How To Install

How to Install a VPN on Your Router

Simon Migliano
Simon MiglianoUpdated

It can be tricky to set up a VPN at router level, but our step-by-step instructions will help make the process smoother. Once it’s set up, all devices in your home will be secured.

Illustration of a man plugging a VPN into a router.

Installing a VPN on your router makes it really easy to secure and protect your online activity on multiple devices.

It also saves you from having to create a VPN connection on every connected device individually, and also encrypts traffic on devices that you can’t install a VPN on directly, like games consoles and smart TVs.

But not all routers support VPN connections and not all VPNs support router installation.

Double check the manual to see if your router supports VPN client software. If it does, you should make sure that the VPN service you want to use allows for router setup before you buy a subscription – it’ll usually be prominently displayed on the ‘devices’ section of the provider’s website.

We’ll go through three different ways to install and use a VPN on your home router.

Before we go into the details, here are the things you’ll need in order to set up a VPN on your router:

What You’ll Need

  1. A verified VPN account. If you haven’t chosen one yet, why not check out our latest recommendations. Make sure that the VPN service supports router installation, specifically for your router model.
  2. A router that supports VPN client software – preferably OpenVPN.
  3. A backup of your current router configuration — just in case.

Every router model and type is different, and it isn’t possible for us to give you a guide for every model here.

Likewise, every VPN provider has a slightly different set-up process.

But if you use this guide in conjunction with your user manual and your VPN service provider’s advice, you should be able to navigate the process without a hitch.

Remember: you’ll need to log onto your router to follow this guide. The username and password may be printed on the rear of the router, or on a card that came with it.

Why Should You Install a VPN on Your Router?

There’s no denying it – there are far easier ways to protect yourself with a VPN. But, at the same time, installing a VPN on your router has some unique benefits. Benefits such as:

1Protect multiple devices under the same license.

2Protect devices that the VPN service doesn’t provide custom apps for.

3Continual VPN protection.

We’ll talk about the pros and cons of router installation after all of the setup instructions.

How to Choose a VPN Service for Routers

Illustration of a VPN router with different VPN providers.

Before you can even start the installation process you need to have a VPN subscription with a service that allows for router installation.

So, what’s the best VPN service for routers?

The best VPN for installation at router-level is ExpressVPN, which comes with a router app for ease of use and is fast, reliable, and, above all, safe to use.

You can install ExpressVPN on loads of router types including Asus, Linksys, Netgear, and Nighthawk, and you can find simple setup guides for each model on ExpressVPN’s website.

ExpressVPN also provides pre-flashed VPN routers for those who don’t already own a compatible model.

You can read our full review of ExpressVPN here.

If ExpressVPN isn’t for you (and that’s fine – it is quite pricey) there are still plenty of options.

We will be using the OpenVPN protocol in the following setup instructions as this protocol provides the best balance between security and performance.

Some VPNs give instructions for router setup with other protocols, but beware that not all of these are as secure as OpenVPN.

In fact, there’s one VPN protocol that we absolutely do not recommend and that’s PPTP.

PPTP is extremely insecure and can be hacked in minutes.

Here are some other top VPN services that support OpenVPN for routers:

  • NordVPN
  • IPVanish
  • CyberGhost
  • PrivateVPN
  • Private Internet Access

How to Choose a Router Compatible with VPNs

Illustration showing the different types of VPN Router.

Not all routers can run VPN client software.

If you have a modem and router combo device that came with your internet package, it most likely won’t work with VPN software and you’ll need to buy a separate router.

So, which routers do work with VPNs and which one is the best?

There are loads of different router models that support VPN client software, and the best router for VPNs is simply the one that best suits your needs.

VPN-supported routers vary in price – they start at around $150 and can go up to $500, so a lot depends on your budget.

Different router models also cater for different users; some are geared towards gamers, while others are for more casual users who just want to protect their router traffic with a VPN.

Some router brands that provide routers that support VPN client software are:

  • ASUS
  • Linksys
  • Netgear
  • Synology

You should also consider which VPN protocols the router supports and whether it can be flashed with new firmware.

As we’ve mentioned before, OpenVPN is the best VPN protocol to use on your router.

While it’s generally much easier to use PPTP and L2TP/IPSec as many routers natively support those two VPN protocols, they pose security risks.

PPTP can be hacked in minutes and L2TP/IPSec is not safe to use when used with a pre-shared key.

