Hello,

I recently found an old router and wanted to play around with it. I want to use it as a learning opportunity to understand networking and routing a little better. With this I read that DD-WRT is a great place to start considering how much freedom it gives you.

I had a potential project idea and was wondering if its possible. I basically want to use this old router as a sort of secondary protection when on public / semi-public wifi. For example in an apartment complex (that provides wifi) where I can get to the access point, would I be able to plug in my router to the access point, then connect to my router and have it serve as some type of either extra protection or something. More or less I would want some type of portable VPN, but I have no idea if this is possible.

I am very new to this, but I am super interested in learning, if anyone has any suggestions or tips on what to do, if this is even possible, or where I should start with something else it would be greatly appreciated!

Thanks.

Hi,

I need an help that how to revert back to stock firmware of Linksys from DD-WRT?

Am on build 55819 dated 4/17/2024 of Linksys WRT1200AC V1 and both partition is DD-WRT.

Please help?

Thanks 😊

Hi everyone,

I have a WRT3200ACM router flashed with DD-WRT Build v3.0-r44715. I'm looking for the MIMO Transmission - Fixed Rate setting. For my application, it is important that I be able to lock the MIMO rate. Does anyone know where this setting might be found or if it does not exist? Thank you.

I just flashed my router with DD-wrt and I got Surfshark VPN and installed it on the router with wireguard and it been working but I don’t want to route all my traffic through the VPN I just want my TV and some chrome casts go through it. I been trying to google a solution but I feel overwhelmed with the terms used and I never find the exact way I want to set it up. Can anyone help me set up like 10 specific IP-addresses that go through the VPN on the router and all other traffic doesnt? And help and link to some guide would be really helpful

Hello, i have a TP-Link WR840N whose fixed antennas only capable of 5db. I want to replace these antennas with 12db antenna by direct wiring to the motherboard but am not sure weather it supports more than 5db. Does does the dd-wrt firmware for this router support more db? or will it work with my 12bd antenna upgrade?

Hi, I have an Asus RT-WC68U running DD-WRT as and access point and everything seems to be working fine but without a VPN I cannot access reddit on the wifi. It works on my PC connected to the router but doesn't work through the DD-WRT access point. Is there some sort of setting that by default blocks reddit?

Hello all,

I have two ddwrt routers.

I would like to create a permanent VPN connection between these two ddwrt routers: local ddwrtA (VPN client) -> remote ddwrtB (server), with a twist.....

Both routers have 2 subnets (wifis):

• a private (hidden) one with all my devices (NAS, printer, TV, ip cameras, home automation) - private subnet.
• a guest one that only gives internet to visiting friends - friends subnet.

Yes, everything simple so far...

I would like to create a permanent VPN network between my ddwrrA client and my ddwrrB server.

Connecting to the private wifi should allow pinging, discovering and connecting to devices in remote network, for clients of both routers private subnet.

Additionally, I would like to make a 3rd subnet that would relay all internet traffic to the remote host for both routers (I suppose only changing the gateway to the remote ip).

ddwrtA:

• Currently: 192.168.1.2..254 - private network (local internet)
  • To do: be able to connect to 172.25.0.1..254, no internet forwarded (default gateway stays the same?)
• Currently: 192.168.10.2..254 - guest network (local internet)
• To do: 192.168.20.2..254 - tunnel all internet to 172.25.0.1 (remote internet)

ddwrtB:

• Currently: 172.25.0.2..254 - private network (local internet)
  • To do: be able to connect to 192.168.1.1..254, no internet forwarded
• Currently: 172.25.10..254 - guest network (local internet)
• To do: 172.25.20.2..254 - tunnel all internet to 192.168.1.1 (remote internet)

I've tried doing either if the ToDos, but i didn't manage.. there are so many tutorials, but it seems I'm not good enough... I don't understand everything very well. Nope, i don't have networking background :-(

Can anyone help me? Thank you!

Hi, I'm trying to set up IPv6 using my Asus router with DD-WRT installed. My issue currently is that the router is getting an IPv6 prefix from the ISP, but it isn't giving the clients any addresses, either via DHCPv6 or router advertisements.

