Unfortunately, DD-WRT is somewhat known for weird bugs like this (where things SHOULD just work, but don't).
The best recommendation is trying other builds (starting with the newest one and going back from there) and see if the issue's fixed in those other builds...
Here are my notes from doing this in 2016.
I don't use these as routers, just as APs, but I'm still using them years later and they work fine.
https://openwrt.org/toh/raspberry_pi_foundation/raspberry_pi
Another option is to run Raspbian on the Pi and install network-manager to allow VPN configuration. That's more involved to set up but it allows running other stuff on the Pi.
The latest one is always the one and only correct answer.
10-10-2021-r47528 is the most current build. The one you referenced is ancient.
The Netgear R7450 has only been supported for a relatively short time (from 01-28-2021-r45592 to now). See all 2021 releases. You can webflash any version from r45592 to r47481. It is advised to webflash newest version (r47481) first, then try some older versions if you encounter issues.
DD-WRT is perpetually in beta, so newer versions might fix some bugs but may also introduce others. Sometimes, older versions can be better; you can also wait for newer versions to arrive to fix some problems.
This guy seems to have gotten dd-wrt working by just using the AC68U firmware, so might be worth a shot if you're set on dd-wrt.
I’ve probably tried 6 or so dd-wrt-capable routers over the last 10 years. The Asus RT-AC5300 is the first one that reliably covered our whole house. Been working great since March.
Yes you are most likely going to need a serial cable. good news is they are 12$ on amazon. If you can't get the router to accept the firmware any other way, youll need to crack that open. Good news is i'm pretty sure that your router has the headers already installed. Theres a very detailed guide too on connecting through serial if you haven't before. Definitely a bit of setting up to do but not much.
USB TTL Serial Cable
In my opinion, the only thing you can do is getting USB TTL cable and follow the guide.https://openwrt.org/toh/linksys/wrt_ac_series
​
Another thing you can test is by installing Openwrt. It maybe work or maybe not. (I have wrt1200ac with openwrt.
> Really disappointed by the stock firmware of the EA8500
I feel you. I have two EA8500 and both were over FW version 1.1.5, one of which I flashed OpenWRT on and the other I have yet to flash because it need to solder headers onto it, because the only way to flash custom firmware onto it is to use a serial cable and tftp. Newer hardware versions have the serial header removed (which is not uncommon but is an additional obstacle).
Read here and here for information on how to flash using this method.
Don’t use video guides they get outdated quickly and it’s better to search for official documentation. https://openwrt.org/toh/tp-link/tp-link_archer_c6_v2 If you have the US version, you need to install a snapshot rather than a stable build. Read more about snapshots here. https://openwrt.org/releases/snapshot OpenWRT and DD-WRT are different projects.
Not entirely sure, often times oem firmware is based on linux but that does necessary mean that common tools are available. You can typically you can see what your executable path can be listed with:
echo $PATH
But is looks like for Netgear stock firmware, running "help" should show available commands.
According to this, it looks like nvram should be an available a command.
You may also want to search common executable directories (i.e. /sbin, /bin, /usr/bin, /usr/sbin, /usr/local/bin) to see what they contain and try envoking commands with their full path.
If you can find and execute the nvram command, it looks like
nvram set board_id=<NEW BOARD ID>
Will essentially do the same thing as burnboardid.
Togotelecom seems to mostly use PPPoE pools, in addition to some static addresses. This is only relevant for your first router though. Does that have internet connectivity via your modem?
Your first router probably gets a WAN IP from Togotelecom's PPPoE pool (196.171.0.0/16 for instance). Your second router's WAN IP will be on your first router's subnet (192.168.1.0/24 most likely). Does your WNDR3700 get connectivity with DD-WRT defaults (so without VPN)?
Furthermore, which version number does your WNDR3700 have? As seen in the OpenWRT Wiki, every version has significantly different specs. None are capable of OpenVPN performance over 20Mbps (v5 performance). v4 should also be okay, but v1-v3 might not be adequate for OpenVPN at all. All WNDR3700 models have relatively weak MIPS processors sadly...
P.S. it might also be worth considering that v1-v5 all support OpenWRT as well as DD-WRT. v3 additionally supports FreshTomato. So if your problems turn out to be DD-WRT specific, you have other options.
Is this compromised router connected directly to your external ISP connection (i.e. it serves as your primary gateway to the internet)?
What version of DD-WRT are you running?
Did you modify the default configuration? Specifically, are you running any extra services like UPnP
, printer daemons, etc.?
Did you disable access via root password login and require login via a 4096 bit RSA key? If you're allowing login via password, are you using a strong, unique password?
Do you have the web-UI exposed to the WAN?
What makes you think that the attacker is domestic? The potential intruder's IP address, 47.101.149.57, is listed on many malware address lists as a malicious domain, and its ISP is located in Beijing.
Bottom line is DD-WRT's UI hasn't changed in forever. It's functional but not modern. If it's that important then use LEDE 17.01.4, it has a great modern UI. They also have a big 2018 release soon back under the OpenWrt name which is exciting for the open source router community.
