OpenVPN on a Router with AsusWRT-Merlin

This manual describes how to configure OpenVPN on a router running AsusWRT-Merlin firmware. For this tutorial we used an Asus RT-AC86U router but the steps work on any router running DD-WRT. You can find a list of compatible router models here.

Go to the download section in the member area of the Perfect Privacy website and click on the router icon on the top right.

Choose your configuration type, we recommend using

  • Type: Servers grouped
  • Protocol: UDP
  • Encryption: AES-256-CBC

Then click on Download and save the file on your PC.

Tip: Depending on the CPU performance of the router you may want to use the weaker encryption AES-128-CBC to improve bandwidth.

Log in to your router and under Advanced Settings -> WAN -> WAN DNS Setting enter at least two public DNS servers. You can use any public DNS servers such as Google’s DNS servers (, or any from the OpenNIC project.

Then click on Save and Apply Settings.

Note: If you want, you can also use Perfect Privacy DNS servers (you can find the IPs on the server page in the member area). Note that these DNS servers will only resolve * domains when VPN is not connected which means that Internet access will not work without the VPN being connected.

However, there will be no DNS leak when using external public nameservers, since all DNS requests will be sent anonymized over the VPN tunnel while a VPN connection is established.

Under IPv6 set the Connection type to Native.

Then click on Apply.

Navigate to Advanced Settings -> VPN and click on the VPN Client tab.

Next to Import .ovpn file click on Choose file and select one of the .ovpn files from the previously downloaded configuration. In this documentation we use Zurich.ovpn

Under Client control set Automatic start at boot time to Yes. (This will ensure that the OpenVPN connection will be established after restarting the router). Configure the rest of the settings as follows:

  • Accept DNS Configuration: Strict
  • Username: Your Perfect Privacy username
  • Password: Your Perfect Privacy password
  • Cipher Negotiation: Enable with Password
  • Compression: LZO Adaptive
  • Redirect Internet traffic: Policy Rules (strict). (On older Merlin firmware versions use Policy Rules).
  • Block routed clients if tunnel goes down: Yes (Kill-Switch)

Under Rules for routing client traffic through the tunnel enter the following:

  • Description: all
  • Source IP:
  • Iface: VPN

Then click on the + icon below Add/Delete.

Remove the line register-dns in the Custom Configuration field.

Click on Apply and at the top switch the Service State to ON.

OpenVPN should now be connected. But you should restart your router to make sure OpenVPN will work correctly after a reboot.

You can check that the VPN connection is working correctly by visiting our Check IP website.

If you have any questions, comments or other feedback regarding this howto, please use the corresponding thread in our community forums.
This website uses cookies to analyze the traffic and to control our advertising. By using this site, you agree to the use of cookies. More information can be found in our privacy policy.