Setting up a DD-WRT VPN on your wifi router offers two key advantages:

  • You can connect as many devices as you want to the VPN
  • You can connect devices that don’t normally support VPNs to the VPN

While most wifi routers don’t ship with VPN support built-in, you can replace many routers’ firmware with something that does. Perhaps the most popular router firmware for doing this is DD-WRT. DD-WRT is a free and open-source solution based on Linux that works with a wide variety of third-party wireless routers. Among other benefits, most DD-WRT distributions allow users to configure OpenVPN server connections directly from the router. Some providers sell DD-WRT routers pre-configured for their VPNs, saving you the headache of setting it up yourself.

There is a lot of detail on each of the VPNs that we’ve selected for this list, but if you just need a quick summary on the best VPNs for DD-WRT routers, here are our top picks:

Best VPNs for DD-WRT

  • NordVPN Our top choice VPN for DD-WRT routers. Good installation support and option to buy bespoke pre-configured routers. Affordable choice that ticks all the boxes. Includes 30-day money-back guarantee.
  • Surfshark Best budget VPN for DD-WRT routers. A solid choice with detailed router setup instructions and pre-flashed routers available. Generally high speeds and impressive security.
  • ExpressVPN Offer great support for setting OpenVPN up with your DD-WRT router including tutorials and live support. Add super-fast servers, top privacy and security – makes for satisfying user experience.
  • CyberGhost Budget all-rounder offers good DD-WRT router set up tutorial for OpenVPN. Good speeds for streaming and downloading.
  • IPVanish Can buy pre-configured routers or download the set-up files directly from the website.
  • VyprVPN Good tutorials and support are offered to get you going with via OpenVPN (and even PPTP). May need more tweaking than other providers in this list.

There are no hidden terms—just contact support within 30 days if you decide NordVPN isn’t right for you and you’ll get a full refund. Start your NordVPN trial here.

The best VPNs for DD-WRT routers – At a glance

We’ve compared the most important features for the top VPNs here. Prefer to read the in-depth reviews? Start with NordVPN – our #1 choice for DD-WRT routers.

The best VPNs for setting up OpenVPN on DD-WRT routers

To get started, you’ll need to find a VPN that offers the files and support you need to get connected. We’ve curated our list of the five best VPNs for DD-WRT routers based on the following criteria:

  • Allows you to download OpenVPN configuration files for each server
  • Offers support for DD-WRT users in the form of customer service and/or tutorials
  • OpenVPN connections include DNS leak protection
  • Fast and reliable performance
  • Strong security and no logs

1. NordVPN

                    Jan 2023

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux
  • Background
  • FireTV

Website: www.NordVPN.com

Money-back guarantee: 30 DAYS

NordVPN offers customer support and tutorials for DD-WRT users. You can also buy Linksys, Netgear, or Asus routers with DD-WRT installed and NordVPN pre-configured from Flashrouters. OpenVPN config files for all of NordVPN’s servers, including the double-hop VPN and Tor over VPN servers, are available for download directly from the website.

DNS leak protection comes built-in. NordPVN maintains a strict no-logs policy and thus doesn’t store any information or metadata related to your online activity on its servers. The company uses military-grade 256-bit encryption to protect your data, and you’ll have no problem finding a fast server on its huge network of servers around the world. NordVPN is able to securely access US Netflix and Hulu, streaming services that most VPNs can’t.

BEST VPN FOR DD-WRT routers:NordVPN is our top choice. A great value option that works well with DD-WRT routers. Can connect up to 6 devices simultaneously. Also works well with most popular streaming services and achieves consistently good speeds. Provides a 30-day money-back guarantee so you can try it risk-free.

Pros:

  • OpenVPN config files for all servers are available
  • Offers customer support and tutorials for DD-WRT users
  • DNS leak protection comes built-in
  • Fast enough for HD streaming and unblocks popular content
  • Solid security features and pays high regard to user privacy

Cons:

  • Desktop app is a bit clunky compared to other providers

Our score:

Read our full NordVPN review.

2. Surfshark

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website: www.Surfshark.com

Surfshark has step-by-step installation instructions (with screenshots) on its website. If you’re not confident enough to configure the service yourself, FlashRouters sells Linksys and Netgear routers that come with Surfshark pre-installed.

