I’m willing to bet that many of my readers use a Wi-Fi router that’s been flashed with DD-WRT firmware. This is because there are numerous advantages to using DD-WRT firmware.
DD-WRT is a free, open source alternative firmware for routers based on UNIX. It opens up access to tools, utilities and features that aren’t available to users when using the router with the stock firmware that’s installed on the router out of the box.
Many of the features that DD-WRT provides are only found on routers costing hundreds more than the price of a DD-WRT-compatible router.
DD-WRT allows users to more finely tune their router’s performance and security. Users with children can restrict the times the Wi-Fi connection can be used, and they even restrict access to certain websites by either URL or keywords.
Security is what we’ll be taking a close look at in this article. Specifically, how to set up your DD-WRT router to use a VPN.
Using a VPN with your DD-WRT router allows you to protect all of your connected devices via a single access point. It also allows you to enhance and protect the connection of devices that normally couldn’t take advantage of a router, such as many streaming and gaming devices, and even a video doorbell.
While some VPN providers offer the ability to use their service with certain brands and models of routers, DD-WRT firmware can be used with a large variety of makes and models, offering improved flexibility for VPN users and their routers.
In this article, I’ll walk you through setting up and using ExpressVPN on a DD-WRT router. The steps you’ll follow should work with other VPN providers that offer DD-WRT compatibility, and with most DD-WRT routers with up-to-date versions of the DD-WRT firmware installed.
What we won’t cover in this article is how to install DD-WRT firmware on a router, as that is beyond the scope of this article. You can find more information on DD-WRT router compatibility and instructions on installing DD-WRT firmware at the DD-WRT website.
If you’re not comfortable installing DD-WRT firmware on your current router, or if you’re not sure there is a version of DD-WRT for your router, you’ll be glad to know that there are routers that have DD-WRT pre-installed. Check with Best Buy, Amazon or other merchants for more information. Flashrouters.com also offers DD-WRT routers.
If you’re looking for a reliable method of adding VPN protection to your DD-WRT router, the best VPN I can recommend is ExpressVPN.
Using ExpressVPN on your DD-WRT router offers you the flexibility you were looking for when you flashed your router with the DD-WRT firmware, and delivers the same reliable VPN protection you’re used to while using ExpressVPN’s apps on your various devices.
In addition to the provider’s compatibility with DD-WRT routers, it also offers numerous other features that make it a top choice for a VPN to protect any of your online activities.
ExpressVPN’s download speeds are among the best in the business. As a matter of fact, the provider delivered the fastest download speeds in my most recent round of VPN provider connection speed tests. This makes it an excellent choice for use with your router, especially if you have a house full of gamers and movie lovers.
When you’re away from home, the top-notch protection continues thanks to ExpressVPN’s comprehensive native app support. Apps are available for the Amazon Fire, Android, Chromebook, iOS, Linux, macOS and Windows device platforms. Chrome and Firefox browser users can make use of the provider’s browser extensions.
While I’ve had few issues while using ExpressVPN, stuff happens. So, that makes the provider’s customer support an important factor to consider. ExpressVPN has you covered with 24/7 live support chat, a trouble ticket tracking system, email support and a searchable support library.
Global server coverage is also an important consideration, and ExpressVPN keeps you covered there as well, with over 3,000 servers stationed in 94 countries around the globe.
ExpressVPN is admittedly priced higher than many of its competitors. However, that price buys you an excellent level of protection. ExpressVPN offers a no-risk, 30-day money-back guarantee.
Read my full ExpressVPN review here.
How to Set Up ExpressVPN on Your DD-WRT Router
At first glance, setting up ExpressVPN to work with your DD-WRT router can appear to be complicated. But, if you follow along with my step-by-step instructions, you’ll be protecting and enhancing all of your connected devices before you know it.
Downloading the VPN Configuration Files
To download the ExpressVPN firmware, follow the steps below.
- Sign into your ExpressVPN account on the provider’s website using your Mac, Windows or Linux computer. You’ll be taken to your account dashboard.
- On the account dashboard, you’ll see a section labeled “Set Up Your Devices.” Click the “Router” link.