Or use something like Advanced Tomato which probably has the most modern but also doesn't get updated much lately.
tl;dr try this: https://openwrt.org/toh/views/toh_fwdownload
As you can see here, there are currently 15 ASUS models supported by DD-WRT. Note there is no support for any AX models.
Many of the supported models would be a downgrade in your case. The most logical upgrades would be either a RT-AC88U or RT-AC5300. They are very similar, though the AC88U has 8 Ethernet ports (as opposed to 4) and the RT-AC5300 has Tri Band Wifi (as opposed to Dual Band). So it comes down to better wired vs. better wireless.
Oh, and they support mesh anyway (even though that's not a consideration).
Newer build are in the beta directory. https://dd-wrt.com/support/other-downloads/?path=others%2Feko%2FBrainSlayer-V24-preSP2%2F
Go back to downloads and go into the betas directory.
This thread seems to have some insight into your issue (and a potential solution): https://dd-wrt.com/phpBB2/viewtopic.php?t=305763 I have an original AC66U router, but the B1 revision seems to have some moderate hardware changes so it's not a big surprise there are some incompatibilities with the firmwares.
If you're OK with a little work to get there you can pick up a neutered one cheap and flash it over to be a AC68U right now: https://slickdeals.net/f/9330575-asus-tm-ac1900-wireless-ac1900-dual-band-gigabit-router-59-free-shipping?src=featured-cat
Maybe I misunderstand you, but if you want Port Forwarding you have to forward the needed port thru your provider first, then on your router.
For example on Mullvad I wanted to forward port 5200 for my server to be accessible thru the web, first I needed to set it on Mullvad site (my provider), then on router. Otherwise it doesn't work.
In my case, I didn't need any IPTABLES rules.
I think you better off asking these kind of quiestion at DD-WRT Forum -> Advanced Networking, I'm sure they're more active there.
First of all, the R6700 v3's CPU is actually dual-core.
Best platform to get high OpenVPN speeds is still x86-64, but some expensive routers do have fast ARM CPUs.
What might be of interest, is Wireguard: this VPN protocol is several times faster than OpenVPN on the same hardware. You'd have to host a Wireguard VPN server or use a VPN service supporting Wireguard (ExpressVPN uses either OpenVPN or their own Lightway protocol).
That begs the question of if those events have the same listed cause. The only one your log shows is inactivity.
Which causes my troubleshooting thoughts to go as follows:
1) Cause in log is wrong. Everytime it disconnects it will list this cause and the log is not going to be helpful. Shit.
2) Cause in log is accurate but not the only issue you are experiencing. Can we be certain that logged disconnect was with a very active network. Are the others causes common/frequent enough to be able to trap meaningful logs from them and tackle whatever those cases imply. If required, resolve the problem seen and keep gathering data.
Also begs the question: What exactly is the threshold for activity, and for what behaviour is considered active. Is the VPN timing you out 'randomly' to make sure you're active/forcing a reconnect to effectively kick off idle users? The inconvenience here is really that in-order to recover you've got to intervene in an aggressive way. If it self healed you'd likely not care.
Then we start asking: Only with ExpressVPN? What about other VPN providers? Have you tried other clients? Does it do it with ExpressVPN and OpenVPN running not on the router but on a computer internally? Builds of ddwrt?
All of this is less than fun to debug, and as ExpressVPN is paid I believe you should be sure to ask them 'what gives? do you time me out? are there client logs on your end?'
I am also using OpenVPN client on my Netgear 6400v2 running DD-WRT. My VPN provider is , I would suggest you not to use 256 bit on a router, try 128 bit instead. Before that check the ping of the nearby NordVPN servers.
On windows try the OpenVPN client instead of NordVPN client and check the results.
If you have multiple VPN accounts try and choose the best according to your needs.
I'm using DD-WRT on a Netgear WNDR3700 and have configured both VPN client to ExpressVPN and VPN Server with OpenVPN on Win 10. It's been in place for over 2 years, my internet speed is quite slow at 15mBit down and only 900k up.
I am able to change the end point to Express VPN and pop out wherever I like. Also using policy based routing so that some clients go down the tunnel and some don't. It only uses one connection to the VPN provider and requires no modifications to the devices in my network to use the VPN: AKA ChromeCast can stream direct over the VPN. It works well
DD-WRT v3.0-r36698 std (08/22/18)
Coming straight from their FAQ and ToS:
​
>Under what circumstances would we share user info?
>
>
>
>We do not give away any information about our users to anyone. Since we do not keep any logs, even if we would receive a valid court order, we would be unable to provide any relevant information.
​
Enlighten me with proof where one got their information leaked towards anyone like authorities and such by big VPN services like NordVPN is. I will be glad to learn something new, always. And I am not American.
I know it’s been a month since you posted this, but I’ve just stumbled upon it during my own tinkering.
I have a pi-hole server running on a raspberry pi at home, and I connect to it remotely with a VPN profile on my phone. Truth be told, I haven’t added my NordVPN credentials to my router yet (hence the research), but in theory all the pieces should play nicely together.
The trick is to add your DDNS service’s IP addresses to the IP tables of your home server.
Normally with a VPN, all requests from your router would go straight to NordVPN’s server (whichever one your choose), and eventually your DDNS service would receive an update.