Sound confusing? That’s ok – it’s simple once you learn how to navigate the jargon. We’ve written a simple explainer to VPN protocols and their levels of security in our guide to VPN encryption.

Three Installation Methods:

1Manual installation

2VPN router apps

3Pre-flashed routers

Method 1: Manually Installing a VPN on Your Router

We’ll start by explaining how to manually configure your current router, as you don’t necessarily need to buy new router hardware to do it.

If you’re looking for a ready-made VPN router you can skip to Method 3.

If you have an ASUS router then you may be in luck.

Some ASUS routers support the OpenVPN protocol natively through ASUSWRT firmware, so there’s no need to flash your router with new firmware – something that has a lot of potential to go wrong.

Here’s how to set up a VPN on your ASUSWRT router:

We’ll be using IPVanish with an ASUS RT-AC68U router.

  1. Log into your online VPN account and locate the OpenVPN configuration files. Choose your preferred server location (you can only configure one at a time). Download the file.
    Screenshot of IPVanish OpenVPN config files download page
  2. Log into your router admin dashboard with the username and password. The default is generally admin and admin but for security reasons you should change this as soon as possible.
  3. Click VPN on the left-hand side of the control panel, under Advanced Settings.
    Screenshot of ASUSWRT router dashboard
  4. Click on the VPN Client tab. The panel includes basic VPN client installation instructions.
  5. Click on Add Profile at the bottom of the control panel.
    Screenshot of ASUSWRT router VPN profile section
  6. Select the OpenVPN tab and fill in the following fields:
    Description: create any name for your connection – we recommend the VPN provider’s name plus the VPN server name.
    Username: type in your VPN subscription username.
    Password: type in your VPN subscription password.
    Auto reconnection: yes. This will make sure that the VPN automatically connects when you start the router.
    Import .ovpn file: Click Choose File, select the OpenVPN configuration file that you downloaded from your VPN account earlier and click Open.
    Import the CA file or edit the .ovpn file manually: don’t check this box.
    Screenshot of ASUSWRT router VPN login
  7. Once you’ve filled in the fields, click Upload and then OK.
  8. Click Activate on your new VPN server entry.
    Screenshot of ASUSWRT router VPN connect button
  9. When the VPN has successfully connected a blue tick will appear to the left of your VPN server entry.
    Screenshot of ASUSWRT router VPN connected
  10. Be sure to run a leak test to check that the VPN isn’t leaking IP, DNS, or WebRTC leaks. You can check out our separate guide to find out how to check for leaks and how to fix them.
  11. When you want to disconnect from the VPN click Deactivate next to the VPN server name.

If you don’t have an ASUSWRT router it’s likely that you’ll have to flash your current router with new firmware that supports OpenVPN VPN client software. The three main firmwares are:

  • DD-WRT
  • Tomato
  • OpenWRT

Important: You must do your research before you attempt to flash your router with new firmware as doing so on a device that doesn’t support the firmware could ‘brick’ your router, leaving it useless.

Here’s how to flash your existing router:

(These are very general instructions – you should read your router’s user manual for specific instructions, as it may require more complicated steps than those outlined below.)

  1. Ensure that your router is plugged in and connected to the internet.
  2. Download the firmware file and save it to your computer.
  3. Log into your router admin dashboard on your computer.
  4. Go to Administration > Router Update.
  5. Upload the firmware file you downloaded earlier.
  6. Restart the router.
  7. Create a password for your new router admin login.

Once you’ve flashed your router it’s time to configure your VPN client.

It will be broadly a similar process as we outlined for ASUSWRT, but you should follow the instructions supplied by your VPN provider to understand how to configure the VPN with your chosen firmware.

Here are IPVanish’s instructions for setting up the VPN on a DD-WRT router, for example.

You can also get in touch with your VPN provider’s customer support through email or live chat.

Method 2: Using a VPN Router App

The easiest way to install a VPN onto your router is to use a router app or applet.

Native router apps make switching servers and changing router settings much easier than manual configuration.

When you manually configure a router you need to install each server location one-by-one. With a native app you have access to all server locations from the get-go.

Unfortunately, there aren’t many router apps available at the moment, but there are two that stand out.

ExpressVPN’s router applet, and the FlashRouters Privacy App (we’ll talk more about that in Method 3).

You can only use ExpressVPN’s app with an ExpressVPN subscription.

