Best VPN service for Tomato routers

A VPN, short for Virtual Private Network, encrypts all internet data on a device and sends it via an intermediate server in the user’s chosen location. By configuring a VPN on a home wifi router, all internet traffic from all connected devices will be routed via the VPN server. This includes devices that do not natively support VPNs, such as gaming consoles such as the PlayStation 4 and Xbox One, smart TVs, and streaming media devices like Roku and Chromecast.

Connecting to a VPN provides several advantages. Encryption ensures the security of all your online activities. For example, your internet service provider and hackers can not track your behavior. By substituting a VPN server’s IP address for your normal IP address, organizations and governments are unable to readily track activity back to your device. You can circumvent firewalls that are used to filter content from certain websites and applications. Additionally, you may access geo-restricted content, such as US Netflix or BBC iPlayer.

Best VPN for Tomato routers


Our top pick is NordVPN. It now maintains over 5,000 servers in several countries. You may find the OpenVPN configuration files for each of them on the website. Additionally, the knowledge base section of the site has setup instructions for Tomato router users. Subscribers have limitless bandwidth and are not subject to data limitations. The firm adheres to a real “zero-logs” policy, which means that no information about your usage of the VPN is stored. Military-grade 256-bit encryption protects your data from prying eyes. Live chat help is provided on the website.

Flashrouters sell two pre-flashed routers that have everything you need to connect to NordVPN’s servers with little configuration.

NordVPN unblocks Netflix, Hulu, HBO Now, and BBC iPlayer, among other streaming services.

Methodology for VPN testing

Since you’ll be using Tomato firmware rather than a VPN program, router VPNs must be assessed using a slightly different, more restrictive set of criteria. A VPN established on a router will lack the convenience and security features offered by a VPN installed as an app on a laptop or phone.

We analyze each VPN we suggest based on our own experience, professional analysis, and a variety of tests. Regarding router VPNs, we take the following factors into account:

  • Router support: Support for Tomato routers requires the VPN to offer configuration files and/or credentials necessary to establish a manual connection, as well as guidance on how to do so.
  • Speed: Our speed tests determine the download bandwidth available for VPN servers located across the globe.
  • Privacy: We examine each VPN’s privacy policy and terms of service for any wording or omissions that might imply the gathering of personally identifiable information when connected to the VPN.
  • Streaming: We conducted real-world testing to determine whether VPNs are capable of unblocking major streaming services from overseas, including several foreign Netflix libraries, Hulu, Amazon Prime Video, HBO Max, Disney+, and BBC iPlayer.
  • Security: When using a VPN on a router rather than an app, security may diverge from the promised encryption levels and protocols. For manual setup, we suggest only providers that provide secure and up-to-date VPN protocols.
  • Server selection: We prefer VPNs that provide a greater variety of server locations.
  • Value for money: Prices, discounts, guarantees, free trials, and payment policies are weighed against each VPN’s performance, security, and features.
  • Customer service: Configuring a router VPN is more involved than using VPN software, particularly if this is your first time. We suggest providers with skilled and responsive customer care. Our reviewers operate as undercover shoppers, contacting each provider’s customer service to find out response times and quality.

Is it possible to utilize a free VPN with Tomato?

While there are several free VPNs available, we suggest ignoring the great majority of them. Typically, free VPNs do not include the configuration files required to connect a Tomato router to their servers. Rather, they prefer that you use their desktop or mobile applications, which often include tracking cookies, inserting advertisements, and may even infect your device with malware.

Even the most reputable alternatives have strict limitations on the servers, the amount of data, and the amount of bandwidth you may utilize. As a result, they are effectively worthless for anything bandwidth-intensive, such as video streaming or online gaming.

Oftentimes, free VPNs provide inadequate privacy and security precautions. They are unable to provide sophisticated features such as split tunneling or military-grade encryption. Numerous companies will even mine your internet traffic to collect data that may be sold to third-party advertising.

Which Tomato version should you use?

When doing an internet search for Tomato, you’re likely to run across several revisions, or forks, of the original Tomato software. These include the following:

  • Tomato
  • TomatoUSB
  • Shibby
  • Toastman
  • Victek
  • Merlin
  • AdvancedTomato

To aid you in determining which is the best fit for your router and your requirements, we’ll try to restrict your selections.

