VPN Router Setup

In many cases routers don’t reach their limits. Official firmwares often block functions, which could be provided by the manufacturer from the technical perspective, but they don’t want to. Here comes the professional firmware DD-WRT into play. It unlocks unused potential. With this firmware you could activate your internet connection only on selected days. Or you could set up a public hotspot. But the DD-WRT firmware also offers another benefit: You can set up your VPN client on your router! We recommend you a preconfigured SpyOFF DD-WRT router and therefore to visit FlashRouters.

Our service is compatible with all routers, which support DD-WRT or Tomato firmware. Please appreciate that configuring DD-WRT and Tomato is very complex for inexperienced users. Please consider the following points:

  • If you don’t have a compatible router or don’t wish to risk bricking it, SpyOFF has teamed with FlashRouters to provide you a variety of custom-built DD-WRT routers. These VPN routers are specially configured for SpyOFF. We also don’t receive any commission from sales but we recommend them because of their knowledge and experience to support DD-WRT with its constantly evolving firmware and associated bugs. Please see our VPN routers page for more information.
  • If you already have a router FlashRouters provides support plans with a remote installion of the correct firmware on your router. They also configure the router to connect to the SpyOFF VPN service. We also advise you to take this opportunity, because the flashing and configuration of a router is an extremely complex and technical process. There exists a risk of affecting the functions of your router due to misconfiguration.
  • We don’t provide support in getting DD-WRT firmware installed on your router. You install DD-WRT at your own risk. We don’t take responsibility if your router bricks or gets damaged during the installation..
  • Please ensure that you’re using the latest version of the DD-WRT firmware. There’re multiple bugs relating to older versions of OpenVPN and DNS.
  • Our DD-WRT OpenVPN scripts will not work with MICRO or MINI versions of DD-WRT. You must install the MEGA or BIG version of the DD-WRT firmware (Some customers have reported that versions of STD are working).

During the configuration of your router you’ll need a SpyOFF server address. This router setup guide shows you step by step how to install your VPN router.


1. Connect your FlashRouter to the internet

  • Connect your modem or your router with an Ethernet cable to your FlashRouter WAN / internet port.
  • Connect the power supply unit and start your FlashRouter.
  • Connect your FlashRouter with an Ethernet cable to your computer or laptop.

2. Open your router settings

  • Point your web browser to the administration page of your DD-WRT. By default it usually is – if you’re having trouble getting to this site, you may need to reset your router to factory default settings.
  • Type in your user name, (like f.e. flashrouter)
  • Type in your password, (like f.e. ddwrt)

3. Configure your DNS

  • Click “Setup”. Open the “Basic Setup” tab. (If you just received your FlashRouter, your settings should be already correct.)
  • Open “Static DNS” and type in the following combination of DNS servers:
    • Google DNS Server:,
    • OpenDNS Server:,
  • Move on to the next step, but don’t forget to press the “Apply Settings” button.

4. Configure your WiFi

  • Click the “Wireless” tab in the navigation area. Then open the “Basic Settings” tab. Take the settings from the following picture:
  • Open the “Wireless Security” tab. Choose “WPA2 Personal” for the secuirty mode as well as “AES” for the WPA Algorithms.

5. Change your FlashRouters administration password

  • Open the “Administration” tab after the “Management” tab.
  • Delete the preconfiguration and type in your username and your new password.
  • Press “Apply Settings” and move on to the next step.
  • Keep in mind that your username and password differ from your WiFi login data.

6. Establish a VPN connection

  • Click the “Services” tab from the navigation area and then click the sub-tab labeled “VPN”.
  • Enable the OpenVPN configuration options within the “VPN” tab by clicking the “Enable” radio button of “Start OpenVPN client”. Once this option has been ticked, more configuration options appear below.
  • Enter the following information by “OpenVPN client”:
  • Enter the following Informations in „OpenVPN Client“:
    – Server IP/Name: Enter a SpyOFF host you wish to connect to, f.e. fra-a01.spyoff.com
    – Port: 443
    – Tunnel Protocol: TCP
    – Tunnel Device: TUN
    – Encryption Cipher: AES-256-CBC
    – Hash Algorithm: SHA256
    – nsCertType Verification: leave unmarked
    – Advanced Options: set to “Enable”
  • Move on to the next step, but don’t forget to press the “Save” button.
  • Continue with the required advanced option configuration:
    – Advanced Options: set to “Enable”
    – Use LZO Compression: tick the radio button labeled “Enable”
    – NAT: tick the radio button labeled “Enable”
    – Local IP Address: leave this blank
    – TUN MTU Setting: 1500
    – MSS-Fix/Fragment across the tunnel: leave this blank
    – TLS Cipher: AES-256-SHA
    – TLS Auth-Key: leave this blank
    – Additional Config: persist-remote-ip
    keysize 256
    tls-remote [fra-a01.spyoff.com]
    auth-user-pass /tmp/auth.conf
    script-security 3 system

    Information: Instead of “fra-a01.spyoff.com” you can also enter the server of your choice!

