ExpressVPN OpenVPN Tomato Router Setup Guide

 

1. Getting started:

  • If you are following this guide it means you have no problems connecting to your FlashRouter network and accessing your FlashRouter settings. 
  • If you are having trouble accessing your router settings then you can always follow our guide on how to access your router settings or if needed how to reset your router to default Tomato firmware settings before proceeding with your ExpressVPN client connection setup. 
  • Download setup files from within your account area on the ExpressVPN website by logging in and then clicking the Set Up ExpressVPN button, this will open a new page.
  • Scroll down and click on the Manual Config section to display your VPN Username and Password.
  • You can then choose your ExpressVPN server locations and click on any server location to download your configuration file(s).
  • Hint: Use the program Notepad++ in Windows or TextEdit in MAC OS to open view the contents of your .ovpn file. 

2. Entering ExpressVPN settings:

In your Tomato FlashRouter settings click on the VPN Tunneling > OpenVPN Client section. 

OpenVPN Client > Client 1 > Basic

Start with WAN

Check this box if you want your VPN connection to startup automatically anytime the router connects to the Internet.

Interface Type

TUN

Protocol

UDP

Server Address/Port

At the top of the .ovpn file you downloaded above, there is a line e.g.: 
remote usa-newyork-ca-version-2.expressnetw.com 1195

usa-newyork-ca-version-2.expressnetw.com is your ExpressVPN server location
1195 is your ExpressVPN port

If you wish to change ExpressVPN connection location, THE ONLY SETTING YOU NEED TO CHANGE IS THE EXPRESSVPN SERVER ADDRESS.*

Firewall

Automatic

Authorization Mode

TLS

Username/Password Authentication

Check this box and enter the Username and Password you found in the Manual Config area.

Hint: This username and password is different from your ExpressVPN website login. 

Extra HMAC authorization (tls-auth)

Outgoing (1)

Create NAT on tunnel

Check this box.

Click Save.

* Here are several popular ExpressVPN server addresses. Note this is only a small fraction of available servers, all other locations can be found in your .ovpn file download area on the ExpressVPN website. 

North America:
usa-chicago-ca-version-2.expressnetw.com
usa-dallas-ca-version-2.expressnetw.com

usa-denver-ca-version-2.expressnetw.com
usa-lasvegas-ca-version-2.expressnetw.com
usa-losangeles-ca-version-2.expressnetw.com
usa-losangeles-1-ca-version-2.expressnetw.com

usa-miami-ca-version-2.expressnetw.com
usa-newyork-ca-version-2.expressnetw.com
usa-seattle-ca-version-2.expressnetw.com
usa-washingtondc-ca-version-2.expressnetw.com
canada-montreal-ca-version-2.expressnetw.com
canada-toronto-ca-version-2.expressnetw.com

Asia:
hongkong-1-ca-version-2.expressnetw.com
japan-tokyo-1-ca-version-2.expressnetw.com

Europe:
uk-berkshire-ca-version-2.expressnetw.com
uk-london-ca-version-2.expressnetw.com
netherlands-amsterdam-ca-version-2.expressnetw.com

Australia:
australia-melbourne-ca-version-2.expressnetw.com
australia-sydney-ca-version-2.expressnetw.com 


OpenVPN Client > Client 1 > Advanced

Poll Interval

0

Redirect Internet Traffic

Do not check this box.

Ignore Redirect Gateway (route-nopull)

Do not check this box unless you are using the advanced VPN Routing Policy feature.

Accept DNS configruation

Strict

Encryption cipher

AES-256-CBC

Compression

 Adaptive

TLS Renegotiation Time

 -1

Connection Retry

 30

Verify server certificate (tls-remote)

 Do not check this box.

Custom Configuration

 Copy & paste the following lines into the empty space:

keysize 256
auth SHA512
fragment 1300
mssfix 1450
ns-cert-type server
persist-key
persist-tun

Click Save. 


OpenVPN Client > Client 1 > Keys

Note: There is a lot of copy and paste required for this section. Be sure to have your ExpressVPN .ovpn file open using Notepad++ on Windows or TextEdit on MAC OS.

Static Key

Copy and Paste all contents in between the <tls-auth> and </tls-auth> lines from your .ovpn file starting and ending with:
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----

Certificate Authority

Copy and Paste all contents in between the <ca> and </ca> lines from your .ovpn file starting and ending with:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Client Certificate

Copy and Paste all contents in between the <cert> and </cert> lines from your .ovpn file starting and ending with:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Client Key

Copy and Paste all contents in between the <key> and </key> lines from your .ovpn file starting and ending with:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

Click Save.

Hint: ExpressVPN Keys and Certificates are the same for all ExpressVPN server locations. If you ever wish to change your VPN server location you DO NOT need to update this section. The only times you will need to update this section is if you create a new ExpressVPN account or if ExpressVPN changes the configuration of there servers. 


 Click the Start Now button to start up the ExpressVPN connection. 


3. Verifying a successful VPN connection:

  1. Instead of seeing the Start Now button, you should now see the Stop Now button in your OpenVPN Client area. Click Stop Now to terminate the active VPN connection at any time. 
  2. Visit http://www.whatismyipaddress.com to verify your new IP address and virtual location. 
    Note: In some cases you may notice that the location is not showing the same location as the server you have input in your router settings; this is because geo tracking tools are often tricked by VPN connections. As long as you see an IP address that is not the same as your normal Internet IP address then you are indeed connected to ExpressVPN.
  3. Navigate to the Advanced > Routing section in your Tomato firmware settings. If you are connected to a VPN then you will notice a tun11 listed in your Routing Table interfaces (tun12 if you are using OpenVPN Client 2). 

4. Additional Router VPN Features

How can I setup 2 ExpressVPN client connections on my Tomato FlashRouter?

  1. In the VPN Tunneling > OpenVPN Client section you will see a Client 1 and Client 2 section. It is not possible to run both client VPN connections at the same time, but you can setup both clients and then Start/Stop Now whichever client you like, depending on which VPN server location you want to use. 
  2. Copy all settings used for ExpressVPN setup as indicated in Client 1 setup above, except this time enter a different server address in the Client 2 > Basic section. 
  3. Make sure you do not check the Start with WAN checkbox on both VPN Clients. If you try to connect to both Client 1 and Client 2 at the same time you will likely lose Internet connectivity entirely. 

5. Backing up your settings:

  1. It is always a good idea to save a backup of your working VPN settings after completing this setup, so that in the result of a reset or faulty settings change you can load your working settings in a few simple clicks.
  2. Go to the Administration > Configuration page and name the file "FlashRouter Backup" for easy searching should you ever need it. Click the Backup button. The file will be saved to your computer.
  3. To load your backup go to the Administration > Configuration, and under the Restore Configuration section, click Choose File, select your backup file, then click Restore and give the router a minute or two to load your settings. 

6. Troubleshooting:

  1. If you have any issues with your connection, you can review our ExpressVPN Troubleshooting page.
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk