Setting up a DD-WRT VPN on your wifi router offers two key advantages:
- You can connect as many devices as you want to the VPN
- You can connect devices that don’t normally support VPNs to the VPN
While most wifi routers don’t ship with VPN support built-in, you can replace many routers’ firmware with something that does. Perhaps the most popular router firmware for doing this is DD-WRT. DD-WRT is a free and open-source solution based on Linux that works with a wide variety of third-party wireless routers. Among other benefits, most DD-WRT distributions allow users to configure OpenVPN server connections directly from the router. Some providers sell DD-WRT routers pre-configured for their VPNs, saving you the headache of setting it up yourself.
There is a lot of detail on each of the VPNs that we’ve selected for this list, but if you just need a quick summary, here are our top picks:
Best VPNs for DD-WRT routers:
- NordVPN: Our top choice VPN for DD-WRT routers. Good installation support and option to buy bespoke pre-configured routers. Affordable choice that ticks all the boxes. Includes a 30-day money-back guarantee.
- Surfshark: Best budget VPN for DD-WRT routers. A solid choice with detailed router setup instructions and pre-flashed routers available. Generally high speeds and impressive security.
- ExpressVPN: Offer great support for setting OpenVPN up with your DD-WRT router, including tutorials and live support. Add super-fast servers, top privacy, and security – makes for a satisfying user experience.
- CyberGhost: Beginner-friendly all-rounder offers good DD-WRT router setup tutorial for OpenVPN. Good speeds for streaming and downloading.
- IPVanish: Can buy pre-configured routers or download the set-up files directly from the website.
- PrivateVPN: A VPN based in Sweden that is strong on privacy. Good for streaming and has plenty of router compatibility, including DD-WRT.
- Private Internet Access: A fast and reliable VPN that has extra customization options. DD-WRT compatibility and a decent setup guide for OpenVPN.
WANT TO TRY THE TOP VPN RISK FREE?
NordVPN is offering a fully-featured risk-free 30-day trial if you sign up at this page. You can use the VPN rated #1 for DD-WRT routers with no restrictions for a month. That’s plenty of time to try it for yourself and see if this VPN meets your needs.
There are no hidden terms—just contact support within 30 days if you decide NordVPN isn't right for you and you'll get a full refund. Start your NordVPN trial here.
Once this is set up, you can connect as many devices as you want to a single VPN connection, so long as you have bandwidth available. That includes devices that don’t normally support VPNs or VPN apps, including game consoles (PlayStation, Xbox) and streaming media devices (Chromecast, Roku, Amazon Fire TV, Apple TV).
The best VPNs for DD-WRT routers – at a glance
We’ve compared the most important features of the top VPNs here. Prefer to read the in-depth reviews? Start with NordVPN – our #1 choice for DD-WRT routers.
|Website||NordVPN.com||Surfshark.com||ExpressVPN.com||Cyberghost.com||IPVanish.com||PrivateVPN.com||Ranking for DD-WRT routers||1||2||3||4||5||6||Streaming Services||Netflix|
|Avg Speed (Mbps)||100+ Mbps||100+ Mbps||100+ Mbps||100+ Mbps||100+ Mbps||71 Mbps||Popular Sites Unblocked||95%||88%||86%||70%||70%||85%||Total number of servers||5,400||3,200||3,000||2,000||2,000||200+||Simultaneous Connections||6||Unlimited||5||Unlimited||10||10|
|Best deal (per month)||$3.29|
SAVE up to 63% + 3 months FREE
Get 2 Months FREE with a 2-year plan
SAVE: 49% on the annual plan
SAVE 83% on the 2 year plan + 3 months FREE
SAVE 77% on the 2 year plan
SAVE 85% on the three year plan
The best VPNs for setting up OpenVPN on DD-WRT routers
To get started, you’ll need to find a VPN that offers the files and support you need to get connected. We’ve curated our list of the five best VPNs for DD-WRT routers based on the following criteria:
- Allows you to download OpenVPN configuration files for each server
- Offers support for DD-WRT users in the form of customer service and/or tutorials
- OpenVPN connections include DNS leak protection
- Fast and reliable performance
- Strong security and no logs
Money-back guarantee: 30 DAYS
NordVPN is our number-one choice. It offers customer support and tutorials for DD-WRT users. You can also buy Linksys, Netgear, or Asus routers with DD-WRT installed and NordVPN pre-configured from Flashrouters. OpenVPN config files for all of NordVPN’s servers, including the double-hop VPN and Tor over VPN servers, are available for download directly from the website.
