Router firmware

Notes for setting custom open source firmware on my router.

dd-wrt

My current firmware

1. Follow device specific instructions for flashing dd-wrt. Use dd-wrt forum to find stable versions for the router (search specifically for the model number and look at comments - takes a while 😓)

2. Setup secure management username, password.

3. Setup wifi:

   • Setup same names for both 2.4G and 5G, most devices seem to be able to pick and use the fastest one when required¹
   • Setup WPA2-PSK with 128 AES for encryption and setup a key (for both).
   • Setup a Virtual interface for guest wifi. Use the 2.4 GHz channel for this, make it unbridged, add in its own own ip subnet, and switch on net, AP isolation.²
   • Setup a DNS server for the guest wifi. Networking → DHCPD → add a server for the guest interface (ip subnet will be automatically added).

4. Setup local domain so that hosts can be connected using hostnames.

   • Setup router name and router hostname @ Setup → Basic setup.
   • Setup local domain @ Services → Services → DHCP Setup. Set Used domain to LAN & WLAN, and set LAN domain to ‘home’.
   • Optionally, disable No DNS rebind (@ Services → Services → Dnsmaq infrastructure).
   • The router administration page should now be accessible at (router-hostname.home)

5. Add subdomains for self-hosted services in Services → Services → Dnsmasq Infrastructure → Additional Options.

   address=/mail.mydomain.home/feed.mydomain.home/192.168.1.191

6. Setup wireguard client and route traffic to VPN server. To do this, I followed this guide from this forum post (local copy here. The easiest approach is to basically just import wireguard config from protonvpn (or other vpn service) and adjust some settings. I typically set the source to Route selected sources through VPN and provide ip subnets for this.³ If the persistent keepalive is not set, I set it to 25 or 26.

7. Setup dynamic DNS so that I can VPN onto your router without an ip address (especially if you wan ip address changes once in a while). Register for a free dynamic dns service (I currently use https://freedns.afraid.org/), and create a subdomain linking to your router wan ip.⁴ Go to Setup → DDNS → pick service → will username, domain etc → save settings. The router will automatically update the ip linked to the hostname when wan ip changes.

8. Setup wireguard server so that I can VPN into my home network. To do this, I follow this excellent guide from this forum post (local copy here).⁵ I followed the guide verbatim and then connect from my phone or computer to check if it is working well.

   • I use the excellent wg-tunnel for wireguard vpn on android.
   • I use the offical wireguard application for macos and iphone

Footnotes

1. Used this superuser page and this tomshardware page as reference ↩

2. Used this dd-wrt wiki page as reference ↩

3. Used subnet calculator and subnet cheatsheet as reference ↩

4. For https://freedns.afraid.org/, create an account → subdomains → create a ‘A’ subdomain linked to your wan ip and you are set. ↩

5. Note: if I add the ip subnet to the wireguard client tunnel, I can vpn into my router, access home network and connect to internet through the output vpn connection. ↩