Get ExpressVPN on your router.
Need a VPN for your router?
Get ExpressVPN Now
Refer a friend to use ExpressVPN.
Love ExpressVPN? Want a free month?
Refer a Friend Now

Note: You will need a DD-WRT firmware that can run the latest VPN configurations and has a minimum of 8 MB of flash.

This tutorial will show you how to set up ExpressVPN on your DD-WRT router using the OpenVPN protocol.

Not all ExpressVPN locations may be available for manually configured connections.

Important: The OpenVPN manual configuration does not offer the same security and privacy benefits as the ExpressVPN app. If your router does not support AES-NI (e.g., Asus RT-AC86U), you may experience occasional speed issues while using the OpenVPN manual configuration. If you are located in a country with a high level of internet censorship, you are recommended to use the ExpressVPN app for a more stable VPN connection.

To set up ExpressVPN on your DD-WRT router, you will first need to download the OpenVPN configuration files from your ExpressVPN account settings page. This will allow you to connect to the ExpressVPN servers. Follow these instructions to configure your router with OpenVPN.

Jump to…

1. Find your ExpressVPN account credentials
2. Configure your router
3. Configure your ExpressVPN keys and certificates
4. Check your connection status


1. Find your ExpressVPN account credentials

Go to the ExpressVPN setup page. If prompted, enter your ExpressVPN credentials and click Sign In.

Enter your account credentials, then click "Sign In."

Enter the verification code that is sent to your email.

On the right, with OpenVPN already selected for you, you will see your username, password, and a list of OpenVPN configuration files.

With OpenVPN already selected for you, you will see your username, password, and a list of OpenVPN configuration files.

Click the location(s) you want in order to download the .ovpn file(s).

Keep this browser window open. You will need this information for the setup later.

Need help? Contact the ExpressVPN Support Team for immediate assistance.

Back to top


2. Configure your router

In your browser’s address bar, enter the IP address for the router admin panel. By default, this is 192.168.0.1. (If your router’s IP address was changed in the past, and you cannot remember it, you can find it in your device’s settings.)

Log in with your router’s username and password. (By default, both are admin.)

At the top of the page, click the Services tab, then click the VPN sub-tab.

Under OpenVPN Client, enable the Start OpenVPN Client option. This will reveal the OpenVPN configuration panel.

The next steps may vary depending on the version of your DD-WRT firmware. Refer to the section appropriate to your DD-WRT version.

Versions of DD-WRT with User Pass Authentication
Versions of DD-WRT without User Pass Authentication

For versions of DD-WRT with User Pass Authentication

If your DD-WRT firmware has User Pass Authentication, your screen should look like the interface in these steps below. Enter the following information:

  • Server IP/Name: To get your server IP/name, right-click the .ovpn config file and open it with any text editor. You will see the server address listed between the word “remote” and the 4-digit port number. Copy and paste the server address into this field.
    Copy and paste the server address.
  • Port: Enter the number after the server IP/name in the .ovpn file.
  • Tunnel Device: Select TUN.
  • Tunnel Protocol: Select UDP.
  • Encryption Cipher: Select AES-256 GCM.
  • Hash Algorithm: Select SHA512.
  • User Pass Authentication: Select Enable.
  • Username: Enter the username you found earlier.
  • Password: Enter the password you found earlier.
  • Advanced Options: Select Enable.
  • TLS Cipher: Select None.
  • L2O Compression: Select Adaptive.
  • NAT: Select Enable.
  • Tunnel UDP Fragment: Type 1450.
  • Tunnel UDP MSS-Fix: Select Enable.
  • nsCertType verification: Check the box.

Enter details to configure your router with OpenVPN.

Next, follow these instructions to configure your ExpressVPN keys and certificates.

For versions of DD-WRT without User Pass Authentication

If your DD-WRT firmware does not have User Pass Authentication, follow the steps below:

Look for the Additional Config text box and enter this command:

auth-user-pass /tmp/auth.txt

Then enter the following information:

  • Server IP/Name: To get your server IP/name, right-click the .ovpn config file and open it with any text editor. You will see the server address listed between the word “remote” and the 4-digit port number. Copy and paste the server address into this field.
    Copy and paste the server address.
  • Port: Enter the number after the server P/name in the .ovpn file.
  • Tunnel Device: Select TUN.
  • Tunnel Protocol: Select UDP.
  • Encryption Cipher: Select AES-256 GCM.
  • Hash Algorithm: Select SHA512.
  • User Pass Authentication: Select Enable.
  • Username: Enter the username you found earlier.
  • Password: Enter the password you found earlier.
  • Advanced Options: Select Enable.
  • TLS Cipher: Select None.
  • L2O Compression: Select Adaptive.
  • NAT: Select Enable.
  • Tunnel UDP Fragment: Type 1450.
  • Tunnel UDP MSS-Fix: Select Enable.
  • nsCertType verification: Check the box.

Next, follow these instructions to configure your ExpressVPN keys and certificates.

Need help? Contact the ExpressVPN Support Team for immediate assistance.

Back to top


3. Configure your ExpressVPN keys and certificates

In the Additional Config field, enter the following:

persist-key
persist-tun
fragment 1300
mssfix 1450
keysize 256

Enter information in the Additional Config field.

In the TLS Auth Key field, copy the text between <tls-auth> and </tls-auth> tags in the .ovpn file and paste it in this field.

Enter text in the TLS Auth Key field.

In the CA Cert field, copy the text in between <ca> and </ca> tags in the .ovpn file and paste it in this field.

Enter text in the CA Cert field.

In the Public Client Cert field, copy the text between <cert> and </cert> tags in the .ovpn file and paste it in this field.

Enter text in the Public Client Cert field.

In the Private Client Key field, copy the text between the <key> and </key> tags in the .ovpn file and paste it in this field.

Enter text in the Private Client Cert field.

Click Save, and then click Apply settings to start the connection to the VPN.

If you are using DD-WRT without User Pass Authentication, go to Administration > Commands and enter the following commands:

echo USERNAMEHERE > /tmp/auth.txt
echo PASSWORDHERE >> /tmp/auth.txt

Then click Save Startup.

Go to Administration > Management and click Reboot Router.

Need help? Contact the ExpressVPN Support Team for immediate assistance.

Back to top


4. Check your connection status

Go to Status > OpenVPN. If your VPN connection is successful, you will see the words “CONNECTED SUCCESS” and the following:

Your OpenVPN connection is successful.

If you are unable to connect to the VPN, your router might have been set to an incorrect time and date. This prevents your router from connecting properly to the VPN server. To resolve this, try resetting your router’s system time and connect to the VPN again.

Need help? Contact the ExpressVPN Support Team for immediate assistance.

Back to top

Was this article helpful?

We're sorry to hear that. Let us know how we can improve.

Which router model do you need help with?

Examples: Linksys WRT1200AC, Asus RT-AC56R

A member of our Support Team will follow up on your issue.