Short for Virtual Private Network, a VPN encrypts all of a device’s internet traffic and routes it through an intermediary server in a location of the user’s choosing. By setting up a VPN on a home wifi router, the internet traffic from all the device’s connected to that router’s network will be routed through the VPN server. That includes devices that don’t support VPNs on their own, including game consoles like PS4 and Xbox One, smart TVs, and streaming media devices like Roku and Chromecast.
Connecting to a VPN has several benefits. The encryption makes everything you do online more secure. Your internet service provider and hackers cannot snoop on your activity, for example. By masking your IP address with the one used by the VPN server, corporations and governments can’t easily trace activity back to your device. You can bypass firewalls meant to censor content from specific sites and apps. And you can unblock geographically restricted content, such as US Netflix or BBC iPlayer.
In this post, we get into detail on each of the VPNs that made our list, but here are our top picks in case you only have time for a summary:
- ExpressVPN Our #1 choice. Superfast, secure, and private network. Instructions on setting up with OpenVPN and Tomato routers available on their website. Unblocks most censored, restricted, and geo-blocked sites with ease. Includes 30-day money back guarantee.
- NordVPN Budget provider that pack plenty of speedy servers. Strong security and you can get the OpenVPN configuration files directly from their website.
- CyberGhost Some of the fastest servers we have tested make this a good value choice. User selected Tomato configurations are a nice touch.
- IPVanish OpenVPN configuration and set up files are easy to use. Strong encryption and security.
- VyprVPN Choice of manual configuration or custom router app for Tomato. High-speed network but a bit pricey.
VPN criteria for Tomato routers
But not just any VPN will do. We’ve curated the following list of the best VPNs for Tomato routers based on the following criteria:
- OpenVPN configuration files are available for Tomato users
- Fast speeds plus unlimited bandwidth and data
- Large, global network of servers to connect to
- Strong security and privacy standards
- Responsive and competent customer service to help troubleshoot problems
The best VPNs for Tomato routers
Here is our list of the best VPNs for Tomato routers:
ExpressVPN is a premium VPN service that goes above and beyond to deliver a quality experience. OpenVPN config files can be downloaded directly from the website, where you’ll also find instructions on how to get set up. Over 3,000 servers dot the globe in 94 countries. Each of them is optimized to provide the fastest and most reliable connection possible. Bandwidth is unlimited and there’s no data cap. 256-bit AES encryption combined with perfect forward secrecy make for the strongest security available in a consumer VPN. The company keeps no identifying logs of user activity or real IP address. Live chat support is available 24/7 on the website.
If flashing your router with Tomato firmware seems intimidating, or you’re in the market for a whole new router, consider ExpressVPN’s pre-configured routers. They come with ExpressVPN’s own custom firmware, which is already set up with all the provider’s servers and is far easier to use than both Tomato and DD-WRT. If your router is compatible and you’re already an ExpressVPN customer, you can download and flash this firmware for free.
- Supports OpenVPN with pre-configured routers and firmware for compatible routers
- High speeds for downloading and video streaming
- Operates over 3,000 servers in 94 countries
- High-grade security features and no logs policy protects your privacy
- Great capabilities for unblocking geo-locked content
- 24/7 chat support are well trained to handle complex situations
- Sightly more expensive than some of its competitors
BEST VPN FOR TOMATO ROUTERS:ExpressVPN is our #1 Choice. Leads the way with its easy to use no-fuss apps. It has a vast server network that is optimized for high-speed connections. Hard to beat on privacy and security. Works with all major streaming services. There is a 30-day no-quibbles money-back guarantee so you can try it risk-free.
Read our full ExpressVPN review.
Special Offer - get 3 months extra FREEGET DEAL
NordVPN operates over 5,000 servers in more than 60 countries. You can download the OpenVPN config files for any of these straight from the website. The site’s knowledge base also has setup instructions for Tomato router owners. Subscribers avail of unlimited bandwidth and no data caps. The company maintains a true zero logs policy, meaning no information is recorded whatsoever related to your use of the VPN. 256-bit military grade encryption keeps your data safe from prying eyes. Live chat support is available on the website.
Two pre-flashed routers that come with everything you need to connect to NordVPN’s servers with minimal setup can be purchased from Flashrouters.
NordVPN unblocks Netflix, Hulu, HBO Now, BBC iPlayer, and more.
