How to set up OpenVPN client on Asus routers with ASUSWRT

Asus’s higher-end router models are some of the only consumer routers in the marketplace with built-in OpenVPN support. ASUSWRT (Asus’s custom router firmware) has native support for OpenVPN in both client and server mode.

This tutorial will show you how to configure your ASUS router to run as an OpenVPN client, which will set up a permanent VPN tunnel from the router.

This setup allows you to connect an unlimited number of devices to the same VPN connection.

This is perfect for devices that don’t have built-in VPN support such as:

• AppleTV
• FireTV
• Xbox (Xbox 360 & Xbox One)
• Playstation (PS3/PS4)
• Chromecast
• Roku

When you use our recommended Dual-Router VPN setup, it makes initiating a VPN connection as easy as switching wireless networks, allowing all of your computers and devices quick, secure access to VPN encryption.

ASUSWRT also supports the PPTP and L2TP VPN protocols, but OpenVPN is much more secure/flexible, and is definitely the recommended protocol.

RELATED: OpenVPN vs. L2TP/IPsec vs. PPTP

Supported Routers

This tutorial will work for any ASUS router that comes with ASUSWRT firmware. Here is the current list of supported routers:

• RT-N66U
• RT-AC56U
• RT-AC66U
• RT-AC68U
• RT-AC68P
• RT-AC87U
• RT-AC3200
• RT-AC88U
• RT-AC3100
• RT-AC5300

What you need for this tutorial:

1. A router running ASUSWRT (list in the previous section)
2. An active VPN subscription to a provider with ASUSWRT-compatible OpenVPN configs
3. The OpenVPN configuration (.ovpn) and files from your VPN service
4. The Certificate Authority .crt file from your provider (some providers embed the certificate in the .ovpn file. We’ll go into more detail in the step-by-step instructions).

Almost all VPN providers will make their .ovpn files for all servers easily downloadable from either their knowledgebase/tech support pages, or from inside your account panel. If you aren’t sure where to find them, just ask live chat or submit a support ticket.

Which VPNs are compatible with ASUSWRT?

Most (but not all) VPN providers are currently capable with ASUSWRT. The reason being, that ASUSWRT firmware doesn’t support any advanced VPN configuration options beyond importing an OpenVPN config (.ovpn) file. Some VPN providers config files require the ability to add custom instructions to the routers’ openVPN client.

Don’t worry, if your VPN provider doesn’t natively support ASUSWRT, you have 4 options:

1. Ask them to create a custom .ovpn file for you (most VPNs will probably do it if they are able)
2. Install ASUSWRT-MERLIN firmware on your router (which allows advanced OpenVPN configurations).
3. Flash the Tomato-shibby or DD-WRT firmware on your router (advanced users).
4. Edit the .ovpn file yourself to include the advanced configuration options

A non-exhaustive list of compatible VPNs

This list includes only VPNs that I have personally tested an confirmed to be working with ASUSWRT. If your VPN is not on the list, it may well still work with an ASUSWRT router. My best advice is to contact your provider for support if you’re having difficulties.

VPNs confirmed to work with ASUSWRT routers:

• BA.net AdBlock VPN

How to access ASUSWRT OpenVPN client settings:

1. Log in to your asus router control panel by typing the router IP address into your URL bar of your web browser. Since I’m using a dual-router setup, I changed my router to 192.168.2.1 but yours may be different. The default IP for Asus routers is 192.168.1.1


Login to your ASUS router admin panel

2. Under the advanced settings tab on the left side, go to ‘VPN’ (shown below)

3. Then click on the ‘VPN Client’ tab (shown below)



Go to ‘VPN’ settings then ‘VPN Client’

You should now be at the VPN Client screen, which should look something like the image below. You can click the ‘Add Profile’ button to create a new VPN connection.



Click ‘Add Profile’ to create a new VPN profile

Set up the OpenVPN connection

Now we’re ready to create a new OpenVPN profile for your router. You’ll need 3 pieces of information from your VPN provider:

1. Your VPN Login/Password
2. The .ovpn config file of the server location you want to use
3. Your CA certificate file (some VPNs include the CA in your .ovpn file, others provide a separate .crt file)

Some info about .ovpn and CA certificates

Fortunately, ASUSWRT allows you to manually import the certificate file if your VPN provider doesn’t include it in your .ovpn files. When we setup the connection, ASUSWRT will actually warn you if the .ovpn file does not contain a CA, but we can also check in advance by opening your .ovpn file with a simple text editor like notepad.

