| What is VPN? | VPN stands for Virtual Private Network. It is a tool that masks the IP address, thereby making your actions on the internet untraceable. It protects your online activity and private information from being exposed to an unauthorized third-party. In addition to privacy, it also provides its user with a secured and encrypted connection. |
Why should you connect your VPN to the router?
You might find it convenient to use the VPN service on a single device. But what happens if you need to use multiple devices? It is quite a hassle to get a VPN connection for each device that you intend to work with. A practical solution is to connect your VPN to the router and run it on all your devices.
You can upgrade your present router to avail VPN services. There are a few simple steps to do so:
| STEP 1 | Log into the router you are using (through the web browser). The default is usually 192.168.1.1 or 192.168.0.1. |
| STEP 2 | You will get an IP address from the VPN service you buy. For example, if you buy a service plan from NordVPN, they will provide you with an IP address upon purchase. |
| STEP 3 | Once you install the firmware on the router and flash, you go to the dashboard and enter the IP address you received from the VPN service. There is a VPN tab on the dashboard where you will also need to add details like Port, Static dynamic, etc. |
Services like NordVPN, Shark VPN and Express VPN aim to protect the users security and privacy. They can be installed on the router as well. We will guide you on how to install the service of your choice on your router.
NORD VPN
Nord VPN
- Pros
- Excellent focus on security
- Fresh security audit in mid-2020
- NordLynx delivers incredible speeds
- Tons of servers
- Cons
- Mobile apps can be awkward
Number of servers: 5,400+ | Server locations: 80+ in 59 countries | Maximum devices supported: 6 | 24/7 live chat: Yes | 30 day money back guarantee: Yes
NordVPN provides the fastest experience at across 62 countries. It is extremely popular as it allows people to circumvent geo-restrictions and provides the feature called Double VPN. Double VPN allows customers to encrypt their internet traffic twice. NordVPN offers its services across multiple operating systems like Windows, Mac, Linux, Android TV, etc.
How to set up NordVPN on your router?
We first need to understand that NordVPN does not work on all routers. This is mainly due to the limited functionality of the routers’ firmware.
Here’s a list of routers that work with NordVPN:
| ROUTER | FIRMWARE IMAGE | |
| Asus | Tomato | RT-AC86U RT-AC88U (AC3100) RT-AC5300 |
| D-Link | DD-WRT | DIR-885L DIR-895L |
| Netgear | DD-WRT | EA8500 WRT1900ACS WRT3200ACM |
| Linksys | DD-WRT | R7500 R7800 R8500 R9000 |
Follow these steps to install NordVPN on your router
- Step 1: Log in to the NordVPN website and go to the Download section. Download the router file configuration.
- Step 2: Use a text editor, for example Notepad, to open the configuration files that you just downloaded.
- Step 3: Type the IP address of your router in the web browser and log in as administrator.
- Step 4: Please select settings and look for an option that says- VPN or Virtual Private Network.
- Step 5: Depending on your configuration file, set up the VPN service.
- Step 6: Select “Apply new settings”. Your router will take a while to set up a secure connection.
- Step 7: To cross check if your IP address is hidden, go to the website and verify.
SHARK VPN
Number of servers: 3,200+ | Server locations: 100+ in 65 countries | Maximum devices supported: Unlimited | 24/7 live chat: Yes | 30 day money back guarantee: Yes
- Pros
- Incredibly well priced
- Quick and reliable support service
- Unblocks all major streaming sites
- Really simple to use
- steady network bandwidth
| ROUTER | FIRMWARE IMAGE | List of routers |
| ASUS | Tomato | RT-N56U RT-AC86U DSL-AC51 RT-AC3200 AC68U RT-N66U AC66U AC52U RT-AC51U AX88U Rapture GT-AC2900 |
| NetDuma R1 | Easy to configure. | |
| GLiNet | Openwrt | GL-MT300N-V2 – The easiest to configure, very cheap, it’s an auxiliary router for accessing geo-restricted content on your smart TV. |
You can install SharkVPN on a compatible routers like Asus, Tomato, DD-WR
Setup your Asus router with SharkVPN using the following steps:
- Step 1: Enter your default gateway address bar in the ASUS router control panel
- Step 2: Once you enter your login details, select VPN on the sidebar.
- Step 3: choose the tab – VPN client and select “Add a profile”.
- Step 4: Select the tab OpenVPN and the description ( of your choice), username and password.
- Step 5: Download the configuration files and add them to the VPN server of your choice.
- Step 6: After this, select the option “Choose File” and set the configuration file of your choice.
- Step 7: Click the OK button at the bottom once the process of file import has completed. Do not check the tickbox “Import the CA file or edit the .ovpn file manually”.
- Step 8: Click the activate button to connect your ASUS router to SurfShark VPN. You will notice a blue tick at the connection status. This indicates that the connection has been successful.