- Download OpenVPN config files directly from website and setup with tutorial
- Unlimited bandwidth and no data caps
- Excellent security and encryption standards
- Speeds are fast enough for HD streaming
- Can’t select a specific server, just a location
BEST BUDGET VPN:NordVPN is a good value all-rounder. A great value option that works tirelessly with torrenting & P2P. Connects up to 6 devices simultaneously. Also works well with most popular streaming services and achieves consistently good speeds. 30-day money back guarantee.
Read our full review NordVPN review.
Save 75% with this limited deal on 3 year plansGET DEAL
CyberGhost allows subscribers to create and download custom configuration files for the servers they want to connect to through their Tomato routers. These include the protocol (UDP or TCP), country, server group, type of server, ad blocker, force HTTPS, and data compression. The site has useful tutorials for a couple of different versions of TomatoUSB routers.
The company operates over 3,600 servers in 59 countries. It scored well in our speed tests and connections were quite reliable. Strong encryption and a no-logs policy ensure that your privacy and security are airtight. Live chat is available during European working hours.
- Supports and offers config files for Tomato routers
- Budget provider that doesn’t compromise on security and privacy
- Testing revealed impressive server speeds
- Beginners find their apps easy to set up and use
- Live chat is only available during European working hours
GREAT FOR STREAMING:CyberGhost provides access to lots of geo-restricted content and its easy-to-use apps are ideal for beginners. Plans come with a 45-day money-back guarantee.
Read our full CyberGhost review.
Flash Sale - save 79% on the 3 year planGET DEAL
If you want to purchase a pre-flashed router instead of changing the firmware yourself, you can get a Tomato router configured with all of IPVanish’s servers and settings from Flashrouters.
IPVanish is particularly popular with Kodi users due to the fact that it works with all the add-ons we’ve tested.
- Website has the Tomato router config files along with setup guides
- Strong encryption and privacy protections
- Servers are fast for streaming and downloading
- No live customer support
- Doesn’t reliably unblock Netflix, Hulu
FAST AND RELIABLE:IPVanish has a large network of servers. Uncongested network achieves good speeds. Strong security and privacy features. Could do with live customer support. 7-day money back guarantee.
Read our full IPVanish review.
Comparitech Exclusive - save 60% on the 1 year planGET DEAL
VyprVPN operates more than 700 servers in over 60 countries, all of which the companies owns rather than rents. 256-bit AES encryption ensures all your traffic is protected, but the company does record users’ source IP addresses, so torrenters might want to look elsewhere. Live customers support is available via the website.
VyprVPN has a couple of different ways for subscribers with Tomato routers to get connected. You can of course manually set up OpenVPN like you would with any other VPN using config files from the website. Or you can opt to use VyprVPN’s custom router app that runs on top of Tomato by Shibby. This will modify the Tomato interface and automatically configure all of VyprVPN’s servers into the router. You can even use VyprVPN’s proprietary Chameleon protocol, which helps prevent VPN connections from being detected by your ISP, with VyprVPN’s Tomato app.
VyprVPN unblocks US Netflix and Hulu.
- Has custom app for Tomato routers, can also manually configure with OpenVPN
- Fast speeds are perfect for streaming
- Military grade encryption and logs no identifiable information
- Power users would prefer more configuration options
- Not the cheapest option on this list
- No cryptocurrency payment method
EASY TO USE:VyprVPN is user friendly. A solid choice. Stores no logs, offers great security and unblocks most streaming services. More pricey than some. 30-day money-back guarantee.
Read our full VyprVPN review.
Save 69% on the 2 year planGET DEAL
Can I use a free VPN with Tomato?
There’s no shortage of free VPNs out there, but we recommend avoiding the vast majority of them. Free VPNs typically don’t hand out the config files necessary for a Tomato router to connect to their servers. Instead, they prefer you use their desktop or mobile apps, which often contain tracking cookies, inject advertisements, and occasionally even infect your device with malware.
Even the most trustworthy options have hard limits on which servers, how much data, and how much bandwidth you can use. That makes them pretty much useless for anything bandwidth intensive like streaming video or gaming online.
Free VPNs often slack on privacy and security protections. Encryption standards tend to be inadequate, and many will mine your internet traffic for data that can be sold to third party advertisers.
