Install VyprVPN on your DD-WRT router to encrypt all of your internet traffic

Summary

This article explains how to install OpenVPN (specifically VyprVPN[*]) on your DD-WRT router so that all traffic passes through their servers.

Recently I wrote an article explaining why you might want to use a personal VPN and I also wrote another article explaining how to install DD-WRT custom firmware on your router and then how to create a discrete guest WiFi network.

When I first tried to install VyprVPN on my router I found some instructions online, but I couldn't get them to work reliably. The modified instructions I present below are working for me.

Background

Recently I wrote an article advocating the use of a personal VPN in which I concluded that VyprVPN[*] from Golden Frog offered a good combination of the three most important factors to me (speed, privacy/discretion and unlimited bandwidth) and it is still my current favourite and the only one I use.

Depending on which version of VyprVPN you end up buying (I'd recommend starting with the Pro version on a free trial and taking it from there), you are allowed either one, two or three simultaneous connections. If you live in a house with lots of connected devices, you might think that seems a bit restrictive, especially when they offer a genuinely unlimited service in terms of speed, bandwidth and server switching. Luckily there is a solution.

You are allowed to install VyprVPN on your router and thus absolutely all of your internet traffic will be encrypted.

Think about that for a moment; you could have lots of computers, mobile phones, tablets, smart devices, etc all using various wired and wireless internet access and all passing through a single VPN connection, meaning you are free to install VyprVPN on one or two other devices as well, depending on your subscription level (e.g. perhaps your mobile phone for use when you are away from home and are using your carrier's network).

NOTE: At the moment it is not possible to use VyprDNS (zero logging DNS) when manually configuring your router to use your VyprVPN account. In practice this means that you should probably use the desktop application if you are doing anything where total privacy and anonymity is paramount. In most cases I don't think this is necessary, but check out the link and make up your own mind. If you're wondering about simultaneous use of the desktop application and router-level encryption, keep reading. Spoiler alert: it works fine.

Setting up OpenVPN on your router

This tutorial assumes you are using a router with a custom DD-WRT firmware installed on it. I have previously written instructions on how to do this.

First, login to your router using your web browser and go to Setup -> Basic Setup and change your DNS servers (in the Network Setup section) to use OpenDNS. They are against censorship and that's something we should care about.

Static DNS 1: 208.67.222.222

Static DNS 2: 208.67.220.220

Click Save.

When you've done that, you will see a nice tick at https://www.opendns.com/welcome/ like this:

Welcome to OpenDNS

Next go to Services -> VPN and Enable OpenVPN Client.

Configure it like this:

Server IP/name: Choose one of the servers in this list

Port: 1194

Tunnel Device: TUN

Tunnel Protocol: UDP

Encryption Cipher: Blowfish CBC

Hash Algorithm: SHA1

User Pass Authentication: Enable

Username: Your VyprVPN username

Password: Your VyprVPN password

Advanced options: Enable

TLS Cypher: None

LZO Compression: Yes

NAT: Enable

Firewall Protection: Enable

Note that each time you want to change the geographical location for all traffic you will need to alter the server chosen above.

Grab the certificate from here. It's a text file, so copy and paste the contents into the CA Cert textbox.

Additional Config - paste this into the textbox:

resolv-retry infinite
keepalive 10 60
nobind
persist-key
persist-tun
persist-remote-ip
verb 3

So the full Services -> VPN -> OpenVPN Client section should look a bit like this:

OpenVPN Router Config

Now click Apply Settings and you're done. You can check the status of the OpenVPN connection by going to Status -> OpenVPN where you will hopefully see something like this:

OpenVPN status in Router

You can also check if you are connected to VyprVPN at https://www.goldenfrog.com/whatismyipaddress

Speedtest results

NOTE: For some reason my broadband isn't very fast this evening and I'm only getting around 20Mb/s with a direct connection through BT Infinity. Speedtest UK BT Infinity

When using VyprVPN on the router I managed around 15Mb/s (note the ISP is now showing as YHC International BV). That's pretty impressive.

Speedtest UK OpenVPN on Router

Okay, if you're anything like me, you're probably wondering this:

Is it possible to use VyprVPN on the router and run the app on your machine at the same time? Wouldn't this massively increase your security, since you'd now be doing two hops and using VyprDNS zero-logging DNS server for one of them?

I guess this might be the equivalent of wearing at least two tinfoil hats at once, but regardless of what you think about that sort of thing, the answer is a resounding yes. What's more, it's still almost as fast. The ping is a fair bit slower as you might imagine (although still fast enough for online gaming), but the download speed is largely unaffected. In fact it actually increased in speed when I tried it just now, but the logical conclusion from that must be that tunnelling through two VPN connections didn't slow it down much more, if at all. Take a look at the results (nearly 15% faster).

Speedtest UK OpenVPN on Router and on desktop

Conclusion

If you want to encrypt absolutely all of your internet traffic in your home or office then the cheapest and most reliable way is to connect your router directly to a personal VPN.

If you're thinking of doing this, my advice would be to use VyprVPN[*] with OpenDNS on the router. You can't take advantage of VyprDNS (their zero logging DNS) unless you're also using their desktop application (which uses VyprDNS by default), but you can use the VyprVPN desktop application at the same time if you want extra security or wish to switch your apparent location to a different country temporarily, for a single device. For a longer-term change of location, or to affect all connected devices, select a different server in the router configuration.

When you are using both the desktop application and the router-level connection you will be tunnelling through two VPN connections simultaneously. Fortunately this doesn't seem to slow things down much and the speeds I've been seeing are still fast enough for everything I want to do, including streaming video.