Asus Merlin and Mullvad VPN
Asuswrt-Merlin is a third party firmware for Asus routers as well as is an Open Source firmware and custom version of Asuswrt with advanced OpenVPN client
Warning: This is an outdated guide, the screenshots have not been updated to reflect changes made to authentication, from using certificates to using username and password
Asuswrt-merlin officially supports the following router models:
- RT-AC66U_B1 (same firmware as the RT-AC68U)
- RT-AC68U (including revisions C1 and E1)
- RT-AC68P (same firmware as RT-AC68U)
- RT-AC1900 (same firmware as RT-AC68U)
- RT-AC1900P (same firmware as RT-AC68U)
Open a web browser and enter the IP address of your router, which is normally 192.168.1.1. Sometimes this address is in conflict with other routers so in this tutorial our LAN IP address is 192.168.11.1 , It is possible to change it in Advanced Settings > LAN
In Advanced Settings click on VPN
Click on the "Openvpn Clients" tab at the top of your screen and then click on "Add Profile" in order to create a VPN connection.
Download the Android configuration file from Mullvads website, and then click on Browse button.
Click on the Mullvad configuration file and then open.
After selecting configuration file click on upload
You will now see the OpenVPN client settings, make sure that your settings match below.
Update: make sure Username/Password Authentication is set to Yes
and that you use your mullvad account number as username and m as password.
Start with WAN: Yes (automatic connect to mullvad on boot)
Username/Passwrod Auth. Only: NO
Extra HMAC Authorization: Disabled
Create NAT on Tunnel: Yes
Make sure that your Advanced settings match the image below
Accept DNS Configuration: Strict
Encryption Cipher : AES-256-CBC
Redirect Internet traffic : Policy Rules ( determines which clients, or which destinations should be routed through the tunnel )
Block routed clients if tunnel goes down : Yes
Add new route with below information :
Description : All devices
Source IP : 192.168.11.0/24 ( LAN IP range which include all devices )
Destination IP : 0.0.0.0
Iface : VPN
In the custom configuration remove additional configuration, and then click on apply and wait for changes to be Applied
Custom configuration :
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA (or tls-cipher in android configuration file
From the Advanced Settings click on IPV6 then In the Basic Config, Change the Connection type to Native.
In client control turn on the button to connect to mullvad server
You should now be connected to Mullvad.
If you are unable to import the configuration file, then please edit it and remove the inline crl.
- Remove "<crl-verify>" and also everything inbetween and including "</crl-verify>"
If it still does not work, then please reboot the router and then see if it is working as intended