Firmware FAQ

From DD-WRT Wiki

Jump to: navigation, search


Contents

[edit] Before install

[edit] What does ____ mean?

See the Glossary. If you still don't know, search elsewhere on the internet or ask on the forums.

[edit] Is my router supported?

There are Wiki pages for Supported Devices and Known incompatible devices. Otherwise search the forums.

[edit] Which router should I buy?

This changes continuously, but here are some other good choices (as of October 2023):

One can also search on Amazon for DD-WRT compatible routers, just ensure to check them for compatibility against the Supported Devices page or the forum.

[edit] Where do I download firmware?

!!!! DO NOT USE THE ROUTER DATABASE !!!!

Unless you read, in a specific device wiki or a specific forum topic, specific initial flash instructions to use an older/very specific build for first time flashing you should always use the newest possible beta build (pay attention to factory-to-dd-wrt file names for first time flashing- where applicable in the folders).

  • The Router Database does NOT have newest recommended builds. Many of the recommended builds in the database are actually known to be very bad builds (40559 IS A BAD BUILD for many many routers). Always go to the appropriate hardware device forum and look at the recent build reports to see if you can find your router listed/reported. If not, the first recommendation by most moderators will be to use the latest available beta build. READ READ READ and use Search when in doubt. TL:DR IS NOT AN EXCUSE!

BUT NEVER EVER USE THE ROUTER DATABASE.

See Version Features feature differences (needs editing).

  • Atheros and Ralink routers use custom builds with a varying feature sets: do not ask for a different build
  • Note: Atheros and Ralink routers with 4mb flash will not have features like Hotspot or VPN (need >=8MB)

DD-WRT firmware builds are beta releases with no or limited hardware testing. Proceed with caution!

DD-WRT build locations:

Note: Read the relevant build thread on the forum to determine if that particular build is working. Use the correct chipset subforum (Broadcom, Atheros, etc.). The build threads are usually titled with: New Build - date and build number. Always read the newest build thread first. Example: NEW BS Build 11-16-2017-33772 which is a thread for Broadcom only. Atheros and other chipsets have their own respective subforums.

Step 1: Choose the year and build version, which signifies the latest SVN revision snapshot

Step 2: Choose the correct build folder:

  • Atheros, Ralink, and Marvel builds are in the router-named folders. Ensure you have the right version!
  • Broadcom ARM (and MIPS with NAND flash, ex: Netgear WNDR4500) routers also have named folders
  • Broadcom MIPS routers with NOR flash use one or more of the broadcom* folders
    • broadcom - kernel 2.4 builds for very old routers (ex: Linksys WRT54Gv5)
      • Builds with special in the name can authenticate with 802.11x in client mode (PEAP, TLS, etc.)
    • broadcom_K26 - kernel 2.6 builds for old routers, but many routers that run K26 can also run K3X (ex: Linksys E2500) with better USB support, and k3.10+ supports SFE accelerated NAT since 33006
      • Some routers can use k2.4 or k2.6, others can use k2.6 or k3.x, but many will brick on different versions
    • broadcom_K3X - kernel 3.x builds for newer Broadcom MIPS models with NOR flash (ex: Asus RT-N66U).
  • x86 and x64 (x86_64): see X86

Step 3: Download the correct file in the folder

  • Broadcom: always read the model's wiki page for details. For initial flash use the trailed build (with the model in the file name), except for special cases like nv60k versus nv64k differences, or micro build routers, especially those running VXworks OEM fimware that have special procedures to replace the CFE (bootloader). To upgrade, use the generic build (nv64k, nv60k, or neither). Note: a few models require TFTP upgrades.
  • Others: the factory-to-ddwrt file is to flash the router from OEM to DD-WRT. The webflash file is to upgrade when already running DD-WRT. Note, some models will only have a factory-to-ddwrt file and trailed build (with the model in the file name). In this case, use the trailed build to upgrade. Note: TP-Link and other manufacturers can have region-specific versions, US (United States), IL (Israel), RU (Russia), TW (Taiwan), and WW (or unspecified for World-Wide). If you are unsure about which file to flash it is better to search on the forums then risk bricking your router.

Step 4: See Supported_Devices, Installation instructions, the device model/version wiki, and the forums for router-specific instructions on how to flash your router, particularly for initial flash.

[edit] Kong builds (deprecated)

Kong stopped DD-WRT development and removed his repository in Jul 2019.
Kong builds were cryptographically signed to verify authenticity, tested on hardware before upload, could upgrade via the command line ddup tool, and had a bootstrap tool to install the opkg package manager for additional features. Since the original repository was removed, these features are no longer relevant. It is not recommended to use these builds.

