Skip to main content

DD-WRT v40559 (OpenVPN Setup)


This tutorial will walk you through configuring a router using DD-WRT firmware version 3.0-r40559.

If you want a router based configuration but do not want to set it up yourself, FlashRouters offers plug and play DD-WRT Routers preconfigured Private Internet Access Routers for this setup.

Before starting, be sure you have downloaded the configuration file you would like to use for your connection. For this guide specifically, we have used the California file from the collection labeled Default, be sure to decompress the file so you can access the contents.

Also, decide what DNS servers fit your needs, there are four options:

These cannot be specified in a DD-WRT setup; to effectively prevent DNS leaks with this configuration you will need to specify the PIA DNS in the network connection of devices connected to this router.

Step 1. Setup - Basic Setup : assure you are using the appropriate time settings for your location, this is done to prevent types of connectivity problems.

1. Specify a base DNS servers that are not the PIA DNS servers, for use before and outside the VPN connection. Those will need to be selected at your own discretion. We have used (Cloudflare) as a primary.

2. The second DNS we used is (Google).

3. vAssure NTP Client is Enabled.

4. Set Time Zone to your real local time.

5. At the bottom of the page, click Apply Settings.

Step 2. Setup - IPv6 : to prevent leaks over the the IPv6 protol, turn it off in the Setup > IPv6 tab, highlighted in red in the image below.

1. Set the radio button for IPv6 to Disable

2. Click Apply Settings.

Step 3. Services - VPN : turn on the VPN Client so that you will be provided with the fields to input of the VPN configuration specifics.

1. Under the OpenVPN Client header, click Enable for the Start OpenVPN Client option.

2. Click Apply Settings.

Step 4. Services - VPN : input the specific VPN configuration details.

1. Input the Server IP/Name, is where you will input the PIA server that you would like to connect to, the server locations available for the generation of servers you are connecting to is available in the collection you downloaded at the start. The information you are looking for is found on the fourth line of the OpenVPN configuration file; in this case "remote 1198". The text "" is the input for the server address, and "1198" is the input for the server port in the next step.

2. Input the Port number, the required port for the chosen configuration — 1198 from the step above.

3. For Tunnel Device PIA VPN connections use a TUN interface.

4. Tunnel Protocol will be set to UDP in this guide. In most cases UDP provides better speeds than TCP. If TCP is used, be sure to use the correct port number.

5. Encryption Cipher is also specific to the configuration choices made above, and can be found in the config file; in this case AES-128-CBC.

6. Hash Algorithm is another setting specific to the configuration, and can be found in the config file; in this case SHA1.

7. User Pass Authentication must be set to Enable.

8. In the Username field, input your PIA username — that is always in the format of p1234567 and cannot be replaced with any other information.

9. The Password field requires the input of the password for your PIA account, which is assigned to you, but you have the ability to customize in the client control panel.

10. Set Advanced Options to Enable, this will reveal additional fields that require input.

11. From the drop-down menu, set TLS Cipher to None.

12. In the drop-down menu, set LZO Compression to Yes.

13. The Additional Config section will require multiple specific lines of text; copy and paste the following into this field:

remote-cert-tls server
pull-filter ignore "auth-token"

14. The CA Cert will need to be copied from the configuration file. Copy the contents into the CA Cert field. (Note : The contents of this must include the begin and end certificate lines as well, be sure to copy the whole thing.)

15. At the bottom of the page, click Apply Settings to save what you have done and set-up the connection.

Your router is now set up to establish a PIA VPN connection. You can confirm the status of your connection in the Status > OpenVPN tab, shown highlighted in red.

If the connection does not start after specifying and applying the settings, power down you router, wait 10 seconds, and turn it back on — that should initiate the VPN connection as the router reboots.

Authors list

First published: 17/04/2020

Last updated: Nov 24, 2020 by Michael B