Back to Guides

Asus Merlin and Mullvad VPN

Asuswrt-Merlin is a third party firmware for Asus routers as well as is an Open Source firmware and custom version of Asuswrt with advanced OpenVPN client


Asuswrt-merlin officially supports the following router models:

  • RT-N66U
  • RT-AC66U
  • RT-AC66U_B1 (same firmware as the RT-AC68U)
  • RT-AC56U
  • RT-AC68U  (including revisions C1 and E1)
  • RT-AC68P (same firmware as RT-AC68U)
  • RT-AC87
  • RT-AC3200
  • RT-AC88U
  • RT-AC3100
  • RT-AC5300
  • RT-AC1900 (same firmware as RT-AC68U)
  • RT-AC1900P (same firmware as RT-AC68U)

 

Open a web browser and enter the IP address of your router, which is normally 192.168.1.1. Sometimes this address is in conflict with other routers so in this tutorial our LAN IP address is 192.168.11.1 , It is possible to change it in Advanced Settings > LAN

 

In Advanced Settings click on VPN

 

Click on the "Openvpn Clients" tab at the top of your screen and then click on "Add Profile" in order to create a VPN connection.

 

Download the Android configuration file from Mullvads website,  and then click on Browse button.

 

 

Click on the Mullvad configuration file and then open.

 

After selecting configuration file click on upload

 

You will now see the OpenVPN client settings, make sure that your settings match the image below

Start with WAN: Yes (automatic connect to mullvad on boot)
Username/Passwrod Auth. Only: NO
Extra HMAC Authorization: Disabled
Create NAT on Tunnel: Yes

 

 

 

Make sure that your Advanced settings match the image below

 

Accept DNS Configuration: Strict
Encryption Cipher : AES-256-CBC
Redirect Internet traffic : Policy Rules ( determines which clients, or which destinations should be routed through the tunnel )
Block routed clients if tunnel goes down : Yes
Add new route with below information :
Description : All devices
Source IP : 192.168.11.0/24 ( LAN IP range which include all devices )
Destination IP : 0.0.0.0
Iface : VPN

 

In the custom configuration remove additional configuration, and then click on apply and wait for changes to be Applied

 

 

Custom configuration :

tun-ipv6
ping-restart 60
ping 10
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA (or tls-cipher in android configuration file

 

 

From the Advanced Settings click on IPV6 then In the Basic Config, Change the Connection type to Native.

In client control turn on the button to connect to mullvad server

 

You should now be connected to Mullvad.

 

Troubleshooting:

If you are unable to import the configuration file, then please edit it and remove the inline crl.

  • Remove "<crl-verify>" and also everything inbetween and including "</crl-verify>"

 

 

If it still does not work, then please reboot the router and then see if it is working as intended