Quick & Easy: Tinc VPN on ASUSWRT-Merlin

Quick & Easy: Tinc VPN on ASUSWRT-Merlin

a new installment in the quick & easy series!

Tinc VPN 1.1 on ASUSWRT-Merlin
with windows client (repeat client step to add more clients)

setup tinc and open firewall (on router)

  • echo #!/bin/sh >> /jffs/scripts/init-start
  • echo modprobe tun >> /jffs/scripts/init-start
  • echo /jffs/sbin/tincd -n vpn >> /jffs/scripts/init-start
  • echo iptables -I INPUT -p tcp --destination-port 655 -j ACCEPT >> /jffs/scripts/firewall-start
  • chmod a+rx /jffs/scripts/*

Go to Administration - System in Router Admin Page
and set Enable JFFS custom scripts and configs to Yes

Load tun module temporarily

modprobe tun

Install Tinc VPN

  • wget http://files.lancethepants.com/Binaries/tinc/arm/tinc%201.1pre11/tinc -O /jffs/sbin/tinc
  • wget http://files.lancethepants.com/Binaries/tinc/arm/tinc%201.1pre11/tincd -O /jffs/sbin/tincd
  • chmod +x /jffs/sbin/tinc*

Configure router node

  • mkdir -p /jffs/etc/tinc/
  • /jffs/sbin/tinc -n vpn init router
  • /jffs/sbin/tinc -n vpn add subnet
  • /jffs/sbin/tinc -n vpn add address=myrouter.domain.ninja-or-ip

the below might have broken in newer asuswrt-merlin, atleast one of them should work

  • echo 'ip addr add dev $INTERFACE' > /jffs/etc/tinc/vpn/tinc-up
  • echo 'ip link set $INTERFACE up' >> /jffs/etc/tinc/vpn/tinc-up

in case the above fails try

  • echo ifconfig $INTERFACE netmask > /jffs/etc/tinc/vpn/tinc-up

Configure client node (on windows computer)

if you want to add more clients, change name and ip

Download & Install Tinc

Navigate to C:\Program Files (x86)\tinc
Click on File > Open Command Prompt > As Administrator

  • tinc -n vpn init client1
  • tinc -n vpn add connectto router
  • tinc -n vpn add subnet

setup ethernet interface

  • cd tap-win64
  • addtap.bat
  • cd ..

go to Control Panel\Network and Internet\Network Connections
(note the name of the tap adapter)

  • netsh interface set interface name = "insert name of tap adapter" newname = "tinc"
  • netsh interface ip set address "tinc" static

Exchange Keys to the kingdom

Repeat this step on all your clients

Install winscp on client1
(right click shortcut and run as administrator)

login with these settings

File Protocol: SCP
login with ssh user/password

Open Syncronize with CTRL + S
Local: C:\Program Files (x86)\tinc\vpn\hosts\
Remote: //jffs/etc/tinc/vpn/hosts
Direction/Target to Both
Click OK and OK

test it with


  • /jffs/sbin/tincd -n vpn -D -d3


  • tincd -n vpn -D -d3

Run as daemon (on both router and client)


  • /jffs/sbin/tincd -n vpn


  • “C:\Program Files (x86)\tinc\tincd -n vpn”

thanks to lancethepants for binaries, tinc for vpn
asus for awesome hardware and merlin for his firmware

DigitalOcean Referral Badge
Keep my site online & receive a $100 60-day credit at DigitalOcean for your VPS Hosting
Cheaper Games on Instant-Gaming
Proudly published with Ghost | Header Image by GUWEIZ@DeviantArt Creative Commons Licence