Roku has an impressively large number of devices out on the market. The company was one of the first to really make real any headway into online media streaming devices for television sets. As with most TV boxes or sticks, you can stream Kodi on the Roku (although with more steps than usual to get it completely set up). And if you’re planning to turn your maximize the benefit of your device for streaming Kodi you’re going to want to setup a VPN on Roku as well.
Our guide below will help you work your way through the process for how to effectively pair a VPN with your Roku Express, Ultra, or Premiere.
If you’re looking for how to install and setup Kodi on your Roku device, check out our detailed guide: How to Setup Kodi on Roku – Premiere, Express, Ultra, & Streaming Stick.
Before We Proceed
Kodi’s extremely popular streaming functionality brings a large number of movies and TV shows right to your device through many popular third-party addons. However, some Kodi users who stream through Kodi using third-party addons receive copyright infringement notifications from their ISPs. This can be stressful and unpredictable, leading many Kodi users to turn to a VPN to protect their identity. Through our VPN testing, we’ve determined that IPVanish is the best option for Kodi users.
IPVanish is a VPN service that emphasizes user privacy and anonymity on all fronts. You’ll find that IPVanish has multiple methods to ensure your identity stays safe from your ISP, including shared IP addresses and a unique kill switch that will shut off access to any program that is leaking your IP. IPVanish also has hundreds of servers spread across the globe that allow users to access geographically-locked content from almost anywhere in the world.
Setup a VPN on Roku Express, Ultra, and Premiere
Important note: Whether you’re using the Roku Express, Roku Ultra, or Roku Premiere, each of these devices use the same operating system that you’ll find on Roku’s other streaming sticks. That also means you’ll be dealing with Roku’s somewhat uncommon operating system. Although the Roku’s operating system is fairly user-friendly, it’s not developer friendly, in that you won’t find any VPN apps that you can install directly onto the device. You also cannot install Kodi directly onto the device through an app download.
Our research on this leads us to find that you’ll need to use an alternative method that involves setting up a VPN on your internet wireless router. This may or may not be possible for you, depending on the router, and it will likely require you to install either DD-WRT or Tomato software onto your router. The process is somewhat complex, so we recommend that you avoid trying to go it alone and make sure to follow the below guide as closely as possible.
If the below process is a bit too complex, you may want to consider ordering a DD-WRT or TomatoUSB FlashRouter from IPVanish. These routers help you skip the lengthy process required to install a VPN onto your home wireless router, while possibly giving your router a much-needed technology upgrade. If you have an IPVanish account when you purchase the router, you can even have it pre-loaded with your individual setup out of the box.
For the guide below, we use IPVanish as the example. However, it’s important to note that IPVanish is not the only VPN service that will work with this method. Other programs may work as well. We recommend checking to ensure whichever VPN service you’re looking into will work with your router first before creating an account with that service.
Step 1: Obtain VPN Account Information
Before starting the VPN installation process on your router, you will need to create your VPN account. As we’re using IPVanish, you will need to create your account first to obtain the login information. IPVanish provides a free 7-day trial. This should allow you the chance to see whether this process and a VPN on a router, in general, is an option you want to consider before taking any other routes (such as buying a different Kodi TV streaming box).
Additionally, this guide focuses solely on DD-WRT. While both may work, DD-WRT works with far more wireless routers than Tomato, and the firmware has been updated far more recently than Tomato. We believe that DD-WRT will be your best option.
Step 2: Begin the Process with DD-WRT
- As DD-WRT’s installation process will vary depending on your device, you will need to click here to head over to DD-WRT’s website and locate the proper installation guide for your router. Once you have done so and installed DD-WRT on your router, return here for the VPN setup. Note: Before installing the DD-WRT firmware on your router, make sure you know your router’s username and password.
- With DD-WRT installed, decide wether you will use either OpenVPN or PPTP. Our suggestion is to go with OpenVPN, as it provides somewhat superior security protection. That said if your preference if for more speed, PPTP will offer more benefit to you. Click here for a more detailed guide to how this works with PPTP.
- Open the DD-WRT administration page. You can enter the DD-WRT administration page using your wireless router’s IP address. This will vary by device, but may be one of the following:
- Linksys routers: use 192.168.1.1
- D-Link and NETGEAR routers: 192.168.0.1
- Cisco routers: 192.168.10.2, 192.168.1.254 or 192.168.1.1
- Some Belkin and SMC routers: 192.168.2.1
- US Robotics routers: 192.168.123.254
- If you are unsure of your IP address, and your physical router does not have one printed on it anywhere, go to your computer’s command prompt and type in the following: ipconfig | findstr /i “Gateway”. This will reveal your gateway address
- When you find your IP address, it should load up your DD-WRT control panel, such as is seen below:
- In the control panel, select the “Services” tab at the top and enter your authentification to proceed. You may need to perform a factory reset on your router if you are unsure of this information. Note that doing so may force you to re-install the DD-WRT firmware onto the router
- Once logged in, look under the “Services” tab and scroll down to the bottom of the page. Where see System Log, click Enable and then Save. Doing this is a precautionary measure that will begin logging information. You can use this in case something goes wrong and send that log information to IPVanish for assistance.
- After hitting Save the page will refresh. Now, return to the top of the page and click on the sub-tab that says VPN. Under here, find OpenVPN Client. Click to Enable the OpenVPN client.
