How do I install Hotspot Shield on my FreshTomato router?

Step-by-step guide

  1.  Go to and click on Account.  Sign in if you’re asked.

  2. Go to
    Go to the Select location dropdown and pick the virtual location that the router will use. Now click on “Download file.” The configuration file (config.ovpn) will be downloaded to your computer (Note where the file will be located, as you will need this later). 
  3. In the separate browser window, sign in to the Control Panel of your router
    For most routers, you’ll want to enter in the address bar or refer to your router documentation for your router’s address.
    Note:  The user name and password for your router are different from the credentials you obtained from the Hotspot Shield account page.

  4. In the Tomato Control panel, go to VPN tunneling and then select the OpenVPN Client menu

  5. Click on Basic tab and adjust the settings as shown in the screenshot below:router1.png
  6.  For the Server Address, you'll need to open the .ovpn configuration file  that you downloaded in Step 2 in a text editor.  See the screenshot belowimage_4.png

  7. Go back to the Router Account page ( and copy the username and password. User_name_and_password.png
  8. Paste them into the router configuration under Username and Password
  9. Select the “Advanced” tab and copy/paste the following parameters into the Custom Configuration field as shown below: 
verify-x509-name [server domain name] name
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
reneg-sec 0
remote-cert-tls server
auth sha256
cipher AES-128-CBC
verb 3


Note: If you do not enter these parameters into Additional Config section during set up, we do not guarantee your privacy and the best performance we can provide.

Once you pasted this section, replace [server_name] with the name of the server you used for Server Address in the Basic tab (just copy/paste it here)

10. Select “Keys“ tab, where you will need to do the following:

  • Open configuration file, copy the section between <ca> </ca> tags (do not copy <ca> tags) and paste it into Certificate Authority field.

  • Copy the section between <cert> </cert> tags from config file into Client Certificate field

  • Copy the section between <key> </key> tags from config file into Client Key field

11. Scroll down and click Save.

12. To start connection through VPN, click “Start Now” button. In order to check if you have connected successfully please visit Status tab. 

Note: To double-verify if your VPN connection is established, go to or and check if your IP address is different from your default IP that’s provided by your ISP.

Disconnecting from Virtual Location

When you want to disconnect from the VPN service, you can log in to the Control Panel of your router and click the Deactivate button in the VPN Server list.


When you enable the VPN but for some reason VPN cannot connect to the server, there will be no Internet in your network. Some of the reasons the VPN might not be able to establish a successful connection are:

  • Your ISP does not allow VPN to be enabled (leased equipment, firewall, etc.)
  • Your Premium subscription has ended
  • Our server is temporarily unavailable for a particular virtual location

Restore your previous settings

If you need to turn off the VPN,  go back to the Control Panel on the router and select the Services tab and then the VPN tab. Disable the VPN client