crypt
  • TLS key: Paste in the OpenVPN Static key from the OpenVPN configuration file (see Step 1)
  • CA Certificate: Paste in the TLS certificate from your OpenVPN config file (see Step 1)

To enable additional features, add the following suffixes to your OpenVPN username.

Leave all other options at their default values. When you’re done, click Save, then Apply Settings.

Configure OpenVPN settings

To verify the VPN is working, go to Status OpenVPN State. You should see the message: Client: CONNECTED SUCCESS.

Verify the VPN is working

You can also test if the VPN is working by visiting ip.me(new window) from any device on your network.