Need a VPN for your router?
Get ExpressVPN Now
Love ExpressVPN? Want a free month?
Refer a Friend NowNote: You will need a DD-WRT firmware that can run the latest VPN configurations and has a minimum of 8 MB of flash.
This tutorial will show you how to set up ExpressVPN on your DD-WRT router using the OpenVPN protocol.
To set up ExpressVPN on your DD-WRT router, you will first need to download the OpenVPN configuration files from your ExpressVPN account settings page. This will allow you to connect to the ExpressVPN servers. Follow these instructions to configure your router with OpenVPN.
Jump to…
1. Get your ExpressVPN account credentials
2. Configure your router
3. Configure your ExpressVPN keys and certificates
4. Check your connection status
1. Get your ExpressVPN account credentials
Open the Welcome Email you received when you signed up for ExpressVPN. Click “Set Up ExpressVPN.”
Click Manual Configuration.
If you can’t find the email, sign in to your account. Enter your verification code, which you will receive in your email.
Once you have signed in to your account, click Set Up Other Devices.
Click Manual Configuration on the left side of the screen. Then select OpenVPN on the right. This will show you your username, password, and a list of OpenVPN configuration files.
Click the name of the server location you wish to connect to. The file will start downloading to your device.
Keep this browser window open. You will need this information for the setup later.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
2. Configure your router
In your browser’s address bar, enter the IP address for the router admin panel. By default, this is 192.168.0.1. (If your router’s IP address was changed in the past, and you cannot remember it, you can find it in your device’s settings.)
Log in with your router’s username and password. (By default, both are admin.)
At the top of the page, click the Services tab, then click the VPN sub-tab.
Under OpenVPN Client, enable the Start OpenVPN Client option. This will reveal the OpenVPN configuration panel.
The next steps may vary depending on the version of your DD-WRT firmware. Please refer to the section appropriate to your DD-WRT version.
Versions of DD-WRT with User Pass Authentication
Versions of DD-WRT without User Pass Authentication
For versions of DD-WRT with User Pass Authentication
If your DD-WRT firmware has User Pass Authentication, your screen should look like the interface in these steps below. Enter the following information:
- Server IP/Name: To get your server IP/name, right-click the .ovpn config file and open it with any text editor. You will see the server address listed between the word “remote” and the 4-digit port number. Copy and paste the server address into this field.
- Port: Enter the number after the server IP/name in the .ovpn file.
- Tunnel Device: Select TUN.
- Tunnel Protocol: Select UDP.
- Encryption Cipher: Select AES-256 CBC.
- Hash Algorithm: Select SHA512.
- User Pass Authentication: Select Enable.
- Username: Enter the username you found earlier.
- Password: Enter the password you found earlier.
- Advanced Options: Select Enable.
- TLS Cipher: Select None.
- L2O Compression: Select Adaptive.
- NAT: Select Enable.
- Tunnel UDP Fragment: Type 1450.
- Tunnel UDP MSS-Fix: Select Enable.
- nsCertType verification: Check the box.
Next, follow these instructions to configure your ExpressVPN keys and certificates.
For versions of DD-WRT without User Pass Authentication
If your DD-WRT firmware does not have User Pass Authentication, please follow the steps below:
Look for the Additional Config text box and enter this command:
auth-user-pass /tmp/auth.txt
Then enter the following information:
- Server IP/Name: To get your server IP/name, right-click the .ovpn config file and open it with any text editor. You will see the server address listed between the word “remote” and the 4-digit port number. Copy and paste the server address into this field.
- Port: Enter the number after the server P/name in the .ovpn file.
- Tunnel Device: Select TUN.
- Tunnel Protocol: Select UDP.
- Encryption Cipher: Select AES-256 CBC.
- Hash Algorithm: Select SHA512.
- User Pass Authentication: Select Enable.
- Username: Enter the username you found earlier.
- Password: Enter the password you found earlier.
- Advanced Options: Select Enable.
- TLS Cipher: Select None.
- L2O Compression: Select Adaptive.
- NAT: Select Enable.
- Tunnel UDP Fragment: Type 1450.
- Tunnel UDP MSS-Fix: Select Enable.
- nsCertType verification: Check the box.
Next, follow these instructions to configure your ExpressVPN keys and certificates.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
3. Configure your ExpressVPN keys and certificates
In the Additional Config field, enter the following:
persist-key
persist-tun
fragment 1300
mssfix 1450
keysize 256
In the TLS Auth Key field, copy the text between <tls-auth> and </tls-auth> tags in the .ovpn file and paste it in this field.
In the CA Cert field, copy the text in between <ca> and </ca> tags in the .ovpn file and paste it in this field.
In the Public Client Cert field, copy the text between <cert> and </cert> tags in the .ovpn file and paste it in this field.
In the Private Client Key field, copy the text between the <key> and </key> tags in the .ovpn file and paste it in this field.
Click Save, and then click Apply settings to start the connection to the VPN.
If you are using DD-WRT without User Pass Authentication, please go to Administration > Commands and enter the following commands:
echo USERNAMEHERE > /tmp/auth.txt
echo PASSWORDHERE >> /tmp/auth.txt
Then click Save Startup.
Go to Administration > Management and click Reboot Router.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
4. Check your connection status
Go to Status > OpenVPN. If your VPN connection is successful, you will see the words “CONNECTED SUCCESS” and the following:
Need help? Contact the ExpressVPN Support Team for immediate assistance.