[edit] What's the difference between generic, mini, micro DD-WRT versions?

See Version Features.

[edit] How do I access the router's settings?

The DD-WRT GUI can be accessed at [1] unless the LAN IP address was changed. For other third-party firmware, consult the respective website for it. If running OEM firmware, try [2] or [3], otherwise check [4] or consult the manufacturer documentation/website.

Another alternative is to check the DHCP-provided IP address assigned to the connected computer. Check the network or control panel settings to find the gateway address (e.g. 192.168.x.1). From a command line, run ipconfig in Windows, or for Linux use ip address or ifconfig (deprecated).

You can also attempt to obtain your router IP. For DD-WRT build 9707 (June 14, 2008) or older, the default login/password is root/admin. Newer builds will ask to set a user and password upon first GUI connection.

[edit] During install/upgrade

[edit] How do I install DD-WRT firmware?

Make sure you have a compatible router. Make sure you follow all the instructions, especially the part about resetting your router before flashing and in between each additional flash. See Installation.

[edit] How do I upgrade DD-WRT to a newer release?

See Upgrading to a Newer Version of DD-WRT.

It's always recommended that you reset to default settings before and after the flash. Then you should input your settings manually, not by uploading the config backup file! The backup file is only for restoring the settings to the same dd-wrt build and the same router.

[edit] How can I tell if my router is truly bricked?

Since this question involves many variables, we do not have an article for it yet. See Hard reset or 30/30/30 and Reset And Reboot. Reset your router to Factory Defaults first.

If the power light flashes on and off, then the firmware is messed up, but the router should be recoverable. The CPU must be running in order for the power light to be flashing, which tells you the hardware is probably not toasted yet. To test this, give your computer a static IP address of 192.168.1.x where x is between 2 and 254. Set the subnet mask to 255.255.255.0. Then ping 192.168.1.1. If you get replies, then your router is not dead.

It may also be possible that your router has a different IP address. If you do not know the address, you can attempt to obtain the router IP. Also, try pinging the router while it is booting. If you're able to get a reply for a short time, you should be able to reflash the firmware while the router is booting.

[edit] I think I've bricked my router!

There are a lot of variables in answering this question and we don't have articles to cover all the different situations. But, for now, search the wiki and the forums for more information, just to verify that it's truly bricked. See Recovering from a bad flash.

[edit] Why has http stopped working on my router after flashing DD-WRT?

Reset your router to Factory Defaults both before and after flashing the firmware. See Hard reset or 30/30/30 and Reset And Reboot.

Verify that the computer is on the same subnet as the router. The router's IP address is probably 192.168.1.1. Verify that the computer is set to dynamically receive its address if it's not statically set to 192.168.1.x. If your computer's IP address is 192.168.0.50, you may not be able to access the interface.

[edit] What Are Firmware or Factory Defaults?

DD-WRT firmware default settings (sometimes called factory defaults) are stored in NVRAM. For more information, see Factory Defaults.

[edit] How do I upgrade my firmware with TFTP?

Flashing with TFTP must not be seen as the standard procedure for flashing: only use it when specifically told to do so (for example in the specific instructions for flashing your brand or type of device). Normally, the GUI flashing method should be used; this should be adequate for standard situations. See Installation.

[edit] After install

[edit] What's the default username and password?

If you forgot your username or password, see Factory Defaults, Hard reset or 30/30/30 and Reset And Reboot.

Keep in mind, versions post-v24 SP1, so builds >24XXX, now require you to change the username and password on first boot. Telnet/SSH username is always root and the password is always the same as the GUI password.

NOTE: See Web Interface - Username and Password for information about valid password characters.

[edit] Why does my router hang when using P2P applications? (BitTorrent, eMule,...)

You probably need a little tuning. We have a page in the Wiki just for you: Router Slowdown

Look into QoS: Quality of Service

[edit] Why can't I obtain an IP address from the WAN side via DHCP?

If you have just updated the firmware, you probably need to reset the router. The router is reading the old settings, and getting hung-up (stuck). See Factory Defaults, Hard reset or 30/30/30 and Reset And Reboot. Unplug the power from both the router and the cable modem. Plug back in the cable modem first and wait until it is online. Then plug in your router. Does this help?