If your .ovpn file does have a CA embedded, it will include something that looks like this:

<ca>
—–BEGIN CERTIFICATE—–
MIIDljCCAv+gAwIBAgIJANMiwLWxktowMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJSTzEMMAoGA1UECBMDQlVDMRIwEAYDVQQHEwlCdWNoYXJlc3QxDzANBgNV
BAoTBlZQTi5BQzEPMA0GA1UECxMGVlBOLkFDMQ8wDQYDVQQDEwZWUE4uQUMxDzAN
BgNVBCkTBlZQTi5BQzEaMBgGCSqGSIb3DQEJARYLaW5mb0B2cG4uYWMwHhcNMTIx
MTI2MTI0NDMzWhcNMjIxMTI0MTI0NDMzWjCBjzELMAkGA1UEBhMCUk8xDDAKBgNV
BAgTA0JVQzESMBAGA1UEBxMJQnVjaGFyZXN0MQ8wDQYDVQQKEwZWUE4uQUMxDzAN
BgNVBAsTBlZQTi5BQzEPMA0GA1UEAxMGVlBOLkFDMQ8wDQYDVQQpEwZWUE4uQUMx
GjAYBgkqhkiG9w0BCQEWC2luZm9AdnBuLmFjMIGfMA0GCSqGSIb3DQEBAQUAA4GN
qRI4JvSeZc4/ww==
—–END CERTIFICATE—–
</ca>

If not, it will be a much shorter config file (and won’t contain the ‘—-BEGIN CERTIFICATE—-‘ or ‘—-END CERTIFICATE—-‘ lines. Below is a full .ovpn file from IPVanish:



IPVanish .ovpn file (Chicago server)

Step #1 – Create your OpenVPN profile

Click the ‘Add profile’ button to create a new VPN profile.



Click ‘Add Profile’

Select the ‘OpenVPN’ tab from the window that pops up.



OpenVPN profile dialog

Add a description of the profile. This will be the name that shows up in your list of available VPN connections. I like to use the following formula:

VPN name + server location

For this tutorial I’m using IPVanish’s Texas server so I’ll call it ‘IPVanish Texas’. Simple.

Also add your VPN username/password.



Add a profile name and your Username/Password

Step #2 – Import the .ovpn file

Click the ‘Browse…’ button to locate your .ovpn file.



Click ‘Browse…’ to locate .ovpn file

Then find the directory where you saved it double click to open it in ASUSWRT.



Open the .ovpn file

Click ‘Upload’ to send the .ovpn file to your router.



Upload the .ovpn to router

You should now get a message saying ‘Upload Complete’. If it also says ‘Lack of certificate authority’ (meaning your .ovpn file doesn’t contain a certificate) then proceed to the next step to add one manually.



Message will indicate a successful upload (and tell you if you need to manually import a CA file)

Step #3 – Add a CA client certificate (Optional)

This step is only required if your .ovpn file doesn’t contain a certificate already. You can either upload the .crt file to the router(provided by your VPN provider) or just copy and paste the certificate text (usually found in a how-to guide on your VPN’s website).

To import your CA file, follow these steps:

1. Check the box ‘Import the CA file or edit the .ovpn file manually’
2. Click ‘Browse…’ to locate your .crt file you downloaded from your provider
3. Click ‘Upload’ to send it to the router.


Manually import your CA (.crt) file if necessary



.crt file successfully uploaded

So now our .crt file is successfully uploaded to the router. All that’s left to do is click ‘OK’ to save your profile. Now we can test the setup to make sure it’s working.

Step #4 – Test the VPN setup

Click the ‘Activate’ button to test your new VPN connection.



Click ‘Activate’ to connect to the VPN

If the connection is successful, you’ll get a blue checkmark in the ‘Connection Status’ column like this:



Successful connection. Your router traffic is now encrypted.

Step #5 – Troubleshooting

If you get an ‘X’ instead of a checkmark, it means your settings are incorrect. Redo the setup and double-check that your username, password, and .crt file are all correct.

If all else fails, check your router’s log. Most .ovpn files will tell the router to log the VPN connection process to the primary router log for troubleshooting purposes. You can then share the log file with your VPN’s tech support team and they can help you troubleshoot the issue.

To access your router’s logs, go to: Advanced settings > System Log > general log



Sample router logs for the VPN connection

Wrapup and resources

Thanks for checking out this tutorial. Hopefully if you’ve made it this far, you’ve got yourself a fully functional VPN router.

Make sure to leave any questions or tips in our forum section, we go through and respond as often as possible.

Be well, and stay encrypted!

