How To Set Up the OpenVPN client on ASUSWRT-Merlin Routers

ASUSWRT-Merlin is a free firmware exclusively made for ASUS/ASUSWRT routers. It is essential to protect your router network with a VPN. Connecting to a VPN server hides your actual IP address, changes your location, and encrypts your data traffic. Also, although ASUS/ASUSWRT routers are relatively secure, a VPN client provides an extra layer of security and privacy.

This setup guide will teach you how to set up an OpenVPN tunnel on your ASUSWRT-Merlin router. We will also discuss other helpful topics.

How To Set Up The OpenVPN client on ASUSWRT-Merlin Routers

Setting up an OpenVPN tunnel on your router may seem like a complicated process, but if you follow our step-by-step guide, you’ll be good to go in no time:

Login to Your Router Control Panel

You’ll need to log in to your ASUSWRT-Merlin control panel before you can establish a VPN connection. Type your router’s IP address in your browser URL bar to access the control panel. The default IP address will be 192.168.1.1 unless you’ve changed it before.

Enter your username/password and click on ‘Sign in.’

Open the VPN Client Settings

Locate ‘Advanced Settings’ on the bottom left corner of the main screen and click on it to find the ‘VPN’ section. Next, click on ‘VIP’ to access the VPN control panel. Next, click on the ‘OpenVPN Clients’ tab on the main screen.

Under the tab, you’ll find the OpenVPN settings screen.  With Merlin, you can set up up to five VPN clients simultaneously, and you can later switch between the clients by switching them on/off. Next is the configuration for the VPN connection.

Configure the VPN connection

This is the main aspect of the setup. To make it easier to understand, we’ll break it down into different parts:

Part 1: Import an .ovpn Config File

The .ovpn config file is vital for an OpenVPN connection. It appears to be a simple text file, but it dictates crucial aspects of your VPN connection and includes sections like:

  • The server address you’re connecting to
  • Port/Protocol used
  • Encryption Algorithm/Mode (for example, AES, Blowfish, etc.)
  • Encryption strength (128-bit or 256-bit)
  • Special parameters

Every VPN provider has unique .ovpn config files, but they are usually the same for every subscriber.  These files don’t include personal information like passwords, names, or secret keys. In addition, each server has a config file, so for every VPN server location you want to connect to, you’ll have to download the corresponding .ovpn config file.

Upload the .ovpn File to the Router

Locate the ‘client control’ section. Under the section, click on the ‘Import .ovpn file’ line, and then click ‘Choose File.’

Next, navigate to the folder where your .ovpn config files are saved. Select the one you want to use and click ‘Open.’ on the router’s window. Finally, ensure you click on ‘Upload’ to transfer the file to your router successfully. However, if your .ovpn file doesn’t have a CA certificate file, you’ll also get an error message in yellow next to the ‘Upload’ button.

In case of an error message, you just have to add the CA certificate file yourself manually. Part 2 will show you how to do that, but you can skip the step if you didn’t get an error.

Part 2: Manually Import the CA Certificate

Like we said, if the .ovpn config file from your VPN provider doesn’t have a certificate, you’ll have to import the certificate file (file extension .crt) manually. In most cases, the file will be in the same zip file you downloaded for the .ovpn config files.

Locate the Certificate Authority (.crt) file and open it with a text editor. Next, you’ll have to copy everything you see in the file, from ‘BEGIN CERTIFICATE’ down to ‘END CERTIFICATE.’ After that, return to your router control panel.

Under the OpenVPN client settings, locate the ‘Authorization Mode’ line. Next, click on ‘Content Modification of Keys and Certificates” on the right side of the screen.

Next, you’ll paste the text you copied from the certificate file into the blank ‘Certificate Authority’ section. After that, click ‘Save,’ and you’re done with this part.

Part 3: Test Your Connection

When you get to this part, you’ll have to add your login details for the VPN. You can also adjust some settings if your VPN allows for multiple configurations on one server.

First, you’ll enter your username and password in the right places and then test the connection. To test the connection, you’ll have to turn on ‘Service State’ and let the router apply the changes.

If your ASUSWRT-Merlin doesn’t display an error message, launch your web browser and visit an IP testing site like IPLeak.net or iplocation.net to see if your VPN connection is solid.

When you visit any of the websites while connected to the VPN and your IP address is different, your setup was successful. If everything seems okay, you can try checking out the basic and advanced settings.

Part 4: Basic Settings

With ASUSWRT-Merlin, you have a lot of control over your VPN connection. We’ll take a quick look at each of the settings:

Start on Wan

Selecting ‘Yes’ on this section means that it will create a VPN connection each time you start up your router. However, you can leave it on ‘No’ if you’d rather turn on the VPN yourself.

Interface (Tun or Tap)

To keep things simple, allow this to remain as Tun unless your VPN config files require tap.

Protocol (UDP or TCP)

Any .ovpn config file you import will set this. UDP usually provides faster speeds and is used by most VPN providers.

Server Address and Port

This is also automatically set by the .ovpn config file. To easily bypass firewalls, choose a config with  TCP and port 443.

Authorization Mode

This specifies how the encryption handshake would be handled. It is typically TLS. This should be imported from the .ovpn file.

Username/Password Authentication

If your VPN provider has a username and password, you should set this to ‘Yes.’

Username/Password Auth Only

You should leave this on ‘No.’ This is because most VPNs require a CA certificate to authenticate the client and server. With this set to ‘No,’ you can import the .crt CA file as we showed you earlier.

Auth Digest

This is the hash algorithm that authenticates incoming data packets sent from your VPN server. This ensures that it is not an attacker sending data packets to you. It is typically specified and imported from the .ovpn file. It is either SHA1 or SHA256, but SHA256 is a more secure option.

ASUSWRT-Merlin Setup With Top VPN Providers

There are many premium VPN services you can use for your router, but let’s focus on setting up an OpenVPN connection with NordVPN on your ASUS router:

1. Log in to your router’s control panel. You can access this by typing your router’s address into the address bar. This will bring up a prompt for you to enter your username and password.

2. Download the OpenVPN configuration files. Click on ‘Show available protocols.’ Once you’ve downloaded a file, go back to your router’s control panel and click on ‘Choose File.’

3. Select the configuration file you’ve downloaded and click on ‘Open.’

4. Click ‘Upload’ and wait till the page is refreshed.

5. On the refreshed page, most fields will now be filled, except your NordVPN login details. You’ll have to enter your username and password yourself.

Your NordVPN service credentials will be on your Nord Account dashboard. You can use the ‘Copy’ buttons on the right of the tab to copy your credentials.

6. If you want to use NordVPN for all your devices, set ‘Accept DNS Configuration’ to ‘Strict’ or ‘Exclusive’ if there are specific devices you want to connect.

7. In the ‘Custom Configuration’ field, enter this text:

remote-cert-tls server

remote-random

nobind

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

persist-key

persist-tun

ping-timer-rem

reneg-sec 0

#log /tmp/vpn.log

8. Configure NordVPN’s DNS settings. First, click ‘WAN’ in the left sidebar. Next, choose ‘No’ in the ‘Connect to DNS Server automatically’ field, and type in the following addresses for NordVPN’s DNS servers: 103.86.96.100, 103.86.99.100.

9. Finally, click on ‘Apply’ at the bottom of the page and wait for the applied changes.

Conclusion

It is always a great idea to protect your internet connection with an extra layer of privacy (encryption) and security. The OpenVPN client is one of the best choices for ASUSWRT-Merlin routers. Follow every step in this guide carefully to set it up on your router successfully.