DD-WRT routers and Mullvad VPN


Last updated: 24 January 2023

What is DD-WRT?

As stated on dd-wrt.com, DD-WRT is a Linux-based, alternative open-source firmware suitable for a wide variety of WLAN routers and embedded systems.

This guide uses OpenVPN protocol to connect to the Mullvad VPN servers.

Installing DD-WRT on your router

You can check online if your router is supported and then download DD-WRT.

Installing OpenVPN and Mullvad on your router comes with some benefits:

  • You can secure your whole network and all devices connected to the router.
  • You can run Mullvad on more than five devices (all devices connected to the router).
  • Via the router, you can even run Mullvad on devices that have no support for OpenVPN.
  • A router is designed for routing, naturally, and is not disturbed by other programs and settings like a program in a computer might be. It works well and is stable.

Expected performance of OpenVPN on a router

Running OpenVPN on a router is demanding. On a router with a 400mhz ARM CPU, you can expect performance around 7–10Mbps. It scales relatively linearly, so on a router with 1.6Ghz ARM CPU we would expect performance around 30–40Mbps.

For other speed-related questions, please read our Speed Guide. Also keep in mind that OpenVPN itself does not use multiple cores and that x86 CPUs will perform a lot better.

Before you set up OpenVPN

A DD-WRT router's default IP address is normally Sometimes this address is in conflict with other routers and you might have to change it. If so, try, but remember to change the default address everywhere that it is mentioned in this guide.

The first time you connect, you will be prompted to replace the admin login username and password with your own.

Setting up Mullvad VPN

Follow the instructions below (please read through once before starting).
This guide was written and tested on DD-WRT v3.0 [Beta] build 51440.

VPN tab

Click on the tab Services and then the subtab VPN. This is where you will set up the Mullvad VPN.

OpenVPN: Enable

Next to Start OpenVPN Client, choose Enable. 

Server IP/Name

Next to Server IP/Name, specify your preferred exit country by entering the corresponding server IP .
In this example we'll use (which is se-got-010.mullvad.net).
For a list of all servers, please look at our list of severs.


Change to "1300".

Encryption Cipher

Change to "AES-256 CBC".

Hash Algorithm

Change to "SHA1".

User Pass Authentication

Change to Enabled. Enter your Mullvad Account Number (without any spaces) as username and use the password "m"

Enable advanced options

Next to Advanced Options, check "Enable".

LZO Compression

Change to "No".


Change to "Enable"


Check the box.

Verify Server Cert.

Check the box.

Additional Config

Under Additional Config, enter the following text:

verb 4

The "verb 4" text is optional and is used for more detailed logging to help with problem solving.

CA Cert

Paste the following text to CA Cert


Apply Settings

Click on the Apply Settings button.

Enable IPv6

Click on the tab Setup and then the subtab IPV6. Next to IPv6, click Enable. Mullvad will not function without this.
Select "DHCPv6 with Prefix Delegation" as IPv6 Type. No other settings need to be changed. Click on Apply Settings.

Set the DNS

Now you will set the DNS to Mullvad's DNS. This will ensure that information is not leaked to the provider running the local network and will therefore keep them from seeing which domain names are looked up.

Basic Setup tab

While still on the Setup tab, click on the Basic Setup tab

Static DNS

Set the following DNS servers:
Static DNS 1:

Note that the DNS server is decommissioned and no longer works

Next to Local DNS , change the four fields so that the string reads (or any other DNS server you might wish to use)


Click on the Apply Settings button.

Keep Alive function

The following settings will ping the Mullvad DNS every six minutes (360 seconds) and restart the router if the connection goes down. Since the DNS is available only via the VPN tunnel, the router will restart if the tunnel stops working.

You might consider testing your VPN tunnel before implementing the Keep Alive settings because if something isn't working, a router that reboots every six minutes can get annoying.

Keep Alive tab

While still on the Administration tab, click on the subtab Keep Alive.

Use these settings

Adjust your settings to match the ones in the picture below.

Apply Settings

Click on the Apply Settings button.

Secure your WiFi

Wireless Security tab

Click on the tab Wireless and then the subtab Wireless Security.

Encryption and password

By default, the WiFi is unprotected on DD-WRT. You need to set Security Mode to WPA2-PSK. Change algorithm to AES and select a strong password in the box WPA Shared Key.
Some routers have several WiFi networks; make sure you secure all of them.

Click on the Apply Settings button.

Test your IP address

Use our Connection check to see which IP address you are using. It should be one of Mullvad's and not your own.

How to add a port to be forwarded to any client behind the router (optional)

Replace 12345 with the port number you have been assigned.

iptables -t nat -I PREROUTING -i tun+ -p tcp --dport 12345 -j DNAT --to
iptables -t nat -I PREROUTING -i tun+ -p udp --dport 12345 -j DNAT --to


Try the following:

  • Look at the OpenVPN logs under Status » OpenVPN.
  • Assign a different IP address to your router (in case of conflict with other devices) under Setup » Basic Setup.
  • Check that you correctly followed all of the instructions.
  • Restart the router.