This tutorial will walk you through configuring a router using DD-WRT firmware version 3.0-r40559.
If you want a router based configuration but do not want to set it up yourself, FlashRouters offers plug and play DD-WRT Routers preconfigured Private Internet Access Routers for this setup.
Before starting, be sure you have downloaded the configuration file you would like to use for your connection. For this guide specifically, we have used the California file from the collection labeled Default, be sure to decompress the file so you can access the contents.
Also, decide what DNS servers fit your needs, there are four options:
- 10.0.0.241 — this can provide access to all three of the following
- 10.0.0.242 — DNS only
- 10.0.0.243 — forwards streaming domains to the parent proxy for potential access to some streaming services
- 10.0.0.244 — MACE
These cannot be specified in a DD-WRT setup; to effectively prevent DNS leaks with this configuration you will need to specify the PIA DNS in the network connection of devices connected to this router.
Step 1. Setup - Basic Setup : assure you are using the appropriate time settings for your location, this is done to prevent types of connectivity problems.
1. Specify a base DNS servers that are not the PIA DNS servers, for use before and outside the VPN connection. Those will need to be selected at your own discretion. We have used 1.1.1.1 (Cloudflare) as a primary.
2. The second DNS we used is 8.8.8.8 (Google).
3. Assure NTP Client is Enabled.
4. Set Time Zone to your real local time.
5. At the bottom of the page, click Apply Settings.
Step 2. Setup - IPv6 : to prevent leaks over the the IPv6 protol, turn it off in the Setup > IPv6 tab, highlighted in red in the image below.
1. Set the radio button for IPv6 to Disable
2. Click Apply Settings.
Step 3. Services - VPN : turn on the VPN Client so that you will be provided with the fields to input of the VPN configuration specifics.
1. Under the OpenVPN Client header, click Enable for the Start OpenVPN Client option.
2. Click Apply Settings.
Step 4. Services - VPN : input the specific VPN configuration details.
1. Input the Server IP/Name — you can locate this on the remote line of OpenVPN configuration files we provide. (This guide has used us-west.privateinternetaccess.com.)
2. Input the Port number, specific to the dependencies table below.
| AUTH | CIPHER | CERTIFICATE | UDP PORT | TCP PORT |
|---|---|---|---|---|
| SHA1 | AES-128-CBC/GCM | ca.rsa.2048.crt | 1198 | 502 |
| SHA256 | AES-256-CBC/GCM | ca.rsa.4096.crt | 1197 | 501 |
3. For Tunnel Device PIA VPN connections use a TUN interface.
4. Tunnel Protocol will be set to UDP in this guide. In most cases UDP provides better speeds than TCP. If TCP is used, be sure to use the port shown in the dependencies table.
5. Encryption Cipher is also specific to your preferences from the dependencies table.
6. Hash Algorithm is another setting specific to your preferences from the dependencies table.
7. User Pass Authentication must be set to Enable.
8. In the Username field, input your PIA username — that is always in the format of p1234567 and cannot be replaced with any other information.
9. The Password field requires the input of the password for your PIA account, which is assigned to you, but you have the ability to customize in the client control panel.
10. Set Advanced Options to Enable, this will reveal additional fields that require input.
11. From the drop-down menu, set TLS Cipher to None.
12. In the drop-down menu, set LZO Compression to Yes.
13. The Additional Config section will require multiple specific lines of text; copy and paste the following into this field:
persist-key persist-tun tls-client remote-cert-tls server pull-filter ignore "auth-token" copy
14. The CA Cert will need to be downloaded from the dependencies table, specific to the encryption you are using. Links for each of the three certificates can be found in the dependencies table at the beginning of the guide. Open the certificate in a text editor and copy the contents into the CA Cert field. (Note : The contents of this must include the begin and end certificate lines as well, be sure to copy the whole thing.)
15. At the bottom of the page, click Apply Settings to save what you have done and set-up the connection.
Your router is now set up to establish a PIA VPN connection. You can confirm the status of your connection in the Status > OpenVPN tab, shown highlighted in red.
If the connection does not start after specifying and applying the settings, power down you router, wait 10 seconds, and turn it back on — that should initiate the VPN connection as the router reboots.