DD-WRT OpenVPN (Older Builds) Setup


FlashRouters offers plug and play DD-WRT Routers preconfigured Private Internet Access Routers for this setup.



Step 1: Select a VPN Server

DD-WRTOpenVPN1

You are free to pick any Private Internet Access VPN server you like, but generally OpenVPN connections are faster and more stable with a physically closer server.

  1. In a browser, go to https://www.privateinternetaccess.com/pages/network/
  2. Note the full Hostname of the nearest VPN server. For example, if you reside in
  3. Step 2: Modify the DD-WRT Basic DNS Settings

    DD-WRTOpenVPN3
  4. In the DD-WRT Control Panel page, navigate to Setup > Basic Setup.
  5. Under Network Address Server Settings (DHCP), set:
    Static DNS 1 = 4.2.2.1
    Static DNS 2 = 4.2.2.2
    Static DNS 3 = 4.2.2.3
    Use DNSMasq for DHCP = Checked
    Use DNSMasq for DNS = Checked
    DHCP-Authoritative = Checked
  6. Save and Apply Settings.
  7. Step 3: Disable IPv6

    DD-WRTOpenVPN4
  8. Navigate to Administration > Management.
  9. Under IPv6 Support, set IPv6 = Disable.
  10. Save and Apply Settings.
  11. Step 4: Enable Local DNS

    DD-WRTOpenVPN5
  12. Navigate to Services > Services.
  13. We'll remove the ISP's DNS suffix from LAN clients. Under DHCP Server, set Used Domain = LAN & WLAN.
  14. Under DNSMasq, make sure DNSMasq, Local DNS, & No DNS Rebind are all set to Enable.
  15. Save and Apply Settings.
  16. Step 5: Set the OpenVPN Client Parameters

    DD-WRTOpenVPN6
  17. Navigate to Services > VPN.
  18. Under OpenVPN Client, set Start OpenVPN Client = Enable. Other options will appear.
  19. Set Advanced Options to Enable. More options will appear.
  20. Set the following:
    Server IP/Name = The full hostname of the VPN Server you noted in Step 1: Select a VPN Server
    Port = 1194
    Tunnel Device = TUN
    Tunnel Protocol = UDP
    Encryption Cipher = Blowfish CBC
    Hash Algorithm = SHA1
    TLS Cipher = None
    LZO Compression = Yes
    NAT = Enable
  21. Step 6: Set the OpenVPN Additional Config Settings

    Enter this for Additional Config:
     	auth-user-pass /tmp/password.txt
     	persist-key
     	persist-tun
     	tls-client
     	remote-cert-tls server
    

    Step 7: Set the OpenVPN CA Cert

    DD-WRTOpenVPN7
  22. Download the file https://www.privateinternetaccess.com/openvpn/ca.crt
  23. Open Notepad, then drag the file ca.crt onto Notepad, to open the Private Internet Access CA certificate as a text file.
  24. Ctrl-A to select all text, then Copy it.
    DD-WRTOpenVPN8
  25. In the the DD-WRT VPN page, paste the entire CA certificate text into the CA Cert field. Be sure the entire text gets pasted in, including "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
  26. Save and Apply Settings.
  27. Step 8: Create a Startup Script with VPN Username and Password

    DD-WRTOpenVPN9
  28. Navigate to Administration > Commands
  29. Paste the following commands into the Command Shell:
    	echo username > /tmp/password.txt
    	echo password >> /tmp/password.txt
    	/usr/bin/killall openvpn
    	/usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon
    	Note: Replace *username* and *password* with your actual PIA username and password. 
    For example, if your PIA username was p1234567 and password was 12345678, the first couple of lines would look like this:
    echo p1234567 > /tmp/password.txt echo 12345678 >> /tmp/password.txt

    DD-WRTOpenVPN10DD-WRTOpenVPN11
  30. Select Save Startup.
  31. The commands you entered should now show in the Startup box.
  32. Navigate to Administration > Management.
  33. Select Reboot Router. Wait for the router to reboot, then reconnect to it.
  34. Step 9: Verify the VPN is Working

  35. Navigate to Status > OpenVPN.
  36. In the State text, you should see the message "Client: CONNECTED: SUCCESS". If not, check your configuration for typos.

EASY Setup Guides for Alternate Configurations (Advanced):

PPTP/L2TP/SOCKS Security

The PPTP/L2TP/SOCKS5 protocols are provided for devices lacking compatibility with the Private Internet Access application or OpenVPN protocol. PPTP/L2TP/SOCKS5 should be used for masking one's IP address, censorship circumvention, and geolocation.

