The Roku Streaming Stick has been around long enough to attract more than a few tinkerers. It should come as no surprise, then, that plenty of people have developed ways enhance your Roku Streaming Stick — including using one with a VPN, or virtual private network. Adding a VPN to your Roku will help ensure more privacy and security when streaming through the device as well as give you more streaming options for geographically-blocked content. Below, we’ll help you work your way through the process to install a VPN on the Roku Streaming Stick.
Important note: The Roku does not use a common operating system. The method we list below may not work for you if you do not have the proper router or the proper router firmware installed. Specifically, this method requires to you have to have a router that can utilize DD-WRT or Tomato. As routers vary, you will need to follow guide from the included links to install DD-WRT or Tomato onto your router, or already have either of these two installed before attempting to do this method. Our guide focuses specifically on DD-WRT.
Want to skip this whole process? Order a DD-WRT or TomatoUSB FlashRouter from IPVanish. These routers come ready to use with IPVanish out of the box, no messy installation needed. You can even enter your IPVanish information upon purchase to have everything set up for you before the product ships.
Can I Just Download a VPN on the Roku Streaming Stick?
Unfortunately, Roku is not setup to install VPNs in a traditional sense. There are no built-in VPNs for Roku, and you will not find any VPNs on Roku’s app store. Additionally, Roku does not run off of a common operating system. It uses its own, homegrown OS, Roku OS. This means that applications designed for more common operating systems, such as Android, Windows or Mac devices, simply will not work. You will have to utilize a somewhat unique method that involves changing your actual router settings.
To that end, we would like to remind readers that this method will only work if you have Tomato or DD-WRT firmware on your router.
By installing a VPN on your router, you can use a VPN to cover your entire network, benefiting from all of the aspects of a VPN. However, our suggestion for these purposes is IPVanish, a VPN service that pairs well with a router. We recommend IPVanish for anyone looking to add VPN protection to a Roku Streaming Stick or any other Roku device. IPVanish delivers a high-quality service with an emphasis on privacy. We’ve thoroughly reviewed IPVanish, giving it the highest ranking among other major VPN services.
Additional IPVanish benefits
How to Install IPVanish on Your Router
To install IPVanish on your router, you will first need to make sure that your router has either DD-WRT or Tomato installed. IPVanish works for either type. This walkthrough will focus solely on DD-WRT, and will also require you to have an IPVanish account created before you begin. You can create an account for free and benefit from a 7-day trial to see if the service is right for you.
For a DD-WRT router, do the following:
- Choose either OpenVPN or PPTP. We suggest using OpenVPN, as it provides better security. However, if you prefer speed at the cost of some security benefits, go with PPTP. Click here for a detailed guide on how to do this process with PPTP
- Open your DD-WRT administration page. This is typically accomplished by typing in 188.8.131.52. However, your default LAN address may be different. If you are unsure, or if the typical default LAN address does not work for you, go to your computer’s Command Prompt and type, or copy and paste, the following: ipconfig | findstr /i “Gateway”. This will reveal your gateway address
- Click the “Services” tab at the top of the page and enter your authentication. If you are unsure what this information is, you may need to perform a factory reset on your router and create new authentication
- Under “Services”, scroll to the bottom of the page and locate System Log. Click Enable and then click on Save at the bottom of the screen. This is just a precautionary step that allows the IPVanish support staff to better assist you should anything go wrong during this process. This will keep a log of all changes
- The page will refresh after the previous Save. Return to the top of the page, and click on the sub-tab that says VPN. Under OpenVPN Client, click on Enable
- The previous step will expand your options. Now, follow the next steps exactly as written here:
- Server IP/Name: enter the IPVanish host you wish to connect to. In the example, hostname ‘lax-a01.ipvanish.com’ was chosen. You can find specific host names by logging into your regular IPVanish application, connecting to a VPN of your choice, and then checking the hostname from the main screen. You can also find host names by clicking here. Simply use the city abbreviation and the number, and then add in “ipvanish.com’ to the end, such as dal-a01.ipvanish.com for a Dallas-located hostname.