However, you don’t want the DDNS service to know the NordVPN IP, you want it to know your home public Ip (which would normally be encrypted). So you have to tell your home server to send your public IP address directly to the DDNS service’s servers, routing them around your VPN.
I can’t tell you specifics because it depends on what kind of server your running, but you should be able to find noip’s server addresses and it would be a simple command line edit to add them to your own server’s IP tables. Google around for that if you haven’t already!
Hope that helps - and I hope you already found this answer somewhere else!
Glad you liked it and decided to ditch your ISP router for DD-WRT.
​
OpenVPN can be run as a server or as a client. I use both: I run a client on the router that encrypts all traffic leaving the local network onto PIA (Private Internet Access). I also run an OpenVPN server on my Raspberry Pi. This allows me use an OpenVPN client on my laptop to connect to my local network when at the office or traveling.
​
About using your companies VPN on it, my guess is that you technically would be able to, assuming your company uses OpenVPN. But before you do that, I would check if your company would be OK with it, remember what happened to Hillary :-). Also, not sure that you want all traffic from all your devices going through your company's server.
​
Regarding security, mind that the weakest point might not be your VPN technology per se, but rather the use of popular passwords or other common pitfalls. My VPN is running AES 128-bits, which as far as I know has never been cracked. You can go higher, but you will get slower speeds.
​
If you are patient, the world belongs to you :-). Seriously though, I think it's totally feasible, I wasn't too well versed either when I started on DD-WRT, but I would Google everything I didn't understand, and after a few months I find myself being quite proficient and understanding most concepts. So I would say, go for it if you are passionate about it.
​
​
​
​
Well, first of all, I use NordVPN myself and everything is working fine. I don't know if it is useful for you right now, but there are tutorials how to set up NordVPN on DDWRT or you need to go to the live chat on their page and ask, not to the emails, it will be much faster. I think there are issues how you set up NordVPN, you provide too little information but maybe you are using PPTP or L2TP? Because you need to go through OpenVPN.
Expressvpn has a router firmware where you can chose which devise are under the vpn and which are not. Some body told me that in dd-wrt you can do that too.
Wrt1900 router is compatible with ExpressVPN router....
For me The easiest way without any technical knowledge is to use ExpressVPN software / firmware for this router... Very easy flash and setup. I have been using it for a while and it works perfect. Firmware uses openwrt.
Here is a cheap router that combined with the pfSense system would put you slightly above budget ($5-10) but you'd have a bitching wired router, and a decent wireless access point.
If your willing to spend a bit more, look at the Ubiquiti access points. I have the UAP model, and it works great with pfSense
Do you have experience with the Astrill applet and post-2020 DD-WRT builds?
I've had some issues with post-2020 builds of DD-WRT and the Astrill applet. I went from a NOV2020 build, with functioning Astrill, to a NOV2022 build with failing Astrill applet UI. I came all the way back to JUL2021 to restore applet functionality.
The app UI seemed to fail with all 2022 DD-WRT builds. It was connecting successfully but I couldn't manage it via the UI, including disconnect/reconnect/uninstall/reinstall buttons. I suspect connecting via telnet/SSH might have worked but I didn't want to do that long-term. Astrill service suggested it was not a wide-spread issue and recommended reinstalling the applet (which I couldn't do via the DD-wrt/Applet UI...).
QBt and my Plex server are both running with the proper ports assigned, network interface set to Mullvad and bound to my local IP. Really no idea what to do next.
Thanks for the tip about the build, BTW - I'm obviously new to this.
Build 44715 is old and outdated not that that seems related to your problem as it seems that you have setup the VPN on your PC and port forward from Mullvad to your PC.
So the router has been taken out of the loop and does not have to do anything but basic routing.
So the problem seems to be something on your PC , I assume the BT client and plex server are running on your PC.
See: ?t=327397
WireGuard is much more resilient against connection loss but there are Providers which are not so good and overload servers as WireGuard is becoming very popular.
With Mullvad I almost never have connection loss, with Keepsolid it is much more frequent, you get what you pay for.
But WireGuard has much of the goodies OpenVPN has and is 3 times faster and easy to setup as you can import config files (although that has recently been added to OpenVPN also)
This could be due to you having the wrong certificate for the cipher/hash algorithm you've chosen, or you attempting to use a level of encryption not supported by the PureVPN server your attempting to connect to.
Try a 128 bit cipher with SHA-1 and the associated CA certificate to see if you can then connect (assuming you're not using them already)
That guide is totally rubbish, makes me weep and angry at the same time.
Follow the DDWRT Client setup guide which has a paragraph about Mullvad, if you really have implemented all that nonsense than first upgrade to the latest build 49418, reset to defaults *after* upgrade and put settings in manually
I've always wanted to install something like this on my network just to be a little extra.
https://www.amazon.com/TimeMachines-TM1000A-maintains-broadcast-Satellites/dp/B002RC3Q4Q
There are cheaper ones on Ali Express as well. Search "TZT Network Time Server NTP Time Server for GPS"
I am trying to do exactly as mentioned in the posted question. The ExpressVPN firmware on Linksys doesn’t play nice with my wifi extender and keeps dropping the connection. This makes it useless.