If you need encryption, please use the Private Internet Application or OpenVPN protocol with our service.

    Although quite different from a VPN, we provide a SOCKS5 Proxy with all accounts in the event users require this feature.

    SOCKS5 Proxy Usage Guides
    proxy-nl.privateinternetaccess.com port 1080
    Enable port forwarding in the application by entering the Advanced area, enabling port forwarding and selecting one of the following gateways:

    CA Toronto
    Ca Montreal
    Netherlands
    Sweden
    Switzerland
    France
    Germany
    Romania
    Israel

    After enabling port forwarding and re-connecting to one of the above gateways, please hover your mouse over the System Tray or Menu Bar icon to reveal the tooltip which will display the port number. You can then enter this port into your software.

    Port Forwarding reduces privacy. For maximum privacy, please keep port forwarding disabled.
IPv6 leak protection disables IPv6 traffic while on the VPN. This ensures that no IPv6 traffic leaks out over your normal internet connection when you are connected to the VPN. This includes 6to4 and Teredo tunneled IPv6 traffic.
    The dns leak protection feature activates VPN dns leak protection. This ensures that DNS requests are routed through the VPN. This enables the greatest level of privacy and security but may cause connectivity issues in non-standard network configurations.

    This can be enabled and disabled in the Windows application, while it is enabled by default on our macOS application.

    We use our own private DNS servers for your DNS queries while on the VPN. After connecting we set your operating system's DNS servers to 209.222.18.222 and 209.222.18.218. When using a DNS Leak testing site you should expect to see your DNS requests originate from the IP of the VPN gateway you are connected to.

    If you change your DNS servers manually or if for some other reason they are changed this does not necessarily mean your DNS is leaking. Even if you use different DNS servers the queries will still be routed through the VPN connection and will be anonymous.
    The internet kill switch activates VPN disconnect protection. If you disconnect from the VPN, your internet access will stop working. It will reactivate normal internet access when you deactivate the kill switch mode or exit the application.

    Users who may be connected to two connections simultaneously (ex.: wired and wireless) should not use this feature, as it will only stop 1 active connection type.


  • United States (US VPN)
    us-california.privateinternetaccess.com
    us-east.privateinternetaccess.com
    us-midwest.privateinternetaccess.com
    us-chicago.privateinternetaccess.com
    us-texas.privateinternetaccess.com
    us-florida.privateinternetaccess.com
    us-seattle.privateinternetaccess.com
    us-west.privateinternetaccess.com
    us-siliconvalley.privateinternetaccess.com
    us-newyorkcity.privateinternetaccess.com

  • United Kingdom (GB VPN)
    uk-london.privateinternetaccess.com
    uk-southampton.privateinternetaccess.com

  • Canada (CA VPN)
    ca-toronto.privateinternetaccess.com
    ca.privateinternetaccess.com

  • Australia (AU VPN)
    aus.privateinternetaccess.com
    aus-melbourne.privateinternetaccess.com

  • New Zealand (NZ VPN)
    nz.privateinternetaccess.com

  • Netherlands (NL VPN)
    nl.privateinternetaccess.com

  • Sweden (SE VPN)
    sweden.privateinternetaccess.com

  • Norway (NO VPN)
    no.privateinternetaccess.com

  • Denmark (DK VPN)
    denmark.privateinternetaccess.com

  • Finland (FI VPN)
    fi.privateinternetaccess.com

  • Switzerland (CH VPN)
    swiss.privateinternetaccess.com

  • France (FR VPN)
    france.privateinternetaccess.com

  • Germany (DE VPN)
    germany.privateinternetaccess.com

  • Ireland (IE VPN)
    ireland.privateinternetaccess.com

  • Italy (IT VPN)
    italy.privateinternetaccess.com

  • Romania (RO VPN)
    ro.privateinternetaccess.com

  • Turkey (TR VPN)
    turkey.privateinternetaccess.com

  • South Korea (KR VPN)
    kr.privateinternetaccess.com

  • Hong Kong (HK VPN)
    hk.privateinternetaccess.com

  • Singapore (SG VPN)
    sg.privateinternetaccess.com

  • Japan (JP VPN)
    japan.privateinternetaccess.com

  • Israel (IL VPN)
    israel.privateinternetaccess.com

  • Mexico (MX VPN)
    mexico.privateinternetaccess.com

  • Brazil (BR VPN)
    brazil.privateinternetaccess.com

  • India (IN VPN)
    in.privateinternetaccess.com