- Port: enter 443.
- Tunnel Protocol: click the drop-down, and select TCP
- Tunnel Device: click the drop-down, and select TUN
- Encryption Cipher: click the drop-down, and select AES-256-CBC
- Hash Algorithm: click the drop-down, and select SHA256
- nsCertType Verification: leave this alone
- Advanced Options: click the button labeled Enable
- With the Advanced Options clicked, you’ll now need to enter more information. Enter each of the following under the Advanced Options area exactly as written here:
- Use LZO Compression: Click the button labeled Enable
- NAT – tick the radio button labeled Enable
- Local IP Address: leave this alone
- TUN MTU Setting: leave this configured at 1500
- MSS-Fix/Fragment across the tunnel: – leave this alone
- TLS Cipher: click the drop-down, and select AES-256-SHA
- TLS Auth Key: leave this alone.
- Beside Additional Config, you’ll need to enter the following exactly as written below. Where you see [IPVanish Hostname], replace the phrase, brackets included, with the hostname you chose above:
persist-remote-ip keysize 256 tls-remote [IPVanish hostname**] auth-user-pass /tmp/auth.conf script-security 3 system
- Under the CA Cert box, click here, and then copy the text on that page into the CA Cert
- Review your settings and check for any inconsistencies from our list here. Then, at the bottom, click on Save. Your page will be refreshed. From there, go back to the top and click on the Security
- Under the Security section, locate the Log Management. Click Enable and then select High from the drop-down menu for Log level. Finally, click Save at the bottom. This will help provide enhanced log information for IPVanish support services should you have issues with the next steps
- Next, after the page refresh, return to the top of the screen and click on Administration. Under Administration click on the Commands sub-tab. In the Command Shell enter the following in the empty box. Replace everything in the brackets (brackets included) with your IPVanish user information. Make sure to keep the quotation marks:
#!/bin/sh touch /tmp/auth.conf echo "[YOUR USER NAME*]" > /tmp/auth.conf echo "[YOUR PASSWORD**]" >> /tmp/auth.conf
- Once you’ve entered the above information, click on Save Startup. You will then see the information you just entered in a new box labeled Startup
- At the top of the screen, while still in the Administration tab, click on the Management sub-tab. Scroll to the bottom of the page and click on Reboot Router. After waiting a few minutes, head to a website like http://www.whatismyip.com or http://www.speedtest.net to test your IP address. If it’s now changed to the host you entered, you have successfully setup your router with IPVanish!
If you find that your Roku is not connecting to your desired geographic location, you may need to do some further settings changes. IPVanish provides more details specific for Roku users if this is your situation.
It’s important to note as well that using this method does not provide you with the same functionality you get with a typical IPVanish application. That means you cannot change settings, and you cannot easily change your host. To change your host, return to the above router setup and change the hostname where applicable.
Why Would Do I Need a VPN on My Roku Streaming Stick?
If you plan on using your Roku Streaming Stick for regular streaming, a VPN is not a necessity. However, you may find that you need to “hack” the system a bit if you’re attempting to do any of the following with your Roku:
- Attempting to add and run private channels
- Using the web browser apps on the Roku
- Attempting to access geographically-locked content for services like Netflix
There are a wide variety of secret channels available for Roku. You can add these fairly easily, but you may not always be able to access the content on the channel if the content is blocked for your geographic region. This is a problem that a VPN can help solve.
If you find you want to use any of the web browser apps available on the Roku, you will almost certainly want to remain anonymous while browsing. This is especially important if you’re entering user information onto websites while using your Roku. It’s easy to believe you’re safer using Roku for web browsing, given the Roku OS is not common and less targeted. However, your communications made through the Roku browsing apps can still be monitored. You’ll want to avoid this through the use of a VPN
Finally, you will find that if you want to access geographically-blocked content, such as various Netflix regions outside of your own or the BBC iPlayer, you will need a VPN. A VPN will allow you to choose a remote server in a region where you can access that content. This will enhance what you can actually watch with your Roku, and high-quality VPN services make changing servers quick and easy.