VPNs to avoid using with Tomato routers
If you Google around for VPNs, a few, in particular, might pop up that you should definitely avoid:
VPN Book posts OpenVPN config files on its website that are free to use. But almost nothing is known about the people behind the service. VPNBook logs source IP addresses and connection timestamps, which are supposedly deleted weekly. In early 2013, hacking collective Anonymous accused VPNBook of being a honeypot for law enforcement. Anonymous said user logs “appeared in the court discoveries and indictments of some Anons facing prosecution for their involvement in #Anonymous activities.”
Hotspot Shield operates both free and paid tiers of its VPN service. Recently, an official FTC complaint was filed alleging that Hotspot Shield has been hijacking HTTP requests for certain e-commerce websites and redirecting users to affiliate sites against their will. The VPN client software is also known to inject tracking cookies into users’ browsers. Until the allegations are proven otherwise, we advise steering clear of Hotspot Shield.
Which version of Tomato should you use?
When searching for Tomato online, you’ll likely come across several different mods, or forks, of the original Tomato firmware. These include:
Figuring out which is best suited to your router and needs might not be immediately clear, so we’ll attempt to narrow down your options.
Plain-old Tomato is the original firmware first introduced in 2008. The last release was in June 2010, and its compatibility is limited to a relatively short list of routers from around that time. It doesn’t include OpenVPN client nor server support, so this probably isn’t what you want.
TomatoUSB is a fork of the original Tomato created shortly after the original creator ceased development. It added a far wider range of routers as well as other useful features, such as support for USB ports and wireless-N mode. The official branch of TomatoUSB hasn’t been updated since November 2010. While it may work for your router, there are likely better options.
Shibby, Toastman, Victek, and most other current mods are forks of TomatoUSB, meaning they share much of the same basic code but add their own features and functionality to the mix. All three offer OpenVPN client and server support, so any of them would make a good choice. Shibby (short for “Tomato by Shibby”) seems to be the most popular option, so you should have no problem finding help and resources on forums if necessary.
AdvancedTomato is a fork of Shibby Tomato that adds a slick web-based dashboard, which many users will find more user-friendly than Tomato’s default interface. Whenever Shibby Tomato is updated, Advanced Tomato is updated shortly thereafter. All other factors equal and assuming your router is compatible, AdvancedTomato is our top recommendation for novice Tomato users.
If performance is a concern, as a general rule, you will want to flash the smallest build available that offers all of the features you need (OpenVPN client support, in this case).
Once you’ve found a version of Tomato that checks off all your requirements, make sure it’s compatible with your router. Simply Googling “Shibby Tomato router list” or something similar should bring up a list of compatible router models for your build.
How to set up OpenVPN on a Tomato router
We’ll cover Tomato by Shibby 1.28 in this tutorial, and it should be similar enough to other builds that you can figure out any discrepancies. These tutorials assume you already have your preferred version of Tomato installed. Follow the instructions to set up an OpenVPN client on your router.
How to set up OpenVPN in Shibby
- While connected to your router’s wifi or LAN, open a web browser and navigate to your router dashboard. This is 192.168.1.1 by default. Enter your credentials that you created when first installing Tomato.
- Once logged in, click on VPN Tunneling in the left sidebar, then OpenVPN client.
- On the next page, you’ll need to get the necessary information from your VPN provider. Fill out each of the fields as necessary.
- If your version of Tomato doesn’t have username and password fields, you’ll need to go to Administration > Scripts and enter the following commands, replacing username and password with your VPN credentials:echo username > /tmp/password.txtecho password >> /tmp/password.txtchmod 600 /tmp/password.txt
- Click the Advanced tab and enter any further information necessary from your provider. This includes several lines you’ll need to copy/paste into the Custom configuration field from your provider’s OpenVPN config file. Again, consult your provider on what to put here.
- Next up is the Keys tab. Here you’ll enter more information that is more often than not found in the OpenVPN config file from your provider. If not, they may be stored in separate files that you can also download and open in a plain text editor such as Notepad. Static key should contain everything inside the <tls-auth> tag. Certificate authority should contain everything inside the tag.
- Hit the Save button at the bottom of the page, then Start now.
- To check whether your connection is successful, go to the Status tab.
Finally, if your VPN provider operates its own DNS servers (all of the ones we recommend do), you’ll want to add those as well:
- In the left sidebar, click Basic > Network
- Under WAN Settings, set DNS Server to Manual and enter the primary and secondary DNS server addresses from your VPN provider in the following two fields.
