DD-WRT Firmware: How to Install It on a Compatible Router

What is DD-WRT

All home and professional routers incorporate firmware, it is their operating system to function properly. Some manufacturers have firmwares with very few configuration and customization options, this makes many users feel limited in software functionalities. Some manufacturers that have very advanced firmwares in their routers are ASUS with Asuswrt, AVM FRITZ! with its FRITZ! OS operating system, and also Synology with its SRM operating system. Unfortunately, not all manufacturers incorporate a large number of functionalities into their routers, ideal for making the most of the equipment’s hardware.

In those routers that do not have good firmware, with dozens of configuration options, you can install the DD-WRT firmware to have all the advanced options you can imagine. However, the downside is that not all routers support DD-WRT, either because the development team has not focused on them, or because their hardware is simply not supported by having private binaries. Therefore, DD-WRT is a very complete and advanced firmware, which is not always compatible with all routers, in fact, it is highly recommended that if you want to use DD-WRT, buy a router that appears in the list of compatible routers to not have unexpected problems.

What is this Linux based firmware for

The DD-WRT firmware will help us to “unlock” a large number of functionalities in our router. The firmware has the same advanced configuration options in all compatible routers, or at least almost the same options, because depending on the hardware, we will have some functionalities or others. This firmware will help us to have the maximum performance in the local network, whether wired or WiFi, we will also have very advanced functionalities such as QoS, VPN servers, RADIUS server for client authentication, and we can even install a BitTorrent client . Depending on the router hardware, we can install a greater number of services to make the most of it, although if the hardware is mid-range, then it is better not to use additional software such as the BitTorrent client because it needs large CPU and RAM resources in the router.

Key Features of DD-WRT Firmware

This firmware has a huge amount of advanced configuration options that can be configured through the graphical user interface, but we must also bear in mind that many of the more advanced options must be executed through the command line via SSH , and we can even program our own scripts to automate different actions at startup.

This firmware has the possibility of configuring the WAN in an advanced way, configuring VLANs facing the WAN to be compatible with the main FTTH operators in Spain, it also allows us to configure VLANs per port and even the triple VLAN of Movistar FTTH, but all this “manually”. The firmware supports it, but we must configure it internally with scripts because we do not have a Movistar profile as such. The firmware allows us to configure any type of connection, it allows us to put the DNS servers we want, and we can even configure the LAN with VLANs to correctly segment the home or professional local network. Of course, this router is compatible with IPv6 networks, incorporates a large number of compatible DDNS services to register, the possibility of cloning the MAC for the Internet WAN and even configuring the router in an advanced way.

Routers with DD-WRT can be configured as a gateway, but also as a router with IGP and EGP routing protocols, specifically, it supports both RIPv2 and OSPF as well as BGP, all of this in a very advanced way since we fully enter into routing . We can also configure bridges between different connections, perform interface bonding and much more.

In the wireless section we can configure an SSID for each frequency band (main), but then we can configure other SSIDs additionally with virtual interfaces, in addition, we can create an SSID in a specific subnet to isolate the wireless clients. Of course, we can modify the wireless security, channel widths, and many other typical options. The most interesting thing about the WiFi part is that we can configure WPA2-Enterprise, where we can authenticate wireless clients on a FreeRADIUS server, this router incorporates a FreeRADIUS server, so we will not have to install an external RADIUS, although we would also have this option .

As for the different services incorporated in this router, we have the possibility to configure the DHCP client, dnsmasq, configure the DNSSEC, the Encrypt DNS and many other options, we also have the FreeRADIUS service, PPPoE server, possibility of configuring PPTP VPN server and OpenVPN with all the advanced configuration options, it supports OpenVPN client and also SoftEthernet VPN. As for USB, we have a print server, a very advanced FTP server with all the configuration options we want, Samba server, DLNA server (Mini DLNA), Transmission client for BitTorrent and we can even create a RAID. Related to the WiFi network, we also have different captive portals to configure it as we want, in addition, it incorporates an advertising blocking system for the entire network or only for the equipment we want, and it even has a speed test integrated into it. router.

