DD-WRT routers and Mullvad VPN


Last updated: 14 July 2022

What is DD-WRT?

As stated on dd-wrt.com, DD-WRT is a Linux-based, alternative open-source firmware suitable for a wide variety of WLAN routers and embedded systems. The main emphasis is to provide the easiest-possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.

DD-WRT has support for OpenVPN and can be used to connect to the Mullvad VPN servers.

Installing DD-WRT on your router

You can check online if your router is supported and then download DD-WRT.

Installing OpenVPN and Mullvad on your router comes with some benefits:

  • You can secure your whole network and all devices connected to the router.
  • You can run Mullvad on more than five devices (all devices connected to the router).
  • Via the router, you can even run Mullvad on devices that have no support for OpenVPN.
  • A router is designed for routing, naturally, and is not disturbed by other programs and settings like a program in a computer might be. It works well and is stable.

Expected performance of OpenVPN on a router

Running OpenVPN on a router is demanding. On a router with a 400mhz ARM CPU, you can expect performance around 7–10Mbps. It scales relatively linearly, so on a router with 1.6Ghz ARM CPU we would expect performance around 30–40Mbps.

For other speed-related questions, please read our Speed Guide. Also keep in mind that OpenVPN itself does not use multiple cores and that x86 CPUs will perform a lot better.

Before you set up OpenVPN

A DD-WRT router's default IP address is normally Sometimes this address is in conflict with other routers and you might have to change it. If so, try, but remember to change the default address everywhere that it is mentioned in this guide.

The first time you connect, you will be prompted to replace the admin login username and password with your own.

Setting up Mullvad VPN

Follow the instructions below (please read through once before starting).
This guide was written and tested on DD-WRT v3.0 [Beta] build 44715.

VPN tab

Click on the tab Services and then the subtab VPN. This is where you will set up the Mullvad VPN.

OpenVPN: Enable

Next to Start OpenVPN Client, choose Enable. 

Server IP/Name

Next to Server IP/Name, specify your preferred exit country by entering the corresponding server name or IP .
In this example we'll use se-got-010.mullvad.net (
For a list of all options, please look at our list of severs.


Change to "1300".

Encryption Cipher

Change to "AES-256 CBC".

Hash Algorithm

Change to "SHA1".

User Pass Authentication

Change to Enabled. Enter your Mullvad Account Number (without any spaces) as username and use the password "m"

Enable advanced options

Next to Advanced Options, check "Enable".

LZO Compression

Change to "No".


Change to "Enable"

Verify Server Cert.

Check the box.



Additional Config

Under Additional Config, enter the following text:

verb 4

The "verb 4" text is optional and is used for more detailed logging to help with problem solving.

CA Cert

Paste the following text to CA Cert


Apply Settings

Click on the Apply Settings button.

Enable IPv6

Click on the tab Setup and then the subtab IPV6. Next to IPv6, click Enable. Mullvad will not function without this.
Select "DHCPv6 with Prefix Delegation" as IPv6 Type. No other settings need to be changed. Click on Apply Settings.

Set the DNS

Now you will set the DNS to Mullvad's DNS. This will ensure that information is not leaked to the provider running the local network and will therefore keep them from seeing which domain names are looked up.

Basic Setup tab

While still on the Setup tab, click on the Basic Setup tab

Static DNS

Set the following DNS servers:
Static DNS 1:
Static DNS 2:

Next to Local DNS , change the four fields so that the string reads (or any other DNS server you might wish to use)


Click on the Apply Settings button.

Add a kill switch

Next, you will add the following firewall settings in order to disable all network access outside of the VPN tunnel.

Start IP Address and Maximum DHCP Users

While still on the Basic Setup page, take note of the input for Start IP Address and Maximum DHCP Users. You will need this information for the following steps.

In the example below, Start IP Address is and Maximum DHCP Users is 50. This information tells you the range of IPs used by the DHCP server on your router, in this instance from to


Click on the tab Administration and then the subtab Commands.

In the Commands field, enter the following text and adjust the range according to the input from your router as mentioned above:

iptables -I FORWARD ! -o tun1 -m iprange --src-range -j DROP

Save Firewall

Click on the Save Firewall button.

Keep Alive function

The following settings will ping the Mullvad DNS every six minutes (360 seconds) and restart the router if the connection goes down. Since the DNS is available only via the VPN tunnel, the router will restart if the tunnel stops working.

You might consider testing your VPN tunnel before implementing the Keep Alive settings because if something isn't working, a router that reboots every six minutes can get annoying.

Keep Alive tab

While still on the Administration tab, click on the subtab Keep Alive.

Use these settings

Adjust your settings to match the ones in the picture below.

Apply Settings

Click on the Apply Settings button.

Secure your WiFi

Wireless Security tab

Click on the tab Wireless and then the subtab Wireless Security.

Encryption and password

By default, the WiFi is unprotected on DD-WRT. You need to set Security Mode to WPA2-PSK. Change algorithm to AES and select a strong password in the box WPA Shared Key.
Some routers have several WiFi networks; make sure you secure all of them.

Click on the Apply Settings button.


Test your IP address

Use our Connection check to see which IP address you are using. It should be one of Mullvad's and not your own.


How to add a port to be forwarded to any client behind the router.

Replace 12345 with the port number you have been assigned.

iptables -t nat -I PREROUTING -i tun+ -p tcp --dport 12345 -j DNAT --to
iptables -t nat -I PREROUTING -i tun+ -p udp --dport 12345 -j DNAT --to




Try the following:

  • Look at the OpenVPN logs under Status » OpenVPN.
  • Assign a different IP address to your router (in case of conflict with other devices) under Setup » Basic Setup.
  • Check that you correctly followed all of the instructions.
  • Restart the router.