How to Set Up a VPN on Your Router (Step by Step)

Why Install a VPN on Your Router?

Installing a VPN on your router is the most comprehensive way to protect your home network. Instead of running VPN apps on each individual device, a router-level VPN encrypts all traffic from every device that connects to your WiFi — including smart TVs, gaming consoles, IoT devices, and guest devices that cannot run VPN software.

The benefits are significant. Every device is automatically protected without any additional software. Devices that do not support VPN apps natively (like Apple TV, Chromecast, smart refrigerators, and security cameras) are covered. You use only one VPN connection slot regardless of how many devices are connected.

However, there are trade-offs. Router-level VPN typically results in slower speeds than running the VPN directly on your device, because consumer routers have less powerful processors than computers or phones. You also cannot easily split traffic — everything goes through the VPN or nothing does (though some router firmware supports split tunneling).

Before You Start

Check Router Compatibility

Not all routers support VPN client functionality. You need a router that either natively supports VPN clients or can run custom firmware like DD-WRT, OpenWrt, or Asus Merlin. Check your router model against these compatibility lists before proceeding.

Routers that commonly support VPN clients out of the box include Asus RT-series (with Merlin firmware), Netgear Nighthawk series, Linksys WRT series, and GL.iNet travel routers. If your router does not support VPN clients, you may need to flash custom firmware or purchase a compatible router.

Choose Your VPN Provider

For router-level VPN, we recommend providers that offer detailed router setup guides and dedicated support. NordVPN, ExpressVPN, and Surfshark all provide step-by-step instructions for most popular router models. ExpressVPN even offers custom firmware for select Asus, Linksys, and Netgear routers, which is by far the easiest setup experience.

Gather Your VPN Configuration Files

You will need OpenVPN configuration files (.ovpn) from your VPN provider. Most providers make these available in their account dashboard. Download the configuration files for the server locations you want to use. We recommend downloading at least three different server configurations so you can easily switch if one server becomes slow.

Method 1: Asus Routers with Merlin Firmware

Asus routers running the Asuswrt-Merlin firmware offer the most user-friendly VPN client setup. The process takes approximately 15 minutes.

Step 1: Log into your router's admin panel by navigating to 192.168.1.1 in your browser. Enter your admin username and password.

Step 2: Navigate to VPN in the left sidebar, then click on the VPN Client tab. You will see options for up to five VPN profiles.

Step 3: Click on the first available profile and set the VPN type to OpenVPN. Upload the .ovpn configuration file you downloaded from your VPN provider.

Step 4: Enter your VPN username and password in the provided fields. These are your VPN service credentials, which may differ from your VPN account login.

Step 5: Under Advanced Settings, ensure that "Accept DNS Configuration" is set to "Strict" to prevent DNS leaks. Enable "Redirect Internet traffic through tunnel" to route all traffic through the VPN.

Step 6: Click Apply and then Activate. The router will establish the VPN connection, which typically takes 10-30 seconds.

Step 7: Verify the connection by visiting a website that shows your IP address. It should display the VPN server's IP rather than your actual IP.

Method 2: DD-WRT Firmware

DD-WRT is open-source firmware that runs on hundreds of router models. The VPN client setup is more technical but offers extensive customization.

Step 1: Access your DD-WRT admin panel, typically at 192.168.1.1. Navigate to Services then VPN.

Step 2: Under OpenVPN Client, enable "Start OpenVPN Client." Set the Server IP/Name to your chosen VPN server address and the Port to the port specified in your VPN provider's configuration (typically 1194 for UDP or 443 for TCP).

Step 3: Set Tunnel Device to TUN, Tunnel Protocol to UDP (recommended for speed), and Encryption Cipher to AES-256-GCM.

Step 4: Enable "nsCertType verification" for additional security. Paste your VPN provider's CA certificate, TLS auth key, and client certificate into the appropriate fields.

Step 5: In the Additional Config field, add any extra parameters specified by your VPN provider. Common additions include persist-key, persist-tun, and remote-cert-tls server.

Step 6: Save and apply settings. Check the Status page, then OpenVPN to verify the connection shows as "CONNECTED."

Method 3: OpenWrt Firmware

OpenWrt is a powerful open-source firmware favored by advanced users. VPN setup requires command-line interaction but offers the most flexibility.

Step 1: SSH into your OpenWrt router. Install the required packages by running the command to install openvpn-openssl and luci-app-openvpn through the package manager.

Step 2: Upload your VPN provider's .ovpn configuration file to the router's /etc/openvpn/ directory.

Step 3: Configure the OpenVPN interface through the LuCI web interface. Navigate to VPN, then OpenVPN. Add a new instance pointing to your uploaded configuration file.

Step 4: Create a new network interface for the VPN tunnel. Navigate to Network, then Interfaces. Add a new interface of type "Unmanaged" associated with the tun0 device.

Step 5: Configure firewall rules to route traffic through the VPN. Create a new firewall zone for the VPN interface and set up forwarding rules from your LAN zone to the VPN zone.

Step 6: Start the OpenVPN service and verify connectivity through the system log.

Troubleshooting Common Issues

Slow Speeds

Router CPUs are significantly less powerful than computer or phone processors. If your VPN speed is much lower than expected, your router's CPU may be the bottleneck. Check CPU usage in your router's admin panel during VPN use. If it is consistently above 80%, consider upgrading to a more powerful router or using a dedicated VPN router.

DNS Leaks

Ensure your router is using the VPN provider's DNS servers, not your ISP's. In most configurations, you need to explicitly set DNS servers to those provided by your VPN service. Test for DNS leaks at dnsleaktest.com after setup.

Connection Drops

If your VPN connection drops frequently, try switching from UDP to TCP protocol. TCP is slower but more reliable on unstable connections. Also ensure your router firmware is up to date, as outdated firmware can cause connectivity issues.

Router Type	Difficulty	Setup Time	Best For
Asus Merlin	Easy	15 min	Most users
ExpressVPN firmware	Easiest	10 min	Non-technical users
DD-WRT	Medium	30 min	Customization
OpenWrt	Advanced	45-60 min	Power users

Our Recommendation

For most home users, an Asus router running Merlin firmware offers the best balance of ease and functionality. If you want the absolute simplest setup and are willing to pay for ExpressVPN, their custom firmware cannot be beaten for convenience.

Regardless of your router choice, always verify your VPN connection after setup by checking your visible IP address and running a DNS leak test. A misconfigured router VPN can create a false sense of security while actually leaking your real identity.