If not: Clone the MAC address from the old router/computer. Some ISPs have a MAC address registered for service on their end. Since these ISPs usually assign only one dynamic address at a time, you may need to release the IP assigned to the old router/computer to allow the DD-WRT router to get a new one. Now you may have an option to click the DHCP Release button and then turn off the MAC cloning.

[edit] Why can't I access the web configuration for my router?

If you have just updated the firmware, you probably need to reset the router! See Factory Defaults, Hard reset or 30/30/30 and Reset And Reboot.


If you've read the previous question and it didn't help, then your router's HTTP Daemon might not be running. See Web Interface: Regaining Access. Another problem that currently causes this is incorrect HTTP Redirector settings, found at "Administration" > "Hotspot". By default the HTTP Redirector is disabled. If you enabled the HTTP Redirector and you suspect you might have created a problem, see the fix on this page: HTTPRedirect

[edit] Why do I only get blank pages when I try to change a setting in the web interface and hit apply?

  • If you have just updated the firmware, you probably need to reset the router! See Factory Defaults, Hard reset or 30/30/30 and Reset And Reboot.
  • Sometimes the address bar shows http://routerip/apply.cgi, and no content displays. Simply wait a few seconds for the router to make the change take, and go back to the page you were on with by using browser history. Some changes also requiring waiting for several seconds while the router implements them.
  • Clear out your web browser's cache and/or try another browser.
  • This is really odd, but try turning off your firewall temporarily while you're updating the pages.
  • This could also be a result of incompatibilities with Firefox. Try switching to an alternative browser (e.g. Internet Explorer or Konqueror) for the WebUI Management.
  • If you're on a Mac, try getting Chromium (i.e. Google Chrome for Mac). Safari and FireFox may not work at times, however Chromium worked for all my needs (including reliable firmware upgrade via web interface).

[edit] Why can't I save any changes after flashing to DD-WRT?

There are multiple possibilities here.

  • If you have just updated the firmware, you probably need to reset the router! See previous question. See Factory Defaults, Hard reset or 30/30/30 and Reset And Reboot.
  • Clear out your web browser's cache and/or try another browser. (If Firefox does not work try IE)
  • If you're on a Mac, try getting Chromium (i.e. Google Chrome for Mac). Safari and FireFox may not work at times, however Chromium worked for all my needs (including reliable firmware upgrade via web interface).

[edit] How do I clear the NVRAM? Reset to factory/firmware defaults? Cold reboot?

See Factory Defaults, Hard reset or 30/30/30 and Reset And Reboot.

In general, resets are not needed. However, it might be necessary in these cases:

  • Before and after flash from OEM
  • After a flash when making large jumps in build versions
  • After a flash with a kernel version change (including within or outside of a build type)
  • An issue is found (to verify it isn't related to the nvram)
    • If an issue is found, provide log info (GUI syslog, `dmesg`, `cat /var/log/messages`).
    • For firewall issues, also provide "iptables" info (`iptables -L`, `iptables -t nat -L`, & the /tmp/.ipt file).

Note: The only reason to reset before a DD-WRT upgrade is if memory insufficient to download and flash the new firmware, or similarly, if almost out of nvram. Flashing to or from other third-party firmware is not recommended and may soft brick.

[edit] After upgrading to DD-WRT, my Internet doesn't work anymore!

  1. An IP address release and renew may be needed. For Windows users, use `ipconfig {release|renew}` or simply right-click the network connection and Repair or Troubleshoot.
  2. For DSL users, access the GUI at the router's network address (e.g. 192.168.1.1) and in Setup, the WAN type needs sets to PPPoE with the DSL account's login and password. Then click Apply at the bottom.
    • By default, DD-WRT firmware tries to acquire network information and a public IP via DHCP protocol over the router's WAN port. This primarily works with Cable Modem users.

[edit] Help! My Internet still does not work!

A problem for which there is no single common fix. Understanding some basics about networking, subnets, NAT, etc. would be in your best interest to troubleshoot this issue. You may need to call your Internet Service Provider (ISP) for settings that are particular to your connection. Some ISPs not using PPPoE expect the MAC address (hardware address) of the router to match that of your computer, especially when you used your computer without the router to setup everything initially. You may need to use the "Clone MAC Address" feature. Many Comcast users report needing to use the "Clone MAC Address" feature. If using PPPoE, make sure you use the correct username and password. For cable and satellite users, generally DHCP is the correct setting. For Comcast Cable users, be sure to disable STP. For users trying to share a dial-up connection, you'll need to read the Wiki article Sharing Dialup. At any rate, it's a near 99% chance that the problem is not your DD-WRT firmware, but instead a lack of understanding with networking.