Screenshot of ExpressVPN router applet

As you can see from the screenshot, ExpressVPN’s router applet is user-friendly and much more intuitive than standard router dashboards.

The app comes with a VPN kill switch and a type of split tunneling (called ‘Per device’), which allows you to exclude certain devices from the VPN.

ExpressVPN Router Applet Installation Process:

We’ll be using a Netgear Nighthawk R7000 for the following setup instructions:

  1. Make sure that your router is set up and connected to the internet.
  2. On your computer, log into your ExpressVPN account and click on Set Up on More Devices. Find Router on the list of devices.
    Screenshot of ExpressVPN various devices setup page
  3. Select the router model you are using from the drop-down menu labeled Select Router.
    Screenshot of ExpressVPN for routers page
  4. Click the red Download Firmware button.
  5. Log into your router’s admin dashboard.
  6. Click Administration, then Router Update, and upload the ExpressVPN firmware you downloaded in step two.
    Screenshot of router update screen
  7. Reboot your router and visit expressvpnrouter.com. Click Get Started.
    Screenshot of ExpressVPN router applet startup screen
  8. Log in with your router’s username and password. For security reasons you should change your credentials from the default ones as soon as possible.
    Screenshot of ExpressVPN router log in screen
  9. Find your ExpressVPN activation code from within your online account and paste it into the router’s admin panel.
    Screenshot of ExpressVPN router activation code screen
  10. If you don’t want to share crash reports and anonymous analytics with ExpressVPN click No Thanks.
    Screenshot of ExpressVPN share crash reports screen on router
  11. Create a WiFi username and password for your new network and click Continue.
    Screenshot of ExpressVPN router applet set up WIFi password
  12. Set a router admin password and click Continue.
    Screenshot of ExpressVPN router applet router admin password
  13. Now that the installation process is complete you can take a look at the ExpressVPN router applet and all of its settings. You can enable the Network Lock (VPN kill switch) and exclude certain devices from the VPN using the Per device feature.
    Once you’re happy with the settings, select a server location from the list and click Connect.

Now all the devices connected to your router will benefit from VPN protection.

ExpressVPN provides a range of guides for setting up its router applet on different router models should yours be different to the one we’ve selected for this guide.

Method 3: Buy a Pre-Flashed Router

The easiest way to use a VPN on your router is to buy a pre-flashed router.

They’re not cheap, though.

Pre-flashed routers start at around $130 and high-end models can cost upwards of $500. That doesn’t include the price of the VPN subscription, which can be around $100 a year.

Screenshot from FlashRouters' website with router prices

The most popular provider of pre-configured routers is FlashRouters.

Loads of VPN providers offer pre-configured VPN routers through FlashRouters, but here are some popular examples:

  • ExpressVPN
  • CyberGhost
  • IPVanish
  • NordVPN
  • Private Internet Access
  • ProtonVPN
  • Windscribe

Some of them support the FlashRouters Privacy App, while others rely on the default router firmware (DD-WRT, OpenWRT, or Tomato).

If you would like to buy a pre-flashed router it’s worth testing the VPN out on your desktop computer and mobile devices first to see if you are happy with the software in general before you commit to buying a router.

Most VPN services come with money-back guarantees, so if it’s not working out for you you can get a refund. Just make sure the guarantees are ‘no questions asked’.

Once you’ve purchased your pre-flashed router it will arrive configured and ready to protect your internet data.

You can read more about pre-flashed routers in our dedicated guide.

What Is the FlashRouters Privacy App?

Much like the ExpressVPN applet, the FlashRouters Privacy App provides a more user-friendly way of using a VPN on your router.

The FlashRouter Privacy App comes with a VPN kill switch, and you can choose to exclude certain devices from the VPN.

You can’t use the FlashRouters Privacy App with all VPN services, though, so here are the current VPNs that support the app:

  • ExpressVPN
  • HideMyAss!
  • IPVanish
  • NordVPN
  • PureVPN
  • Private Internet Access
  • ProtonVPN
  • SaferVPN
  • Windscribe

Be sure to check out this list for up-to-date information from FlashRouters about the VPN services it supports.

If you’ve purchased a pre-flashed router through FlashRouters, the device will arrive set-up and ready to use.

Screenshot from FlashRouters' website

Once you’ve connected the router to the internet, just visit flashroutersapp.com on a device connected to the router’s network and enter the login details for your VPN subscription.

Screenshot of FlashRouters Privacy App

From there you’ll be able to choose a VPN server and connect.