I am now exploring if I should install OpenWRT on my Linksys WRT 3200 and configure it manually?
Anyone done this? How is the performance of the router compared to the original firmware? Does ExpressVPN run smoothly?
Ah, gotcha. Are you trying to access your local devices through the VPN while you are not at home? Or otherwise making your local devices available over the internet through the VPN endpoint?
Unfortunately, that doesn't seem like it will work. From IPVanish's website:
>Does IPVanish allow Port Forwarding?
All of our servers use a NAT firewall to allow our users to share our public IP addresses. By sharing IP addresses, the privacy and anonymity of each of our users is protected because multiple users are using the same IP at the same time. One particular user cannot be associated with a single IP, making our users untraceable. IP sharing also allows us to make the best use of the now limited IPv4 server addresses that are available.
Due to our NAT firewall, anyone trying to allow outside access to their computers or running programs that require port forwarding for access while connected to our service, will not be able to route (port forward) that access through our VPN. The vast majority of our users do not do this, and will not be affected.
This is pretty normal for online VPN services, as I understand it.
However, If you're instead trying to access the devices behind the second router from devices attached to the first router, that's a bit different and we can work on that.
Run a mini PC with x86 and either use DDWRT or pfSense.
If you really want a router then a NetGear R9000 is the only one I can think of.
Not as fast as a mini PC but if you are using WireGuard as VPN (Mullvad supports WireGuard , i can recommend that) it might just do the job.
I misspoke - and I’ve edited my comment above. I meant the Archer A10 AC2600. As far as I’ve understood there isn’t OpenWRT for the router I’m using. See these links. Forum Post and List of TP-Link Devices
To answer your other questions: - I use Wireguard on a separate device and it has worked as expected with the A10. In fact, speeds are much faster. - I heavily use/reserve static IPs and it works also as expected. My only gripe is I can’t change the host name or add another identifying name. A few of my devices don’t allow me to change the Hostname, so I’m stuck with a few devices I recognize by IP first. - Don’t use and can’t speak about NAT port forwarding, but I’m happy to check my UI later and let you know what options I’m given.
Hope that helps
Flash back to stock or TFTP is the only way you are going to switch from OpenWRT to DD-WRT.
https://openwrt.org/toh/tp-link/archer\_a7\_v5
https://wiki.dd-wrt.com/wiki/index.php/TP\_Link\_Archer\_A7v5
Yeah, what infamous_farret says about not being able to do this via the GUI applies. (FWIW, I've also found this to be generally true EVEN when doing it with Broadcom devices... which your device is not.)
That said, it's really just the switch config that needs to be done outside of the GUI.
Creating the bridge, assigning it to your new vlan, and enabling DHCP should be doable via GUI once the switch is configured.
Here's another link that might help you with configuring the switch on your atheros device:
https://mrjcd.com/EA8500_DD-WRT/vlans/
The issue your going to have when reading these guides is knowing what makes your device different from others and how to modify the commands to work for your device.
This page might be helpful in learning how to do this:
https://openwrt.org/docs/techref/swconfig
Good Luck! 👍
Luckily these are builds of OpenWRT for the RT-AC58U. That would be the route I would recommend as without the aid of a connection manager (travelmate), there really isn't a way of achieving what you are wanting to do. Moving from one hotspot to another if attempting to do this in DDWRT would require manual reconfiguring the Client Wireless settings each time. There is no equivalent program compatible with DDWRT that I am aware of.
What kind of device are you using, or plan to use? Best open to achieve what you are trying to do from your post is flash your router with OpenWRT if it is compatible and use the travelmate package.
Thanks for the detailed instructions. The link you posted for the WRT54G v2 is right. As a first approximation, do these steps sounds right then?
Flash the dd-wrt.v24_mini_generic.bin from the database link you posted (https://dd-wrt.com/support/router-database/?model=WRT54G_v2.0)
Update to the dd-wrt.v24_mini_wrt54g.bin firmware in the other link you posted (https://ftp.dd-wrt.com/dd-wrtv2/downloads/betas/2021/12-30-2021-r47942/broadcom/)
Thanks
Ok. A few spots to check.
1) You have a DNS leak.
Run the advanced test. If you see your home IP, Netflix is able to see the country you are connecting from.
If you are experiencing a leak, be sure to go back over the ProtonVPN documentation as they have some firewall rules that might have been missed.
2) Your VPN is not using the routing table with the IP's entered.
I'm not sure if you are having your whole network directed over the VPN or just specific clients. That's a huge question for this.
Try a different ProtonVPN server. I discovered that some IL locations suck and others are money.
Also, over a VPN, you will never be able to pull your full speeds. Even with Enterprise hardware, you take a bit of a hit.
For maximum stability OpenWRT would probably be your best bet. DD-WRT is generally a bit buggier. So I would recommend just trying the newest stable OpenWRT build.
Yes, DD-WRT are all beta, and they tend to have more problems than, say, OpenWRT snapshots (let alone OpenWRT stable builds). Tomato is very stable because of the very old Linux 2.6 kernel. Then ASUSWRT is based on that, and ASUSWRT-Merlin is just ASUSWRT with more features.