DNS leak protection comes built-in. NordPVN maintains a strict no-logs policy and thus doesn’t store any information or metadata related to your online activity on its servers. The company uses military-grade 256-bit encryption to protect your data, and you’ll have no problem finding a fast server on its huge network of servers around the world. NordVPN is able to securely access US Netflix and Hulu, streaming services that most VPNs can’t.
- OpenVPN config files for all servers are available
- Offers customer support and tutorials for DD-WRT users
- DNS leak protection comes built-in
- Fast enough for HD streaming and unblocks popular content
- Solid security features and pays high regard to user privacy
- 30-day money-back guarantee
- Desktop app is a bit clunky compared to other providers
BEST VPN FOR DD-WRT routers:NordVPN is our top choice. A great value option that works well with DD-WRT routers. Can connect up to 6 devices simultaneously. Also works well with most popular streaming services and achieves consistently good speeds. Provides a 30-day money-back guarantee, so you can try it risk-free.
Read our full NordVPN review.
Money-back guarantee: 30 DAYS
Surfshark has step-by-step installation instructions (with screenshots) on its website. If you’re not confident enough to configure the service yourself, FlashRouters sells Linksys and Netgear routers that come with Surfshark pre-installed.
This VPN protects against IPv6 and DNS leaks, and uses 256-bit AES encryption to keep your activities private at all times. Importantly, Surfshark follows a no-logs policy, and this has been verified by independent auditors. Speeds can vary, but are generally high enough for everyday tasks like streaming or torrenting.
Surfshark also offers Android, iOS, MacOS, Linux, and Windows apps.
- Provides easy-to-follow router setup guides
- OVPN files available for all servers
- Speedy servers with unlimited bandwidth
- Accepts three cryptocurrencies
- Fantastic security credentials
- Smaller network than some of its rivals
BEST BUDGET OPTION:Surfshark has one of the strongest security offerings on the market. Further, it keeps no logs and can easily be installed on DD-WRT routers. With decent speeds, a 30-day money-back guarantee, and impressive unblocking ability, this VPN is well worthy of your consideration.
Read our full Surfshark review.
Money-back guarantee: 30 DAYS
ExpressVPN is a solid pick for users who want VPN-enabled routers. The provider offers tutorials, OpenVPN config files, and live customer support for DD-WRT users. On top of that, ExpressVPN makes its own easy-to-use firmware for a handful of routers that you can install yourself or buy the pre-configured VPN router. The firmware makes it far easier to get set up, switch VPN servers, and configure split tunneling for every device in your home.
DNS leak protection is included with all VPN server configurations. The company keeps no identifying activity or metadata logs. ExpressVPN uses the highest standards of security, including 256-bit AES channel encryption and perfect forward secrecy. It sets a gold standard when it comes to speed and stability. ExpressVPN can unblock geo-locked streaming services that most VPNs can’t, like US Netflix and Hulu.
- Offers tutorials, OpenVPN config files, plus live customer support for DD-WRT users
- Maintains easy-to-use firmware for compatible routers
- Extremely fast download/streaming speeds
- Industry-leading security features
- 24/7 customer service
- Slightly higher cost than others
- Little control over advanced features
HIGHLY SECURE:ExpressVPN is a security-conscious provider. It has a vast server network that is optimized for high-speed connections. User-friendly apps for all operating systems. Hard to beat on security. There is a 30-day money-back guarantee with all plans.
Read our full ExpressVPN review.
Money-back guarantee: 45 DAYS
CyberGhost offers a DD-WRT router tutorial and configurations to paid users. You can even specify which features you want to be included in a custom configuration when adding a device from your user dashboard, such as tracking prevention, ad blocking, force HTTPS, and data compression.
CyberGhost keeps no identifying activity or metadata logs. 256-bit encryption is used to protect your connection, along with DNS leak protection. The VPN performed well in our speed tests.
