How to Set Up OpenVPN on FreshTomato Routers

This guide will show you how to set up CyberGhost VPN on a FreshTomato router using OpenVPN.

Jump To…

Requirements

Things to Know Before You Start

Step-by-Step Guide:

Step 1: Create a CyberGhost VPN Configuration

Step 2: Configure Router Timezone Settings

Step 3: Configure Router OpenVPN Settings

Basic

Advanced

Keys

How to Check if the VPN Is Working

Requirements

To set up CyberGhost VPN on a FreshTomato router, you will need the following:

• A router running FreshTomato firmware that supports OpenVPN 

You can use this hardware compatibility table to check if your router supports FreshTomato. Also, here is an extensive guide showing how to install FreshTomato on a router.

• A CyberGhost VPN account

If you don’t have one yet, you can follow the steps in this guide to learn how to create a CyberGhost VPN account online.

• A CyberGhost VPN subscription

Once you create an account, you can purchase or upgrade a subscription. If you have an activation key instead, here’s how to activate your subscription with an activation key.

Disclaimer: This guide aims to be as detailed as possible, but some technical knowledge is still required during setup. Note that steps may vary depending on your router model or firmware version, and that information may not always reflect the latest FreshTomato updates.

Things to Know Before You Start

• Routers typically have weaker processors than computers and some portable devices. As a result, VPN speeds may be slower on a router than when connecting directly from a device. If speed is important, try connecting on your computer, laptop, or tablet instead. 
• If your router doesn't have built-in DSL (Digital Subscriber Line) support, your DSL modem may continue to manage the internet connection. In this setup, your devices connect to the router, while the router connects to the modem. Make sure your devices are connected to the router's Wi-Fi network rather than the modem's. If you no longer need the modem's wireless network, consider disabling its Wi-Fi to avoid confusion.
• Installing FreshTomato firmware on your router may void its warranty. There is also a small risk that it may brick the router if, for instance, the power cuts out mid-installation. CyberGhost VPN isn’t responsible for any damages that may occur. Check your manufacturer’s policy before proceeding. 

Step-by-Step Guide

The following guides show you how to obtain a CyberGhost VPN server configuration and set up the necessary VPN settings in your FreshTomato router. 

Step 1: Create a CyberGhost VPN Configuration

1. Access your CyberGhost VPN account dashboard. If prompted, log in. 

2. Select the VPN tap on the left, then click Configure Device.

   

3. Create your server configuration, as described below: 
   • Protocol: Choose one of the following:
     • OpenVPN TCP: Provides more stable connections than the other option, but can be a bit slower. Pick this option if you experience frequent connectivity issues, like recurring disconnects.
     • OpenVPN TCP: Provides more stable connections than the other option, but can be a bit slower. Pick this option if you experience frequent connectivity issues, like recurring disconnects.
   • Country: Select the server location you want to connect to. Note that you can only choose one server location per configuration. To change the location afterwards, you will need to create a different configuration and repeat the setup on your router.
   • Server Group: Choose the VPN server groups you want to connect to. Examples may include standard or gaming-optimized servers. 
   • Device Name: Enter the desired name for the configuration. 

4. When you are done, click Save Configuration.

   

5. You will automatically be taken back to the VPN tab. Select View next to the saved configuration.

   

6. Copy the Username and Password and keep them at hand because you will need them later in the setup. These aren’t your CyberGhost VPN account login details. This username and password are generated for this configuration, and they only authenticate this manual configuration with CyberGhost VPN’s servers.

   

7. Click Download Configuration to download the config file to your device.

   

The downloaded config file contains the following: 

• ca.crt: This is the certificate of the certification authority.
• client.crt: This is the user certification file.
• client.key: This is your private key file.
• openvpn.ovpn: This is your OpenVPN configuration file.

Step 2: Configure Router Timezone Settings

Before setting up the VPN connection, you should adjust timezone settings to ensure you are using the correct time settings for your location. An unsynchronized clock can cause certificate validation failures and prevent the VPN from connecting.