At the security level, we have a SPI firewall based on iptables that we can configure in detail, we also have access to the SSH server integrated into the router, predefined rules to mitigate DoS attacks that we may receive, and even VPN Passthrough. We also have a very advanced parental control system, the ability to configure NAT, open ports, and even configure the advanced QoS that we have available.

At the administration level, we can manage this router through HTTP, HTTPS, Telnet and SSH, although it is always advisable to manage it via HTTPS or SSH, which are secure protocols, in addition, we will have the possibility to program any type of script and define in it cron running them. Of course, we can configure the internal Sysctl of the router, execute commands through the router’s graphical interface, configure the Wake on LAN, restore it to factory settings, update the firmware and perform a complete backup of the router.

Install DD-WRT on a supported router

The DD-WRT firmware currently has great compatibility, both with very old, old and also current routers, although it normally takes months to provide compatibility with a certain router, this is due to private source code that manufacturers do not provide chipset.

The first thing we have to do if we want to install DD-WRT is to check if our router and router hardware revision is compatible. Normally manufacturers launch a specific router model, and later change a chipset inside, and have several versions of hardware for the same router model, this is also very important, because we could leave the router unusable if we install firmware that is not compatible with it.

To check if our router is compatible, we must enter the official DD-WRT website to enter the model or brand of our router.

For example, if we put the ASUS or D-Link router brand, we will get all the compatible models, and if it is compatible with a specific hardware revision. As you can see, we have compatibility with a large number of ASUS and D-Link routers, although we also have other brands such as TP-Link and more.

Depending on the router model to which we want to install DD-WRT, we must install a total of 2 firmwares, or only one. For example, in the case of the ASUS RT-AC87U router, we have a single firmware, we have to download it and then upload it to the router as if it were the official firmware. In the “Administration / Firmware” section, we must manually load the firmware, and wait for about 3 minutes until it is available.

In the case of the D-Link DIR-860L router, we must download the two firmwares provided by the official website. First we will have to flash the firmware called “factory-to-ddwrt” on the router, as if it were a normal firmware. Once flashed, we will have a “mini” DD-WRT installed, and once we have web access to the new DD-WRT firmware, then we will load the full firmware that we have downloaded.

Therefore, depending on the router that we have, we must do one operation or another:

• Install the new firmware as if it were from the manufacturer itself, and we will have the firmware fully installed.
• Install a “mini” firmware as if it were the manufacturer’s own, later we will have to install the full DD-WRT firmware, and once done, then we will have the firmware fully installed.

In the case of the ASUS RT-AC87U router that we have used, just go to the “Administration / Firmware Update” section, load the new DD-WRT firmware, wait about 3 minutes and then enter the administration via web at http://192.168.1.1

The first thing that the new firmware will tell us is that we assign a new admin password, this is totally necessary to be sure that nobody connects to our equipment.

Full firmware analysis

To access the new firmware, regardless of what you have previously configured in the original firmware of the router, you must do it via the web through http://192.168.1.1, later we can change the private IP address of the main subnet, and even enable the HTTPS protocol to connect safely. Once we are in the administration menu of the RT-AC87U router with the new DD-WRT firmware, we are going to do a complete tour of all the firmware menus, so that you can see the amount of available options that we have.

Firmware startup and key change

The first thing we will see when we enter the newly installed firmware is a menu to put a new administration password. Depending on the password you use, it will indicate that it is a strong or weak password, therefore, it would be recommended that it always have the best possible security.

Installation

In the main firmware menu, we can see the new improvements that have been incorporated, for example, we have a speed test integrated into the router, and also DNScrypt to make sure that all our DNS requests are encrypted and authenticated point-to-point. Just below, we will find all the information of our router, we can see the exact model, MAC address of the LAN, WAN and WiFi, as well as the main configurations made in the router and the services that we have running. We can also see the status of the WiFi network, available memory and much more.

In the “Basic Setup” section is where we will configure the Internet WAN, here we will have to configure the network correctly with our Internet operator, if it uses VLANs, then we will have to go to the “Switch Config” section to configure a VLAN ID facing the Internet WAN. We can also activate the IPv6 protocol with different configuration options, configure the DDNS service with multiple providers and also clone the MAC in the Internet WAN, or put the MAC that we want.

