Surfshark has climbed the ranks among the leading VPN service providers at an exemplary pace. The provider covers all the bases that you can expect from a top-of-the-line VPN service. But did you know that you can make your digital life much easier and foolproof by setting up Surfshark on router?
In this article, I will explain how to setup Surfshark on router by taking advantage of the router compatibility of the service.
Reasons to Install a VPN on Router
The traditional way of using a VPN is to install it on the device that you want to protect from external threats, keep your privacy safe, and unblock websites that are censored or geo-restricted in your region.
If you only use one device, then the benefits of having a Surfshark VPN router won’t apply to you and you can simply get by using the VPN app on your device.
But if you desire privacy on all the different devices you use to access the Internet or you simply want everyone in the family to stay protected under Surfshark’s defense capabilities, then installing this VPN on a router can offer you a whole new level of convenience.
This convenience arises from the fact that if you have Surfshark running on your router, you don’t need to separately turn it on for each of your devices individually.
Simply turn on the Wi-Fi on your device or plug a LAN cable from the router, and you will automatically be connected to Surfshark’s configured VPN servers.
Apart from the benefit of convenience, setting up a router on Surfshark also ensures that you will never forget to turn the VPN on before you perform sensitive tasks on your device, since this setup is an “always-on” configuration.
What’s more, you can also get past any compatibility issues if you also need a VPN for some device that isn’t directly supported by Surfshark.
But the VPN on your router doesn’t care about compatibility. As long as the device accepts a Wi-Fi connection, it will obtain access to Surfshark VPN.
As such, using Surfshark VPN directly on router is a highly convenient option to surround your devices with military-grade encryption and the security of offshore server locations offered by Surfshark.
Installing Surfshark on Router
Surfshark only supports routers running open-source firmware including DD-WRT and Tomato. The only other stock firmware from popular router manufactures that Surfshark supports is AsusWRT.
As such, I will demonstrate the setup process for Asus routers specifically and then for DD-WRT and Tomato in general.
Setting up Surfshark on Asus routers
5 Minutes Review time
Follow the steps below to proceed with the setup process:
So, if you have been wondering how difficult is it to install Surfshark VPN on my router, I suppose the answer to that is: not as hard as you think.
Installing Surfshark on DD-WRT Routers
DD-WRT is an open-source firmware that can be installed on many different types of routers.
If your router doesn’t already have a DD-WRT firmware installed, you will have to flash it first. This article explains the flashing process in detail. You must also make sure your router supports DD-WRT firmware, which you find here.
When you’re done with setting up DD-WRT on your router, follow the steps below to configure Surfshark:
- First, you must setup Surfshark’s DNS servers. Open your DD-WRT router control panel > Setup > Network Address Server Settings (DHCP) and enter these values:
- Static DNS 1 = 252.172.57
- Static DNS 2 = 154.159.92
- Static DNS 2 = 0.0.0 (default)
- Use DNSMasq for DHCP = Checked
- Use DNSMasq for DNS = Checked
- DHCP-Authoritative = Checked
- When these values are entered as shown above, click Save and Apply Settings
- Select Service tab and then Under OpenVPN Client, click Enable and enter information as shown below:
- Server IP/Name: Enter the server address of your desired VPN server. You can find Surfshark server VPN name/address here
- Port: 1194;
- Tunnel Device: TUN;
- Tunnel Protocol: UDP;
- Encryption Cipher: None;
- Hash Algorithm: SHA-512;
- User Pass Authentication: Enable;
- Username: Your Surfshark service username;
- Password: Your Surfshark service password
Note: If there are no username and password fields, enter the other details mentioned above and then skip to step 4.
- Advanced Options = Enable (this will enable additional options)
- TLS Cipher: None;
- LZO Compression: Disabled;
- NAT: Enable;
Leave all other fields not mentioned in this list unchanged.
