FlashRouters offers plug and play DD-WRT Routers preconfigured Private Internet Access Routers for this setup.
By default, DD-WRT may use your ISP's DNS servers using DHCP. For privacy reasons, we'll instead configure DD-WRT to explicitly use alternate DNS servers. The below servers are provided as an example, you can use any Public DNS service you would prefer, such as Google DNS (220.127.116.11 and 18.104.22.168), Level 3 (22.214.171.124 and 126.96.36.199), or you can use a combination to fill in the 3 Static DNS fields.
You can find our CA Certificate here, which will be useful later.
- In the DD-WRT Administrative Interface, navigate to Setup > Basic Setup.
- Under Network Address Server Settings (DHCP), set:
Static DNS 1 = 188.8.131.52
Static DNS 2 = 184.108.40.206
Static DNS 3 = 220.127.116.11
Use DNSMasq for DHCP = Checked
Use DNSMasq for DNS = Checked
DHCP-Authoritative = Checked
- Save and Apply Settings.
- To Disable IPv6, Navigate to Setup > IPV6
- Set IPv6 to Disable, then Save & Apply Settings.
- Disable IPv6
- To Enable Local DNS, Navigate to Services > Services
- If there is a DNS Suffix, Remove that
- Under DHCP Server, Set Used Domain to LAN & WLAN
- Under DNSMasq Ensure that DNSMasq, Local DNS, and No DNS Rebind are all enabled
- Save & Apply Settings.
- Navigate to Service > VPN
- Under OpenVPN Client, set Start OpenVPN Client = Enable. Other options will appear.
- Set Advanced Options to Enable, More options will appear.
- Set the following:
Server IP/Name = us-east.privateinternetaccess.com [*]
Or if you prefer to use a specific location, You can find the full list of locations here: https://www.privateinternetaccess.com/pages/network
Port = 1198
Tunnel Device = TUN
Tunnel Protocol = UDP
Encryption Cipher = AES-128-CBC
Hash Algorithm = SHA1
User Pass Authentication = Enable
Username, Password = Your PIA username & password
TLS Cipher = None
LZO Compression = Yes
NAT = Enable
- In Additional Config, Type:
- Download the file https://www.privateinternetaccess.com/openvpn/ca.rsa.2048.crt
- Right-Click the ca.rsa.2048 file, and Choose Open With, Then choose Notepad
- Highlight the full contents of the ca.rsa.2048 file by pressing Ctrl+A then copy with Ctrl+C
- In DD-WRT, Paste, (Ctrl+P) the contents in the CA Cert field. Be sure the entire text gets pasted in, including "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
- Save and Apply Settings
- To Verify the VPN is Working, Navigate to Status > OpenVPN
Under State, you should see the message "Client: CONNECTED SUCCESS"
EASY Setup Guides for Alternate Configurations (Advanced):
The PPTP/L2TP/SOCKS5 protocols are provided for devices lacking compatibility with the Private Internet Access application or OpenVPN protocol. PPTP/L2TP/SOCKS5 should be used for masking one's IP address, censorship circumvention, and geolocation.
If you need encryption, please use the Private Internet Application or OpenVPN protocol with our service.
- Windows OpenVPN Setup
- macOS OpenVPN Setup
- macOS Viscosity Setup
- Ubuntu OpenVPN Setup
- Fedora OpenVPN Setup
- Robolinux 7.5.3 OpenVPN Setup
- iOS (iPad/iPhone/iTouch) OpenVPN Setup
- Android 4.0+ OpenVPN Setup
- DD-WRT OpenVPN Setup
- DD-WRT OpenVPN (Older Builds)
- Tomato OpenVPN Setup
- PfSense OpenVPN Setup
OpenVPN Configuration Files (Recommended Default)
OpenVPN Configuration Files (Strong)
Although quite different from a VPN, we provide a SOCKS5 Proxy with all accounts in the event users require this feature.
SOCKS5 Proxy Usage Guides
proxy-nl.privateinternetaccess.com port 1080
Enable port forwarding in the application by entering the Advanced area, enabling port forwarding and selecting one of the following gateways:
After enabling port forwarding and re-connecting to one of the above gateways, please hover your mouse over the System Tray or Menu Bar icon to reveal the tooltip which will display the port number. You can then enter this port into your software.
Port Forwarding reduces privacy. For maximum privacy, please keep port forwarding disabled.
The dns leak protection feature activates VPN dns leak protection. This ensures that DNS requests are routed through the VPN. This enables the greatest level of privacy and security but may cause connectivity issues in non-standard network configurations.
This can be enabled and disabled in the Windows application, while it is enabled by default on our macOS application.
We use our own private DNS servers for your DNS queries while on the VPN. After connecting we set your operating system's DNS servers to 18.104.22.168 and 22.214.171.124. When using a DNS Leak testing site you should expect to see your DNS requests originate from the IP of the VPN gateway you are connected to.
If you change your DNS servers manually or if for some other reason they are changed this does not necessarily mean your DNS is leaking. Even if you use different DNS servers the queries will still be routed through the VPN connection and will be anonymous.
The internet kill switch activates VPN disconnect protection. If you disconnect from the VPN, your internet access will stop working. It will reactivate normal internet access when you deactivate the kill switch mode or exit the application.
Users who may be connected to two connections simultaneously (ex.: wired and wireless) should not use this feature, as it will only stop 1 active connection type.
United States (US VPN)
United Kingdom (GB VPN)
Canada (CA VPN)
Australia (AU VPN)
New Zealand (NZ VPN)
Netherlands (NL VPN)
Sweden (SE VPN)
Norway (NO VPN)
Denmark (DK VPN)
Finland (FI VPN)
Switzerland (CH VPN)
France (FR VPN)
Germany (DE VPN)
Ireland (IE VPN)
Italy (IT VPN)
Romania (RO VPN)
Turkey (TR VPN)
South Korea (KR VPN)
Hong Kong (HK VPN)
Singapore (SG VPN)
Japan (JP VPN)
Israel (IL VPN)
Mexico (MX VPN)
Brazil (BR VPN)
India (IN VPN)