- A new tab will open in your browser. Click the pull-down menu below “Select your router.” Click on “DD-WRT.”
- On the next screen, click the “Configure OpenVPN” button. While you can also configure your router to use PPTP and L2TP/IPSec, regular visitors to my site will know that OpenVPN is the prefered option here.
- On the next screen, take note of the username and password. (If you click the login and password fields, they’ll copy to your computer’s clipboard. Click them one at a time, and paste them into a text file. You’ll need them shortly, and no one’s memory is that good. Well, at least mine isn’t.)
- Scroll down a bit on this page, and you’ll see a section listing regions where ExpressVPN has servers located. (Americas, Europe, Asia Pacific, Middle East and Africa.) Click the region that you wish to route your VPN connection through. For the purposes of this article, we’ll click “Americas” and then “USA – Chicago.” (It’s my kind of town.)
- When you click the name of the server site, a “Save” dialog box will open. Select where you want to save the configuration file and click the “Save” button. I suggest saving it to the desktop or another memorable spot. You’ll be needing it shortly.
Entering the ExpressVPN Information
Once you’ve copied down your username and password and have downloaded the OpenVPN configuration file, it’s time to configure your DD-WRT router to work with the ExpressVPN service.
Note: You will need the latest DD-WRT firmware installed on your router, and it needs to have a minimum of 8 MB of flash memory. You’ll need to check with your router’s manufacturer to determine whether your router has sufficient memory.
However, chances are that if it’s compatible with DD-WRT and was released in the last few years, you are good to go.
Follow along, and by the end of the following steps, you’ll be all set up to use ExpressVPN with your DD-WRT router.
- On a computer connected to your DD-WRT router, open a web browser and go to your router’s control panel page. On most DD-WRT routers, the default address is: http://192.168.1.1.
- Once the Control Panel loads, click the “Services” tab (“A” in the screenshot below). Then click “VPN” in the row of tabs that appears (“B” in the screenshot below).
- Scroll down the page until you see the “OpenVPN Client” section. Click the “Enable” radio button marked “Start OpenVPN Client.” This will reveal the OpenVPN Client settings page.
- Okay, now it’s time to put to work that configuration file you saved and that username and password you copied. First, open the configuration file in a text editor and copy the server address. It should look something like this:
Highlight and copy it to your computer’s clipboard. Also, take note of the 4-digit number immediately following the address. (In this case, it’s “1195.”) Don’t close the file just yet, as you’ll need some more information from it in a moment.
- Paste the server address in the OpenVPN client field labeled “Server IP/Name.” Next, enter the 4-digit number you noted in the previous step into the “Port” field, as seen below:
- In the fields that are below the Port field, enter or set the following values:
Tunnel Device: TUN
Tunnel Protocol: UDP
Encryption Cipher: AES-256 CBC
Hash Algorithm: SHA512
Inbound Firewall on TUN: Leave unchecked
User Pass Authentication: Enable
Username: This is where the ExpressVPN username information goes
Password: This is where the ExpressVPN password information goes
Advanced Options: Enable
- When you enable “Advanced Options,” you’ll see more fields appear. Make sure they are set to match the following:
TLS Cipher: None
Firewall Protection: Enable
IP Address: Blank
Subnet Mask: Blank
Tunnel MTU Setting: 1500
Tunnel UDP Fragment: 1450
Tunnel UDP MSS-Fix: Enable
Verify Server Cert.: Checked
- Scroll down a bit to the “Additional Config” field and enter the following:
- You should still have the configuration file open in a text editor. Go to that file and copy the text in between the <tls-auth> and </tls-auth> block, as shown below:
- Paste the info you just copied into the TLS Auth Key field, as shown below. (It might be labeled “TLS Key.”)
