This tutorial will walk you through configuring a router using DD-WRT firmware version 3.0-r40559.
If you want a router based configuration but do not want to set it up yourself, FlashRouters offers plug and play DD-WRT Routers preconfigured Private Internet Access Routers for this setup.
Before starting, decide what type of encryption you want to use, and what protocol you want to connect with. The stronger the encryption is the more secure the traffic will be, but it will trade some performance for that additional security. This guide will be using strong, GCM encryption with the UDP protocol. Here is a table containing the various options and their dependencies. If you want to configure a different level of encryption, you will need to alter your input to match based upon these specifics.
|Auth||Cipher||Cert||UDP Port||TCP Port|
|SHA1||BF-CBC||ca.crt||53, 8080, 9201||80, 110, 443|
Step 1. Setup - Basic Setup : to use the PIA DNS servers, which will prevent DNS logging and leaks, select Setup. From the tabs in the bar below that, click Basic Settings (highlighted in red in the image below) to access the general router settings where you can specify what DNS to use. Additionally, assure you are using the appropriate time settings for your location, this is done to prevent types of connectivity problems.
1. Set Static DNS 1 to 220.127.116.11.
2. Set Static DNS 2 to 18.104.22.168.
3. Assure NTP Client is Enabled.
4. Set Time Zone to your real local time.
5. At the bottom of the page, click Apply Settings.
Step 2. Setup - IPv6 : to prevent leaks over the the IPv6 protol, turn it off in the Setup > IPv6 tab, highlighted in red in the image below.
1. Set the radio button for IPv6 to Disable
2. Click Apply Settings.
Step 3. Services - VPN : turn on the VPN Client so that you will be provided with the fields to input of the VPN configuration specifics.
1. Under the OpenVPN Client header, click Enable for the Start OpenVPN Client option.
2. Click Apply Settings.
Step 4. Services - VPN : input the specific VPN configuration details.
1. Input the Server IP/Name, a full list of those options can be found here : https://www.privateinternetaccess.com/pages/network/ (This guide has used us-west.privateinternetaccess.com.)
2. Input the Port number, specific to the dependencies table above.
3. For Tunnel Device PIA VPN connections use a TUN interface.
4. Tunnel Protocol will be set to UDP in this guide. In most cases UDP provides better speeds than TCP. If TCP is used, be sure to use the port shown in the dependencies table at the beginning of this guide.
5. Encryption Cipher is also specific to your preferences from the dependencies table at the top of the guide.
6. Hash Algorithm is another setting specific to your preferences from the dependencies table at the top of the guide.
7. User Pass Authentication must be set to Enable.
8. In the Username field, input your PIA username — that is always in the format of p1234567 and cannot be replaced with any other information.
9. The Password field requires the input of the password for your PIA account, which is assigned to you, but you have the ability to customize in the client control panel.
10. Set Advanced Options to Enable, this will reveal additional fields that require input.
11. From the drop-down menu, set TLS Cipher to None.
12. In the drop-down menu, set LZO Compression to Yes.
13. The Additional Config section will require multiple specific lines of text; copy and paste the following into this field:
persist-key persist-tun tls-client remote-cert-tls server pull-filter ignore "auth-token"
14. The CA Cert will need to be downloaded from the dependencies table, specific to the encryption you are using. Links for each of the three certificates can be found in the dependencies table at the beginning of the guide. Open the certificate in a text editor and copy the contents into the CA Cert field. (Note : The contents of this must include the begin and end certificate lines as well, be sure to copy the whole thing.)
15. At the bottom of the page, click Apply Settings to save what you have done and set-up the connection.
Your router is now set up to establish a PIA VPN connection. You can confirm the status of your connection in the Status > OpenVPN tab, shown highlighted in red.
If the connection does not start after specifying and applying the settings, power down you router, wait 10 seconds, and turn it back on — that should initiate the VPN connection as the router reboots.