Tech Connections 2009 DD-WRT

• 2002 Linksys released the source for the WRT54G firmware, a first for consumer grade routers
• 2004 DD-WRT released as a modification to the Linksys firmware to support Radius authentication
• DD-WRT versions up to v22 were based on the Alchemy firmware from Sveasoft
• Sveasoft started charging for their firmware, so DD-WRT v23 and onward is based on OpenWRT
• All of these are all based off of the original Linksys firmware, which uses Linux

Personally I've used the Linksys WRT54G, Buffalo WHR-G125, and Linksys WRT54GL in all my DD-WRT setups, and I've found the Linksys WRT54GL the easiest to acquire/install the firmware on. The WRT54GL can be found fairly easily for about $60. A list of all the supported devices is below.

• Supported Devices: http://www.dd-wrt.com/wiki/index.php/Supported_Devices

===== Initial Setup ===== thesis writing

Note: All steps below assume you're using a Linksys WRT54GL

1. Go to the main page http://dd-wrt.com
2. Click on “Downloads”, or just go here http://www.dd-wrt.com/dd-wrtv3/dd-wrt/downloads.html
3. Finding the right image can be tricky, for a Linksys WRT54GL the images you want are in “v24-sp1/Consumer/Linksys/WRT54GL_1.1”
4. Download dd-wrt.v24_mini_generic.bin and dd-wrt.v24_std_generic.bin

This is the part that tends to worry people the most, but in reality its now much easier than it used to be. The standard Linksys firmware will accept a firmware update as long as the image is smaller than 3MB. What this means to us is that we will first flash the router to the mini version of DD-WRT which is stripped down and smaller, and then once DD-WRT mini is up and running, we will use it to flash the router to the DD-WRT standard version. For a more indepth set of instructions, you can see the WRT54GL install page here: http://www.dd-wrt.com/wiki/index.php/Linksys_WRT54G/GL/GS/GX#WRT54GL

• The default local IP address for a DD-WRT install is 192.168.1.1, so you'll access its web interface through http://192.168.1.1
• On your first view of the interface, you'll be prompted with a prompt to set your router username and password, as seen below.

• Once you set your username and password, you'll be presented with the standard status screen, pictured below.

The default ip filter settings will die pretty quick under moderate p2p traffic so you'll want to make the following 3 changes.

1. From the DD-WRT admin interface, click on “Administration”, then the “Management” tab, then find the “IP Filter Settings” box
2. Out to the right of the “Maximum Ports” setting it will show you the range this value can be. Set it to the max, which in this case is 4096
3. Set the TCP Timeout to 300
4. Set the UDP timeout to 120

Many of the services that DD-WRT offers require accurate time information to work properly. Luckily there is a built in NTP client that only needs configured. On the “Setup” tab, “Basic Setup” sub tab, find the “Time Settings” section. If you don't have a favorite time server, you can use the round robin pool of 0.us.pool.ntp.org. Once your settings are accurate, click the “Apply Settings” button. It might take a few minutes before it does the first sync.

If you're looking to get a little bit more range out of your AP, or if you're looking to try and limit the range to cut down on the distance outside the building the signal will reach, DD-WRT will allow you to modify the unit's transmit power. As a rule of thumb, the community recommends not setting this value higher than 84. To change this setting:

1. From the DD-WRT admin interface, click on “Wireless”, then the “Advanced Settings” tab, and find the “TX Power” field
2. Raise or lower the value, eliminating through trial and error, while keeping it between 1 and 84.

One of the most common uses you'll find for DD-WRT routers is for extending your current wireless network footprint. Many companies sell wireless access points at a higher cost than common home routers, since usually the type of user that needs an access point is a business, and therefore on average willing to pay more. When it comes down to it, the main difference between a small access point and a home router is the software, which DD-WRT lets us overcome.

1. We'll need to setup the IP address we want our access point to sit at. This can be found on the “Setup” tab, under the “Basic Setup” sub tab. The important fields we need to set are:

• Local IP Address - The ip we want the access point to have
• Subnet Mask - Probably 255.255.255.0
• DHCP Server - Set to disable. If you want DHCP on your network, you probably want to do it someplace other than a access point.
• Gateway - IP of the gateway for the local network
• Assign WAN Port to Switch - reclaims that WAN port on the back, essentially giving you a 5 port switch

Once all changes have been made, click the “Save” button at the bottom.

2. Next we'll configure the wireless settings on the “Wireless” tab with the “Basic Settings” sub tab. The main thing to remember here is that we want to match all the settings of our current wireless network. If done correctly, clients will be able to move seamlessly from one access point to another. Click “Save” when done. Pay special attention to:

• Wireless Network Name(SSID)
• Wireless Channel

3. If you have any wireless security on your network, you'll need to mirror that in the following settings. Go to the “Wireless” tab, “Wireless Security” sub tab. Click “Save” when done.

4. Lastly we want to make sure DNSMasq is off. No point in having the AP trying to do anything it doesn't need to be. This is found on the “Services” tab, “Services” sub tab. Click “Save” when done.

5. Clicking “Save” after each step saves your changes, but doesn't actually make them active. Click on the “Administration” tab, and then click on the “Apply Settings” button at the bottom, to commit your changes. At this point you should be able to plug a patch cable to your public network into any port on the back of the AP and your new wireless node is ready to go.

There are quite a few things you can accomplish with CLI access through SSH to the router. The SSH daemon is easily enabled from the “Services” tab, on the “Services” subtab, but the trick is that when logging into the box, your user name is “root” rather then the name you use to login to the web interface. The root password is whatever you set as the password to login to the web admin.

From my experience, a properly configured DD-WRT based router is amazingly reliable. But if you do find that every couple days the box becomes overwhelmed and needs restarted, there is an automatic restart schedule available on the “Administration” tab, on the “Keep Alive” sub tab. Remember to make sure you have your NTP client properly configured, else this may cause the box to restart at less than opportune times.

Keep in mind that this will only work properly if the DD-WRT router is acting as the gateway for the wireless network, and not just an access point. If you're looking for a quick dirty way of limiting the amount of bandwidth wireless users can use on your network, you can go to the “NAT/QoS” tab, under the “QoS” sub tab, and enable the QoS service under the “QoS Settings” section. By modifying the “Uplink” and “Downlink” values, you can limit the amount of bandwidth that users can collectively use behind this DD-WRT gateway.

Some libraries that I've spoken to are concerned about people sitting in the parking lot after hours, and using their wireless network to commit legally questionable acts. DD-WRT offers a service called “Radio Time Restrictions” on the “Wireless” tab, “Advanced Settings” sub tab. This will allow you to schedule times for the wireless antenna to automatically shut off. Once again, remember to have your NTP client properly configured.

One Dell Laptop with 100Mb NIC, One Dell Laptop with 1Gb NIC, one Netgear 5 Port Gb Switch, and 1 Linksys WRT54GL with DD-WRT v24 SP1
Control 95Mb
Wired 31Mb
Wireless No Encryption 12Mb
Wireless w/ WPA/WPA2 Personal 6.5Mb

After years of personal use, I recommended DD-WRT for inside the OPLIN office network. The original Buffalo WHR-G125 has been in operation for a total of 648 days with only 1 powercycle. On its 365th day of operation, I had to re-purpose it from a access point, to the gateway for our user network and it has been running strong since.

For many many more tutorials on what DD-WRT is capable of I suggest the DD-WRT community wiki at http://dd-wrt.com/wiki/index.php/Main_Page