My configs are as follows. I haven't made any modifications yet other than changing the settings in the web UI.

dhcp6c.conf:

interface vlan2 {
 send ia-pd 0;
 send rapid-commit;
 request domain-name-servers;
 script "/sbin/dhcp6c-state";
};
id-assoc pd 0 {
 prefix-interface br0 {
  sla-id 0;
  sla-len 0;
 };
};
id-assoc na 0 { };

dhcp6s.conf:

option refreshtime 900;
option domain-name-servers fe80::325a:3aff:fea0:4a02;

interface br0 {
        allow rapid-commit;
};

radvd.conf:

interface br0
{
 IgnoreIfMissing on;
 AdvSendAdvert on;
 MinRtrAdvInterval 3;
 MaxRtrAdvInterval 10;
 AdvHomeAgentFlag off;
 AdvManagedFlag off;
 AdvOtherConfigFlag on;
 AdvLinkMTU 1452;
 prefix ::/64
 {
  AdvOnLink on;
  AdvAutonomous on;
  AdvValidLifetime 30;
  AdvPreferredLifetime 20;
 };
 RDNSS fe80::325a:3aff:fea0:4a02 {};
};

The output of ip a is as follows:

1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: teql0: <NOARP> mtu 1500 qdisc noop state DOWN qlen 100
    link/void
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc sfq state UNKNOWN qlen 1000
    link/ether 30:5a:3a:a0:4a:00 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::325a:3aff:fea0:4a00/64 scope link
       valid_lft forever preferred_lft forever
4: vlan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP qlen 1000
    link/ether 30:5a:3a:a0:4a:00 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::325a:3aff:fea0:4a00/64 scope link
       valid_lft forever preferred_lft forever
5: vlan2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 30:5a:3a:a0:4a:01 brd ff:ff:ff:ff:ff:ff
    inet 100.86.163.33/10 brd 100.127.255.255 scope global vlan2
       valid_lft forever preferred_lft forever
    inet6 2605:59c8:1700:da95:325a:3aff:fea0:4a01/64 scope global dynamic
       valid_lft 286sec preferred_lft 136sec
    inet6 fe80::325a:3aff:fea0:4a01/64 scope link
       valid_lft forever preferred_lft forever
6: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc sfq master br0 state UNKNOWN qlen 1000
    link/ether 30:5a:3a:a0:4a:02 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::325a:3aff:fea0:4a02/64 scope link
       valid_lft forever preferred_lft forever
7: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc sfq master br0 state UNKNOWN qlen 1000
    link/ether 30:5a:3a:a0:4a:14 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::325a:3aff:fea0:4a14/64 scope link
       valid_lft forever preferred_lft forever
8: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN qlen 1
    link/sit 0.0.0.0 brd 0.0.0.0
10: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 30:5a:3a:a0:4a:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::325a:3aff:fea0:4a02/64 scope link
       valid_lft forever preferred_lft forever
14: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN qlen 1
    link/tunnel6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

I believe vlan2 is the WAN interface and br0 is LAN.

My current IPv6 settings are:
IPv6 Enabled
IPv6 type: Native from ISP
Prefix length: 56
MTU: 1452
Other entries are blank

Dhcp6c, dhcp6s, and radvd are enabled. No custom configs.

My ISP is SpaceX Starlink, who supposedly gives each customer a /56. IPv6 worked with the router they gave me, but it had a non-configurable firewall which is why I replaced it with this one. I can ping ipv6.google.com from the router just fine.

If any other information would be helpful I will try to provide it in due time. Thanks

Edit:

Wireshark shows router advertisements that look like this:

https://preview.redd.it/w40ib9twnbwc1.png?width=780&format=png&auto=webp&s=859606f4ea5fb54d6aeaa400532d6d42546fd52f

I notice that it doesn't appear to have an option for the available IPv6 prefix/addresses. I don't really know what it's supposed to look like, but it seems like it's missing something.

Edit 2:

Yep, apparently there is supposed to be a "Prefix Information" option that is missing. I wonder why radvd isn't setting it.

Edit 3:

According to https://superuser.com/questions/760016/radvd-is-not-assigning-prefix and https://askubuntu.com/questions/463625/ipv6-forwarding-kills-ipv6-connection/463654#463654, enabling packet forwarding disables router advertisements. I think they mean accepting RAs, because a router needs to have packet forwarding enabled, and in my case, also needs to send RAs.

Edit 4:

It works now. I updated to the latest firmware and switched IPv6 type to using DHCP-PD. Prefix length is still 56. I seem to be getting a public IPv6 address on both the WAN and LAN now. Wireshark shows prefix information in RAs. All is well.

Hello I have a switch connected to a ddwrt router where in the specific port there are all devices as untagged.. for management purpose..

The is a way to deny broadcasts messages coming from the switch to avoid router overload? (I can't modify switch broadcast configuration and vlans)

I am trying to use my phone (in tethering mode via USB) to get LTE internet so we can use it as a backup if/when our main internet goes down.