 







• AppleTV

• AndroidTV

• Roku

• Chromecast

• Speed VPN on DD-WRT Routers

  
  

• AdBlock Mobile VPN for Apple iOS Config Howto

• AdBlock Mobile VPN for Android Config Howto.

  
  
  

  hacker news discussion https://news.ycombinator.com/item?id=19170671

  As noted by DNS creator Paul Vixie post

  In case the name of the original poster does not ring a bell: https://en.wikipedia.org/wiki/Paul_Vixie

  This should bother people here more than it does. The last thing the Internet needs is even more dependence upon Google. They've made it quite clear through their actions that they're not supporters of a free and open Internet: https://theintercept.com/2018/09/14/google-china-prototype-l... If people don't push back against these kinds of things, Google will continue to abuse their power. There shouldn't be an army of apologists here making excuses for them.

  As far as a solution goes, they can simply make 8.8.8.8 a fallback when something goes wrong. It's a disturbing trend to see them forcing things like this upon users.

  Thank you! I feel gaslit even talking about this! Mention this online, and you will get a torrent of people telling you that you must be doing something wrong, and even if it is true Google probably has a good reason that is just beyond our understanding. I just talked about my experience with Chromecast here a few hours ago in another thread. [1] The Google product forums are way worse. It is not reasonable that I should have to do packet injection to not let my Chromecast connect to Google's DNS servers, especially if I just want to watch locally streamed videos.

  Google has slowly been carving features off of the Chromecast for the last four years. I only use it for local video content, so why must I update when it has burned me in the past? What really kills me is how we wouldn't let Microsoft or Facebook pull this stuff [1]: https://news.ycombinator.com/item?id=19171115

  
  

  
  

  
  

  FAQ

• Q: Do you have a solution for iPhone, Android on Mobile Networks ?

  Yes, AdBlock Speed VPN for iPhone. Speed OpenVPN VPN for all your home or mobile devices. Available Consumer $0.99/month and Business Plans.

• Q: Will VPN OpenVPN affect my mobile battery ? Short answer no. The current recommended OpenVPN clients manage sleep to keep the cellular radio off when the phone display is unused.

  The AdBlock data transmission and CPU savings will combine with the low overhead of the new OpenVPN client to a negligible impact on your iPhone battery.

• Q: Will AdBlock affect my mobile battery ? Current block lists cover over 200,000 domains. Processing that on a mobile for every request can be battery draining. Also taxing is keeping the large blocklist up to date. The AdBlock DNS VPN solution off-loads this tasks to the server. So you can save battery.

  Q: What About Privacy ?

  Consumer Speed VPN only routes DNS traffic on the VPN. No IP change, or TCP traffic. OpenVPN app is separate, so you can audit log data and configuration. The consumer service is aimed at cellular data saving and speed.

• Q: Android VPN Limitations ?

  Android built-in PPTP VPN only works on wifi connections.

  For a Celular Mobile Adblock VPN, you can use OpenVPN. Download this OpenVPN App on the Google Play Store

• Q: Android VPN Hotspot Limitations ?

  You can't connect a VPN *and* activate the wifi hotspot on Android, by design. It sucks but there you are. You can though run OpenVPN on client devices tunnelled through an Android or iOS Hotspot however.

• Q: Do you support L2PT ?

  No. For higher grade encryption we support OpenVPN. Or for legacy OS we support PPTP

• Q: Do you offer Server DNS Custom Filter Solutions ?

  BA.net Adblock DNS Server FlashBoot is a complete Software Appliance. Built in a simple USB Flash Boot package. Or Managed Cloud Server Image. Free Download

  Corporate Plan Remote AdBlock VPN new

• Q: Do you offer an Administrator Manual ?

  You can download a free preview of the Administrator Manual

  free Administrator Manual E-Book Preview
  Free eBook Preview PDF 2.5M Documentation Index

  
  

• Corporate Plan Remote AdBlock VPN new

  
  

  free Privacy AdBlock . Config Help . $NOAD Whitepaper . Free Servers
  FAQ . Config Help . OSX . Windows . iPhone . Android . Tools . Free Servers . Dedicated Business Servers

  

  BA.net/adblockvpn . . . . BA.net - AdBlock Split Speed VPN for Mobile iPhone iOS Android Save Data Usage content filter tracking profiling openvpn blinkt tunnelblick pptp malware protection business security library campus school cybercafe cipa affordable easy alternative for legacy cisco vpn umbrella webtitan barracuda fortinet sonicwall sophos untangle managed pihole vpn adblock-speed-vpn-iphone adblock@ba.net