Asus’s higher-end router models are some of the only consumer routers in the marketplace with built-in OpenVPN support. ASUSWRT (Asus’s custom router firmware) has native support for OpenVPN in both client and server mode.
This tutorial will show you how to configure your ASUS router to run as an OpenVPN client, which will set up a permanent VPN tunnel from the router.
This setup allows you to connect an unlimited number of devices to the same VPN connection.
This is perfect for devices that don’t have built-in VPN support such as:
- Xbox (Xbox 360 & Xbox One)
- Playstation (PS3/PS4)
When you use our recommended Dual-Router VPN setup, it makes initiating a VPN connection as easy as switching wireless networks, allowing all of your computers and devices quick, secure access to VPN encryption.
ASUSWRT also supports the PPTP and L2TP VPN protocols, but OpenVPN is much more secure/flexible, and is definitely the recommended protocol.
RELATED: OpenVPN vs. L2TP/IPsec vs. PPTP
This tutorial will work for any ASUS router that comes with ASUSWRT firmware. Here is the current list of supported routers:
What you need for this tutorial:
- A router running ASUSWRT (list in the previous section)
- An active VPN subscription to a provider with ASUSWRT-compatible OpenVPN configs
- The OpenVPN configuration (.ovpn) and files from your VPN service
- The Certificate Authority .crt file from your provider (some providers embed the certificate in the .ovpn file. We’ll go into more detail in the step-by-step instructions).
Almost all VPN providers will make their .ovpn files for all servers easily downloadable from either their knowledgebase/tech support pages, or from inside your account panel. If you aren’t sure where to find them, just ask live chat or submit a support ticket.
Which VPNs are compatible with ASUSWRT?
Most (but not all) VPN providers are currently capable with ASUSWRT. The reason being, that ASUSWRT firmware doesn’t support any advanced VPN configuration options beyond importing an OpenVPN config (.ovpn) file. Some VPN providers config files require the ability to add custom instructions to the routers’ openVPN client.
Don’t worry, if your VPN provider doesn’t natively support ASUSWRT, you have 4 options:
- Ask them to create a custom .ovpn file for you (most VPNs will probably do it if they are able)
- Install ASUSWRT-MERLIN firmware on your router (which allows advanced OpenVPN configurations).
- Flash the Tomato-shibby or DD-WRT firmware on your router (advanced users).
- Edit the .ovpn file yourself to include the advanced configuration options
A non-exhaustive list of compatible VPNs
This list includes only VPNs that I have personally tested an confirmed to be working with ASUSWRT. If your VPN is not on the list, it may well still work with an ASUSWRT router. My best advice is to contact your provider for support if you’re having difficulties.
VPNs confirmed to work with ASUSWRT routers:
- BA.net AdBlock VPN
- Log in to your asus router control panel by typing the router IP address into your URL bar of your web browser. Since I’m using a dual-router setup, I changed my router to 192.168.2.1 but yours may be different. The default IP for Asus routers is 192.168.1.1
- Your VPN Login/Password
- The .ovpn config file of the server location you want to use
- Your CA certificate file (some VPNs include the CA in your .ovpn file, others provide a separate .crt file)
- Check the box ‘Import the CA file or edit the .ovpn file manually’
- Click ‘Browse…’ to locate your .crt file you downloaded from your provider
- Click ‘Upload’ to send it to the router.
Speed VPN on DD-WRT Routers
- AdBlock Mobile VPN for Apple iOS Config Howto
AdBlock Mobile VPN for Android Config Howto.
hacker news discussion https://news.ycombinator.com/item?id=19170671
As noted by DNS creator Paul Vixie post
In case the name of the original poster does not ring a bell: https://en.wikipedia.org/wiki/Paul_Vixie
This should bother people here more than it does. The last thing the Internet needs is even more dependence upon Google. They've made it quite clear through their actions that they're not supporters of a free and open Internet: https://theintercept.com/2018/09/14/google-china-prototype-l... If people don't push back against these kinds of things, Google will continue to abuse their power. There shouldn't be an army of apologists here making excuses for them.
As far as a solution goes, they can simply make 188.8.131.52 a fallback when something goes wrong. It's a disturbing trend to see them forcing things like this upon users.
Thank you! I feel gaslit even talking about this! Mention this online, and you will get a torrent of people telling you that you must be doing something wrong, and even if it is true Google probably has a good reason that is just beyond our understanding. I just talked about my experience with Chromecast here a few hours ago in another thread.  The Google product forums are way worse. It is not reasonable that I should have to do packet injection to not let my Chromecast connect to Google's DNS servers, especially if I just want to watch locally streamed videos.
Google has slowly been carving features off of the Chromecast for the last four years. I only use it for local video content, so why must I update when it has burned me in the past? What really kills me is how we wouldn't let Microsoft or Facebook pull this stuff : https://news.ycombinator.com/item?id=19171115
- Q: Do you have a solution for iPhone, Android on Mobile Networks ?
Yes, AdBlock Speed VPN for iPhone. Speed OpenVPN VPN for all your home or mobile devices. Available Consumer $0.99/month and Business Plans.
- Q: Will VPN OpenVPN affect my mobile battery ? Short answer no. The current recommended OpenVPN clients manage sleep to keep the cellular radio off when the phone display is unused.
The AdBlock data transmission and CPU savings will combine with the low overhead of the new OpenVPN client to a negligible impact on your iPhone battery.