But older hardware is generally more stable than the new stuff. My main router is an old Buffalo WZR-HP-G450H running libreCMC. It's not very fast, 2.4GHz 802.11n only, but its stability and range are just perfect. 2.4GHz just has better range than 5GHz.
If you need the higher wireless speeds, you should go for it; just know that custom firmware support for 802.11ax is extremely limited at the moment (no Tomato/OpenWRT/DD-WRT support for instance).
And you should also decide if you want Broadcom/Atheros/Mediatek. Broadcom has bad FOSS support (see https://openwrt.org/meta/infobox/broadcom_wifi), which is why I personally avoid it. But you might actually prefer ASUSWRT-Merlin or Tomato; it's up to you.
It depends. If it is the non-US version, you can manually downgrade to 1.1.4.169978 twice and then flash DD-WRT/OpenWRT.
If it is the US version, it's a real hassle as you need to open up the router and connect serial (on newer model you need to solder) and TFTP flash a customized image. It is still possible, but annoying/hard.
For more details, see here: https://openwrt.org/toh/linksys/linksys_ea8500
If a device isn't listed on the compatible page and there's nothing in the forums, you can safely assume there's no ready solution. The open-wrt comments may have meant to imply that open and dd have a similar foundation. Usually one can be made to work if the other does, but that is not for a layman. This one does btw. https://openwrt.org/toh/tp-link/tp-link_archer_c20_v4 But based on the info there, you can get much better hardware, that will actually take a current dd-wrt build, for similar money. Hope this is better late than never.
Looks like the only way is with the serial you can purchase one from amazon i got a 4 pack for 10 bucks one time also another way with out using the usb serial adapter would be using a raspberry pi gpios to serial pins on router to get serial communication then issuing tftp recovery and uploading stock fw over ethernet.
Are you plugging the ethernet cable in the WAN port?
As a last resort, try soldering a serial header to the serial pinholes in the board... but you also need to add a jumper wire
1) You are preaching to the choir
2) Someone was actually trying to fix these things in the official forum and got removed
3) https://dd-wrt.com/support/router-database/
​
>DISCLAIMER
This database may not have up-to-date information and may even recommend a build which might cause issues. As such, you should check the device specific forum (Broadcom, Atheros, MediaTek, etc.) first before flashing any build recommended in this database. There you will find build specific topics that discuss any issues with a particular build/release. For more up-to-date firmware files, please visit the firmware faq.
YOU HAVE BEEN GIVEN FRIENDLY AND FAIR NOTICE
I don't know how it can be made any more plain than that.
4) I have to agree on the smaller community part, per se. Simply because the folks responsible for ousting the previously mentioned person like it to stay confusing and hard for people.
5) If nobody cares enough to collaborate to fix the issues, then they will remain. But the few of us who do give two cents about it will continue to do what we can to improve what we can with what power we have.
Ok so this is really weird. My internet speed fluctuates wildly moment to moment and nobody seems to agree what it actually is. I tested with 3 different services 3 times each and here are the results in Mbps:
Librespeed: 98, 86, 77
Ookla: 56, 55, 59
Fast.com: 78, 52, 68
My dd-wrt router: 27, 29, 21
These numbers are all over the friggin place. I pay for 100 Mbps. Who can I trust is the most accurate?
I literally was just about to make a post about the same thing. I am also very curious.
DD-WRT says 25 Mbps but fast.com and Ookla hover around 90-100 Mbps, which is the speed I pay for. Anyone on here know what gives?
I just tried it with these settings, but I still failed tests.
https://openwrt.org/toh/netgear/r7800
Debricking
R7800 has an easy-to-use TFTP flashing recovery mode in the bootloader, similar as some other Netgear routers e.g. WNDR3700.
Prerequisites for TFTP flashing
A TFTP client for your computer. There are both command-line tools and GUI versions available.
(I use currently tftpd64 GUI tool from jounin. TFTP2 tool (from dd-wrt) used to work earlier, but for some reason it does not work with the current master images.)
Your computer must have an IP address from the 192.168.1.10 network, network mask 255.255.255.0, and be connected to LAN port 4 on the router. The bootloader's TFTP recovery mode defaults to 192.168.1.1. You might need to manually config the address, as some operating systems change the IP rather quickly to a link-local 196.254.x.x address if there is no DHCP server. Verify that your PC still has 192.168.1.x before trying to TFTP.
A new firmware to flash in. Either an original Netgear firmware or an Openwrt “factory.img” firmware.
Access to router's reset button (on the back panel)
TFTP flashing process
Turn off the power, push and hold the reset button (in a hole on backside) with a pin
Turn on the power and wait till power led starts flashing white (after it first flashes orange for a while)
Release the reset button and tftp the factory img in binary mode. The power led will stop flashing if you succeeded in transferring the image, and the router reboots rather quickly with the new firmware.
Try to ping the router (ping 192.168.1.1). If does not respond, then tftp will not work either.
Note that this TFTP flash / recovery mode is in the u-boot bootloader, so it works before the actual firmware gets started.
