Reading Time: 6 minutes

Surfshark has climbed the ranks among the leading VPN service providers at an exemplary pace. The provider covers all the bases that you can expect from a top-of-the-line VPN service. But did you know that you can make your digital life much easier and foolproof by setting up Surfshark on router?

In this article, I will explain how to setup Surfshark on router by taking advantage of the router compatibility of the service.

 

Reasons to Install a VPN on Router

The traditional way of using a VPN is to install it on the device that you want to protect from external threats, keep your privacy safe, and unblock websites that are censored or geo-restricted in your region.

If you only use one device, then the benefits of having a Surfshark VPN router won’t apply to you and you can simply get by using the VPN app on your device.

But if you desire privacy on all the different devices you use to access the Internet or you simply want everyone in the family to stay protected under Surfshark’s defence capabilities, then installing this VPN on a router can offer you a whole new level of convenience.

This convenience arises from the fact that if you have Surfshark running on your router, you don’t need to separately turn it on for each of your devices individually.

Simply turn on the Wi-Fi on your device or plug a LAN cable from the router, and you will automatically be connected to Surfshark’s configured VPN servers.

Apart from the benefit of convenience, setting up a router on Surfshark also ensures that you will never forget to turn the VPN on before you perform sensitive tasks on your device, since this setup is an “always-on” configuration.

What’s more, you can also get past any compatibility issues if you also need a VPN for some device that isn’t directly supported by Surfshark.

But the VPN on your router doesn’t care about compatibility. As long as the device accepts a Wi-Fi connection, it will obtain access to Surfshark VPN.

As such, using Surfshark VPN directly on router is a highly convenient option to surround your devices with military-grade encryption and the security of offshore server locations offered by Surfshark.

 

Installing Surfshark on Router

Surfshark only supports routers running open-source firmware including DD-WRT and Tomato. The only other stock firmware from popular router manufactures that Surfshark supports is AsusWRT.

As such, I will demonstrate the setup process for Asus routers specifically and then for DD-WRT and Tomato in general.

 

Setting up Surfshark on Asus routers

If you have an Asus router, then you’re in luck. Not only are most Asus routers compatible with Surfshark, but the installation method is reasonably straightforward as well.

Follow the steps below to proceed with the setup process:

  1. Login to Asus router control panel by entering the Default Gateway the address bar. This is usually 192.168.1.1

Asus configuration

 

  1. Enter your login details
  2. Now click VPN in the sidebar

Asus-interface

 

  1. Click on the VPN Client tab and Add profile

Asus-VPN-client

 

  1. Now click on OpenVPN tab and enter:
    • Description: You can choose whatever name you want to give to your VPN
    • Username: Enter your Surfshark username
    • Password: Enter your Surfshark password
  2. You now have to add configuration files of your desired VPN server. First, you will need to download these configuration files from this link
  3. Now click Choose File and select the configuration file you want

Asus-OpenVPN-Configuration

 

  1. Click OK button after file import is completed. Leave the Import the CA file or edit the .ovpn file manually unchecked
  2. This will create a new connection with the name you gave it in description. Click on Activate button to connect your Asus router to the desired Surfshark server

Surfshark-Router-Server-Activated

 

  1. A blue tick will appear in the Connection Status to indicate successful connection

 

So, if you have been wondering how difficult is it to install Surfshark VPN on my router, I suppose the answer to that is: not as hard as you think.

 

Installing Surfshark on DD-WRT Routers

DD-WRT is an open-source firmware that can be installed on many different types of routers.

If your router doesn’t already have a DD-WRT firmware installed, you will have to flash it first. This article explains the flashing process in detail. You must also make sure your router supports DD-WRT firmware, which you find here.

When you’re done with setting up DD-WRT on your router, follow the steps below to configure Surfshark:

  1. First, you must setup Surfshark’s DNS servers. Open your DD-WRT router control panel > Setup > Network Address Server Settings (DHCP) and enter these values:
    1. Static DNS 1 = 252.172.57
    2. Static DNS 2 = 154.159.92
    3. Static DNS 2 = 0.0.0 (default)
    4. Use DNSMasq for DHCP = Checked
    5. Use DNSMasq for DNS = Checked
    6. DHCP-Authoritative = Checked

Surfshark-DDWRT-step1

 

  1. When these value are entered as shown above, click Save and Apply Settings
  2. Select Service tab and then Under OpenVPN Client, click Enable and enter information as shown below:
    • Server IP/Name: Enter the server address of your desired VPN server. You can find Surfshark server VPN name/address here
    • Port: 1194;
    • Tunnel Device: TUN;
    • Tunnel Protocol: UDP;
    • Encryption Cipher: None;
    • Hash Algorithm: SHA-512;
    • User Pass Authentication: Enable;
    • Username: Your Surfshark service username;
    • Password: Your Surfshark service password

Note: If there are no username and password fields, enter the other details mentioned above and then skip to step 4.