  • CA Cert: Get the following file with our certificate and unzip this file. Then open the file “ca.spyoff.com” with a text-editor and copy the whole content. Paste it into the CA cert-field.
  • Now move on to the next step, but don’t forget to press the “Save” button!
  • Locate the “Administration” tab from the navigation bar, and click to continue.
  • In the “Adminstration” area of the control panel, locate the “Commands” sub-tab, and click to continue. Enter the following lines into the “Commands” text area:
    touch /tmp/auth.conf
    echo „[Ihr Benutzername@spyoff]“ > /tmp/auth.conf
    echo „[Ihr Passwort]“ >> /tmp/auth.conf
  • After you’ve entered your credentials into this field as shown, please click the “Save Startup” button to continue.
  • Click the “Management” sub-tab, still under the “Administration” category, and move to the next step.
  • Lastly, reboot your router by scrolling to the bottom of the page, and clicking the “Reboot Router” button. After your router comes back up, test the OpenVPN tunnel by heading to a site like http://www.whatismyip.com/ after about 5 minutes. If your IP hasn’t yet changed, please reboot your router again, and wait another 5 minutes. If you are still not seeing a change, feel free to contact our support team for further assistance.
  • Klicken Sie in der Sidebar auf „VPN Tunneling“ und „OpenVPN Client“.
  • Tragen Sie folgende Einstellungen ein:
    Hinweis: Tragen Sie bei „Server Address“ den Server Ihrer Wahl ein. Beim „Port“ können Sie auch 1194 verwenden.
Start with WAN: Setzen Sie ein Häckchen
Interface Type: TUN
Protocol : TCP
Server Address/Port: fra-a01.spyoff.com / 443
Firewall: Automatic
Authorization Mode: TLS
Username/Password Authentification: Setzen Sie ein Häckchen
Username: Tragen Sie Ihren Benutzernamen ein
Password: Tragen Sie Ihr Passwort ein
Username Authen. Only: Setzen Sie ein Häckchen
Extra HMAC authorization (tls-auth): Disabled
Create NAT on tunnel: Setzen Sie ein Häckchen
  • Klicken Sie auf „Save“ und speichern Sie Ihre Einstellungen.
  • Öffnen Sie den Tab „Advanced“.
  • Nehmen Sie folgende Änderungen vor:
    Hinweis: Tragen Sie unter „Common Name“ die Server-Adresse Ihrer Wahl ein.
Redirect Internet traffic: Setzen Sie ein Häckchen
Accept DNS Configuration: Strict
Encryption cipher: AES-256-CBC
Compression: Adaptive
TLS Renegotiation Time: -1
Connection Retry: 30
Verify server certificate: Setzen Sie ein Häckchen
Common Name: fra-a01.spyoff.com
Custom Configuration: resolv-retry infinite
persist-remote-ip comp-lzo verb 3 auth SHA256 keysize 256 tls-cipher DHE-RSA-AES256-SHA
  • Klicken Sie auf „Save“ um die Einstellungen zu speichern.
  • Klicken Sie auf „Save“ um die Einstellungen zu speichern.
  • Klicken Sie im Tab „Keys“ auf den Button „Start Now“. Warten Sie bis der OpenVPN Service startet.
  • Gehen Sie sicher, dass Ihr Router mit OpenVPN startet. Klicken Sie in der Sidebar auf „Reboot“ und bestätigen Sie mit „OK“.
  • Warten Sie während Ihr Router neustartet.
  • Es kann sein, dass Sie auf „Continue“ klicken müssen, um den Startvorgang fortsetzen zu können.
  • Überprüfen Sie nun, ob Ihr Router mit OpenVPN funktioniert. Öffnen Sie über die Sidebar „VPN Tunneling“ und „OpenVPN Client“. Klicken Sie auf den Tab „Status“. Achten Sie nun auf die übertragenen Bytes. Diese Zahl sollte kontinuierlich ansteigen.