I set up a DD-WRT router on Charter’s Spectrum broadband, and had a hard time getting it to work. It wouldn’t pull an IP address on the WAN side, or it would pull a 192.168 address rather than a Charter public address.
I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.
For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.
I’ve been using and recommending DD-WRT for years, but it’s getting harder to find inexpensive routers to run DD-WRT. Many inexpensive routers now use non-Broadcom chipsets that DD-WRT and other third-party firmware don’t support well, or at all.
But there’s still a way to get inexpensive, compatible routers that isn’t likely to change any time soon.
My neighbor asked me for advice on setting up wi-fi in his new house. I realized it’s been a while since I’ve written about wi-fi, and it’s never been cheaper or easier to blanket your house and yard with a good signal.
Blanketing your house and yard while remaining secure, though, is still important.
A good way to eliminate dead zones in your house where wifi doesn’t work is to add one or two wireless access points to your setup.
Access points, thankfully, are no longer stupid expensive–they used to cost twice as much as a router in spite of being nothing more than a cut-down router–but almost every access point I’ve looked at has one or more compromises built in. That said, if you want something you can plug in and configure by filling out three or four things, you might be willing to live with those compromises.
In 2003, Dan Geer called the combination of Microsoft’s market dominance and the flimsy security of its products a threat to national security.
Today, he’s calling the security holes in consumer routers a threat to critical infrastructure.
These two things are related in more ways than being utterances from the same person. These routers were designed to protect flimsy PCs from the horrors lurking on the Internet. In 2003, they were arguably adequate. But since 2003, Microsoft operating systems have improved dramatically from a security standpoint while routers have stood still. Many of them are still running on the same outdated Linux kernels and userspaces, just on newer, faster hardware. These routers are now less secure than the computers they are supposed to protect. This isn’t a knock on Linux; Linux has improved in the last 11 years too, but router makers generally haven’t incorporated those improvements. So these routers are easy to attack, easy to use to build botnets, and the user will never be the wiser since they keep the devices until they break. The only good news here is that many of them break after a year or two, and that’s supposed to be bad news.
I’ve said before how to eliminate wifi dead spots, but perhaps I didn’t give it the focus it deserves. I think almost everyone has wifi dead spots in their house that they would like to eliminate. It turns out you can do it, and it doesn’t have to cost a fortune either.
The idea is to supplement your existing router with one or two additional access points. Read more
I found a couple of old Linksys WRT54G routers and decided to load DD-WRT on them. The first one, an abandoned-by-Linksys WRT54GS model, gave me some trouble, which led me to buying a TP-Link unit to run DD-WRT on. The second unit, which was a vanilla WRT54G, still had firmware available on Linksys’ site, so the upgrade was somewhat straightforward–it went by the book, at least. I installed the latest Linksys firmware, then installed the DD-WRT mini build, then upgraded to the full build.
After getting DD-WRT running on it, I configured it to behave as an access point on channel 6. I was surprised at how strong the signal was. Years ago, I ran a pair of WRT54G routers, and they struggled to cover the house. It’s possible that was due to age, or perhaps I was getting too much interference from my neighbors since we were probably all running our wireless on the default channel in those days because none of us knew better.
As for my WRT54GS, when I tried to upgrade it, I got a nice message stating, “Upgrade are failed!” Nice. Too bad it didn’t add “All your base are belong to us.” That’s when I learned you need to install the last Linksys upgrade first, then upgrade from that. So I downloaded that from some forum, tried flashing that, and received the same message. So I set it aside, figuring I bricked the unit. A few days later, after getting the WRT54G running, I fired up the GS, visited its configuration page, and… found DD-WRT running on it! Upgrade are failed? More like all your upgrade are belong to ME.
In all honesty, I probably got lucky. It’s always best to go by the book on things like this.
The WRT54G is limited, of course, to 802.11b and 802.11g (54 megabits max) but as a complement to a more modern router, it still has a few tricks left. If you have one laying around, it won’t cost anything aside from about 30 minutes’ worth of effort to load DD-WRT on it and see what it can still do for you.
And if you don’t happen to have one laying around, it’s not hard to find a used WRT54G. I find them at estate sales, garage sales, and rummage sales pretty frequently because a lot of people set them aside when they either buy newer, faster routers or their ISP forces them into an all-in-one unit. Don’t pay too much for it, because it’s aging technology, but I’d say they’re worth grabbing for $5 or less.