    • Advanced Options = Enable (this will enable additional options)
    • TLS Cipher: None;
    • LZO Compression: Disabled;
    • NAT: Enable;

Leave all other fields not mentioned in this list unchanged.

Surfshark-DDWRT-Step2

 

  1. If there are username and password fields in this setup screen, navigate to Administration > Commands and enter the following command:
echo "USERNAME
PASSWORD" > /tmp/openvpncl/user.conf
/usr/bin/killall openvpn
/usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon

Note: Replace USERNAME and PASSWORD with the login credentials provided to you by Surfshark, then click Save Startup and return to the VPN tab

 

  1. Enter the following commands in Additional Config:
remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
cipher AES-256-GCM
auth SHA512
log /tmp/vpn.log

 

  1. You will now need to download CA certificates and TLS auth keys in the .ovpn files that you downloaded for Surfshark from here
  2. Now open the configuration file with a text editor
  3. Copy the text after the <ca> tag to the CA Cert field. Don’t forget to copy the —-BEGIN CERTIFICATE—– and —–END CERTIFICATE—- lines as well

Surfshark-DDWRT-CA

 

  1. Copy the text after <tls-auth> tag to the TLS Auth Key Also, copy the ——BEGIN OpenVPN Static key V1 ——- and ——- END OpenVPN Static Key V1 ——- lines

TLS Auth Key

 

  1. Click Save and Apply Settings
  2. You can check if the VPN setup is successful by clicking Status > OpenVPN and check if it says Connected Success under State.

 

Installing Surfshark on Tomato Routers

Tomato is another open-source router firmware but it does not enjoy as wide a support on devices as DD-WRT. To make sure your router is compatible with Tomato, visit this article.

If your router does support Tomato, you can install it with the help of this guide.

When you’re done installing Tomato on your router, follow the steps below to complete Surfshark configuration on your router:

  1. Access your Tomato’s control panel by entering Default Gateway in the browser’s address bar. This is 168.1.1 by default
  2. Enter your device login credentials when prompted
  3. Now click on VPN > OpenVPN Client

Surfshark-Tomato-step1

 

  1. Click the Basic tab on the top left and enter the following information:
    • Start with WAN:Checked;
    • Interface Type:TUN;
    • Protocol: UDP or TCP;
    • Server Address: Enter the server address you wish to connect to. You can find this information on this page
    • Port:1194 if you selected UDP or 1443 for TCP connection;
    • Firewall:Automatic;
    • Authorization mode:TLS;
    • Username/Password Authentication:Checked;
    • Username: Your Surfshark service username;
    • Password: Your Surfshark service password;
    • Username Authen. Only:Unchecked;
    • Extra HMAC authorization (tls-auth):Outgoing (1);
    • Create NAT on tunnel: Checked

Surfshark-Tomato-step2

 

  1. Now click on Advanced and enter the following information:
    1. Poll interval: 0;
    2. Redirect Internet traffic:Checked;
    3. Accept DNS configuration:Strict;
    4. Encryption cipher:None;
    5. Compression:Disabled;
    6. TLS Renegotiation Time:-1;
    7. Connection retry:-1;
    8. Verify server certificate (tls-remote):Unchecked;

 

  1. Now in the Custom Configuration, enter the following text:
remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
auth SHA512
cipher AES-256-CBC
log /tmp/vpn.log

Surfshark-Tomato-step3

 

  1. Click on Keys tab and open the .ovpn files that you earlier downloaded from this link. In the Static key, enter the text from <tls-auth> to </tls-auth> block. You must also include —- BEGIN OpenVPN Static key V1—–and —–END OpenVPN Static key V1—– lines as well. In the Certificate Authority, enter the text from <ca> to </ca> block. You must also  include —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines

Surfshark-Tomato-step4

 

  1. Press Save button to apply pages. To create a connection with Surfshark server, click on Start VPN Client 1, at the top right corner. Check Status tab to make sure you are connected to Surfshark successfully

You should now be connected to Surfshark via your router.

If you want to consolidate your security further, you can configure DNS addresses to prevent DNS leaks. To do this, click Basic Settings > Network. Now click on WAN Settings, change DNS Server to Manual and input these addresses:

10.8.8.1
10.8.8.2

Surfshark-Tomato-step5

 

And that’s all there is to it. You can enjoy Surfshark’s servers to access any website/service you want on any device with strong security and no possibility of DNS leaks.

 

Finishing Up

Surfshark is a complete package for users seeking privacy and internet freedom. Configuring it on a router only amplifies the existing capabilities of Surfshark for multiple devices at the same time.

All you need to do is just take out a few minutes, keep a cup of freshly brewed coffee handy, and go about changing the settings as showed above.

That’s literally all it takes to enjoy unlimited online freedom and privacy with Surfshark.