Asus’s higher-end router models are some of the only consumer routers in the marketplace with built-in OpenVPN support. ASUSWRT (Asus’s custom router firmware) has native support for OpenVPN in both client and server mode.
This tutorial will show you how to configure your ASUS router to run as an OpenVPN client, which will set up a permanent VPN tunnel from the router.
This setup allows you to connect an unlimited number of devices to the same VPN connection.
This is perfect for devices that don’t have built-in VPN support such as:
- Xbox (Xbox 360 & Xbox One)
- Playstation (PS3/PS4)
When you use our recommended Dual-Router VPN setup, it makes initiating a VPN connection as easy as switching wireless networks, allowing all of your computers and devices quick, secure access to VPN encryption.
ASUSWRT also supports the PPTP and L2TP VPN protocols, but OpenVPN is much more secure/flexible, and is definitely the recommended protocol.
RELATED: OpenVPN vs. L2TP/IPsec vs. PPTP
This tutorial will work for any ASUS router that comes with ASUSWRT firmware. Here is the current list of supported routers:
What you need for this tutorial:
- A router running ASUSWRT (list in the previous section)
- An active VPN subscription to a provider with ASUSWRT-compatible OpenVPN configs
- The OpenVPN configuration (.ovpn) and files from your VPN service
- The Certificate Authority .crt file from your provider (some providers embed the certificate in the .ovpn file. We’ll go into more detail in the step-by-step instructions).
Almost all VPN providers will make their .ovpn files for all servers easily downloadable from either their knowledgebase/tech support pages, or from inside your account panel. If you aren’t sure where to find them, just ask live chat or submit a support ticket.
Which VPNs are compatible with ASUSWRT?
Most (but not all) VPN providers are currently capable with ASUSWRT. The reason being, that ASUSWRT firmware doesn’t support any advanced VPN configuration options beyond importing an OpenVPN config (.ovpn) file. Some VPN providers config files require the ability to add custom instructions to the routers’ openVPN client.
Don’t worry, if your VPN provider doesn’t natively support ASUSWRT, you have 4 options:
- Ask them to create a custom .ovpn file for you (most VPNs will probably do it if they are able)
- Install ASUSWRT-MERLIN firmware on your router (which allows advanced OpenVPN configurations).
- Flash the Tomato-shibby or DD-WRT firmware on your router (advanced users).
- Edit the .ovpn file yourself to include the advanced configuration options
A non-exhaustive list of compatible VPNs
This list includes only VPNs that I have personally tested an confirmed to be working with ASUSWRT. If your VPN is not on the list, it may well still work with an ASUSWRT router. My best advice is to contact your provider for support if you’re having difficulties.
VPNs confirmed to work with ASUSWRT routers:
- Private Internet Access
- Proxy.sh (using iOS/Android configs. Not windows configs)
- Torguard (they provide custom ASUSWRT configs)
- IPVanish (requires manually importing CA file after uploading .ovpn)
If you’ve gotten other providers to work, please let me know in the comments and I’ll add them to the list. Thanks!
Here’s the video setup guide. You can also use the text walk-thru in the remainder of the article.
How to access ASUSWRT OpenVPN client settings:
- Log in to your asus router control panel by typing the router IP address into your URL bar of your web browser. Since I’m using a dual-router setup, I changed my router to 192.168.2.1 but yours may be different. The default IP for Asus routers is 192.168.1.1
2. Under the advanced settings tab on the left side, go to ‘VPN’ (shown below)
3. Then click on the ‘VPN Client’ tab (shown below)
You should now be at the VPN Client screen, which should look something like the image below. You can click the ‘Add Profile’ button to create a new VPN connection.
Set up the OpenVPN connection
Now we’re ready to create a new OpenVPN profile for your router. You’ll need 3 pieces of information from your VPN provider:
- Your VPN Login/Password
- The .ovpn config file of the server location you want to use
- Your CA certificate file (some VPNs include the CA in your .ovpn file, others provide a separate .crt file)
Some info about .ovpn and CA certificates
Fortunately, ASUSWRT allows you to manually import the certificate file if your VPN provider doesn’t include it in your .ovpn files. When we setup the connection, ASUSWRT will actually warn you if the .ovpn file does not contain a CA, but we can also check in advance by opening your .ovpn file with a simple text editor like notepad.
If your .ovpn file does have a CA embedded, it will include something that looks like this:
If not, it will be a much shorter config file (and won’t contain the ‘—-BEGIN CERTIFICATE—-‘ or ‘—-END CERTIFICATE—-‘ lines. Below is a full .ovpn file from IPVanish:
Step #1 – Create your OpenVPN profile
Click the ‘Add profile’ button to create a new VPN profile.
Select the ‘OpenVPN’ tab from the window that pops up.
Add a description of the profile. This will be the name that shows up in your list of available VPN connections. I like to use the following formula:
VPN name + server location
For this tutorial I’m using IPVanish’s Texas server so I’ll call it ‘IPVanish Texas’. Simple.
Also add your VPN username/password.
Step #2 – Import the .ovpn file
Click the ‘Browse…’ button to locate your .ovpn file.
Then find the directory where you saved it double click to open it in ASUSWRT.
Click ‘Upload’ to send the .ovpn file to your router.
You should now get a message saying ‘Upload Complete’. If it also says ‘Lack of certificate authority’ (meaning your .ovpn file doesn’t contain a certificate) then proceed to the next step to add one manually.
Step #3 – Add a CA client certificate (Optional)
This step is only required if your .ovpn file doesn’t contain a certificate already. You can either upload the .crt file to the router(provided by your VPN provider) or just copy and paste the certificate text (usually found in a how-to guide on your VPN’s website).
To import your CA file, follow these steps:
- Check the box ‘Import the CA file or edit the .ovpn file manually’
- Click ‘Browse…’ to locate your .crt file you downloaded from your provider
- Click ‘Upload’ to send it to the router.
So now our .crt file is successfully uploaded to the router. All that’s left to do is click ‘OK’ to save your profile. Now we can test the setup to make sure it’s working.
Step #4 – Test the VPN setup
Click the ‘Activate’ button to test your new VPN connection.
If the connection is successful, you’ll get a blue checkmark in the ‘Connection Status’ column like this:
Step #5 – Troubleshooting
If you get an ‘X’ instead of a checkmark, it means your settings are incorrect. Redo the setup and double-check that your username, password, and .crt file are all correct.
If all else fails, check your router’s log. Most .ovpn files will tell the router to log the VPN connection process to the primary router log for troubleshooting purposes. You can then share the log file with your VPN’s tech support team and they can help you troubleshoot the issue.
To access your router’s logs, go to: Advanced settings > System Log > general log
Wrapup and resources
Thanks for checking out this tutorial. Hopefully if you’ve made it this far, you’ve got yourself a fully functional VPN router.
Make sure to leave any questions or tips in the comment section, we go through and respond as often as possible.
Be well, and stay encrypted!