If you really want to go in depth, you could get a USB serial cable, and take apart the router and see if the serial connection on the board shows you anything worthwhile.
oh had totally wrong brand just searched number I updated with this https://dd-wrt.com/support/other-downloads/?path=betas%2F2021%2F10-25-2021-r47596%2Fasus-rt-ac1900p%2F
2021 -10-25DD-WRT v3.0-r32753 std (07/19/17 oh had totally wrong brand just searched number
let's try this https://dd-wrt.com/support/other-downloads/?path=betas%2F2021%2F10-25-2021-r47596%2Ftplink_archer-c1900%2F
I just updated with this https://dd-wrt.com/support/other-downloads/?path=betas%2F2021%2F10-25-2021-r47596%2Fasus-rt-ac1900p%2F
but the FW version appears to be the same
DD-WRT v3.0-r32753 std (07/19/17
wonder what's going on
I'm an expert and even I still use the GUI to upgrade. Don't risk bricking your stuff.
Also the build you are attempting to install is ANCIENT! Like, where did you even find that?
Download it from the correct place: https://dd-wrt.com/support/other-downloads/?path=betas%2F2021%2F
Installing something that old is just asking for trouble.
As for why the update didn't take, I'm not sure.
The initial file is factory to ddwrt which you only need to flash once. Update files are webflash. Both files are in the same folder: https://dd-wrt.com/support/other-downloads/?path=betas%2F
I use both pfsense & ddwrt.
Try Apply then Save.
If that doesn't work.. 1) Not sure where you DL'd your version from but here are the latest. https://dd-wrt.com/support/other-downloads/?path=betas%2F . I would flash the latest. 2) reset everything. SSH in & run nvram erase && reboot. This will reset all the settings to factory defaults.
Overall I'm not sure what the issue is and hopefully updating & resetting fixes it.
Are you sure you've got the ACv2 and not ACSv2? That might explain why you weren't able to boot after flash.
If I'm not mistaken, both the ACv2 & ACSv2 models have dual firmwares, so you can revert back to the last good one even if you brick the router.
In order to do it, power off the router, power it on again, and the moment the LED light up, power the router off again. Repeat it 3 times. On the 4th time just power on and wait a couple of minutes, and the boot cycle should complete successfully.
Also, if you are going from stock to DD-WRT you need the .img file not .bin, which is for upgrading DD-WRT from the firmware update already on DD-WRT.
Finally, for DD-WRT I've been using the these beta builds, under "other downloads": https://dd-wrt.com/support/other-downloads/?path=betas%2F2021%2F09-17-2021-r47461%2F
Go here & go to the most recent date: https://dd-wrt.com/support/other-downloads/?path=betas%2F , then find your router (ctrl-f), then download. If it's your first time installing ddwrt you don't want the web-updater file but every time you update (after the initial install) you want the web updater file
You could probably find Buffalo N600 (with a 5GHz radio) or the AC1200 versions for pretty cheap on eBay or elsewhere.
If you wanted to buy new and pre-flashed check out FlashRouters: https://www.flashrouters.com/routers/brands
I found it off DD-WRT's official site: https://dd-wrt.com/shop/. They claim you can get $20 off with code "DDWRT" though that may just not work anymore.
Go to the system tab>Firmware upgrade and flash the latest firmware in https://dd-wrt.com/support/other-downloads/?path=betas%2F2021%2F
r45863 is what I have right now, and it's working pretty well... I'm currently leeching WiFi from McDonald's across the street with around 400mb/s link speeds
Make sure to use the drop-down and select 'reset settings'. This should change your obsolete corporate firmware to the latest normal firmware.
Superchannel is an experimental setting that is still illegal to use in most countries without a license... if you can afford the license to use superchannel bands, the activation key cost for it is less than pocket change.
Don't worry, it's all a better experience from here!
Did you run the DD-WRT webupgrade .bin files from the dd-wrt page?
Just tried flashing v.44715 from there and got a failed message in the GUI when trying to upload.
The instruction say:
The part about kong builds makes me think that I need to run the "R7000.chk" file first, since there might be some Kong-specific stuff that needs to be cleaned.
DD-WRT wiki is seriously outdated so you SHOULD NOT use any builds that are "recommended" there.
Even if these pages do say that these builds are "stable" - they are NOT. They're infested with bugs and problems (like bootloops, etc), in comparison to the newest betas.
Do keep in mind that these wiki recommendations have been posted months/years ago and are not true anymore. A lot of things have changed in the meantime.
Right now - the recommended builds are the newest builds, since security holes are getting patched, and bugs are getting fixed on top of new drivers and kernel, based on the current reports from the users, on the forums and tickets being opened on the official code repository.
You can grab the newest versions of DD-WRT from here: ftp://ftp.dd-wrt.com/betas/2020/
or here: https://dd-wrt.com/support/other-downloads/?path=betas%2F2020%2F
Also - there is always a new thread for the newest build that you can check for comments and reports of the potential stability issues from other users (on the official DD-WRT forums>Broadcom SoC based hardware)
I can recommend r44538 (the newest release). It's very stable and works great on D-Link 880L.
it has to do with hardware and VPN protocol , openvpn protocol is very computing power demanding .... look for vPN provider with Wireguard VPN Tunnel support, DD-WRT supports it ... it is much much fast, also on your router ....
for setup check various guides on the dd.wrt forums dd-wrt.com/phpBB2/
Glad to help.