If you already have a supported DD-WRT router at home and you want to use the Privacy App, you’ll have to purchase the FlashRouters Basic Support Plan.

It costs $50 and the team will remotely flash and configure your router.

Need More Help?

There’s a huge variation in the way routers handle VPN installations, and your first port of call should be your router user manual, or your VPN service provider’s help pages.

If you can’t find the most basic connection details for VPNs in your router’s admin area, it’s possible that your router doesn’t support VPNs at all.

Your VPN service provider should be able to recommend a list of compatible routers, and the customer support team should be able to troubleshoot any VPN connection issues you’re experiencing with your router.

Why Should You Install a VPN on Your Router: Pros and Cons

Installing a VPN on your router can be a great way to protect all the internet-connected devices in your home, but there are some drawbacks.

So, when should you and shouldn’t you use a VPN on your router?

Here are the pros and cons.

Pros:

1Always-on VPN

As long as you keep your router switched on, the VPN connection will always be in place to encrypt your home’s internet traffic.

That means that you don’t have to wait for your computer to boot up fully before you benefit from VPN protection.

2Protects all types of internet-enabled devices

You can’t install a VPN directly onto some devices, such as games consoles and smart TVs.

But with a router you can cover all your gadgets that don’t support VPN client software directly.

3Beats ‘simultaneous connections’ limits

Most VPN services restrict the number of devices that are running the VPN at any given time (i.e. simultaneous connections).

By installing the VPN at router level you can cover lots of devices and it only counts as one connection.

Cons:

1Tricky setup and lacks flexibility

As you can probably tell from reading this guide, installing a VPN on your home router can be difficult and time consuming.

It’s definitely not for beginners.

Even after you’ve completely set up your router with the VPN client software, it’s not as easy to change the settings as when the VPN software is installed at device-level.

While this should be fine for users who just want to protect their privacy, it’s not as convenient for those who want to use a VPN for content unblocking and streaming.

It’s super easy to switch server locations and settings to accommodate streaming within custom VPN apps for devices like computers and smartphones, but it’s not so simple on routers.

If you’re looking to stream content it might be easier to install the VPN software directly onto your preferred device.

However, some devices like Apple TV don’t currently have VPN apps, so installing the VPN at router-level will be your only option.

2It can be expensive

If you want to use the best and safest VPN protocols and encryption like OpenVPN with AES-256 you’ll probably need to buy new router hardware, which can cost hundreds of dollars.

And that doesn’t include the price of the VPN subscription itself, which can cost more than $100 a year.

3Not all VPN services support router connections

There are some VPN services that aren’t compatible with routers, such as Hotspot Shield and TunnelBear.

Always check if a VPN service supports router connections before you purchase a subscription.

Even if the provider does support router connections it might only support unsafe VPN protocols on router such as PPTP.

4Internet traffic between your devices and the router is not secured

Another downside of using a VPN at router-level is that traffic between devices and the router is not encrypted.

While this isn’t so much of an issue if you trust everyone connected to your home network (and don’t mind them seeing your online activities), it does pose a security risk should a random stranger gain access to your network.

A VPN router encrypts the traffic of every device on your WiFi network.

You should, however, avoid using a VPN on both your device and the router at the same time to avoid slowdowns and instability.

One workaround would be to set up a separate router for devices that don’t come with custom apps like your Xbox or Apple TV. That way you can still use custom VPN apps on your computers and smartphones.

ExpressVPN’s router applet and the FlashRouters Privacy app – which is available for many DD-WRT routers – allows you to exclude certain devices from the VPN tunnel.

Router VPN Client vs. Router VPN Server

It’s important to know the distinction between using your router as a VPN client and using it as a VPN server.

This guide deals with the first instance. When you set up your router as a client it routes all of your internet traffic through the VPN encrypted tunnel to the VPN servers on the other end.

On the other hand, setting up your router as a VPN server allows you to securely connect to your home network while you’re out and about, a bit like a business VPN you might be familiar with in a work environment.

Internet traffic is encrypted and sent through the VPN tunnel from your device and to the router VPN server in your home.

You can read about how to set up your router as a VPN server in our separate guide.

About the Author


  • Simon Migliano Head of Research at Top10VPN

    Simon Migliano

    Simon leads our investigations into VPN safety and internet freedom research. His work has been featured on the BBC, CNet, Wired and The Financial Times. Read full bio