Back to Guides

Asus Merlin and Mullvad VPN

Asuswrt-Merlin is a third party firmware for Asus routers as well as is an Open Source firmware and custom version of Asuswrt with advanced OpenVPN client


Asuswrt-merlin officially supports the following router models:

  • RT-N66U
  • RT-AC66U
  • RT-AC66U_B1 (same firmware as the RT-AC68U)
  • RT-AC56U
  • RT-AC68U  (including revisions C1 and E1)
  • RT-AC68P (same firmware as RT-AC68U)
  • RT-AC87
  • RT-AC3200
  • RT-AC88U
  • RT-AC3100
  • RT-AC5300
  • RT-AC1900 (same firmware as RT-AC68U)
  • RT-AC1900P (same firmware as RT-AC68U)


Open a web browser and enter the IP address of your router, which is normally  In this tutorial our LAN IP address is , It is possible to change it in Advanced Settings > LAN


In Advanced Settings click on VPN


Click on the "VPN Client" tab at the top of your screen and then click on "OpenVPN" in order to create a VPN connection.



Download the Android configuration file from Mullvads website,  and then click on Browse button.



Click on the Mullvad configuration file and then open.


After selecting configuration file click on upload


You will now see the OpenVPN client settings, make sure that your settings match below.

Make sure Username/Password Authentication is set to Yes
and that you use your mullvad account number as username and m as password.




From the Advanced Settings click on IPV6 then In the Basic Config, Change the Connection type to Native.

In client control turn on the button to connect to mullvad server


Click on VPN Status to see information about your VPN connection


You should now be connected to Mullvad.

Port Forwarding:

  1. Enable startup with WAN under the VPN settings.
  2. Go to Administration -> System -> Enable JFFS custom scripts and configs
  3. Enable SSH in the router on the same page.
  4. SSH into the router.

Copy and paste this into the terminal (replace YOURPORT with the assigned port and replace THECOMPUTERSIP with the device IP that you wish to forward the port to).

echo -e "!#/bin/sh \niptables -t nat -A PREROUTING -i tun+ -p udp --dport YOURPORT -j DNAT --to- destination THECOMPUTERSIP \niptables -t nat -A PREROUTING -i tun+ -p tcp --dport YOURPORT -j DNAT --to-destination THECOMPUTERSIP" > /jffs/scripts/nat-start && chmod +x /jffs/scripts/nat-start



If you are unable to import the configuration file, then please edit it and remove the inline crl.

  • Remove "<crl-verify>" and also everything inbetween and including "</crl-verify>"



If it still does not work, then please reboot the router and then see if it is working as intended