Back to Guides

Asus Merlin and Mullvad VPN

Asuswrt-Merlin is a third party firmware for Asus routers as well as is an Open Source firmware and custom version of Asuswrt with advanced OpenVPN client


Warning: This is an outdated guide, the screenshots have not been updated to reflect changes made to authentication, from using certificates to using username and password

Asuswrt-merlin officially supports the following router models:

  • RT-N66U
  • RT-AC66U
  • RT-AC66U_B1 (same firmware as the RT-AC68U)
  • RT-AC56U
  • RT-AC68U  (including revisions C1 and E1)
  • RT-AC68P (same firmware as RT-AC68U)
  • RT-AC87
  • RT-AC3200
  • RT-AC88U
  • RT-AC3100
  • RT-AC5300
  • RT-AC1900 (same firmware as RT-AC68U)
  • RT-AC1900P (same firmware as RT-AC68U)


Open a web browser and enter the IP address of your router, which is normally Sometimes this address is in conflict with other routers so in this tutorial our LAN IP address is , It is possible to change it in Advanced Settings > LAN


In Advanced Settings click on VPN


Click on the "Openvpn Clients" tab at the top of your screen and then click on "Add Profile" in order to create a VPN connection.


Download the Android configuration file from Mullvads website,  and then click on Browse button.



Click on the Mullvad configuration file and then open.


After selecting configuration file click on upload


You will now see the OpenVPN client settings, make sure that your settings match below.

Update:  make sure Username/Password Authentication is set to Yes
and that you use your mullvad account number as username and m as password.

Start with WAN: Yes (automatic connect to mullvad on boot)
Username/Passwrod Auth. Only: NO
Extra HMAC Authorization: Disabled
Create NAT on Tunnel: Yes




Make sure that your Advanced settings match the image below


Accept DNS Configuration: Strict
Encryption Cipher : AES-256-CBC
Redirect Internet traffic : Policy Rules ( determines which clients, or which destinations should be routed through the tunnel )
Block routed clients if tunnel goes down : Yes
Add new route with below information :
Description : All devices
Source IP : ( LAN IP range which include all devices )
Destination IP :
Iface : VPN


In the custom configuration remove additional configuration, and then click on apply and wait for changes to be Applied



Custom configuration :

ping-restart 60
ping 10
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA (or tls-cipher in android configuration file



From the Advanced Settings click on IPV6 then In the Basic Config, Change the Connection type to Native.

In client control turn on the button to connect to mullvad server


You should now be connected to Mullvad.



If you are unable to import the configuration file, then please edit it and remove the inline crl.

  • Remove "<crl-verify>" and also everything inbetween and including "</crl-verify>"



If it still does not work, then please reboot the router and then see if it is working as intended