Does anyone know what settings (if any) need to go in here for Bell Mobility? Is there a username and password that is required? What about a PIN? Is the APN correct?

https://preview.redd.it/ruhq75nvawuc1.png?width=1363&format=png&auto=webp&s=4325be175c4bbd7219f0b746fe52a843202f136e

I installed DD-WRT on a spare router to use as a wireless dedicated print server for a USB printer in another room. I configured it as unbridged client Station Mode.
https://forum.dd-wrt.com/wiki/index.php/Client_Mode

I had to set static routing on my primary router, a Netgear WNDR3400v3, to cross subnets so I can reach the printer.

– primary router 192.168.0.1
– secondary router 192.168.1.2
– secondary router connected to primary as 192.168.0.109

Netgear WNDR3400v3 > Advanced > Advanced Setup > Static Routes:
– Private checkbox: checked (which I guess limits interface access to the LAN/WLAN side only)
– Destination IP Address: 192.168.1.0
– IP Subnet Mask: 255.255.255.0
– Gateway IP Address: 192.168.0.109
– Metric: 2
(I thought that theory says the metric could be "1" since the routers are directly connected, but it gave me an error message that it has to be greater than 1, so I dunno what's up with that.)

This allowed me to successfully reach the printer from my phone over Wi-Fi at 192.168.0.109:9100.... But I can't get to the DD-WRT config webpage in my web browser at 192.168.0.109. How come?... If I can reach the printer across subnets, why wouldn't I also be able to reach the config page on the secondary router?... I think I understand routing basics, but I'm not very good at it, and this is the first time I've done static routing, so what am I missing?

I'm pretty PC savvy but I'm unsure how to install dd-wrt to my R7000P router. I'm trying to fix an issue where I get disconnected every 2hours while gaming on my pc. Particularly the game Warzone. The file that's provided on dd-wrt.com for R7000P is installed by doing firmware update with the file? What if I want to go back to stock firmware? Will I run into any issues or lose any features? Anything else anything I could be missing to ask that would benefit me?

I'm having problems getting static routing working that involves another router on my LAN, and I want to be able to factory reset and access my DD-WRT config page, then load my other basic starting settings, and see them and make changes & save throughout the various config pages without applying them yet, so I don't have to excruciatingly enter all those start-off settings every time.... Is there some SSH/Telnet command to load settings & have them populate all my config screens without a forced reboot until I'm ready? (Because I can't get into the config screens after rebooting while my static routing settings are faulty.)

I need help getting my router setup for the openvpn. Oh I also have a tp-link router.

I'm not tech savvy so this has been lots of YouTube videos and reading to get to this point.

I have a dynamic IP address (have T-Mobile). I connected my T-Mobile home Internet to router and turned off broadcasting so that only the router sends out signal. Ok now I'm I did the ddns through no-ip and I have that setup and says success.

I generated certificate and exported the configuration file but when I upload to open vpn connect I get a DNS resolution error: 30 times.

I think I'm missing something. After enabling openvpn on router I did port triggering. What am I missing that openvpn connect won't connect.

Hey everyone. I have a rather frustrating problem with my DD-WRT router. For some reason, whenever the router loses power and/or reboots, it completely resets to factory settings. This happened just recently and I wasn't aware of it until I noticed that my WIFI network was unsecured and probably had been since we had a power cut the other day. I'm really not sure how to fix this and I was wondering if anybody here could help? Is there a setting within DD-WRT that I have to switch off to make sure this doesn't keep happening?

I've looked all over the web, but haven't been able to find a definitive answer. I'm trying to use an old Netgear R6250 AC router for Guest / IOT wifi. I am on DDWRT but I don't see an option for VLANS. Is this option not available for the hardware I'm working with, or do I just need a different version of DDWRT? I'm on a June 2022 release, so not sure if there is a newer version that that.

Hello everyone, im kinda confused here. i hate mikrotiks and i was wondering if i can switch to ddwrt but im not sure how to know what routers are vpn compatibles reading this list: https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices#TP-Link

i have several tp links under my bed, mostly of them are

tp link archer c7 ac1750

tp link wr840n

edit: need vpn as client importing .ovpn or cert and key

thanks for reading :)

I have a WNDR 3700v4 that I am trying to revert to stock firmware. I have the .img file, and I do the firmware upgrade, and when it reboots and comes backup up, I am still in dd-wrt. I've tried this at least 3 times now. Every time, it says the upgrade was successful.