- Q: Will AdBlock affect my mobile battery ? Current block lists cover over 200,000 domains. Processing that on a mobile for every request can be battery draining. Also taxing is keeping the large blocklist up to date. The AdBlock DNS VPN solution off-loads this tasks to the server. So you can save battery.
Q: What About Privacy ?
Consumer Speed VPN only routes DNS traffic on the VPN. No IP change, or TCP traffic. OpenVPN app is separate, so you can audit log data and configuration. The consumer service is aimed at cellular data saving and speed.
- Q: Android VPN Limitations ?
Android built-in PPTP VPN only works on wifi connections.
For a Celular Mobile Adblock VPN, you can use OpenVPN. Download this OpenVPN App on the Google Play Store
- Q: Android VPN Hotspot Limitations ?
You can't connect a VPN *and* activate the wifi hotspot on Android, by design. It sucks but there you are. You can though run OpenVPN on client devices tunnelled through an Android or iOS Hotspot however.
- Q: Do you support L2PT ?
No. For higher grade encryption we support OpenVPN. Or for legacy OS we support PPTP
- Q: Do you offer Server DNS Custom Filter Solutions ?
BA.net Adblock DNS Server FlashBoot is a complete Software Appliance. Built in a simple USB Flash Boot package. Or Managed Cloud Server Image. Free Download
Corporate Plan Remote AdBlock VPN new
- Q: Do you offer an Administrator Manual ?
You can download a free preview of the Administrator Manual
- Corporate Plan Remote AdBlock VPN new
BA.net AdBlock VPN . iPhone . Android . BUY Lifetime FAQ . Config Help . OSX . Windows . iPhone . Android . Tools . About . Privacy and ToS
BA.net/adblockvpn . . . . BA.net - AdBlock Split Speed VPN for Mobile iPhone iOS Android Save Data Usage content filter tracking profiling openvpn blinkt tunnelblick pptp malware protection business security library campus school cybercafe cipa affordable easy alternative for legacy cisco vpn umbrella webtitan barracuda fortinet sonicwall sophos untangle managed pihole vpn adblock-speed-vpn-iphone email@example.com
- Q: Do you have a solution for iPhone, Android on Mobile Networks ?
How to access ASUSWRT OpenVPN client settings:
2. Under the advanced settings tab on the left side, go to ‘VPN’ (shown below)
3. Then click on the ‘VPN Client’ tab (shown below)
You should now be at the VPN Client screen, which should look something like the image below. You can click the ‘Add Profile’ button to create a new VPN connection.
Set up the OpenVPN connection
Now we’re ready to create a new OpenVPN profile for your router. You’ll need 3 pieces of information from your VPN provider:
Some info about .ovpn and CA certificates
Fortunately, ASUSWRT allows you to manually import the certificate file if your VPN provider doesn’t include it in your .ovpn files. When we setup the connection, ASUSWRT will actually warn you if the .ovpn file does not contain a CA, but we can also check in advance by opening your .ovpn file with a simple text editor like notepad.
If your .ovpn file does have a CA embedded, it will include something that looks like this:
If not, it will be a much shorter config file (and won’t contain the ‘—-BEGIN CERTIFICATE—-‘ or ‘—-END CERTIFICATE—-‘ lines. Below is a full .ovpn file from IPVanish:
Step #1 – Create your OpenVPN profile
Click the ‘Add profile’ button to create a new VPN profile.
Select the ‘OpenVPN’ tab from the window that pops up.
Add a description of the profile. This will be the name that shows up in your list of available VPN connections. I like to use the following formula:
VPN name + server location
For this tutorial I’m using IPVanish’s Texas server so I’ll call it ‘IPVanish Texas’. Simple.
Also add your VPN username/password.
Step #2 – Import the .ovpn file
Click the ‘Browse…’ button to locate your .ovpn file.
Then find the directory where you saved it double click to open it in ASUSWRT.
Click ‘Upload’ to send the .ovpn file to your router.
You should now get a message saying ‘Upload Complete’. If it also says ‘Lack of certificate authority’ (meaning your .ovpn file doesn’t contain a certificate) then proceed to the next step to add one manually.
Step #3 – Add a CA client certificate (Optional)
This step is only required if your .ovpn file doesn’t contain a certificate already. You can either upload the .crt file to the router(provided by your VPN provider) or just copy and paste the certificate text (usually found in a how-to guide on your VPN’s website).
To import your CA file, follow these steps:
So now our .crt file is successfully uploaded to the router. All that’s left to do is click ‘OK’ to save your profile. Now we can test the setup to make sure it’s working.
Step #4 – Test the VPN setup
Click the ‘Activate’ button to test your new VPN connection.
If the connection is successful, you’ll get a blue checkmark in the ‘Connection Status’ column like this:
Step #5 – Troubleshooting
If you get an ‘X’ instead of a checkmark, it means your settings are incorrect. Redo the setup and double-check that your username, password, and .crt file are all correct.
If all else fails, check your router’s log. Most .ovpn files will tell the router to log the VPN connection process to the primary router log for troubleshooting purposes. You can then share the log file with your VPN’s tech support team and they can help you troubleshoot the issue.
To access your router’s logs, go to: Advanced settings > System Log > general log
Wrapup and resources
Thanks for checking out this tutorial. Hopefully if you’ve made it this far, you’ve got yourself a fully functional VPN router.
Make sure to leave any questions or tips in our forum section, we go through and respond as often as possible.
Be well, and stay encrypted!