Part 3: Detailed VPN Setup
- The previous should have expanded your options. Next, follow these steps exactly as written here:
- Server IP/Name: enter the IPVanish host that you want to connect to. In our example, you’ll see that hostname ‘lax-a01.ipvanish.com’ was chosen. This is not the only option avaialble. You can find different host names by logging into IPVanish application, connecting to a VPN of your choice, and then checking the hostname from the main screen. You can also find host names by clicking here. When using hostnames, you’ll be entering the city abbreviation and number, and then adding in “ipvanish” at the end. Example: dal-a01.ipvanish.com for a Dallas-located hostname.
- For Port: enter 443.
- For Tunnel Protocol: click the drop-down, and select TCP
- For Tunnel Device: click the drop-down, and select TUN
- For Encryption Cipher: click the drop-down, and select AES-256-CBC
- For Hash Algorithm: click the drop-down, and select SHA256
- For nsCertType Verification: leave this alone
- For Advanced Options: click the button labeled Enable
- After you’ve selected Advanced Options, you will get presented with more information. Type in the following under the Advanced Options area exactly as written here:
- Use LZO Compression: Click the button labeled Enable
- NAT – tick the radio button labeled Enable
- Local IP Address: leave this alone
- TUN MTU Setting: leave this configured at 1500
- MSS-Fix/Fragment across the tunnel: – leave this alone
- TLS Cipher: click the drop-down, and select AES-256-SHA
- TLS Auth Key: leave this alone.
- Nex to Additional Config, you will need to type in the following information as it is written below. Where you see [IPVanish Hostname], replace the phrase, brackets included, with the hostname you chose above:
persist-remote-ip keysize 256 tls-remote [IPVanish hostname**] auth-user-pass /tmp/auth.conf script-security 3 system
- Click here, and then beneath the box labeled CA Cert, copy all of the text. Paste that copied text back on your DD-WRT setup page under CA Cert.
- Check over all of the settings you have entered so far, looking for any inconcistencies compared to what we have in our guide above. If everything looks good, click on Save. Your page will be refreshed at this point. After the refresh, head back to the top of the page and click on Security.
- Look under the Security section to locate a section labeled Log Management. Click Enable and then select High from the drop-down menu for Log level. After this, click Save at the bottom. This process will help provide some enhanced log information that you can provide to IPVanish in case you run into any problems beyond this point.
- After the next page refresh from your previous action, head back to the top of the page and locate the Administration tab. Under Administration, select the Commands subtab. In the Command Shell enter the following information into the empty box. Replace everything you see below that’s in the brackets (brackets included) with your IPVanish user information. Make sure to keep the quotation marks:
#!/bin/sh touch /tmp/auth.conf echo "[YOUR USER NAME*]" > /tmp/auth.conf echo "[YOUR PASSWORD**]" >> /tmp/auth.conf
- With the information above now entered, click on Save Startup. You will then see the information you just entered in a new box labeled Startup.
- When you return to the top of your screen, stay in the Administration tab. Now, click on the Management subtab. Scroll to the bottom of the page and select Reboot Router. Wait for a few minutes, and then head to an IP or speed testing website such as https://www.whatismyip.com or https://www.speedtest.net. If it’s now changed to the host you entered, you have successfully setup your router with IPVanish!
Step 4: Troubleshooting
If your process worked just fine, you should be able to go back in and change the hostname without updating any other aspects to the settings. You will then be able to connect to any VPN server that IPVanish manages. Additionally, when you change your router to connect to a VPN, you’ll be able to connect all of your devices to that VPN server, not just your Roku Express, Ultra or Premiere.
However, if you find that this process has not yielded the desired results, you may need to collect the log information that you saved earlier and send that information off to IPVanish user support. IPVanish should be able to quickly identify why you are unable to connect. We also recommend sending them screenshots of what your settings look like, as they may be able to assess where the error lies visually.
IPVanish also provides some additional information specific to Roku users if you are having trouble getting your Roku working with the VPN.
Important: When you use this method, you are connecting directly to an IPVanish VPN server, but you are not getting the same VPN experience as you would through their application. There are some security measures in place with IPvanish on the hardware end, but any software options you may use with the app will not exist here. You cannot easily change settings, so you will have to go back in and do so through the DD-WRT settings panel.
Why Use a VPN With a Roku Device?
The Roku Express, Ultra, and Premiere are excellent streaming devices. If your plan is to use these devices for general streaming purpose, you won’t need to go through the complex process to setup a VPN on Roku through your router. However, if you do intend to use Kodi on your Roku device, a VPN will be a necessity. However, the VPN will have more uses than just streaming through Kodi. With a VPN on your router, you can do all of the following on Roku:
- Add and run private channels
- Use the web browser to access different websites
- Access geographically-locked content
What many Roku users do no realize is that there are secret channels available on Roku. These channels range in what they offer, but many of them are geographically locked and may need a VPN in order to effectively access them. Installing a VPN on your router will let you get around this problem, as long as you connect to the right VPN server.
As stated earlier, however, you may want to consider obtaining a FlashRouter with DD-WRT and IPVanish (or another VPN service) already setup and ready to go. Additionally, if Roku comes off as too complicated, consider purchasing a more VPN-friendly device, such as an Amazon Fire TV Stick or Nvidia Shield.
Sam Cook is a full-time content strategist by day, a part-time freelance content writer since 2015. In another life, he was a high school English teacher for nearly a decade. Based in sunny New Orleans, he writes long-form educational content on technology, including Insurtech, Fintech, HRtech, and content streaming. He loves whittling down complex ideas within these areas that make decisions easier for buyers. When he’s not reading books with his son Miles and playing video games with the family, you can find him immersed in his growing collection of Euro-style board games.