- If there are username and password fields in this setup screen, navigate to Administration > Commands and enter the following command:
echo "USERNAME PASSWORD" > /tmp/openvpncl/user.conf /usr/bin/killall openvpn /usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon
Note: Replace USERNAME and PASSWORD with the login credentials provided to you by Surfshark, then click Save Startup and return to the VPN tab
- Enter the following commands in Additional Config:
remote-cert-tls server remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ping-timer-rem reneg-sec 0 cipher AES-256-GCM auth SHA512 log /tmp/vpn.log
- You will now need to download CA certificates and TLS auth keys in the .ovpn files that you downloaded for Surfshark from here
- Now open the configuration file with a text editor
- Copy the text after the <ca> tag to the CA Cert field. Don’t forget to copy the —-BEGIN CERTIFICATE—– and —–END CERTIFICATE—- lines as well
- Copy the text after <tls-auth> tag to the TLS Auth Key Also, copy the ——BEGIN OpenVPN Static key V1 ——- and ——- END OpenVPN Static Key V1 ——- lines
- Click Save and Apply Settings
- You can check if the VPN setup is successful by clicking Status > OpenVPN and check if it says Connected Success under State.
Installing Surfshark on Tomato Routers
Tomato is another open-source router firmware but it does not enjoy as wide support on devices as DD-WRT. To make sure your router is compatible with Tomato, visit this article.
If your router does support Tomato, you can install it with the help of this guide.
When you’re done installing Tomato on your router, follow the steps below to complete Surfshark configuration on your router:
- Access your Tomato’s control panel by entering Default Gateway in the browser’s address bar. This is 168.1.1 by default
- Enter your device login credentials when prompted
- Now click on VPN > OpenVPN Client
- Click the Basic tab on the top left and enter the following information:
- Start with WAN:Checked;
- Interface Type:TUN;
- Protocol: UDP or TCP;
- Server Address: Enter the server address you wish to connect to. You can find this information on this page
- Port:1194 if you selected UDP or 1443 for TCP connection;
- Authorization mode:TLS;
- Username/Password Authentication:Checked;
- Username: Your Surfshark service username;
- Password: Your Surfshark service password;
- Username Authen. Only:Unchecked;
- Extra HMAC authorization (tls-auth):Outgoing (1);
- Create NAT on tunnel: Checked
- Now click on Advanced and enter the following information:
- Poll interval: 0;
- Redirect Internet traffic:Checked;
- Accept DNS configuration:Strict;
- Encryption cipher:None;
- TLS Renegotiation Time:-1;
- Connection retry:-1;
- Verify server certificate (tls-remote):Unchecked;
- Now in the Custom Configuration, enter the following text:
remote-cert-tls server remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ping-timer-rem reneg-sec 0 auth SHA512 cipher AES-256-CBC log /tmp/vpn.log
- Click on Keys tab and open the .ovpn files that you earlier downloaded from this link. In the Static key, enter the text from <tls-auth> to </tls-auth> block. You must also include —- BEGIN OpenVPN Static key V1—–and —–END OpenVPN Static key V1—– lines as well. In the Certificate Authority, enter the text from <ca> to </ca> block. You must also include —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines
- Press Save button to apply pages. To create a connection with Surfshark server, click on Start VPN Client 1, at the top right corner. Check Status tab to make sure you are connected to Surfshark successfully
You should now be connected to Surfshark via your router.
If you want to consolidate your security further, you can configure DNS addresses to prevent DNS leaks. To do this, click Basic Settings > Network. Now click on WAN Settings, change DNS Server to Manual and input these addresses:
And that’s all there is to it. You can enjoy Surfshark’s servers to access any website/service you want on any device with strong security and no possibility of DNS leaks.
Surfshark is a complete package for users seeking privacy and internet freedom. Configuring it on a router only amplifies the existing capabilities of Surfshark for multiple devices at the same time.
All you need to do is just take out a few minutes, keep a cup of freshly brewed coffee handy, and go about changing the settings as shown above.
That’s literally all it takes to enjoy unlimited online freedom and privacy with Surfshark.