Other options available in “Setup” are the possibility of configuring the operating mode of the router, the normal thing is “Gateway” but we can also configure it in router mode, and even configure dynamic routing protocols for the interior gateway such as RIP or OSPF, and even BGP, therefore we have extensive configuration options available. We can also configure in detail the part of the WAN, LAN and WiFi ports, we can configure different VLANs in WAN, LAN and WiFi, interconnect them, isolate them or whatever we want. It is possible that with some very specific option we will have to edit internal firmware files, but for the vast majority of configurations, through the graphical user interface we will be able to do so.

We can also register new VLANs, create bridges and configure the Spanning-Tree Protocol, configure bonding and more, finally, we can configure VPN tunnels, with Mikrotik and with the WireGuard protocol. This will allow us to interconnect different routers to have Site-to-Site VPN.

Wireless

In the Wi-Fi section we can configure the two WiFi frequency bands, if we are using a simultaneous dual band router. In this menu we can configure all the following parameters:

• WiFi working mode: support AP and also WDS, and WDS + AP
• WiFi network name SSID
• Channel used
• Channel width
• Hide or show WiFi
• Configure Beamforming, Airtime Fairness
• Multiple-SSID

We can also configure the RADIUS, either internal or external, we can also configure any WiFi security protocol, enable MAC filtering, configure 2.4GHz and 5GHz WiFi networks in an advanced way with very specific parameters, possibility of configuring WDS in both bands , and even configure a certain SSID for a certain VLAN that we have created previously.

Services

The most interesting thing about this router in terms of services is the possibility of configuring a DNS server for clients, where we also have encrypted and private DNS with a provider such as Cloudflare. We can also configure an internal RADIUS server in the router, thanks to FreeRADIUS, in this way, we can authenticate wireless clients with username and password and with more secure protocols than the typical pre-shared key. We also have a PPPoE server, to provide us with connectivity to a PPPoE client.

This router has a PPTP type VPN server (it is not secure) and also OpenVPN with all the advanced configuration options, as for the VPN clients, we also have OpenVPN and SoftEther VPN.

If our router has a USB port, we will have the following services to make the most of it:

• Samba server
• FTP server
• DLNA media server with miniDLNA
• Print server
• Transmission Client for BitTorrent
• Configurations of the behavior of the hard disk in the router.

Other functionalities that DD-WRT offers us are the highly configurable captive portals, the possibility of having an advertising blocker at the network level so that we do not see advertising on any device, and even a speed test integrated into the firmware.

Security

How could it be otherwise, DD-WRT has a SPI firewall thanks to iptables, we can configure everything we want, and we even have the possibility of activating defense systems against brute force attacks to SSH services, Telnet, PPTP and also FTP. Of course, we have VPN Passthrough.

Access restrictions

In the “Access Restrictions” section we can configure parental control policies, if we want to deny Internet access to one or more PCs, configure the blocking of services etc.

NAT / QoS

In the NAT section we can see the status of all ports, open new ports, new port ranges, we can also configure Port Triggering, UPnP, DMZ, and finally, advanced QoS will allow us to prioritize traffic in detail to have the best quality of service.

Administration

In the administration section we can configure a robust administration password, we can also activate the HTTPS protocol, SSH server and we can even configure the cron to execute scripts every so often, possibility of configuring the sysctl in detail, execute any type of command, configure the WoL, restore the router to factory settings, update the firmware and make a backup of the configuration made.

State

In the «Status» section we can see the general status of the entire router, the status of the CPU, RAM, internal memory, router temperature, WAN status, LAN, WiFi, bandwidth and also the complete record of the router to detect problems.

As you have seen, installing the DD-WRT firmware on our router is really easy, and we will have hundreds of configuration options via the web with their administration, however, being based on Linux, we will be able to perform almost any configuration you imagine.

The most critical thing is to have a compatible router, and that our hardware version of the router is also compatible. We must not forget that, being an unofficial firmware, it is possible that some functions in our router do not work or do not work as expected, although the development team of this firmware continues with its development to improve the existing functionalities, and also new features.