To configure time settings: 

1. Log in to your router's admin panel and navigate to the time or clock settings. This is typically found under a Basic, Administration, or Setup section.
2. Enable the NTP Client if it’s not already enabled.
3. Enter a reliable NTP server address. If you are unsure which to use, pool.ntp.org is a good default.
4. Optionally, select your local timezone.
5. Save the changes and confirm that the router's clock is now showing the correct time.

Step 3: Configure Router OpenVPN Settings 

To set up your CyberGhost VPN connection, you have to navigate to VPN Tunneling > OpenVPN Client > Client 1. After that, you have to adjust certain VPN-related settings in the Basic, Advanced, and Keys tabs. The sections below detail the necessary steps for each tab:

Basic

1. Click the Basic tab. 
2. Check the Enable on Start option. This ensures the VPN connection starts every time you turn on the router. 
3. For Interface Type, select TUN. 
4. From the Protocol dropdown menu, select UDP or TCP based on the server configuration you previously set up. 

5. Next, you must enter the server address and port. To find them, open the openvpn.ovpn file with a text editor.

   

6. You will see the server address and port on the second row, right next after “remote.” They are highlighted separately in the image below. Enter the details into the Server Address/Port fields.

   

7. Make sure the Firewall dropdown menu is set to Automatic. 
8. Check the Create NAT on tunnel option. 
9. For the Authorization Mode dropdown menu, make sure TLS is selected. 
10. Check the Username/Password Authentication option to reveal the input for those fields. Once available, enter the username and password generated for your server configuration. 
11. Make sure the Username Authen. Only option is unchecked. 

12. From the Auth digest dropdown menu, choose the option relevant to the configuration file you are using. You can see this information in the openvpn.ovpn file, right after “auth”.

    

13. Click Save to apply the changes. 

Advanced

1. Click the Advanced tab. 
2. From the Redirect Internet traffic dropdown menu, select All. This specifies that the VPN connection will redirect all web traffic to the VPN tunnel. 
3. Set Accept DNS configuration to Relaxed to ensure the VPN connection gets its DNS settings from the VPN server. 
4. Check Verify Certificate to protect against potential spoofing of the VPN server. 
5. In the Custom Configuration field, copy the following lines from the openvpn.ovpn file:

resolv-retry infinite

redirect-gateway def1

persist-key

persist-tun

nobind

data-ciphers (use the values found in the file)

data-ciphers-fallback (use the values found in the file)

auth SHA256

ping 5

explicit-exit-notify 2

script-security 2

remote-cert-tls server

route-delay 5

verb 4

6. Click Save when done. 

Keys

1. Click the Keys tab. 

2. Open the ca.crt file from the server configuration with a text editor.

   

3. Copy-paste the entire key, including the “BEGIN” header and “END” footer, in the Certificate Authority field.

   

4. Next, open the client.crt file with a text editor.

   

5. Copy-paste the entire key, including the “BEGIN” header and “END” footer, in the Client Certificate field.

   

6. Open the client.key file with a text editor.

   

7. Copy-paste the entire key, including the“BEGIN” header and “END” footer, in the Client Key field.

   

8. Click Save to apply the changes.
9. Click Start Now to initiate the VPN connection. 

How to Check if the VPN Is Working

You can verify if the VPN connection is active inside your FreshTomato dashboard. To do so, navigate to VPN Tunneling > OpenVPN Client > Client 1 > Status. 

You can also confirm that the VPN connection is working well with CyberGhost VPN’s privacy test. After you access the link:

1. Click Test your privacy.

   

2. Verify that the IP address and location match your chosen VPN server location.

   

Need assistance? Contact our Customer Support team:

• via email at support@cyberghost.ro 
• via online request at https://support.cyberghostvpn.com/hc/en-us/requests/new 
• via 24/7 Live Chat by clicking the Support button below

Need assistance? Contact our Customer Support team:

• by email: support@cyberghost.ro 
• by online request: https://support.cyberghostvpn.com/hc/en-us/requests/new
• by 24/7 live chat on our website