- Offers a DD-WRT router tutorial and configurations
- Specify which features you want when adding a server to the dashboard
- Apps are easy to install and use – a good option for beginners
- DNS leak protection and strong security features
- 45-day money-back guarantee
- Doesn’t work with as many major streaming sites as rivals
- Doesn’t work in China
BEGINNERS' CHOICE:CyberGhost has a simple set up. Comes with a Speed Boost feature. Good on privacy. Streams HD video reliably. Good for Netflix but not all streaming sites. 45-day money-back guarantee.
Read our full review of CyberGhost.
Money-back guarantee: 30 DAYS
The IPVanish website includes a directory of OpenVPN config files and instructions on how to use them. That includes all the necessary scripts that you’ll need to enter into the DD-WRT configuration. IPVanish pre-configured DD-WRT routers are available through Flashrouters.
IPVanish comes with DNS leak protection and IPv6 leak protection built in. The company keeps zero logs of user activity and metadata. PPTP and OpenVPN are both available for DD-WRT users, with 128- and 256-bit encryption, respectively. We recommend using the latter.
- Directory of OpenVPN config files and instructions on how to use them
- Pre-configured DD-WRT routers are available
- DNS leak protection and IPv6 leak protection built-in
- Keeps zero logs of user activity and metadata
- Doesn’t offer a cryptocurrency payment method
- Struggles with some streaming services
FAST AND RELIABLE:IPVanish has a large network of servers. Its uncongested network achieves good connection speeds. Strong online security and user privacy features. Can’t unblock as many streaming services as some of its rivals. 30-day money-back guarantee.
Read our full IPVanish review.
Money-back guarantee: 30 DAYS
PrivateVPN is a provider based in Sweden that was founded by activists. The VPN has apps for Windows, Mac, iOS, and Android. It is also compatible with various routers, including DD-WRT and Tomato routers.
Servers are located in 63+ countries, and while it isn’t the fastest VPN on this list, it still performs well for streaming and torrenting. Port forwarding is available, which makes it easy to seed torrents. Plus, this VPN works with most streaming platforms, including Netflix US.
A no-logs policy means that this VPN never tracks what you do while connected to its servers. The VPN allows 10 connections with a single account, and you can test it yourself thanks to its 30-day money-back guarantee.
- Apps for all popular platforms
- Strong AES encryption
- Allows torrenting
- Not as fast as our other recommendations
- Small server network
STRONG PRIVACY:PrivateVPN allows torrenting throughout its network. It has strong encryption, a kill switch, and obfuscation. Servers work to access region-locked services in 43+ countries. DD-WRT compatible. 30-day money-back guarantee.
Check out our full review of PrivateVPN
7. Private Internet Access
Money-back guarantee: 30 DAYS
Private Internet Access is a popular VPN based in the USA that has a lot of advanced encryption options and is compatible with various routers. Set-up guides for OpenVPN on DD-WRT are available on its website, and .ovpn files can be downloaded for server locations in 84+ countries.
The VPN is fast, and it avoids server congestion by having a large number of servers (around 10,000). Although this isn’t the very best VPN for accessing streams, it works with Netflix US, iPlayer, and some other popular services. Check if it works with yours before subscribing by checking our review.
Live chat support is available on its website 24/7, and this VPN makes an effort to provide plenty of setup guides on its website. Encryption is strong, and you can change protocols if you want to. This makes it more customizable than many other VPNs. It has a kill switch and allows torrenting.
- Fast servers in 85+ countries
- Highly customizable encryption
- No logs policy
- Harder for beginners to understand
- Doesn’t work with some major streaming services
HIGHLY CUSTOMIZABLE:PIA is a fast and secure VPN based in the US. Has a no logs policy it has been proven in court. Never tracks user IPs or browsing habits. DD-WRT and Tomato compatibility. 30-day money-back guarantee.
Read our full Private Internet Access review
How to choose the best DD-WRT router for VPNs
Comparitech does not review DD-WRT routers, but we’ll list some suggestions to help guide your purchasing decision. When choosing a DD-WRT VPN router, you have a few options:
- Pre-flashed router – A pre-flashed router comes with DD-WRT and the VPN already configured. It’s typically the most expensive option but also requires the least amount of effort to get set up. ExpressVPN’s custom router firmware is our favorite, although it’s not technically DD-WRT. Check out FlashRouters to get pre-flashed VPN routers with DD-WRT firmware from several major VPN providers, including a few in our recommended list.