[edit] Why aren't DHCP served IP addresses on LAN sequential (100, 101, ...)?

This is normal. DD-WRT uses DNSMasq and does not give sequentially ordered IP addresses. The addresses are calculated based on your computer's MAC address and "a variable". It's just a little different from the way the original Linksys firmware worked. You can disable this behavior by disabling "Use DNSMasq for DHCP" in the Basic Setup page (although it is not recommended, as you would need to change also your DNS address). For those who want the details about DHCP variable, it's calculated using something like [lease_start + [[mac_hash + variable] % lease_max]]. The "variable" changes whenever DNSMasq sees a conflict.

[edit] Why is there no jffs-space left? Why can't I write to directories other than /tmp?

The default DD-WRT file system is read-only, expect for nvram parameters and the available memory in /tmp.
JFFS needs a minimum amount of free space to function when enabled. Standard builds can use most of the 4MB+ flash space.

  • Use a nokaid (no XBOX support) or Mini version of DD-WRT instead. (NOR flash Broadcom only)
  • For some routers, it is possible to use (or add with modifictions) an SD card.
  • For USB routers, connect a USB flash drive. Formatting should be done on a computer (quicker), best to use ext2 or ext3, ntfs can be used depending on the build.
  • Also see forum thread: No space available even after enabling jffs

[edit] Why are LAN computers not shown in the local DHCP table, but are able to use network?

The lease table is cleared when the router is upgraded, unplugged, rebooted, and in situations where a config change requires a reboot. If your computer is already connected when this happens, it will remain connected but will not be in the lease table until the next time it tries to renew. You can disable this by enabling "Use NVRAM for client lease DB" on the Services page. This will store the lease database in the NVRAM.

[edit] What to do if you forget the password and you have SSH access to the router (using ssh pub key)?

You can clear the password in NVRAM by executing the following commands:

nvram set http_passwd=

nvram commit

After that you will be able to access the Web interface of your router without using a password. Don't forget to set a new password!

[edit] Why did the router reset its parameters to default values?

This problem affects Broadcom routers like Linksys WRT54Gx, Buffalo WHR-G54S, Asus WL-500 and others (Some with dual partitions revert to factory firmware, ex: Linksys EA8500). After a power cycle suddenly your setup is gone and the router restarts in its default and unsafe state. This seems to be caused by a CFE bug, but it looks that other firmwares with the same CFE do not have this problem. To minimize the risk of incurring in a revert, check the power supply mains connection and the DC plug, the contacts should be absolutely reliable. If you can, use UPS. It's also possible to flash a customized firmware, which reloads parameters when needed. It can be found here. Remember: flash the new firmware only with jffs enabled (check if /jffs/tmp exists)

[edit] Why aren't there any man (help) pages for the busybox linux commands?

For example, when using Putty (ssh), "Why doesn't 'man syslogd' provide any output?" Or "Why doesn't 'syslogd --help' provide any output, and instead, goes back to the shell prompt?" DD-WRT uses BusyBox, a stripped-down version of linux for embedded devices. There is not enough space inside the typical 2 or 4 megabytes of flash-rom to store additional help files. Please see http://linux.die.net/man/1/busybox to get a complete list of supported commands and their switches inside the busybox shell.

[edit] Wireless questions

[edit] What are the recommended wireless settings?

See Basic Wireless Settings and Advanced Wireless Settings. Qualcomm Atheros based routers, also take a look at Atheros Wireless Settings. If you are looking for settings specific to your router model (eg: TX power) please search the forums.

[edit] I'm having lots of TX (transmit) errors.

Try setting the ACK Timing to 0. If you have the transmit power turned up higher than 84 mW, turn it down to 84 mW. Other things that may contribute to a lower error rate: set beacon interval lower than the default of 100 (75, for example), use a different channel (aka frequency) for wireless (so not to clash with other 2.4 GHz devices). Use a better antenna than the stock antenna your device comes with, this actually helps you more than increasing output power as this option increases both output and sensitivity at the same time.


SEE THIS Wireless Packet Info - RX/TX Errors

[edit] How high should I set the transmit power on my router?

Somewhere around 84 mW is considered to be the best setting for maximum power with minimum noise for most hardware. Atheros units use dBm to measure transmit power, 30dBm is 1000mW, most routers will do 18-30 dBm. Default is usually correct. Use common sense and don't set the power higher than you really need to. If you're trying to get more range, consider using a different antenna and make sure you have a clear line of sight, two of the most critical factors in your router's range.