Well, your WRD3600 is a single core Atheros running at 560Mhz, so if you have a really fast connection, you may be bottle-necked just like how I was with my R7000 (230Mbit @ home. Only 50Mbit @ Work). What's your ISP's advertised rate? I would guess the TP Link should be good for about 80-100Mbit. If that's all you have, then you may just stick with the TP Link. You're definitely behind the times on hardware, but if your connection isn't the fastest, you won't see much benefit. Though QoS helps a ton with gaming/bufferbloat(but requires more of a beefy router). I'd upgrade if you find that you cant get your rated/advertised speeds.
​
02-10-2020-r42335 looks to be the latest available. Make sure you have hardware version 1. Sometimes later versions use entirely different hardware that wont work.
If you're already running ddwrt, just upgrade with the tl-wdr3600-webflash.bin file and make sure you have it reset all settings any time you upgrade versions.
According to the DD-WRT router database the Netgear AC1600 isn't listed as supported. There is no general DD-WRT image that can be installed on anything, they must be built for specific devices. You could try running the same version as the Netgeat AC1450 since it has the same amount of RAM and Flash storage. I'm confident the chipsets are not the same, so you may brick your device.
Information take from here:
>This unit must use K2.6/K3x or newer firmware.
To answer your question about where to download the firmware (where did it go)?
All dd-wrts build after 2.4 are considered beta, thus there is not an officall RTM build for this or any other router that is supported by dd-wrt. That being said, 2.4 builds AFIAK are outdated and probably not recommended to in many cases. Among reasons I would state that 2.4 build are not recommended are that I don't think that they have been patched to address security vulnerabilities such as Poodle, and Heartbleed.
Download for the proper firmware version of this router can be found here.
I've flashed DD-WRT to a Linksys WRT 1900AC a few months ago, it was a bit tricky.
If I recall correctly, Linksys did some sketchy stuff and limited the firmware size - so for the factory-to-ddwrt.bin step, you have to use a super old image and then upgrade to a later image (once in DD-WRT): - Try r35244 (30MB)
For reference: - Newer DD-WRT images are around 39MB - The threshold appears to be set around 30-32MB
About a week ago, I did another 1900AC with OpenWRT. I didn't experience this issue with OpenWRT, but I also neglected to pay attention to file size of the initial flashed image.
Found a post on the dd-wrt.com forum that said that I could:
Power Cycle the router three times.
Using the router’s power switch – turn OFF then turn back ON.
Wait 2 seconds then turn OFF.
Turn back ON.
Wait 2 seconds then turn OFF.
Turn back ON.
Router should have booted into opposite partition.
But I still can't seem to connect (get an IP from the router or hit 192.168.1.1) and the power light just keeps on flashing.
oooh. still on stock. ya, you won't have an ssh option there.
dd-wrt does have some 'base' images to flash before moving onto a specific release version. I'm not sure about your specific router but if you search through the dd-wrt database you will see the base image (if there is one) alongside other dd-wrt releases usually.
How to install...
https://dd-wrt.com/wiki/index.php/DD-WRT_on_R7000 if you're starting from the Netgear firmware, then download and flash the appropriate .chk file from the Initial directory using the Netgear web interface.
The chk linked on that page is from 2014 though. I'll use the 2017 one I found before.
192.168.1.1 to get onto it.
No https for connecting to the webpage. I'll probably just use IE then.
Sounds like reseting the r7000 is going to be just going through the motions. I'll end up back where I'm at now I think.
https://dd-wrt.com/wiki/index.php/Hard_reset_or_30/30/30 "This procedure should be done BEFORE and AFTER every firmware upgrade/downgrade."
Default password After resetting DD-WRT, you need to login with the user name "root" and password "admin".
So a reset on the out-of-the-box stockware r7000. Then install DD-WRT. Then another reset.
At least it won't hurt. Sounds safest.
So how to install with that chk file....?
I found this.
https://dd-wrt.com/wiki/index.php/DD-WRT_on_R7000
"Whilst the router is fast, potential users should be aware that IPv4 NAT routing throughput tops out at 450Mbit on latest Netgear stock firmware, and at 360Mbit on DD-WRT with default configuration (no overclocking), or 425Mbit with a 20% overclock."
If that's true, 360 is more than enough for me. DD-WRT would be fine, and I wouldn't notice any difference either way.
Look into the built-in "rFlow" feature. It lets you pull specific bandwidth data and filter it by device if you'd like. You will need an external program to send the data to (I use PRTG Network Monitor for example).
https://dd-wrt.com/wiki/index.php/Supported_Devices is a good site to see which devices are supported.
From there, you could do more research to see if which unit is good enough for your specific needs.
> This seems to mostly work. I say mostly because the top IP address (89.248.160.204) isn't actually being blocked, but all of the rest are. Why is that?
Are you sure that the address you're seeing on your webserver is is correct? I ask because on the other rules you are blocking the subnet (the suffix /24 will block all the hosts on the same subnet i.e. 89.248.167.0 - 89.248.167.255). If the host in the first line of iptables (89.248.160.204) is definitely the same as the one in the webserver logs, then I'd guess there is a conflicting rule elsewhere in your iptables - something like
iptables -I FORWARD -p 80 -j ACCEPT
Remember iptables rules work top to bottom and stop at the first match (typically). Also worth remembering is that iptables -I will Insert the rule at the top of the chain, and iptables -A will Append the rule to the end of the chain.
