Setting up an Asus Router running Merlin Firmware

Whilst we cannot officially support Merlin firmware, we've opted to write a setup guide for Merlin as the OpenVPN functionality is based off Tomato firmware. Currently we officially support DD-WRT, Tomato & pFsense.

We will endeavour to ensure that this article is accurate and up to date to the best of our ability.


To Setup Private Internet Access on Merlin firmware.

1. Login to the Asus Router control panel via a web interface.

2. On the left side menu, select the option 'VPN'

3. This will take you to the 'VPN Status' page. Select 'OpenVPN Clients' from the tabs at the top.

4. In this tab, you will be able to configure your OpenVPN clients in order to connect to the internet via your PrivateInternetAccess service.

5. Configure your client as follows:

  • Start with WAN: Yes.
                                  This will start your VPN when you connect to your ISP. If this is set to no, you will need to manually start                                  your VPN service at the router level when your router restarts.
  • Interface Type: TUN
  • Protocol: UDP
  • Firewall: Automatic
  • Authorization Mode: TLS
  • Server Address: Select your address from our server list found here.
                                  In this example we used '' (New York, USA)
  • Port: 1198
  • Username/Password Authentication: Yes
  • Username: Enter your PIA username (for example P1234567)
  • Password: Enter your PIA password (for example 12345678)
  • Username / Password Auth. Only: No
  • Extra HMAC Authorization: Disabled
  • Auth Digest: Default
  • Create NAT on Tunnel: Yes

6. Click the option next to 'Authorization Mode: TLS' that says 'Content modification of Keys & Certificates.'

7. Download the Certificate Authority from

8. Open the file with a text editor and then copy and paste the contents of ca.rsa.2048.crt into the Certificate Authority.

9. Scroll down to the bottom and click 'Save'

10. Under Advanced Options, configure your client as follow:

  • Global Log Verbosity: 1
  • Poll Interval: 0
  • Accept DNS Configuration: Strict
  • Encryption Cipher: AES-128-CBC
  • Compression: Adaptive
  • TLS Renegotiation Time: -1
  • Connection Retry: 30
  • Verify Server Certificate: No
  • Redirect Internet Traffic: No

11. Under Custom Configuration, enter the following:


12. Click 'Save'.

13. You will now be able to set the 'Service State: On' (located at the top of the options). Service State on will only stay green and On when your service is correctly configured.

14. To see the status of your VPN service, you may check the 'VPN Status' tab located at the top which will actively poll your connection to give you the latest statistics on your connection.

If the VPN Status page constantly says 'Connecting (server address & port)' it indicates potential issues with the connection settings or Certificate Authority. Please refer to steps 5 and 6 and verify that all settings are correct.

Have more questions? Submit a request