This VPN protects against IPv6 and DNS leaks, and uses 256-bit AES encryption to keep your activities private at all times. Importantly, Surfshark follows a no-logs policy, and this has been verified by independent auditors. Speeds can vary, but are generally high enough for everyday tasks like streaming or torrenting.

Surfshark also offers Android, iOS, MacOS, Linux, and Windows apps.

BEST BUDGET OPTION:Surfshark has one of the strongest security offerings on the market. Further, it keeps no logs and can easily be installed on DD-WRT routers. With decent speeds, a 30-day money-back guarantee, and impressive unblocking ability, this VPN is well worthy of your consideration.

  • Provides easy-to-follow router setup guides

  • OVPN files available for all servers

  • Speedy servers with unlimited bandwidth

  • Accepts three cryptocurrencies

  • Fantastic security credentials

  • Smaller network than some of its rivals

Read our full Surfshark review.

3. ExpressVPN

Website: www.ExpressVPN.com

ExpressVPN is our a solid pick for users who want VPN-enabled routers. The provider offers tutorials, OpenVPN config files, and live customer support for DD-WRT users. On top of that, ExpressVPN makes its own easy-to-use firmware for a handful of routers that you can install yourself, or buy the pre-configured VPN router. The firmware makes it far easier to get set up, switch VPN servers, and configure split tunneling for every device in your home.

DNS leak protection is included with all VPN server configurations. The company keeps no identifying activity or metadata logs. ExpressVPN uses the highest standards of security, including 256-bit AES channel encryption and perfect forward secrecy. It sets a gold standard when it comes to speed and stability. ExpressVPN can unblock geo-locked streaming services that most VPNs can’t, like US Netflix and Hulu.

HIGHLY SECURE:ExpressVPN is a security-conscious provider. It has a vast server network that is optimized for high-speed connections. User-friendly apps for all operating systems. Hard to beat on security. There is a 30-day money-back guarantee with all plans.

  • Offer tutorials, OpenVPN config files, plus live customer support for DD-WRT users

  • Maintains easy-to-use firmware for compatible routers

  • Extremely fast download/streaming speeds

  • Industry-leading security features

  • Slightly higher cost than others

  • Little control over advanced features

Read our full ExpressVPN review.

4. CyberGhost

Website: www.Cyberghost.com

Money-back guarantee: 45 DAYS

CyberGhost offers a DD-WRT router tutorial and configurations to paid users. You can even specify which features you want to be included in a custom configuration when adding a device from your user dashboard, such as tracking prevention, ad blocking, force HTTPS, and data compression.

CyberGhost keeps no identifying activity or metadata logs. 256-bit encryption is used to protect your connection along with DNS leak protection. The VPN performed well in our speed tests.

BEGINNERS’ CHOICE:CyberGhost has a simple set up. Comes with a Speed Boost feature. Good on privacy. Streams HD video reliably. Good for Netflix but not all streaming sites. 45-day money-back guarantee.

  • Offers a DD-WRT router tutorial and configurations

  • Specify which features you want when adding a server to the dashboard

  • Apps are easy to install and use – a good option for beginners

  • DNS leak protection and strong security features

  • Doesn’t work with as many major streaming sites as rivals

  • Doesn’t work in China

Read our full review of CyberGhost.

5. IPVanish

Website: www.IPVanish.com

The IPVanish website includes a directory of OpenVPN config files and instructions on how to use them. That includes all the necessary scripts that you’ll need to enter into the DD-WRT configuration. IPVanish pre-configured DD-WRT routers are available through Flashrouters.

IPVanish comes with DNS leak protection and IPv6 leak protection built in. The company keeps zero logs of user activity and metadata. PPTP and OpenVPN are both available for DD-WRT users, with 128- and 256-bit encryption, respectively. We recommend using the latter.

FAST AND RELIABLE:IPVanish has a large network of servers. Its uncongested network achieves good connection speeds. Strong online security and user privacy features. Can’t unblock as many streaming services as some of its rivals. 30-day money-back guarantee.