- DD-WRT router – Some router models come with DD-WRT already installed, so the user just needs to enter the VPN configuration details to get connected. Adding multiple servers can get tedious, but it shouldn’t be too hard if you’re following your VPN provider’s tutorial. Most, but not all DD-WRT versions support VPNs, so be sure to check before you buy.
- DD-WRT compatible router – This is likely the cheapest option but requires the most tech-savvy and can be a bit risky. Some router models come with the manufacturer’s proprietary firmware installed, and proprietary router firmware usually doesn’t support VPNs. That said, you can replace the stock firmware with DD-WRT in a process called “flashing”. After that, you’ll have to configure the VPN connections in the settings. Be warned that making a mistake during the flashing process could permanently damage, or “brick”, your router, so proceed with caution. Be sure to check your router is compatible with a DD-WRT version that supports VPNs.
A few popular DD-WRT routers we recommend include:
- Asus RT-AC5300
- Netgear Nighthawk R9000 X10
- Linksys WRT3200ACM
- Linksys WRT1900ACS/AC v2
- Netgear Nighthawk R7000
- Linksys WRT1200AC
- Linksys Cisco E4200 (discontinued)
- Asus RT-N16
These aren’t the only options, of course, so feel free to shop around. Broadly speaking, you’ll need a router with at least 800 MHz of CPU and 8 MB flash memory, although that’s just barely enough to run OpenVPN. For high performance, you’ll want something north of 128 MB flash memory, 256 MB RAM, and 1.2 GHz CPU, if not more.
- The best VPNs for routers
- Best VPN for Tomato routers
- Best VPN for Netgear routers
- The best VPNs for Asus routers
How to set up OpenVPN on DD-WRT
First off, go to your VPN provider’s website and download the OpenVPN configuration files–they’ll have a .ovpn or .conf extension–for all of the servers you want to connect to. You’ll also need your username and password for the VPN.
While connected to your router, preferably via LAN, go to your router dashboard in a web browser. You can usually do this by typing http://192.168.1.1 into the URL bar. If that doesn’t work, try http://192.168.0.1. Log into your dashboard using the credentials you set upon first installing DD-WRT.
Click on the Services tab, then VPN. Under OpenVPN Client, toggle Enable. The configuration panel will appear.
What you do next depends on your version of DD-WRT. If your firmware has User Pass Authentication, you’ll need to open the configuration file for the server you want to connect to with a text editor such as Notepad. Copy over the settings from the config file, including the server address (an IP address or domain name), a username, and a password. Depending on your provider, you may also need to set the port, tunnel protocol, encryption cipher and/or hash algorithm. Consult your provider’s customer service or knowledge base to get these details.
If your DD-WRT firmware does not have User Pass Authentication, find the Additional Config text box and enter this command:
You’ll see several fields that correspond to those in your OpenVPN config file. Open the config (.ovpn) file in a text editor such as Notepad. You’ll need to copy over the server address (IP address or domain name) and the port number, which are shown after the “remote” line in the config file.
To configure keys and certificates, you’ll need to consult your VPN provider’s customer service or knowledge base to get the proper commands to enter into the Additional Config box. Copy and paste the TLS auth key, CA cert, public client cert, private client key, into each of the respective fields in the DD-WRT dashboard.
Once you’re done, click Apply settings to initiate the VPN connection.
Setting the DNS on your router
If you want to prevent your ISP from receiving DNS requests, which can give away your location and browsing activity, you should also considering setting your DNS servers in DD-WRT. While you can usually specify these on individual devices, you can take care of all of them at once in DD-WRT.
In the DD-WRT dashboard, go to Setup > Basic Setup. Under Network Address Server Settings (DHCP) and enter the DNS addresses next to Static DNS 1, 2, and 3. You can use Google DNS, OpenNIC, or DNS servers provided by your VPN provider.
Click Save and Apply settings.
