> DD-WRT VPN Gateway: Full-Network Privacy Using Surfshark
Posted by: ChronicHacker
GitHub Project: nighthawk-ddwrt-vpn-gateway
Encrypt every packet that leaves your home. Browser extensions wonβt save you β but a VPN-powered router will.
> π§° Requirements
- Netgear Nighthawk R6700v3 (or DD-WRT supported router)
- Surfshark VPN subscription
- ATT Modem/Router with IP Passthrough
- DD-WRT firmware (latest stable)
> π Step 1: Avoid IP Conflict
ATT modems usually run 192.168.1.0/24. Change DD-WRT LAN IP:
- Setup > Basic Setup
- Router IP: e.g.,
192.168.2.1 - Subnet mask:
255.255.255.0 - Local DNS:
0.0.0.0 - Save & Apply
> π¦ Step 2: Get VPN Config Files
- Surfshark Account > Manual Setup > OpenVPN
- Download server config (.ovpn)
- Extract server address & CA cert
> π§ Step 3: Configure OpenVPN Client
Services > VPN > Enable OpenVPN Client:
- Server IP/Name: from .ovpn
- Port: 1194
- Tunnel Device: TUN
- Protocol: UDP
- Encryption Cipher: AES-256-CBC
- Hash Algorithm: SHA512
- User Pass Auth: Enable
- Username/Password: Surfshark creds
Additional Config:
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 3
auth-user-pass /tmp/openvpncl/userpass.confCertificates:
- CA Cert: From
<ca>section - Client Cert/Key: Leave blank
Apply Settings.
> π‘οΈ Step 4: ATT IP Passthrough
- 192.168.1.254 > Firewall > IP Passthrough
- Allocation Mode: Passthrough
- Passthrough Mode: DHCPS-fixed
- MAC: your DD-WRT router
- Turn off 2.4GHz/5GHz WiFi
- Save & reboot
> π« Step 5: Kill Switch + DNS Leak Protection
DNS Setup:
- Static DNS:
162.252.172.57,149.154.159.92 - Enable DNSMasq
- Disable Recursive DNS
Kill Switch:
iptables -I FORWARD -i br0 -o $(nvram get wan_iface) -j DROPSave Startup.
> π§ͺ Step 6: Verify Connection
- Status > OpenVPN: Look for CONNECTED SUCCESS
- Check VPN IP assigned
- Check packets
- AUTH_FAILED: Wrong login
- VERIFY ERROR: Certificate issue
- TLS Error: Wrong server or port
> β Final Test
- Visit ipleak.net
- Check IP, DNS, WebRTC match VPN
> π Resources
Youβve just turned a consumer router into a full-network VPN gateway. Welcome to the encrypted elite.
β Chr0nicHacker