Setup your DD-WRT router with SharkVPN using the following steps:
- Step 1: Set-up DNS servers of Surfshark. This is quite an easy process and can be done by opening the control panel of a DD-WRT router. Select “Setup and then click on Network Address Server Settings (DHCP). Enter the following values
| Static DNS 1 | 252.172.57 |
| Static DNS 2 | 154.159.92 |
| Static DNS 2 | 0.0.0 (default) |
| Use DNSMasq for DHCP | Checked |
| Use DNSMasq for DNS | Checked |
| DHCP-Authoritative | Checked |
- Step 2: After entering the above values, select “Save” and “Apply settings”.
- Step 3: Select the tab “Service” and choose “Enable” under “Open VPN Client”.
- Step 4: In the blank following Server IP/Name, enter the name of the VPN server. The “port number” is 1194 and “Tunnel Device” is TUN.
- Step 5: The “Encryption Cipher” and “Hash Algorithm” is None and SHA-512 respectively. Enable “User Pass Authentication” too.
- Step 6: Enter your Surfshark user name and password. If you don’t have the username or password, please move on to the step 8.
- Step 7: The “Advanced Options” and “NAT” should be enabled while LZO Compression should be Disabled. “TLS cipher” is None.
- Step 8: Go to “Administration Commands” and type the following:
echo "USERNAME
PASSWORD" > /tmp/openvpncl/user.conf
/usr/bin/killall openvpn
/usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon
Important: Shark VPn must have provided you with login credentials. Use that to replace the Username and Password. Click “Save Startup” and go to the “VPN” tab.
- Step 9: Enter the following commands in Additional Config:
remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
cipher AES-256-GCM
auth SHA512
log /tmp/vpn.log
- Step 10: You now download CA certificates and TLS auth keys.
- Step 11: Use a text editor to open the configuration file.
- Step 12: The text after the tag <ca> should be copied in the CA Cert field. Please avoid copying —-BEGIN CERTIFICATE—– and —–END CERTIFICATE- lines.
- Step 13: the text present after <tls-auth> tag should be copied into the TLS auth key. In this case, copy ——BEGIN OpenVPN Static key V1 ——- and ——- END OpenVPN Static Key V1 ——- lines.
- Step 14: Select “Save” and “Apply Settings.” In order to verify the connectivity, click on “Status”, then “OpenVPN” and look for the words “Connected Success” under “State”.
Setup your Tomato router with SharkVPN using the following steps:
- Step 1: Enter your default gateway address bar in the Tomato router control panel. By default, the value is 168.1.1 .
- Step 2: Please enter your login credentials and click on “VPN”. Under VPN, select “OpenVPN Client”.
- Step 3: At the top-left, select the tab “Basics” and check the option “Start with WAN” and “Create NAT Tunnel.
- Step 4: The “Interface Type” is TUN and Protocol is “UDP or TCP. At the slot allocated for “Server Address”, enter the address of the server you would like to connect to.
- Step 5: In the port section, if you selected UDP, then the port value would be 1194; otherwise it would be 1443 (UDP connection). Your “Firewall” should be automatic and “Authorization Mode” as TLS.
- Step 6: Select “Advanced” and enter the following information.
- Poll interval: 0;
- Redirect Internet traffic: Checked;
- Accept DNS configuration: Strict;
- Encryption cipher: None;
- Compression: Disabled;
- TLS Renegotiation Time:-1;
- Connection retry:-1;
- Verify server certificate (tls-remote): Unchecked
- Step 7: After this, proceed to “Custom Configuration” and enter the following:
remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
auth SHA512
cipher AES-256-CBC
log /tmp/vpn.log
- Step 8: Now, navigate to the “Keys” tab and open the .opvn files. In the “Static key”, enter the content from <tls-auth> to </tls-auth> block. Do not forget to type the “—- BEGIN OpenVPN Static key V1—–and —–END OpenVPN Static key V1—– lines” too. Do the same for Certificate Authority.
- Step 9: Now click on the Save button. To secure a SurfShark connection, on the top-right corner, select “VPN Client 1”. You can check your connection at the status tab.
Express VPN
Express VPN
- Pros
- One time connection
- Platform compatibility
- Cons
- Low flexibility
- Less speed
Number of servers: 3,000+ | Server locations: 160+ in 94 countries | Maximum devices supported: Unlimited | 24/7 live chat: Yes | 30 day money back guarantee: Yes
It is highly recommended for networks that require a large bandwidth. It hides your IP address and encrypts your data in order to protect you. You can access content that is barred in your country and also break through firewalls. In order to ensure that your privacy is protected at all times, it is advisable to use ExpressVPN every time you connect your device to a network.
The data is encrypted to protect the contents and ensure that only the recipient receives the message and no third party can intercept it. As ExpressVPN provides a wide range of features and functionalities, it costs a little bit more than what a regular VPN service might.
| ROUTER | FIRMWARE IMAGE | |
| Asus | Tomato | Asus RT-AC56(U/R/S) Asus RT-AC68U Asus RT-AC87U |
| Netgear | DD-WRT | Netgear R6300 Netgear R7000 Netgear Nighthawk R7000 |
| Linksys | DD-WRT | Linksys EA6200 Linksys WRT1200AC Linksys WRT1900AC(S) Linksys WRT3200ACM |
If you posses on of these models, you can simply download a ready-made firmware from the Express VPN website. The process is fairly simple and we will guide you through it.