We’re not quite done yet. Go to Services > Services. Under DNSMasq, in the Additional DNSMasq Options, enter this command, replacing “dns.ip.1.here” with the DNS servers you used above:
dhcp-option=6, dns.ip.1.here, dns.ip.1.here, dns.ip.1.here, dns.ip.1.here
Enable DNSMasq. This will ensure all DNS requests are sent through the VPN tunnel.
Split tunneling a DD-WRT VPN
In some cases, you may only want certain devices to have their internet traffic routed through the VPN. Some builds of DD-WRT allow for split tunneling, which allows you to pick and choose which devices get tunneled through the VPN and which use the unencrypted ISP network.
To set this up, in the DD-WRT dashboard, go to Service > VPN. Find the Policy based routing box and enter IP addresses for each of the devices you want to go through the VPN.
If you want to enable split tunneling for specific websites, apps, servers or other traffic destinations, this will have to be set up in the firewall using iptables. Go to Administration > Commands. Under Firewall click Edit and enter the necessary commands. These vary widely depending on what exactly you want to accomplish, so some further googling will be required.
DD-WRT Router VPN FAQs
Can I use a free VPN for DD-WRT routers?
Most free VPNs don't offer up their OpenVPN configurations to be used with routers. Even if they did, you probably would want to avoid them. Free VPNs tend to use poor security, can inject ads into your browser, and will even record your browsing activity to sell to advertisers. The limited number of servers tend to be congested, and caps on bandwidth or data are often implemented.
VPNBook is one provider that offers OpenVPN configurations free of charge, but relatively little is known about who is behind the operation. In 2013, hacker collective Anonymous once accused VPNBook of being a honeypot for law enforcement after logs from the provider appeared in court documents. This is just one example of why you should be extremely wary of any VPN that purports to give its service away for free.
Will DD-WRT work on my router?
Not all routers support DD-WRT. You can find a list of supported devices on the official DD-WRT website. Cheaper and newer routers are less likely to support DD-WRT firmware. Old routers may use an outdated version of DD-WRT that doesn't support OpenVPN. Your router will require at least 8 MB of flash memory.
Be doubly sure that you download and install the correct version of DD-WRT for your router, and follow the instructions provided by DD-WRT carefully. Attempting to flash an incompatible version or flashing improperly could permanently damage your device.
What about PPTP VPN for routers?
Some DD-WRT support the PPTP VPN protocol, but we don't recommend using it. While it may work as a rudimentary VPN, it has known security vulnerabilities. You can read more about PPTP and its flaws here.
PPTP is simpler to set up and is generally considered faster than OpenVPN, however. So if you're not concerned about security or privacy and just want a VPN to use as a basic proxy, PPTP could fit the bill.
Are there any reasons I shouldn't use a VPN on my router?
Configuring a VPN on your DD-WRT router has some clear benefits as described above, but it has some drawbacks to consider as well.
The first is that all devices are tunneled through a single VPN connection, which, depending on the provider and server, might get congested quickly if you have a lot of devices connected to the router.
If the server is experiencing downtime or for some reason doesn't suit your needs, disabling the VPN or switching servers is a pain. Pre-configured routers or custom firmware, such as that offered by ExpressVPN, make these problems easier to deal with than stock DD-WRT.
Finally, most routers don't have high-performance hardware, and using a VPN requires encrypting and decrypting data on the fly. This process consumes a lot of resources, and lower-end routers might not be able to keep up with your bandwidth demands, considerably cutting your overall speed.
Which one is better, DD-WRT or OpenWRT?
Both OpenWRT and DD-WRT are great firmware options for routers, but they have different strengths.
OpenWRT is more customizable and gives you more control over your router, while DD-WRT is easier to use and has more features. So it really depends on what you need your router to do and how much time you want to spend configuring it.
Will my ISP know I've set up a VPN on my router?
It's highly unlikely your ISP would be able to see that you're using a VPN on your router. Even if they could, you're unlikely to get into trouble so long as you're using the VPN for legitimate purposes.
I have a Linksys WRT3200ACM router and I put the DD-WRT firmware with no issue.
Once I put the Express VPN I had no internet and could not get it to work. I was able to re-flash the original Linksys firmware so I have the router working again.
If I want to use one of these VPNs it seems like I need to have the Linksys firmware and not the DD-WRT. Once I install the DD-WRT what would be the best VPN?