Go to the download section in the member area of the Perfect Privacy website and click on the router icon on the top right.
Choose your configuration type, we recommend using
- Type: Servers grouped
- Protocol: UDP
- Encryption: AES-256-CBC
Then click on Download and save the file mobile_udp.zip on your PC.
Tip: Depending on the CPU performance of the router you may want to use the weaker encryption AES-128-CBC to improve bandwidth.
Log in to your router and under Advanced Settings -> WAN -> WAN DNS Setting enter at least two public DNS servers. You can use any public DNS servers such as Google’s DNS servers (126.96.36.199, 188.8.131.52.) or any from the OpenNIC project.
Then click on Save and Apply Settings.
Note: If you want, you can also use Perfect Privacy DNS servers (you can find the IPs on the server page in the member area). Note that these DNS servers will only resolve *.perfect-privacy.com domains when VPN is not connected which means that Internet access will not work without the VPN being connected.
However, there will be no DNS leak when using external public nameservers, since all DNS requests will be sent anonymized over the VPN tunnel while a VPN connection is established.
Navigate to Advanced Settings -> VPN and click on the VPN Client tab.
Next to Import .ovpn file click on Choose file and select one of the .ovpn files from the previously downloaded configuration. In this documentation we use Zurich.ovpn
Under Client control set Automatic start at boot time to Yes. (This will ensure that the OpenVPN connection will be established after restarting the router). Configure the rest of the settings as follows:
- Accept DNS Configuration: Strict
- Username: Your Perfect Privacy username
- Password: Your Perfect Privacy password
- Cipher Negotiation: Enable with Password
- Compression: LZO Adaptive
- Redirect Internet traffic: Policy Rules (strict). (On older Merlin firmware versions use Policy Rules).
- Block routed clients if tunnel goes down: Yes (Kill-Switch)
Under Rules for routing client traffic through the tunnel enter the following:
- Description: all
- Source IP: 192.168.1.0./24
- Iface: VPN
Then click on the + icon below Add/Delete.
Remove the line register-dns in the Custom Configuration field.
Click on Apply and at the top switch the Service State to ON.