The initial firmware, Tomato, was launched in 2008. The most recent release occurred in June 2010, and compatibility is limited to a very small number of routers from that era. It lacks both client and server support for OpenVPN, which is probably not what you want.

TomatoUSB is a branch of the original Tomato, which was established soon after its author halted development. It offers a far broader selection of routers and other important features, such as USB port compatibility and wireless-N mode. TomatoUSB’s official branch has not been updated since November 2010. While this may work for your router, there are almost certainly more suitable solutions.

Shibby, Toastman, Victek, and the majority of other existing modifications are forks of TomatoUSB, which means they share a large portion of the core code but add their own features and functionality. Each of these three providers supports OpenVPN clients and servers, so any of them would be an excellent option. Shibby (short for “Tomato by Shibby”) seems to be the most popular alternative, which means you should have little difficulty locating assistance and resources on forums if required.

AdvancedTomato is a clone of Shibby Tomato that includes a sleek web-based dashboard that many users will find more user-friendly than the normal Tomato interface. Advanced Tomato is updated promptly whenever Shibby Tomato is updated. If all other variables remain consistent and your router is compatible, AdvancedTomato is our top suggestion for inexperienced Tomato users.

If speed is a problem, you should generally flash the smallest build that has all of the features you need (OpenVPN client support, in this case).

Once you’ve identified a Tomato version that meets all of your criteria, double-check that it’s compatible with your router. By simply Googling “Shibby Tomato router list” or something similar, you should be able to get a list of router models compatible with your setup.

How to configure an OpenVPN connection on a Tomato router

We’ll use Tomato by Shibby 1.28 in this lesson, and it should be sufficiently close to previous builds that any inconsistencies should be obvious. These instructions presuppose that you have previously installed your preferred version of Tomato. Set up an OpenVPN client on your router by following the instructions.

  1. Open a web browser and head to your router’s dashboard while connected to your router’s wifi or LAN. By default, this is Enter the credentials that you established during the first Tomato installation.
  2. Once signed in, on the left sidebar, choose VPN Tunneling, followed by the OpenVPN client.
  3. The next page will require you to get the essential information from your VPN provider. Complete each field as required.
  4. If your version of Tomato lacks login and password fields, you must go to Administration > Scripts and type the following instructions, substituting your VPN credentials for username and password. username > > /tmp/password.txtecho password >>/tmp/password.txtchmod 600/tmp/password.txt
  5. Select the Advanced option and provide any additional information requested by your provider. This contains numerous lines from your provider’s OpenVPN configuration file that you’ll need to copy and paste into the Custom configuration box. Again, ask your provider what to include in this section.
  6. Following that is the Keys tab. Here, you’ll provide additional information that is often present in your provider’s OpenVPN configuration file. If they are not, they may be saved in separate files that you may download and view using a plain text editor such as Notepad. The static key should include everything that is included inside the tls-auth> element. Everything should be included inside the tag for the certificate authority.
  7. At the bottom of the page, click the Save button, then click Start now.
  8. To verify that your connection was established successfully, go to the Status page.

Finally, if your VPN service maintains its own DNS servers (which all of the ones we suggest do), you’ll want to include those as well:

  1. Click Basic > Network on the left sidebar.
  2. Set DNS Server to Manual under WAN Settings and input your VPN provider’s main and secondary DNS server addresses in the next two columns.
  3. Save and you should be all set!

How to install and configure OpenVPN on AdvancedTomato

On AdvancedTomato, everything is almost identical to Shibby, with a few notable differences. Rather than “VPN Tunneling,” the left sidebar tab is simply called VPN.

The primary change is that the Advanced tab now has drop-down menus and toggles for many of the parameters, rather than requiring you to copy/paste from the OpenVPN configuration file. However, you must still copy/paste your keys and certificates into the Keys section.

For VPN users, Tomato versus DD-WRT

Whichever firmware you install, DD-WRT or Tomato will almost certainly depend on your router’s compatibility. However, if you have a choice, there are a few variables to consider.