Step 1: Go to this page and sign in. When you sign up for Express VPN, you get a username and password, use that to sign into the above-mentioned link.
Step 2: Go to the “My Accounts” page and navigate to the “Dashboard” tab. You will come across a button called “Set up on more devices”. The following tab will open .
Step 3: at this point, you will come across your Activation Code. This will be present inside a blue box. Note the code down as it is important and you will need it later on.
Step 4: When you scroll through the page, on the top-left side, you will come across an option called “Router”. Select it. You will see a header that says “Express VPN for router”, it has a subheader called “Setup” that provides you with options to select your router.
Step 5: once you choose the router of your choice, a red box will appear that says “Download Firmware”. Click the button to begin download.
Setup your router with ExpressVPN using the following steps:
Step 1: Navigate to the router Admin Panel and enter the login credentials.
Step 2: Go to the “Connectivity Menu”.
Step 3; Proceed to the subheading that says “Router Firmware Update” and choose “Manual”.
Step 4: You will be promoted to select a file when you click on “Manual”. Here, upload the firmware file that you downloaded initially and click on “start”.
Step 5: After the router updates itself, use Wi-Fi or LAN connectivity to visit this site
Step 6: there’s a code present at the bottom of the router. Use it to sign in
Step 7: Use the activation code that you had previously saved to enter into the router website.
Step 8: you can now control the VPN on your router using this particular web-interface.
Note: In some models, the option to update your firmware will be in another location ( within the router admin panel). There’s a possibility of it being under “Administration” or other such similar headings.
Openwrt is an open-source embedded system linux distribution software. It has a web-interface and can be distributed on various devices. It is compatible with several router models as well.
List of compatible routers:
- GL.iNet, GL-AR150
- Netgear WNDR3700
- TP-Link (TL-WDR3600, Archer C7 AC1750 and TL-WDR4300)
- Linksys WRT AC3200 Wireless Router
- Turris Omnia OpenWRT Router
- Zyxel Armor Z2 AC2600 Wireless Route
Set up OpenVPN Client on OpenWRT:
Protect your privacy and security and enabling VPN on your router. This is will also prevent sensitive information from being leaked to a third party.
Step 1: Install packages using the following command:
opkg update
opkg install openvpn-openssl
then:
OVPN_DIR="/etc/openvpn"
OVPN_ID="client"Step 2: Configure firewalls:
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.wan.device="tun+"
uci add_list firewall.wan.device="tun+"
uci commit firewall
/etc/init.d/firewall restart
Step 3: Save your client profile. Make sure that the firewall configuration name and VPN interface name matches.
umask go=
cat << "EOF" > ${OVPN_DIR}/${OVPN_ID}.conf
COPY_PASTE_CLIENT_PROFILE_HERE
EOF
sed -i -e "
/^user/s/^/#/
\$a user nobody
/^group/s/^/#/
\$a group nogroup
" ${OVPN_DIR}/${OVPN_ID}.conf
/etc/init.d/openvpn restart
Step 4: To verify the working of the VPN, enter the following commands:
traceroute openwrt.org
traceroute6 openwrt.org
Here’s an example on how to download NordVPN on OpenWRT:
- Step 1: Ensure that your router has OpenWRT firmware and OpenVPN client. The router will accept a connection through telnet protocol only. Therefore, use the IP address – 192.168.11 and change the root password. This can be done by using the command *passwd*. To install OpenVPN package, enter the following commands:
opkg update
opkg install openvpn-openssl
opkg install ip-full
Launch the package with the command: opkg install luci-app-openvpn
- Step 2: Download the configuration file of NordVPN.
- Step 3: Use the “al1.nordvpn.com.tcp.ovpn” file to configure OpenVPN. To do this, change the file’s extension from .ovpn to .conf.
- Step 4: Now, create a network interface.
uci set network.nordvpntun=interface
uci set network.nordvpntun.proto='none'
uci set network.nordvpntun.ifname='tun0'
uci commit network
/etc/config/network should possess the following:
config interface 'nordvpntun'
option proto 'none'
option ifname 'tun0'
Step 5: This is an important step. Here we add the firewall. To do so, from LAN to VPN, add a forwarding rule.
uci add firewall zone
uci set firewall.@zone[-1].name='vpnfirewall'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci add_list firewall.@zone[-1].network='nordvpntun'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpnfirewall'
uci commit firewall
/etc/config/firewall should possess the following:
config zone
option name 'vpnfirewall'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'nordvpntun'
config forwarding
option src 'lan'
option dest 'vpnfirewall'
- Step 6: We recommend configuring DNS servers by using the WAN interface
uci set network.wan.peerdns='0'
uci del network.wan.dns
uci add_list network.wan.dns='103.86.96.100'
uci add_list network.wan.dns='103.86.99.100'
uci commit
Google DNS can also be used:
uci set network.wan.peerdns='0'
uci del network.wan.dns
uci add_list network.wan.dns='8.8.8.8'
uci add_list network.wan.dns='8.8.4.4'
uci commit