- Click Save, and you should be good to go!
How to set up OpenVPN on AdvancedTomato
On AdvancedTomato, everything is pretty much the same as Shibby with a couple exceptions. Instead of “VPN Tunneling”, the left sidebar tab is simply labeled VPN.
The main difference here is the Advanced tab, which will have a drop down and toggles for many of the settings instead of having to copy/paste from the OpenVPN config file. You will still need to copy/paste your keys and certificates in the Keys section, though.
Tomato vs DD-WRT for VPN users
Whether you flash DD-WRT or Tomato will probably come down to whichever one your router is compatible with. But if you have a choice, a few factors are worth considering.
Advantages of Tomato over DD-WRT
- VPN support is more consistent in Tomato routers. Whereas pretty much all builds of TomatoUSB and its forks support OpenVPN, support is much more hit and miss with DD-WRT.
- Tomato is generally considered a bit more user-friendly. Flashrouters which sells pre-configured routers from several of the recommended VPNs above note a “higher rate of success with Tomato when setting up and connecting with OpenVPN.”
- Tomato has a wireless survey page helps users find the best channel to use for a wireless network. You can get notifications when updates are available. Tor, BitTorrent, and USB compatibility are integrated into some builds.
- Tomato allows users to set up two OpenVPN connections and easily switch between them. So if one of your servers is down or overly congested, or you need a second location to connect to, this can be quite handy.
- Tomato includes both real-time and historical bandwidth monitoring.
- Policy-based routing allows you to split-tunnel your connection between the VPN and your default ISP by device.
Advantages of DD-WRT over Tomato
- DD-WRT supports more router models than Tomato.
- DD-WRT supports repeaters and alternate subnets
- DD-WRT tends to have more advanced built-in options for tech-savvy users
Don’t use PPTP
Point-to-point tunneling protocol, or PPTP, is one of the oldest VPN protocols around. It’s widely available with support built into many computers, smartphones, and routers. That includes Tomato. But PPTP contains known security vulnerabilities that anyone could hack with a bit of know-how and effort, so it’s best avoided. You can read more about VPN protocols and why you should avoid PPTP here.
While not secure, PPTP does have a couple advantages going for it. It’s easier setup than OpenVPN and other protocols, and it’s a bit faster. Still, we strongly recommend OpenVPN over all other protocols.
Disadvantages of setting up a VPN on your router
We’ve gone over the many advantages of setting up a VPN on your router, but readers should be aware of the downsides as well. All your devices will be tunneled through a single VPN connection, which could get congested if you have a lot of devices connected to the router at once. This can be alleviated to some degree by using split tunneling (policy-based routing) for certain devices, but it’s not all that easy to set up.
If the server you’ve configured a connection to experiences downtime, switching isn’t that easy. Tomato variants that support two separate VPN configurations can get around this by simply switching, but setting up a new server can be a tedious pain. Pre-configured routers or custom firmware, such as that offered by ExpressVPN, make these problems easier to deal with than stock Tomato.
Finally, using a VPN requires computing resources to encrypt outgoing traffic and decrypt incoming traffic. Computers and smartphones have plenty of power for this sort of thing and so their speeds aren’t affected much. But most routers pack much less of a punch. Depending on your router’s hardware, running a VPN client on it could make a substantial dent in your download and upload rates.
See also: Best VPNs for DD-WRT routers
- 1 VPN criteria for Tomato routers
- 2 The best VPNs for Tomato routers
- 3 1. ExpressVPN
- 4 Special Offer - get 3 months extra FREE
- 5 2. NordVPN
- 6 Save 75% with this limited deal on 3 year plans
- 7 3. CyberGhost
- 8 Flash Sale - save 79% on the 3 year plan
- 9 4. IPVanish
- 10 Comparitech Exclusive - save 60% on the 1 year plan
- 11 5. VyprVPN
- 12 Save 69% on the 2 year plan
- 13 Can I use a free VPN with Tomato?
- 14 VPNs to avoid using with Tomato routers
- 15 Which version of Tomato should you use?
- 16 How to set up OpenVPN on a Tomato router
- 17 Tomato vs DD-WRT for VPN users
- 18 Don’t use PPTP
- 19 Disadvantages of setting up a VPN on your router