I have an Asus RT-68U (previously was RT-AC1900 but was able to flash the 68U firmware) running r55209 std. I've set it up to act as a repeater bridge successfully and it has connectivity through my Verizon FiOS router, a CR1000A.

I was wondering how I can access the web interface on the Asus router remotely using my WAN IP. I've tried port forwarding on the main router to the Asus router's IP but I still can't gain access to it (e.g., 192.168.1.2:9000), but I know it's reachable as I get a connection refused error. I also know the port can be opened as I've tested it on a different device, so I don't think the problem is with the port being closed.

I've enabled all the configuration settings that allow remote access and also forwarded those relevant ports on the Verizon router as well. I can telnet and SSH to the router, yet can't access it through my WAN IP.

I've also been trying to SSH tunnel into the Asus router, which was successful, but I'm unable to open a webpage to the router settings - still trying to figure out what I'm doing wrong here. I get a channel open/connect failure, connection refused. Also seems like some port issues.

Any pointers would be greatly appreciated, I've been learning a lot about networking messing around with this router.

EDIT: I think I figured it out - for some reason, none of the ports I selected for Web UI remote management was working (not sure if bad configuration or if DD-WRT wasn't actually listening on those ports) EXCEPT ports 80 (HTTP) and 443 (HTTPS). I have no idea if these two ports are supposed to act seemingly as intentional backups when the other ports I tried didn't work.

After entering port 80 in the Web UI remote management field, I checked the "Use HTTPS" box as well, then went into my Verizon router's configurations to forward traffic from external port "12345" to my DD-WRT router's IP via internal port 80, and did the same thing with external port "54321" for internal port 443.

Then I was able to access my DD-WRT router's web UI from outside my network by accessing my public IP:12345/54321. I realized I had to open port 443 for HTTPS as I was getting an "ERR_CONNECTION_RESET" problem when I tried to access the web UI using HTTPS with only port 80 open, leading me to also realize I could get just access using HTTP with port 80.

I'm not going to keep any of these ports open - I was just messing around to see if what I could do with setting up the router and gaining access remotely, in case I ever need to do such a thing. Any thoughts on why I couldn't get any other ports to work for the web UI is welcome. Through testing, I know they were able to be opened to send traffic to my PC, but not to the DD-WRT router, for some reason.

I have a R7000P and today I watched a video on installing ddwrt on an R7000. They first installed a file called "factory-to-dd-wrt.chk", then installed "netgear-r7000-webflash.bin" When I went to the router database, my router the "P" version does not have the factory-to-dd-wrt.chk file.

Do I need this file too? Or do I only run the 1 file listed for my router? I assume the latter, but want to be 100% before I attempt to flash.

[edit] might have found the answer.

I was using the router database download area, and not the firmware area.

Hi all, im looking for some help or advice. Im not the greatest tech savy guy, hopefully someone can understand me lol. I just flashed my netgear wndr4300 and also installed the latest firmware (BETA) of ddwrt to it. The flash and firmware update did work perfectly because i can connect to it and i do get into the control panel. However the router isnt giving any kind of internet. I am connected directly from my ISP to the router, im not sure if thats the issue? Also the router lights for the 2.4 and 5g flash on and keep blinking then turn off. After sometime they come back on. But still internet. please help.

Im looking to perform an experiment regarding aggregate power.

For my application it's important that I am able to lock TX power and lock the MCS rate of the router on either 2.4G or 5G bands. Ideally I also can disable an antenna port... although this isnt totally necessary since I can terminate with a 50 ohm load. I plan on purchasing two of these router for the test: WRT3200ACM

Does DD-WRT provide enough configuration options to perform this test?

I was looking at MikroTik RB4011IGS+5HACQ2HND for its configuration options but it appears the antennas aren't replaceable.

Thought I'd try out DD-WRT again after many many years. Install went smoothly, it's working.

Yet I realized the WiFi for both 2.4 and 5Ghz only offers "auto" as the channel, I cannot select any of the typical values (1 - 11 for 2.4, etc.)

Any tips here?

DD-WRT v3.0-r44715 std (11/03/20)

Both seem to be either throwing errors or down / inaccessible. Any word on this?

Hi All - I'm running a dd-wrt wireless bridge and I'd kinda like to be invisible to anything from across the bridge - ping or any traffic that reveals my device.
I static the device ip address and set the admin port to 8083 so that hides the information page - almost. The bridge works fine! I have no evil intentions. Any ideas how this could be done? TIA!

