Save $460 + get an OVPN-tshirt when purchasing the 3-year subscription

Install OVPN on an Edgerouter (EdgeOS)

This guide is also available in Svenska, Deutsch and Norsk

Last updated: January 14, 2022

1. SSH into the router

Connect to your EdgeRouter by typing ssh ubnt@router IP. If you have changed the name of the admin account, use that username instead. Router IP is the IP address of the EdgeRouter. For instance, ssh ubnt@

2. Download the configuration you want

Total infrastructure ownership

All the hardware used to operate OVPN is owned by us. All VPN servers operate without hard drives as the operating system only resides in RAM.

Learn more

3. Enter your login credentials

echo  "CHANGE TO YOUR USERNAME"  >> /config/user-data/credentials
echo "CHANGE TO YOUR PASSWORD" >> /config/user-data/credentials

4. Configure interfaces

Run the following commands:

set interfaces openvpn vtun0 config-file /config/user-data/ovpn.ovpn
set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'


edit service dns forwarding
set name-server
set name-server

set system name-server

5. Router interface

Open up your browser and log in to the Edgerouter browser interface. It's the same IP address that you used to SSH into in the first step, and is by default

Navigate to Firewall/NAT. Click on NAT. Click on + Add Source NAT Rule.

Enter the following:

masquerade for vtun0
Should be selected
Outbound Interface
Use Masquerade
Exclude from NAT
Should not be selected
Enable Logging
Should not be selected
All protocols
Src Address
(leave blank)
Src Port
(leave blank)
Src Address Group
(leave blank)
or interface Addr
(leave blank)
Src Network Group
(leave blank)
Src Port Group
(leave blank)
Dest Address
(leave blank)
Dest Port
(leave blank)
Dest Address Group
(leave blank)
or Interface Addr
(leave blank)
Dest Network Group
(leave blank)
Dest Port Group
(leave blank)

Save the changes.

Click and drag masquerade for vtun0 so that it is located above masquerade for WAN. After that, click on Save Rule Order.

6. Finished

You should now be connected to OVPN and be able to browse the internet safely. To make sure everything was set up correctly, please check the dashboard to verify that you are connected.


In case the connection was not set up properly when you verified it in the previous step, please send us the OpenVPN log so we can assist. You can retrieve it by writing:

cat /tmp/openvpn.log