This quick guide will show you how to enable Mullvad VPN on an ASUS router flashed with Asuswrt-Merlin for specific devices only, as well as bypass IPv6. You can modify this so that all your devices are protected by a VPN, but I only wanted to apply this to certain devices like smart TV’s.
Why disable IPv6? I do not currently use it on my network and it caused some issues with my Pi-hole setup, so for now I have disabled IPv6 support for this.
For this guide, you will need the following:
While this guide does focus on Mullvad, the VPN I use, you could adapt it for just about any VPN provider.
Let’s get started.
1. Log into your Mullvad account and download the Android OpenVPN configuration file.
2. Log into your ASUS router and click on VPN in Advanced Settings:
2. Click on the VPN Client tab.
3. In the Client control section, click on Browse… to upload the .opvn file you downloaded earlier, then click on the Upload button.
4. Make the following adjustments in each section:
- Automatic start at boot: Yes
- Description: Mullvad (can be anything)
- Server Address and Port
- Address: Change this based on the country for the OpenVPN configuration you selected. For example, if you select a Canadian server set the server address to ca.mullvad.net.
- Port: 1197
- Accept DNS Configuration: Exclusive
- Username: Enter your Mullvad username
- Password: Enter m
- Modify as shown in the following screenshot:
- Force Internet traffic through tunnel: Policy Rules (Strict)
- Block routed clients if tunnel goes down: Yes
Rules for routing client traffic through the tunnel (Max Limit : 100)
In this section, you will need to add each client that will be routed through the VPN tunnel. Enter each device as follows:
- Description: A name for the device
- Source IP: The IP address of the device
- Destination: 0.0.0.0
- Iface: VPN
In this section, your configuration should look like this:
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
The important values here are that
pull-filter ignore "ifconfig-ipv6" and
pull-filter ignore "route-ipv6" were added, and
tun-ipv6 was removed. The combination of this disabled the VPN from connection over IPv6.
5. Once you have made these changes, click on Apply.
6. On each device that is connected to the VPN, assign the following DNS values:
7. Finally, in the Client control section turn on the VPN, you should now have a successful connection.
That’s it. The devices you defined should now be connected over the VPN, leaving the rest of your network on the regualr WAN connection.