From a network security standpoint, the transmitter power level should be just enough to cover the intended area reliably. Optimal power settings can be determined by trial-and-error.

[edit] How can I increase my wireless range?

Many factors affect your range. What method you use to extend your range will depend on whether you are trying to increase the range inside a building or outside. Read the next two FAQs below.

Consider getting a good antenna and try setting up your wireless devices with a clear line of sight. Best range is achieved by using one directional parabolic dish or Yagi antenna and then disabling the other antenna on your router. For a cheap easy antenna option, try www.freeantennas.com. This site details how to make a directional antenna from household items which can result in 10 db or more in gain. For situations where you need omnidirectional distance instead of directional linking, be sure to use a good omnidirectional antenna and mount it high enough to broadcast signal in the area of focus. This is often 20 to 50 feet high, depending on the rated signal downturn of the antenna. This means how steep of an angle the donut of radiated signal is pitched down from the vertically-mounted antenna.

Also, try increasing your router's transmit power to 84 mW. DD-WRT also has settings for frame burst and afterburner. You may see an increase in range by turning these off. Note, the 5GHz band, and to an even greater extent the 60GHz band, have shorter range than the 2.4GHz band. In most cases the 2.4GHz signal will go twice as far as the 5GHz signal broadcast from the same router. This is due to the frequency and the ability to penetrate objects (2.4GHz is better at going through walls and other objects).

[edit] How can I increase range indoors?

Some buildings do not allow your signal to pass through very well. The usual reason for this is foil-clad plasterboard or insulation. In an effort to insulate buildings and keep heat in, new plasterboard is foil clad to reflect infrared energy back into the room. However this means you effectively have huge metal sheets stopping all radio waves, so mobile phones, baby monitors, audio radios, and WiFi will all have problems with signal. Doors and windows usually allow wireless to pass through nearly unaffected (unless the window has Low-E Coatings), so positioning your antennas so the signal lines up through these openings will help. Also, you need to consider using a proper ethernet cable between the points since the speed and reliability of this is far better. If you need wireless coverage, consider using more than one Access Point but wire them with a network cable rather than attempting WDS repeater mode, because for every in-line WDS-link, the bandwidth gets halved. Also, routers using RP-SMA (For example, Buffalo) and TNC (For example, Linksys WRT54Gx products) have a number of excellent 9 dB and 12 dB RP-TNC antennas available on eBay. A 9db antenna, meant for internal use [although it can be weatherized, otherwise must not be exposed to water!] can be purchased for about 11USD or 8.30€.

For transmission between floors, remember that the signal radiates away perpendicular from the antenna. This means that you can angle your signals up or down simply by angling the antennas, ideally so that both devices' antennas face each other on the same plane. For example, to broadcast directly upwards, point the length of the antennas used flat down. Also, on dual antenna routers, you can have one angled for upstairs and one for downstairs on the same device thereby giving each floor a targeted signal.

[edit] How can I increase range outdoors?

The most important thing for making your signal go far outside is height! The higher in the building (i.e. less obstructions - e.g. plant leaves containing water) you position your radio the further its signal will travel. Even a standard indoor unit with standard antennas can be used from 600 m (1,968 feet) away! To go farther you need to start using better antennas, the Access Point would work well with a 7 dB mounted just above roof height, this will give you a good 600 m (1,968 feet) to 1500 m (4,921 feet), it goes further in open areas and less far in built up areas. It's important to match the gain and height of your antenna to how far away you wish to receive your signal. You may end up picking up signals that you would be better off not being able to see. Also the use of too much height with a 12 dB antenna would mean your signal does not really come back to ground level for several kilometers past where you wish to use it. The effect of this is that it seems your signal is weak and does not go very far. This is an illusion: The signal could be going way over your head. A lesser gain antenna at a lower height would yield a far stronger local signal and immunity for interference from far away stray signals.

[edit] Why isn't WDS working?

See this page: WDS Linked router network

[edit] How do I read signal and noise ratings?

These numbers are given in decibels (dB) and are expressed as negative numbers. The more negative the number, the less strength it represents. Thus, -40 dB represents more strength than -70 dB. The values are logarithmic. A signal amplitude change of 3 dB is equivalent to a factor of two; 10 dB is a factor of ten.