Tomato’s advantages over DD-WRT

  • Tomato routers provide more consistent VPN support. Whereas almost all versions of TomatoUSB and its derivatives support OpenVPN, support for DD-WRT is substantially more hit-or-miss.
  • Tomato is often regarded as more user-friendly. Flashrouters, which offer pre-configured routers for the above-mentioned VPN, note a “higher success rate with Tomato when configuring and connecting to OpenVPN.”
  • Tomato has a wireless survey page that helps users in determining the optimal channel for a wireless network. You may sign up for alerts when new versions become available. Certain builds include support for Tor, BitTorrent, and USB.
  • Tomato enables users to configure two OpenVPN connections and switch between them effortlessly. Therefore, if one of your servers is unavailable or overburdened, or if you want a secondary site to connect to, this may be highly useful.
  • Tomato supports both real-time and historical monitoring of bandwidth.
  • Using policy-based routing, you may split-tunnel your connection between the VPN and your default ISP on a device-by-device basis.

DD-WRT’s advantages over Tomato

  • DD-WRT supports a greater variety of router models than Tomato does.
  • DD-WRT can support repeaters and other subnets.
  • DD-WRT typically includes more advanced built-in features for more tech-savvy users.

PPTP should not be used.

PPTP, or Point-to-Point Tunneling Protocol, is one of the most established VPN protocols available. It is widely accessible and is integrated into many laptops, cellphones, and routers. Tomato is included in this. However, since PPTP includes known security weaknesses that anybody with little know-how and effort may exploit, it is best avoided. More information regarding VPN protocols and why you should avoid PPTP can be found here.

While PPTP is not secure, it does provide a few benefits. It’s simpler to configure than OpenVPN or other protocols, and it’s somewhat quicker. Nonetheless, we strongly advise you to use OpenVPN across all other protocols.

The disadvantages of configuring a VPN on a router

We’ve discussed the many benefits of setting up a VPN on your router, but readers should also be aware of the disadvantages. All of your devices will be tunneled over a single VPN connection, which may get congested if there are a large number of devices connecting to the router simultaneously. This may be mitigated somewhat by using split tunneling (policy-based routing) for certain devices, but it is not simple to configure.

If the server to which you’ve configured a connection goes down, switching is not simple. While Tomato versions that enable two distinct client VPN setups may circumvent this issue by simply switching, setting up a new server can be a lengthy process. Pre-configured routers or custom firmware, such as those provided by ExpressVPN, simplify the resolution of these issues.

Finally, establishing a VPN requires computational resources to encrypt and decode outgoing and incoming traffic. Computers and cellphones have plenty of power for this kind of operation, and hence their speeds are not significantly impacted. However, the majority of routers are far less powerful. Depending on the hardware configuration of your router, running a VPN client on it may significantly reduce your download and upload speeds.

VPN for Tomato Routers FAQs

How do I configure a dedicated VPN router consisting of two routers?

The simplest method to do this is to cascade your routers. The first router connects directly to the modem through an unencrypted connection. The second router is connected via LAN wire to the first and configured to utilize the VPN.

Any device connected to the first router will make use of the standard, direct connection. VPN will be used on any device connected to the second router.

Which routers are the best for running a Tomato VPN?

Although we do not evaluate routers, the following are some of the most highly recommended models for configuring a VPN using TomatoUSB, Shibby Tomato, or Advanced Tomato firmware:

  • Asus RT-N66U
  • Tenda W1801R/W1800R Wireless AC1750 
  • NETGEAR Nighthawk series*
  • ASUS RT-AC3200
  • Netgear R series*
  • D-Link DIR-868L
  • Linksys EA6900
  • D-Link DIR-868L

This indicates that all or the majority of models in this series are compatible with Tomato firmware and VPNs.

Is VPN support built-in to all routers?

No. Budget models, in particular, are often deficient in terms of functionality, including VPN capability. There is simply no option in the admin panel to configure a VPN connection.

VPN functionality is often incorporated into the firmware of a router. You may change, or “flash,” an existing router’s firmware with VPN-compatible firmware such as Tomato. However, this procedure requires considerable technical expertise and, if not performed correctly, might permanently damage your router, so proceed with care.

Found this useful? Share with