I have a Netgear WNDR 3700 v4. It's running DD-WRT v3.0-r55416 std (03/19/24). I've tried to mirror best practice found here: https://imgur.com/xjTthvi. I find that speedtest still returns about 4 down and 8 up. I am about 15 ft. away from the router, with no obstructions. I've tried the Local WiFi speed test android app, and it tells me "No network connection", which is not true, because I am able to access the internet in other apps. I tried factory resetting all defaults on my image, and I still get about the same speeds. I've attached an image of my current config.
Below RTS threshold in the image, Threshold is set to 784, and Airtime policy is disabled.
The client I am using to test is a Dell XPS 9530.
I've tried different variations of these settings, and this is the best speeds I could get.

​

https://preview.redd.it/z2z94yhdr9qc1.jpg?width=1408&format=pjpg&auto=webp&s=584cd8a4d126d6d4b141cb5ab7ec2facc7346aab

Brand-new to DD-WRT, just installed V3.0-r44715 std (11/03/20) — the latest & greatest, I presume, at least the top of the installers list — on my Netgear WNDR3700v2.

When you set-up DD-WRT as a print server, do you have to do anything else beyond: Services > Services > USB > enable Core USB Support & enable USB Printer Support?

The two Android printing utilities I've tried, PrinterShare (Dynamix) and iPrint&Scan, come up zilch when scanning for printers, even if I manually enter my DD-WRT router's IP address.... I can print just fine to my Brother HL-2240 when directly connected to my phone with an OTG USB cable.

The wiki:
https://wiki.dd-wrt.com/wiki/index.php/USB_printer_sharing
...which I found well-nigh incomprehensible, seems to say I may need to connect to the router with SSH and install a printer driver:
ipkg -force-depends install kmod-usb-printer
...but after I connect with SSH in Termux:
ssh root@192.168.0.2
[then my regular router password]
...and promptly enter that command, it errors with:
-sh: ipkg: not found

Now what? (Brand-new to SSH & the command line, too!)
...The wiki also suggests maybe an edit to:
/jffs/etc/config/usb.startup
...(and I can see where I need to enable JFFS in settings), but it goes on to say that at least one commenter didn't need to with DD-WRT builds that already explicitly have the above two USB settings, and in any event, I haven't gotten that far yet.

Hey dear all! Hopefully, some of you have some experience with this, because I'm very... noob to this.

I think I well researched my problem on the dd-wrt website, wiki and forum and nothing came of it. Here's what I try to do: I'm trying to install DD-WRT on a Mikrotic RB260GSP Routerboard. After referencing both the Router database and the list of compatible routers (and also trying to make sense of the many FAQs, one of which told me explicitly NOT to use the Router Database??? - why have it, then?) I downloaded several images from this page:

https://dd-wrt.com/support/router-database/?model=RB2xx_-

After flashing the Router, the same Mikrotik webinterface shows.... not the DD-WRT interface...

All that changes is version, from 2.16 to 2.7p! Downgrading back to the original 2.16 works like a charm, but none of the images I tried have worked...

I can't find any documentation on this, neither on the dd-wrt forums, wiki or on Mikrotiks forums...

I would very much appreciate any help or advice you can give.

Hi. I have set up a ASUS AC3100 router with the latest dd-wrt firrmware 3.0-r44715.

I have set up the appropriate parameters for a protonvpn account using openvpn.

No matter what iptables parameters I use, the internet becomes inaccesible.

The parameters are entered in the [Administration][Commands] section.

Here is what I am trying currently:

iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br -j ACCEPT
iptables -I FORWARD -i br0 -o $(nvram get wan_iface) -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --sport 67:68 --dport 67:68 -j ACCEPT
iptables -A OUTPUT -p udp --sport 67:68 --dport 67:68 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT

Does anyone have an idea of how I am blocking access to the web?

Thanks in advance.

I have put the most recent dd-wrt on my ASUS AC3100. My intent is to run a vpn with kill switch. But, I have run into a snag that I must first solve.

I've never run into this particular issue before.

Using wifi on a laptop, I can connect to the router and have internet access. The gateway, in this case, obviously is pingable.

Using a desktop with a cat 6 ethernet plugged into a router lan port, the gateway can not be pinged. Windows constantly says "Identifying Network" and it never does. Windows diagnostics says "gateway unreachable" but offers no solution.

I've done the usual "check the cables", double check the parameters, etc.

In all of the scenarios above, the Internet LED on the router is RED. But the Wifi clients are accessing the net at blazing speed.

​

Setup

​

Router Status

​

WAN status

​

​

​