  • Directory of OpenVPN config files and instructions on how to use them

  • Pre-configured DD-WRT routers are available

  • DNS leak protection and IPv6 leak protection built-in

  • Keeps zero logs of user activity and metadata

  • Doesn’t offer a cryptocurrency payment method

  • Struggles with some streaming services

Read our full IPVanish review.

6. VyprVPN

Website: www.VyprVPN.com

VyprVPN’s website has tutorials and configuration details for connecting to any of its servers via OpenVPN and PPTP, although we strongly recommend the former. There are no pre-configured DD-WRT routers available. However, if your router will run Tomato firmware, VyprVPN does make a custom VPN app for that. Live customer service available should you need any help getting OpenVPN set up.

The company keeps no logs and offers top-notch security with 256-bit encryption, strong streaming potential, and fantastic speeds. Unfortunately, if you added VyprVPN’s proprietary Chameleon protocol to your subscription, this can’t be set up on DD-WRT.

UNLIMITED DATA USAGE:VyprVPN is user friendly. Good speeds and uptime as all servers are owned by VyprVPN. Not the cheapest option on this list. 30-day money-back guarantee.

  • Custom VPN app for Tomato firmware users

  • Has tutorials and configuration details for connecting to any of its servers via OpenVPN

  • Fast and secure service

  • No pre-configured DD-WRT routers available

  • Marginally more expensive than some VPNs

  • Apps are slick but lack advanced configuration options

Read our full VyprVPN review.

How to choose the best DD-WRT router for VPNs

Comparitech does not review DD-WRT routers, but we’ll list some suggestions to help guide your purchasing decision. When choosing a DD-WRT VPN router, you have a few options:

  • Pre-flashed router – A pre-flashed router comes with DD-WRT and the VPN already configured. It’s typically the most expensive option, but also requires the least amount of effort to get set up. ExpressVPN’s custom router firmware is our favorite, although it’s not technically DD-WRT. Check out FlashRouters to get pre-flashed VPN routers with DD-WRT firmware from several major VPN providers, including a few in our recommended list.
  • DD-WRT router – Some router models come with DD-WRT already installed, so the user just needs to enter in the VPN configuration details to get connected. Adding multiple servers can get tedious, but it shouldn’t be too hard if you’re following your VPN provider’s tutorial. Most, but not all DD-WRT versions support VPNs, so be sure to check before you buy.
  • DD-WRT compatible router – This is likely the cheapest option but requires the most tech savvy and can be a bit risky. Some router models come with the manufacturer’s proprietary firmware installed, and proprietary router firmware usually doesn’t support VPNs. That said, you can replace the stock firmware with DD-WRT in a process called “flashing”. After that, you’ll have to configure the VPN connections in the settings. Be warned that making a mistake during the flashing process could permanently damage, or “brick”, your router, so proceed with caution. Be sure to check your router is compatible with a DD-WRT version that supports VPNs.

A few popular DD-WRT routers we recommend include:

High Performance

  • Asus RT-AC5300
  • Netgear Nighthawk R9000 X10
  • Linksys WRT3200ACM

All-rounders

  • Linksys WRT1900ACS/AC v2
  • Netgear Nighthawk R7000

Budget

  • Linksys WRT1200AC
  • Linksys Cisco E4200 (discontinued)
  • Asus RT-N16

These aren’t the only options, of course, so feel free to shop around. Broadly speaking, you’ll need a router with at least 800 MHz of CPU and 8 MB flash memory, although that’s just barely enough to run OpenVPN. For high performance, you’ll want something north of 128 MB flash memory, 256 MB RAM, and 1.2 GHz CPU, if not more.

See also:

  • The best VPNs for routers
  • Best VPN for Tomato routers
  • Best VPN for Netgear routers
  • The best VPNs for Asus routers

How to set up OpenVPN on DD-WRT

First off, go to your VPN provider’s website and download the OpenVPN configuration files–they’ll have a .ovpn or .conf extension–for all of the servers you want to connect to. You’ll also need your username and password for the VPN.

While connected to your router, preferably via LAN, go to your router dashboard in a web browser. You can usually do this by typing http://192.168.1.1 into the URL bar. If that doesn’t work, try http://192.168.0.1. Log into your dashboard using the credentials you set upon first installing DD-WRT.

Click on the Services tab, then VPN. Under OpenVPN Client, toggle Enable. The configuration panel will appear.

