This is a step-by-step guide to setting up ProtonVPN on your DD-WRT router.
If you set up your VPN account to work on your router, you can protect the online activity of each device connected to your WiFi. Below we explain how to get ProtonVPN to work on your DD-WRT router.
But, you can skip this setup process by purchasing a pre-configured router from FlashRouters. FlashRouters makes it easy for anyone to have VPN security for all of the Internet-connected devices in their home, including smart phones, SmartTVs, and gaming consoles. No matter what ProtonVPN plan you use, you can configure your router to work with your ProtonVPN account. If you buy a ProtonVPN pre-configured router, you will only need to enter your ProtonVPN OpenVPN credentials.
Regardless of whether you are setting your router up yourself or using a pre-configured router, you will need your OpenVPN config files from the ProtonVPN Dashboard.
Learn more: How to download OpenVPN config files for ProtonVPN.
1. Basic router settings
Log in to your DD-WRT Administrative Interface, usually accomplished using your browser and opening the IP of your router (per default 192.168.1.1 or similar).
Navigate to Setup > Basic Setup.
Under Network Address Server Settings (DHCP), set the DNS values to the following ProtonVPN DNS addresses:
(The DNS values depend on which transport protocol you want to use, either UDP or TCP. Learn more about UDP vs. TCP.)
If you are using UDP:
Static DNS 1 = 10.8.8.1 Static DNS 2 = 0.0.0.0 Static DNS 3 = 0.0.0.0 (default) Use DNSMasq for DHCP = Checked Use DNSMasq for DNS = Checked DHCP-Authoritative = Checked
NOTE: If you are a FREE user and using FREE servers to configure your router, you will have to use 10.8.0.1 for Static DNS 1
If you are using TCP:
Static DNS 1 = 10.7.7.1 Static DNS 2 = 0.0.0.0 Static DNS 3 = 0.0.0.0 (default) Use DNSMasq for DHCP = Checked Use DNSMasq for DNS = Checked DHCP-Authoritative = Checked
NOTE: If you are a FREE user and using FREE servers to configure your router, you will have to use 10.7.0.1 for Static DNS 1
Then, Save and Apply settings.
2. Disabling IPV6
Navigate to Setup > IPV6 and set IPv6 to Disable, then Save & Apply Settings. (this is a recommended step to make sure you get no IP leaks)
3. Open the desired *.ovpn config file with a text editor, such as Notepad.
In our example, we chose de-03.protonvpn.com.udp1194.ovpn as an example.
4. Configuring the OpenVPN service
Navigate to Service > VPN.
Under OpenVPN Client, set Start OpenVPN Client = Enable
Then set the necessary fields as follows:
Server IP/Name = copy the value in the line starting with 'remoteʼ, excluding the port number at the end, e.g., 220.127.116.11 or de.protonvpn.com Port = copy the value behind the server IP, e.g., 1194 or 443 Tunnel Device = TUN Tunnel Protocol = copy the value from the proto line, e.g., UDP or TCP Note: If you are using 10.8.8.1 or 10.8.0.1 as "Static DNS 1" in Step 1, then select UDP for Tunnel Protocol. If you are using 10.7.7.1 or 10.7.0.1 as "Static DNS 1" in Step 1, then select TCP for Tunnel Protocol. Encryption Cipher = AES-256-CBC Hash Algorithm = SHA-512 User Pass Authentication = Enable Username, Password = Your OpenVPN credentials Note: If the Username and Password fields are missing, fill in the remaining fields and continue with step 5.1 Advanced Options = Enable (this will enable additional options) TLS Cipher = None LZO Compression = No NAT = Enable
If you do not know your OpenVPN credentials, please visit your account page here. Note: to use our NetShield DNS filtering feature, append the suffix +f1 to your username to block malware, or +f2 to block malware, ads, and trackers (for example 123456789+f2).
The options not mentioned above should be kept with default values.
4.1. (Optional, depending on step 5.)
If the Username and Password fields are missing, go to Administration > Commands, and enter this code:
echo "YOURUSERNAME YOURPASSWORD" > /tmp/openvpncl/user.conf /usr/bin/killall openvpn /usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon
Replace YOURUSERNAME and YOURPASSWORD with your respective OpenVPN login and OpenVPN password. If you do not know your OpenVPN credentials see this article.
Click Save Startup, and return to the previous VPN tab.
5. In Additional Config box either enter or copy/paste these commands:
tls-client remote-cert-tls server remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ping-timer-rem reneg-sec 0
# Delete ‘#’ in the line below if your router does not have credentials fields and you followed step 4.1:
# auth-user-pass /tmp/openvpncl/user.conf
6. Copy the CA Cert into the respective field.
Be sure the entire text gets pasted in, including
—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines.
7. Copy the TLS Auth Key field into the respective field.
Be sure the entire text gets pasted in, including
—–BEGIN OpenVPN Static key V1—– and —–END OpenVPN Static key V1—– lines.
8. After entering all this data, Save and Apply Settings
9. To Verify the VPN is Working, Navigate to Status > OpenVPN
Under State, you should see the message: Client: CONNECTED SUCCESS.
10. To create a kill-switch,
Go into Administration > Commands, and enter this script:
WAN_IF=`nvram get wan_iface` iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset iptables -I FORWARD -i br0 -p udp -o $WAN_IF -j REJECT --reject-with udp-reset
Then select Save Firewall, Go into Administration > Management > Reboot router.