VPN Router Setup

In many cases routers don’t reach their limits. Official firmwares often block functions, which could be provided by the manufacturer from the technical perspective, but they don’t want to. Here comes the professional firmware DD-WRT into play. It unlocks unused potential. With this firmware you could activate your internet connection only on selected days. Or you could set up a public hotspot. But the DD-WRT firmware also offers another benefit: You can set up your VPN client on your router! We recommend you a preconfigured SpyOFF DD-WRT router and therefore to visit FlashRouters.

Our service is compatible with all routers, which support DD-WRT or Tomato firmware. Please appreciate that configuring DD-WRT and Tomato is very complex for inexperienced users. Please consider the following points:

  • If you don’t have a compatible router or don’t wish to risk bricking it, SpyOFF has teamed with FlashRouters to provide you a variety of custom-built DD-WRT routers. These VPN routers are specially configured for SpyOFF. We also don’t receive any commission from sales but we recommend them because of their knowledge and experience to support DD-WRT with its constantly evolving firmware and associated bugs. Please see our VPN routers page for more information.
  • If you already have a router FlashRouters provides support plans with a remote installion of the correct firmware on your router. They also configure the router to connect to the SpyOFF VPN service. We also advise you to take this opportunity, because the flashing and configuration of a router is an extremely complex and technical process. There exists a risk of affecting the functions of your router due to misconfiguration.
  • We don’t provide support in getting DD-WRT firmware installed on your router. You install DD-WRT at your own risk. We don’t take responsibility if your router bricks or gets damaged during the installation..
  • Please ensure that you’re using the latest version of the DD-WRT firmware. There’re multiple bugs relating to older versions of OpenVPN and DNS.
  • Our DD-WRT OpenVPN scripts will not work with MICRO or MINI versions of DD-WRT. You must install the MEGA or BIG version of the DD-WRT firmware (Some customers have reported that versions of STD are working).

During the configuration of your router you’ll need a SpyOFF server address. This router setup guide shows you step by step how to install your VPN router.


1. Connect your FlashRouter to the internet

  • Connect your modem or your router with an Ethernet cable to your FlashRouter WAN / internet port.
  • Connect the power supply unit and start your FlashRouter.
  • Connect your FlashRouter with an Ethernet cable to your computer or laptop.

2. Open your router settings

  • Point your web browser to the administration page of your DD-WRT. By default it usually is – if you’re having trouble getting to this site, you may need to reset your router to factory default settings.
  • Type in your user name, (like f.e. flashrouter)
  • Type in your password, (like f.e. ddwrt)

3. Configure your DNS

  • Click “Setup”. Open the “Basic Setup” tab. (If you just received your FlashRouter, your settings should be already correct.)
  • Open “Static DNS” and type in the following combination of DNS servers:
    • Google DNS Server:,
    • OpenDNS Server:,
  • Move on to the next step, but don’t forget to press the “Apply Settings” button.

4. Configure your WiFi

  • Click the “Wireless” tab in the navigation area. Then open the “Basic Settings” tab. Take the settings from the following picture:
  • Open the “Wireless Security” tab. Choose “WPA2 Personal” for the secuirty mode as well as “AES” for the WPA Algorithms.

5. Change your FlashRouters administration password

  • Open the “Administration” tab after the “Management” tab.
  • Delete the preconfiguration and type in your username and your new password.
  • Press “Apply Settings” and move on to the next step.
  • Keep in mind that your username and password differ from your WiFi login data.

6. Establish a VPN connection

  • Click the “Services” tab from the navigation area and then click the sub-tab labeled “VPN”.
  • Enable the OpenVPN configuration options within the “VPN” tab by clicking the “Enable” radio button of “Start OpenVPN client”. Once this option has been ticked, more configuration options appear below.
  • Enter the following information by “OpenVPN client”:
  • Frage folgende Informationen bei „OpenVPN Client“ ein:
    – Server IP/Name: Enter a SpyOFF host you wish to connect to, f.e. fra-a01.spyoff.com
    – Port: 443
    – Tunnel Protocol: TCP
    – Tunnel Device: TUN
    – Encryption Cipher: AES-256-CBC
    – Hash Algorithm: SHA256
    – nsCertType Verification: leave unmarked
    – Advanced Options: set to “Enable”
  • Move on to the next step, but don’t forget to press the “Save” button.
  • Continue with the required advanced option configuration:
    – Advanced Options: set to “Enable”
    – Use LZO Compression: tick the radio button labeled “Enable”
    – NAT: tick the radio button labeled “Enable”
    – Local IP Address: leave this blank
    – TUN MTU Setting: 1500
    – MSS-Fix/Fragment across the tunnel: leave this blank
    – TLS Cipher: AES-256-SHA
    – TLS Auth-Key: leave this blank
    – Additional Config: persist-remote-ip
    keysize 256
    tls-remote [fra-a01.spyoff.com]
    auth-user-pass /tmp/auth.conf
    script-security 3 system

    Information: Instead of “fra-a01.spyoff.com” you can also enter the server of your choice!

  • CA Cert: Get the following file with our certificate and unzip this file. Then open the file “ca.spyoff.com” with a text-editor and copy the whole content. Paste it into the CA cert-field.
  • Now move on to the next step, but don’t forget to press the “Save” button!
  • Locate the “Administration” tab from the navigation bar, and click to continue.
  • In the “Adminstration” area of the control panel, locate the “Commands” sub-tab, and click to continue. Enter the following lines into the “Commands” text area:
    touch /tmp/auth.conf
    echo „[Ihr [email protected]]“ > /tmp/auth.conf
    echo „[Ihr Passwort]“ >> /tmp/auth.conf
  • After you’ve entered your credentials into this field as shown, please click the “Save Startup” button to continue.
  • Click the “Management” sub-tab, still under the “Administration” category, and move to the next step.
  • Lastly, reboot your router by scrolling to the bottom of the page, and clicking the “Reboot Router” button. After your router comes back up, test the OpenVPN tunnel by heading to a site like http://www.whatismyip.com/ after about 5 minutes. If your IP hasn’t yet changed, please reboot your router again, and wait another 5 minutes. If you are still not seeing a change, feel free to contact our support team for further assistance.