What you do next depends on your version of DD-WRT. If your firmware has User Pass Authentication, you’ll need to open the configuration file for the server you want to connect to with a text editor such as Notepad. Copy over the settings from the config file, including the server address (an IP address or domain name), a username, and a password. Depending on your provider, you may also need to set the port, tunnel protocol, encryption cipher and/or hash algorithm. Consult your provider’s customer service or knowledge base to get these details.

If your DD-WRT firmware does not have User Pass Authentication, find the Additional Config text box and enter this command:

auth-user-pass /tmp/auth.txt

You’ll see several fields that correspond to those in your OpenVPN config file. Open the config (.ovpn) file in a text editor such as Notepad. You’ll need to copy over the server address (IP address or domain name) and the port number, which are shown after the “remote” line in the config file.

To configure keys and certificates, you’ll need to consult your VPN provider’s customer service or knowledge base to get the proper commands to enter into the Additional Config box. Copy and paste the TLS auth key, CA cert, public client cert, private client key, into each of the respective fields in the DD-WRT dashboard.

Once you’re done, click Apply settings to initiate the VPN connection.

Setting the DNS on your router

If you want to prevent your ISP from receiving DNS requests, which can give away your location and browsing activity, you should also considering setting your DNS servers in DD-WRT. While you can usually specify these on individual devices, you can take care of all of them at once in DD-WRT.

In the DD-WRT dashboard, go to Setup > Basic Setup. Under Network Address Server Settings (DHCP) and enter the DNS addresses next to Static DNS 1, 2, and 3. You can use Google DNS, OpenNIC, or DNS servers provided by your VPN provider.

Click Save and Apply settings.

We’re not quite done yet. Go to Services > Services. Under DNSMasq, in the Additional DNSMasq Options, enter this command, replacing “dns.ip.1.here” with the DNS servers you used above:

dhcp-option=6, dns.ip.1.here, dns.ip.1.here, dns.ip.1.here, dns.ip.1.here

Enable DNSMasq. This will ensure all DNS requests are sent through the VPN tunnel.

Split tunneling a DD-WRT VPN

In some cases, you may only want certain devices to have their internet traffic routed through the VPN. Some builds of DD-WRT allow for split tunneling, which allows you to pick and choose which devices get tunneled through the VPN and which use the unencrypted ISP network.

To set this up, in the DD-WRT dashboard, go to Service > VPN. Find the Policy based routing box and enter IP addresses for each of the devices you want to go through the VPN.

If you want to enable split tunneling for specific websites, apps, servers or other traffic destinations, this will have to be set up in the firewall using iptables. Go to Administration > Commands. Under Firewall click Edit and enter the necessary commands. These vary widely depending on what exactly you want to accomplish, so some further googling will be required.

VPNBook is one provider that offers OpenVPN configurations free of charge, but relatively little is known about who is behind the operation. In 2013, hacker collective Anonymous once accused VPNBook of being a honeypot for law enforcement after logs from the provider appeared in court documents. This is just one example of why you should be extremely wary of any VPN that purports to give its service away for free.

Be doubly sure that you download and install the correct version of DD-WRT for your router, and follow the instructions provided by DD-WRT carefully. Attempting to flash an incompatible version or flashing improperly could permanently damage your device.

PPTP is simpler to set up and is generally considered faster than OpenVPN, however. So if you’re not concerned about security or privacy and just want a VPN to use as a basic proxy, PPTP could fit the bill.

The first is that all devices are tunneled through a single VPN connection, which, depending on the provider and server, might get congested quickly if you have a lot of devices connected to the router.

If the server is experiencing downtime or for some reason doesn’t suit your needs, disabling the VPN or switching servers is a pain. Pre-configured routers or custom firmware, such as that offered by ExpressVPN, make these problems easier to deal with than stock DD-WRT.

Finally, most routers don’t have high-performance hardware, and using a VPN requires encrypting and decrypting data on the fly. This process consumes a lot of resources, and lower-end routers might not be able to keep up with your bandwidth demands, considerably cutting your overall speed.

OpenWRT is more customizable and gives you more control over your router, while DD-WRT is easier to use and has more features. So it really depends on what you need your router to do and how much time you want to spend configuring it.