- From the configuration file, copy the text in between the <ca> and </ca> block, as shown in the image below:
- Paste the copied text into the into the “CA Cert” field, as shown in the image below:
- From the configuration file, copy the text in between the <cert> and </cert> block, as shown in the image below:
- Paste the copied text into the “Public Client Cert” field, as shown in the image below:
- From the configuration file, copy the text in between the <key> and </key> block, as shown in the image below:
- Paste the copied text into the into the “Private Client Key” field, as shown in the image below:
- Go to the bottom of the page, click on the “Save” button, and then click the “Apply settings” button to start the connection to the VPN.
- To check that the VPN is working properly, click the “Status” tab, then click the “OpenVPN” in the row of tabs that appears under the top row. It should look similar to the screenshot below:
- If you’d like to double-check that you’re connected to the server you selected, you can view your new IP address by going to WhatIsMyIP.com or a similar site. As you can see below, when I visited the site, it showed my IP address as being located in Chicago, IL. This means everything is working properly, as that is the server location I selected.
Advantages and Disadvantages of Using a VPN With Your DD-WRT Router
If you install and use a VPN with your DD-WRT router, you benefit from always-on protection.
Many users (like me) will sometimes forget to turn on their VPN app on their devices when sharing files, seeking to access geo-blocked content, or simply looking to protect their online activities from prying eyes.
When you have a VPN installed and running full-time on your DD-WRT router, your online activities are always protected and enhanced by the VPN.
Protection for All of Your Connected Devices
When you have a VPN protecting your DD-WRT router, any device that connects to your network is automatically protected. That protection is extended to devices that can’t normally benefit from VPN protection, such as streaming boxes, game consoles, smart TVs and even smart appliances, like internet-connected refrigerators.
More Upfront Expense
There is a good chance that your current router isn’t compatible with DD-WRT firmware (or the router was provided by your internet provider and doesn’t allow you to flash the router with DD-WRT firmware). This means you may need to buy a new, DD-WRT-compatible router.
Finding a Wi-Fi router that offers the compatibility and enough horsepower to run DD-WRT (and a VPN on top of that) can be an expensive proposition. While there are some lower-cost routers available that will run DD-WRT, you may need to opt for a more expensive router to ensure acceptable performance.
Plus, it’s also possible that if your VPN provider is compatible with DD-WRT routers, they may charge extra for access to that feature. (Happily, ExpressVPN includes this feature in your subscription at no extra cost.)
Your Connection Speeds Will Be Slower
When you’re running a VPN on your computer or other connected device, you’ll likely notice that your connection speeds are at least a bit slower than when you’re using an unprotected connection.
This is also true when you’re using a VPN on your DD-WRT router. This is due to the overhead of running a VPN on your router, which usually has a slower processor than you’ll find on your computer or mobile device.
Plus, there are usually multiple devices sharing a router’s internet connection, each using a slice of the connection’s bandwidth. The more devices, the lower the performance and the slower your speeds.
When you’re using a VPN app on your personal device, you control when the VPN protection is turned on and when it’s turned off. If you’re connected to a VPN-enabled router, VPN protection is always on.
While it’s true that on many routers you can control which devices are routed through the VPN tunnel and which aren’t, you will be required to know the administrator password to turn VPN protection off and on.
Can I Use a Free VPN With My DD-WRT Router?
You’ll find that most free VPN services only work with the big 4 platforms (iOS, Android, macOS and Windows). That means they won’t work with your router.
Plus, using a “free” VPN service is never a good idea for any type of online activity. First off, many freebie VPNs either throttle your connection speeds, or they impose daily or monthly data caps on your usage.
Many “free” VPN providers will also monitor their users’ online activities, recording the data and then selling it to advertisers or other interested parties.
Other gratis VPNs have been found to be injecting unwanted ads and tracking cookies into their users’ browser sessions. Those cookies continue tracking you, even when you’ve disconnected from the service.
While there may be disadvantages to installing a VPN like ExpressVPN on your DD-WRT router, the advantages definitely outweigh the disadvantages.
Router-based VPN protection offers comprehensive VPN protection for all of your devices, on a full-time basis, via a single access point. This requires no configuration for each device. As soon as the device connects to the router, it’s protected.
ExpressVPN works well with DD-WRT routers, providing top notch protection, fast connection speeds, excellent global server coverage and comprehensive customer support.