Setting up a VPN on a router is much easier than most people think.
But first, let’s consider the advantages. A good VPN router setup will:
- extend the benefits of a VPN to all your devices without installing software
- protect you against mass surveillance and internet service provider (ISP) spying
- secure your home network against attacks, hacking, and spying
- unlock the entire internet, allowing you to get around geographic restrictions, blocks, and censorship
Step 1: Choose a good, safe VPN service
The first step is finding a good VPN service. After reviewing, testing, and analyzing many VPNs, these are the top three recommendations:
- Perfect Privacy – €8.95; based in Switzerland (read review)
- VPNArea – $4.92; based in Bulgaria (read review)
- VPN.ac – $4.80; based in Romania (read review)
For this setup, we’ll be using VPN.ac.
Step 2: Choose the right VPN router
The only router brand that offers a wide selection of VPN-ready routers is Asus. The default Asus firmware, which is called ASUSWRT, supports OpenVPN, PPTP, and L2TP, right out of the box (no flashing required!).
Setup time is about 20 minutes.
CPU matters! The biggest consideration when choosing your VPN router is CPU, or processing power. Running a VPN on a router is a very CPU-intensive task requiring the router to process lots of encrypted data. Because all routers on the market use ARM-based processors that aren’t very powerful, you’ll likely notice a speed reduction corresponding to the CPU. Here are some realistic expectations for speed:
- 600 Mhz = 8-10 Mpbs
- 800 Mhz = 15-25 Mbps
- 1.0 Ghz = 20-35 Mbps
- 1.4 Ghz = 25-45 Mbps
(Keep in mind, most sites won’t tell you realistic VPN router speeds, and instead focus on the potential speed without a VPN.)
Here is a list of all the Asus routers that are VPN-ready, with corresponding CPU:
Asus RT-N66U (600 Mhz) [Amazon]
Asus AC1750 (RT-AC66U) (600 Mhz) [Amazon]
Asus AC1900 (RT-AC68U) (800 Mhz, dual core) [Amazon]
Asus RT-AC87U (1,000 Mhz – dual core) [Amazon]
Asus RT-AC3200 (1,000 Mhz – dual core) [Amazon]
Asus RT-AC3100 (1,400 Mhz – dual core) [Amazon]
Asus RT-AC88U (1,400 Mhz – dual core) [Amazon]
Asus RT-AC5300 (1,400 Mhz – dual core) [Amazon]
Step 3: Unpack your Asus router
Check all the contents.
Step 4: Assemble and connect ethernet cable
Assemble your router according to the instruction manual. Then, connect your new Asus router to your existing router using the ethernet cable. Notice which ethernet (LAN) ports are being used in the photos below (blue LAN port with the new router, and any yellow LAN port on the existing router).
Connect the existing (old) router to the new Asus router with the ethernet cable.
Step 5: Connect to power and turn on
After turning on the power and waiting a few minutes, you can setup your new router.
Step 6: Connect to the Asus router via your wireless network
Find and select the “ASUS” network to configure your new router.
Step 7: Begin configuration process
After connecting to the ASUS network a configuration screen will appear. Follow the simple configuration process. Be sure to record:
- router username and password (to manage the router settings)
- wireless network name and password
After you have completed the basic configuration steps you should see your new Asus wireless network name. (My new Asus network is called RP.)
You can now connect to your new Asus network.
Step 8: Download your OpenVPN configuration files
Once you have a VPN.ac subscription you can get the OpenVPN files, which you’ll import onto your router. I’d recommend using the AES 256 UDP file. This provides you with the OpenVPN 256-bit encryption protocol, which is secure, fast and reliable.
When you open the zip file you’ll see a list of individual .ovpn files. Each file corresponds to a specific server location (or a double-hop server configuration, see “2-hop” servers below).
Step 9: Configure the VPN on your router
After connecting to your new Asus network, you can log in to your router administration area and add the VPN configuration to the router. Open an internet browser, and enter either http://192.168.1.1 or http://192.168.2.1 into your URL address bar to access the Asus admin page. (Tip: bookmark this page for quick access.)
Sign in to your administration area with your username and password from earlier.
Now select the following: VPN (left side of the screen) > VPN Client (top) > Add profile > OpenVPN.
Load the VPN configuration file
Now enter the following information into the OpenVPN window.
- Description: you can use the VPN server location (i.e. VPNac Luxembourg)
- Enter the username and password for your VPN service
- Now you’ll need to select the specific .ovpn configuration file for the VPN server you want your router to use. (The closer the server is to your physical location, the faster and more stable your connection will be.)
- Click Browse, open the .zip file from earlier, select which encryption folder you want to use (160 or 256) then select the specific server you want to use, click open. Now click Upload to upload the .ovpn file.
You don’t need to import the CA file. Now just click OK.
At this point you should see the VPN server configuration added to the VPN Server List. On the far right, click Activate to enable the VPN connection. After a few seconds, you should see a check mark on the far left under Connection Status.
Now you can add as many different server configurations (VPN server locations) to your router as you’d like. If you’re using VPN.ac, you can also add double-hop server configurations. This means your traffic will be routed through two separate VPN servers before exiting onto the internet (giving you a higher level of anonymity).
VPN Router DNS and IPv6 leak protection
For privacy reasons, it would be a good idea to setup both DNS leak protection and IPv6 leak protection.
1) DNS leak protection – Select the WAN button on the left, and then under “Connect to DNS Server automatically” select No. You can use any of the following DNS Server addresses:
- OpenDNS: 18.104.22.168 and 22.214.171.124
- Google: 126.96.36.199 and 188.8.131.52
Then at the bottom click Apply.
2) IPv6 leak protection – Select the IPv6 button on the left in your router’s admin area. Now under Connection type, make sure Disable is selected, then click Apply.
Testing your VPN router
Now you can test everything out to make sure the privacy settings above are working correctly. A good VPN testing resource is the Perfect Privacy IP check tool. This will show you if the VPN server is correctly replacing your real IP address. You should also run a DNS leak test (also on the Perfect Privacy website). More info on VPN testing can be found here.
Use two routers – With the VPN router setup in this guide, you can also use two routers: your old router (if you don’t want to go through your VPN), or your new Asus VPN router setup. Because some services block VPNs, such as Netflix, this gives you more flexibility.
Finished! That’s it. Enjoy your new VPN router.
Amazon disclaimer: RestorePrivacy is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.