Based on this Forum-post

Signal: (in dBm) A small negative number is good (-40 is good, -98 is bad)

Noise: (in dBm) A large negative number is good (-98 is good, -40 is terrible, -70 would be pretty bad in the real world)

SNR: (in dB) High is good (should be the same as difference between noise and signal, a difference of 20 would be great, a difference of 1 may barely work)


SNR(dB) = Signal(dBm) - Noise(dBm)

Signal Quality: High is good, somewhat like SNR but indexed to 100 with noise as the base, percentage of the best theoretical ideal quality in regards to your local-noise

Signal - Noise = SNR

-82 - -98 = 16


Signal / Noise * SNR = Signal Quality

-82 / -98 * 16 = 13.4%

Typically, noise will be -92 which means you should get a clean connection with a signal as low as -92. However, expecting to hold a good connection with a signal lower than -85 (e.g. -90), is expecting too much. The signal can be improved by -3 dB by doubling the power setting at the transmitting radio, e.g., 100 mW increased to 200 mW would improve your signal from -85 to -82. Antennas with increased gain will also help. Say you had the standard 3 dB antenna and changed it for a 12 dB antenna, that's a 9 dB increase, so your signal would increase from -82 to -73 which would be an excellent signal, probably capable of 54 Mbps. Using the term excellent in terms of running a WISP, it would probably be only 3 bars on a 5 bar signal strength meter. Don't worry if, as a WISP your signal quality is low, like 14%. It's not really a problem since -82 is considered acceptable.

[edit] How does the SNR impact the speed and range of my wireless connection?

SNR, range and speed (data rate) are tightly interdependent. Users often notice that higher data rates do not "travel" as far as lower data rates do - and frequently they think that increasing the power on the router will take the signal further (increase the range).

It is not the power of the router, it is Signal-to-Noise ratio (SNR) that dictates the data speed and the range of the signal. SNR determines which data rates can still be correctly decoded in a wireless connection - as data rates increase from 6 Mbps towards 54 Mbps, more complex modulation and encoding methods are used for transmission and that requires much higher SNR to properly decode the signal back to the data stream on the receiving side.

Using full 54 Mbps data rate requires at least 25 dB of SNR - and getting that much SNR is achievable only if router and client are relatively close together. As the signal travels further away from the transmitter, a path loss occurs (the signal gets attenuated) and SNR is getting lower and lower. Lower data rate transmissions can be decoded from much weaker signals (low SNR) and as a result the signal appears to travel further.

Increasing the power of the transmitter will often affect the listening side of the same device as well, affecting much higher noise levels (and worsening the SNR ratio). It is frequent occurrence with beginners to see their routers tweaked so they generate the highest possible wattage of signal, raising the floor of the noise as well - thus keeping the SNR at the same level, as if the router hadn't been tweaked at all.


Data Rate Minimum SNR Modulation/Encoding
6 Mbps 8 dB BPSK 1/2
9 Mbps 9 dB BPSK 3/4
12 Mbps 11 dB QPSK 1/2
18 Mbps 13 dB QPSK 3/4
24 Mbps 16 dB 16-QAM 1/2
36 Mbps 20 dB 16-QAM 3/4
48 Mbps 24 dB 64-QAM 2/3
54 Mbps 25 dB 64-QAM 3/4


[edit] What Wireless Security settings should I use at home?

For home or small network use, you probably won't have a RADIUS server ("enterprise"), so you'll be using pre-shared keys ("personal"), which use a common passphrase for the network. WPA2 + AES is the recommended choice for home networks.

Make sure your passphrase is sufficiently complex, e.g. at least five random words (such as from diceware).

See Wireless Security Settings for preferences.


If your network includes a RADIUS server, you can use the RADIUS versions of the above.

MAC address filtering can be bypassed by cloning the MAC of an approved device on the network. MAC address filtering is not a substitute for encryption because all data is sent in the clear. Always use encryption when possible.

If you're using GNU/Linux on your laptop, you might encounter some problems with your wireless card and/or encryption. If both pose a problem, simply search on Google for a list of well-supported wireless USB-sticks (with working WPA). If the only problem is WPA encryption (wpa_supplicant won't work), there is always the (admittably complicated) fallback option of using OpenVPN to establish a secure, encrypted wireless connection.

To keep intruders out, you can filter out your own MAC address and install an IDS as a first line of defense. Using traffic shaping should also help if you're only using your wireless network for browsing, email, etc.

[edit] See also

  • Tutorials Many Walk-Throughs for Different DD-WRT Configurations
  • Glossary Wireless Networking Terms and Definitions along with DD-WRT Feature explanations
  • Changelog Track the Developer's changes to the firmware.

[edit] External links