Advanced: Activate Google Fi With a VPN (DD-WRT)

Advanced: Activate Google Fi With a VPN (DD-WRT)
Advanced: Activate Google Fi With a VPN (DD-WRT)

Let’s take a look at how to activate Google Fi with a VPN in the following guide:

Requirements:
1. Google Fi Compatible Phone + Fi SIM OR eSIM
2. NETGEAR WiFi Router, flashed with DD-WRT firmware

  1. Sign up for Surfshark (RAM-only VPN Servers!) $1.99/mo
  2. Make sure your account address is listed somewhere in the United States, such as a co-working space or other address within the country.
  3. Use Borderlinx to get an address to send your Google SIM card + phone for activation. Alternatively, you only need to use the built-in eSIM in your Pixel 3/4/5 phone.

Sign up for Surfshark VPN

Surfshark: secure online VPN service & more

  • 3,200+ Servers in 100 Countries
  • Unlimited devices
  • No Logs Policy
  • All advanced security features
Buy from Surfshark

Find your Surfshark details

The credentials for the Surfshark service differ from the credentials of your Surfshark account, namely your e-mail and your password. You need credentials for the Surfshark service in order to connect to the VPN via a manual OpenVPN configuration, which is explained below.

Here is how you can get your Surfshark service credentials:

  1. Log in to your newly created Surfshark account and visit the manual connection guide.
  2. Scroll down on this page to see your various location configuration files, as well as your username and password.

You may need to log in before you get to this page. In this case, enter your e-mail address and password and then click Login.

Choose Surfshark server

  1. On the same page, you will find a list of VPN locations and associated hostnames. The hostname is listed under each of the locations.
  2. Note the hostname you want to connect to. You will want to copy the hostname you want to connect to later in this tutorial.

Configure the OpenVPN client

  1. Log in into your NETGEAR WiFi Router (using DD-WRT) at http://192.168.1.1 (typically)
  2. In the DD-WRT control panel, open the Setup tab, scroll to the DHCP settings of the network address server, and enter the following information:

Static DNS 1 = 162.252.172.57
Static DNS 2 = 149.154.159.92
Static DNS 3 = 0.0.0.0 (default)Use DNSMasq for DHCP = Checked
Use DNSMasq for DNS = Checked
DHCP-Authoritative = Checked

Then, click Save and Apply Settings.

  1. Then click on the Service tab, select VPN and find the OpenVPN client.
  1. Enter the following information:

Server IP / Name: Enter the hostname of the server you have collected in the “Choose Surfshark server section of this tutorial.

Port: 1194;
Tunnel Device: TUN;
Tunnel Protocol: UDP;
Encryption Cipher: None;
Hash Algorithm: SHA-512;
User Pass Authentication: Enable;
Username: Your Surfshark service username that you have found at the “Find your Surfshark details” section of this guide.
Password: Your Surfshark service password that you have found at the “Find your Surfshark details” section of this guide.

Note: If there are no username and password fields, fill in the other fields as specified in this tutorial and continue with step 3.1.

Advanced Options = Enable (this will enable additional options);
TLS Cipher: None;
LZO Compression: Disabled;
NAT: Enable

Surfshark recommends not changing any other fields.

3.1. (Optional, depending on step 3.) If you do not see any fields to enter your credentials, please advance to Administration > Commands, and enter these commands:

echo "USERNAME
PASSWORD" > /tmp/openvpncl/user.conf
/usr/bin/killall openvpn
/usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon

Please make sure to replace USERNAME and PASSWORD with your Surfshark service credentials that can be found at the bottom of this page. Click Save Startup, and return to the previous VPN tab.

Also, add this line to the field of Additional Config:

auth-user-pass /tmp/openvpncl/user.conf

5. In Additional Config field enter these commands:

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
cipher AES-256-GCM
auth SHA512
log /tmp/vpn.log

5. Copy the Certificate from here and paste it to the CA Cert field.

-----BEGIN CERTIFICATE-----
MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV
BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS
b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE
BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv
b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o
SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua
Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C
c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp
FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI
yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn
TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe
ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t
tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP
SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m
iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z
CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD
ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z
S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf
ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+
303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q
5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx
KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK
ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG
EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq
X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087
FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC
LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI
623cSEC3Q3UZutsEm/UplsM=
-----END CERTIFICATE-----

6. Copy the Static key from here and paste it to the TLS Auth Key field.

-----BEGIN OpenVPN Static key V1-----
b02cb1d7c6fee5d4f89b8de72b51a8d0
c7b282631d6fc19be1df6ebae9e2779e
6d9f097058a31c97f57f0c35526a44ae
09a01d1284b50b954d9246725a1ead1f
f224a102ed9ab3da0152a15525643b2e
ee226c37041dc55539d475183b889a10
e18bb94f079a4a49888da566b9978346
0ece01daaf93548beea6c827d9674897
e7279ff1a19cb092659e8c1860fbad0d
b4ad0ad5732f1af4655dbd66214e552f
04ed8fd0104e1d4bf99c249ac229ce16
9d9ba22068c6c0ab742424760911d463
6aafb4b85f0c952a9ce4275bc821391a
a65fcd0d2394f006e3fba0fd34c4bc4a
b260f4b45dec3285875589c97d3087c9
134d3a3aa2f904512e85aa2dc2202498
-----END OpenVPN Static key V1-----

7. Make sure you have entered everything correctly and click Save and Apply Settings.

Connect to the VPN

As soon as you click Apply settings after configuring your OpenVPN client, your router will automatically connect to the VPN.

To disconnect from the VPN, select Services -> VPN -> OpenVPN client and disable the OpenVPN Client. To reconnect, enable it again.

To make sure you are connected to the VPN, go to Status -> OpenVPN. If the connection was successful, you should see the following:

Congratulations – you have successfully installed and configured Surfshark VPN on your router! As long as you are connected, your location is private, and your sensitive data is secure. You can now activate your Google Fi device wherever you are, as long as you select a VPN location in the US!

If you have any further questions, please contact the Surfshark customer success team, who will help you 24 hours a day via live chat or email.

More reasons to Try Surfshark

  1. RAM-only servers – Recently modified, they only work on RAM-only servers, which ensures more privacy and security by automatically deleting all information from the server once it is turned off.
  2. Access 15+ Netflix libraries – Access more content!
  3. Access to the Peacock streaming service – Outside the USA
  4. Unlimited devices – Many other service providers have limitations on the number of devices you can connect and protect via the VPN.
  5. Integrated Adblocker CleanWeb – Additional protection.
  6. Kill Switch – The kill switch feature protects you from accidentally revealing your data when your VPN connection breaks down by disconnecting you from the Internet.

How did it go? Please leave a comment below if I missed something or if everything worked for you. I would love to hear from you!

I found Speedify + Connectify to be one of the easiest ways to make things work instantly and without too much effort. You can use other VPNs, but you still need a way to somehow get your phone into the VPN network and they have set up these two tools to do that.

I used Google Fi from Comber, Ontario to Quebec and had service most of the time, except for Mont-Tremblant National Park, where there is little cell phone reception. If you can, try calling via WiFi apps, otherwise it costs 20 cents per minute when you call home to the United States.

I may earn a small commission for my endorsement, recommendation, testimonials and / or links to products or services linked above. Your purchase helps my work to bring you more photographs, travel guides and more trips around the world.

Read more