Need a VPN for your router?
Get ExpressVPN NowLove ExpressVPN? Want a free month?
Refer a Friend NowNote: You will need a DD-WRT firmware that can run the latest VPN configurations and has a minimum of 8 MB of flash.
This tutorial will show you how to set up ExpressVPN on your DD-WRT router using the OpenVPN protocol.
Not all ExpressVPN locations may be available for manually configured connections.
To set up ExpressVPN on your DD-WRT router, you will first need to download the OpenVPN configuration files from your ExpressVPN account settings page. This will allow you to connect to the ExpressVPN servers. Follow these instructions to configure your router with OpenVPN.
Jump to…
1. Find your ExpressVPN account credentials
2. Configure your router
3. Configure your ExpressVPN keys and certificates
4. Check your connection status
1. Find your ExpressVPN account credentials
Go to the ExpressVPN setup page. If prompted, enter your ExpressVPN credentials and click Sign In.
Enter the verification code that is sent to your email.
On the right, with OpenVPN already selected for you, you will see your username, password, and a list of OpenVPN configuration files.
Click the location(s) you want in order to download the .ovpn file(s).
Keep this browser window open. You will need this information for the setup later.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
2. Configure your router
In your browser’s address bar, enter the IP address for the router admin panel. By default, this is 192.168.0.1. (If your router’s IP address was changed in the past, and you cannot remember it, you can find it in your device’s settings.)
Log in with your router’s username and password. (By default, both are admin.)
At the top of the page, click the Services tab, then click the VPN sub-tab.
Under OpenVPN Client, enable the Start OpenVPN Client option. This will reveal the OpenVPN configuration panel.
The next steps may vary depending on the version of your DD-WRT firmware. Refer to the section appropriate to your DD-WRT version.
Versions of DD-WRT with User Pass Authentication
Versions of DD-WRT without User Pass Authentication
For versions of DD-WRT with User Pass Authentication
If your DD-WRT firmware has User Pass Authentication, your screen should look like the interface in these steps below. Enter the following information:
- Server IP/Name: To get your server IP/name, right-click the .ovpn config file and open it with any text editor. You will see the server address listed between the word “remote” and the 4-digit port number. Copy and paste the server address into this field.
- Port: Enter the number after the server IP/name in the .ovpn file.
- Tunnel Device: Select TUN.
- Tunnel Protocol: Select UDP.
- Encryption Cipher: Select AES-256 GCM.
- Hash Algorithm: Select SHA512.
- User Pass Authentication: Select Enable.
- Username: Enter the username you found earlier.
- Password: Enter the password you found earlier.
- Advanced Options: Select Enable.
- TLS Cipher: Select None.
- L2O Compression: Select Adaptive.
- NAT: Select Enable.
- Tunnel UDP Fragment: Type 1450.
- Tunnel UDP MSS-Fix: Select Enable.
- nsCertType verification: Check the box.
Next, follow these instructions to configure your ExpressVPN keys and certificates.
For versions of DD-WRT without User Pass Authentication
If your DD-WRT firmware does not have User Pass Authentication, follow the steps below:
Look for the Additional Config text box and enter this command:
auth-user-pass /tmp/auth.txt
Then enter the following information:
- Server IP/Name: To get your server IP/name, right-click the .ovpn config file and open it with any text editor. You will see the server address listed between the word “remote” and the 4-digit port number. Copy and paste the server address into this field.
- Port: Enter the number after the server P/name in the .ovpn file.
- Tunnel Device: Select TUN.
- Tunnel Protocol: Select UDP.
- Encryption Cipher: Select AES-256 GCM.
- Hash Algorithm: Select SHA512.
- User Pass Authentication: Select Enable.
- Username: Enter the username you found earlier.
- Password: Enter the password you found earlier.
- Advanced Options: Select Enable.
- TLS Cipher: Select None.
- L2O Compression: Select Adaptive.
- NAT: Select Enable.
- Tunnel UDP Fragment: Type 1450.
- Tunnel UDP MSS-Fix: Select Enable.
- nsCertType verification: Check the box.
Next, follow these instructions to configure your ExpressVPN keys and certificates.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
3. Configure your ExpressVPN keys and certificates
In the Additional Config field, enter the following:
persist-key
persist-tun
fragment 1300
mssfix 1450
keysize 256
In the TLS Auth Key field, copy the text between <tls-auth> and </tls-auth> tags in the .ovpn file and paste it in this field.
In the CA Cert field, copy the text in between <ca> and </ca> tags in the .ovpn file and paste it in this field.
In the Public Client Cert field, copy the text between <cert> and </cert> tags in the .ovpn file and paste it in this field.
In the Private Client Key field, copy the text between the <key> and </key> tags in the .ovpn file and paste it in this field.
Click Save, and then click Apply settings to start the connection to the VPN.
If you are using DD-WRT without User Pass Authentication, go to Administration > Commands and enter the following commands:
echo USERNAMEHERE > /tmp/auth.txt
echo PASSWORDHERE >> /tmp/auth.txt
Then click Save Startup.
Go to Administration > Management and click Reboot Router.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
4. Check your connection status
Go to Status > OpenVPN. If your VPN connection is successful, you will see the words “CONNECTED SUCCESS” and the following:
If you are unable to connect to the VPN, your router might have been set to an incorrect time and date. This prevents your router from connecting properly to the VPN server. To resolve this, try resetting your router’s system time and connect to the VPN again.
Need help? Contact the ExpressVPN Support Team for immediate assistance.