> Another question... I changed the word FORWARD to INPUT, and it all stopped blocking anything. As I understand it FORWARD is supposed to apply to outgoing traffic and INPUT is supposed to apply to incoming traffic. But that must not be the case.
That is not the case. INPUT refers to packets that have a destination of the router itself, FORWARD refers to packets that the router is passing on (forwarding). OUTBOUND refers to packets originating at the router.
> Finally, if I wanted to block everything that starts with 185.130 instead of just 185.130.4, how would I go about writing a rule for that?
You can block all subnets in this range by using a wider subnet mask e.g.
iptables -I FORWARD -s 185.130.0.0/16 -j DROP
The best way to come up to speed with iptables is to read example rules and look up what the various parts mean, this site can help to a degree
I also use Google Domains.
I set up an account on DNS-O-Matic, set up an account for Google Domains and then set the router to update DNS-O-Matic.
I'm using these settings.
Have you checked your environment for any wifi interference?
https://www.metageek.com/products/inssider/
This will show you what channels are open or which are being used. It will help you pick a good channel. I would look at this to start off with and go from there. Also make sure the ISP router and your Access Point is not sitting right on top of each other. Try that and see what you find.
Although I use DDWRT on my router, I use a device called Fing at home (https://www.fing.com/) which has this functionality, you may want to check it out, I think it's very useful for this and other stuff.
I suggest going with PFSense as a router OS. It's an enterprise option that has great support.
You can build your own box and install PFsense for free or buy a box with pre-installed directly from them. Buying from their store gives you their included support.
Wireguard can support much higher bandwidths & better latency then OpenVPN too, see this page for example: https://www.wireguard.com/performance/
It sucks that the latest kernel is creating issues for ddwrt... I hope that this get resolved.
I know this is a late reply but I recommend using a Raspberry Pi. Firstly, get a Pi, a short ethernet cable, and a short micro USB cable. Plug the pi into one of your router's ports then connect it to the router's USB via the micro USB cable (just to power the unit, if you're already using your USB port you can power the pi from a socket).
Set a static IP for the Pi's eth0 interface (I think the pi-hole install might do that)
Install pi-hole (blocks all ads at DNS level, optional but amazing because it even blocks ads in apps on mobile devices) - link
Install PiVPN - link
I use OpenVPN Connect app on my phone to VPN in to my home network and stay ad free. You will have to add this line:
dhcp-option DNS XXX.XXX.XXX.XXX
to your .ovpn file, where the X's are your pi's local IP address.
Let me know if you have any questions.
If you're up for some tinkering/flashing you can convert a router over to a RT-AC68U for $60 right now(check the long comment right after the deal):
Should be a better router for cheaper. Also if ddwrt doesn't meet your needs there are other options like merlin.
China. Here most vpns are blocked. pia, tunnelbear, vypr and anything free doesn't connect at all, and the big bois like Nord and express that have dedicated China support go down once a month or so.
Astrill has managed to reliably work every day with no slowdown for 2+ years now, and they have a working ddwrt applet. (Express also has one, but that uses openvpn so it doesn't work).
It's my #1 recommendation for vpns from my experience.
The current ExpressVPN firmware for routers has been over-simplified and morphed into something unusable. In fact, the latest ExpressVPN version has no ability to disable the DHCP service or assign a static IP to the WAN interface.
I have an open ticket with FlashRouter support who recommended reverting to DD-WRT. That will probably work but that alone does not provide the advertised features of the router.
because I have a cloud based plex server with 22TB on it that I have to move off of my edu google drive by June.
Sorry. I am in the middle of looking for a new plex/storage solution. I used to have a lovely home setup. Now my ex wife has a lovely home setup.
What about these things? https://www.amazon.com/GL-iNET-GL-MT300N-V2-Repeater-300Mbps-Performance/dp/B073TSK26W/
Run it's wan port to my current routers lan port. Configure the DHCP server for a different network. Configure the VPN client on it. Set up wifi. $30. I would need one for each network/VPN, but it is fully scalable.
You're welcome!
It'd be interesting to see whether it works with DD-WRT without VPN...
v1 is the weakest model unfortunately, so its CPU (AR7161) might simply be too slow for OpenVPN (at least with the AES-256-CBC encryption NordVPN uses). As for switching firmware, OpenWRT Wiki has details for TFTP flashing. v1 even supports Gargoyle (user-friendly OpenWRT), but that's based on quite old OpenWRT versions, so vanilla OpenWRT 19.07.7 is recommended.
If you need more speed and you're willing to take the risk, it should be possible to compile OpenWRT with overclocking patches. This can take your AR7161 from 680MHz to 800MHz (+18%), which might be helpful for better OpenVPN performance. Overclock at your own risk though!
None that is noticeable to me. Been running it for about a year and haven't had any real problems with the router or VPN. If you end up using Mullvad, here is one of the guides I used to set it up: