Teach your router new tricks with DD-WRT

With each passing year, hardware devices grow less dependent on proprietary components and more reliant on open source technologies. Network routers are among the main beneficiaries of this trend, especially those that can support a variety of third-party open source firmware projects. One variant, DD-WRT has become a common out-of-the-box option for many routers, but also exists in stand-alone implementations that can be placed on routers that support it. Hundreds of routers can run DD-WRT firmware, including nearly 100 Linksys models alone.

DD-WRT has a slightly convoluted history. In 2002, Linksys started releasing a variety of router, the WRT54G line, that used Linux as an embedded system. The company was eventually obliged to release the source code for those routers under the terms of the GPL. Another company, Sveasoft, picked up on the results and created its own third-party firmware (aka Alchemy). Eventually this work was turned into a commercial offering, which encouraged the folks at DD-WRT.com to launch their own branch of the project.

[ Also on InfoWorld: Bossie Awards 2011: The best open source software of the year | Follow the latest in open source developments and thinking with InfoWorld's Technology: Open Source newsletter. ]

The project was successful enough that DD-WRT has itself become the basis for other firmware created by router manufacturers themselves. Consequently, while DD-WRT has been released under the terms of the GPL, there are commercial builds of the firmware that incorporate much non-GPL code. It's therefore best to say that while DD-WRT has its roots in open source, it has a more commercial flavor than some of the projects in the same vein, such as the Tomato firmware or OpenWRT.

Why use DD-WRT?

For me, the single biggest reason to go with DD-WRT is the balance it strikes between convenience and openness. I can go out and buy a router that runs DD-WRT out of the box -- such as the Buffalo router I currently use -- and either upgrade it at my leisure to other builds of DD-WRT or rely on Buffalo's own official (albeit proprietary) builds.

In the past I've bought a router, upgraded it faithfully as new revisions to the router firmware come out, then ground my teeth in disgust when I discover, 18 months to two years later, it's suddenly no longer supported. This is dismaying, given the number of security flaws that have been found in consumer-level routers, not all of which are due to user misconfiguration. The only thing worse than no protection at all is a false sense of security, so I like the idea of using something that has at least a modicum of third-party oversight.

A full list of the features in DD-WRT would spill over to pages on end, but here's a rundown of the most significant stuff you'll likely use:

Firewall. Every router these days comes with a firewall, but the one included with DD-WRT is based on the iptables [5] firewall in Linux and, thus, is extremely powerful and configurable. You can edit the firewall through DD-WRT's own Web-based interface or use a tool like Firewall Builder to do most of the heavy lifting for you.

IPv6 support. With the world rapidly running out of IPv4 address space, it's nice to know your router can speak IPv6 natively if it has to. DD-WRT has native IPv6 functionality, as well as the 6to4 [8] address-translation system.

Quality-of-service controls. Most routers have some basic QoS management, but some of the DD-WRT builds (mainly the commercially available version) can give you more sophisticated QoS settings, allowing you to specify such items as maximum bandwidth per netmask or MAC address. UPnP media streaming is also included as a standard item on just about every DD-WRT build.

DNS controls. These include Dnsmasq, a local DNS server that speeds up host-name lookups, and support for dynamic DNS providers like TZO, No-IP, and DynDNS.

Afterburner. A speed-enhancement system supported by some wireless network devices based on the Broadcom chip set. You should use it only if your router and your other network hardware support it, or you'll actually see a net loss in performance.

Kai Daemon. This one's for gamers. It's a service to allow network tunneling for game consoles -- mainly Microsoft's Xbox -- so that they can connect to the XLink Kai gaming network.

Many DD-WRT functions are designed for using the router as a public-access hotspot. If you're setting up one of these in a business or residence, it's handy to have them in the box and not need to put them together by hand.

Client isolation. Wireless clients can see only the access point and not each other -- quite important if you want multiple people to share the same access point and not get into each other's shared files.

Sputnik Agent. An add-on that allows an access point manager to use the SputnikNet [14] remote-management system for controlling multiple access points from a single Web-based console. SputnikNet has both free and for-pay management tiers, depending on your needs.

Hotspot System. This appropriately named service lets you manage multiple locations, as well as the billing of clients who connect to your hotspot.

Wifidog [16]. Another access-point portal solution, Wifidog provides a broad range of options from simply displaying a splash page for users (for no-strings-attached access) to requiring actual purchase of access time.

ChilliSpot [17]. Yet another open source access controller for hotspots, ChilliSpot uses RADIUS authentication. Note that ChilliSpot is a legacy project that is no longer actively maintained, but is included with many DD-WRT builds as a backward-compatibility measure.

Some things are not included in every build of DD-WRT. OpenVPN [18], for instance, is limited to just a few builds. If you're using virtual private networks to connect to remote servers, you'll want one of the DD-WRT builds that includes OpenVPN [19], which lets you make VPN connections without needing client software on the PC connected to the router.

Finally, DD-WRT includes extensions to allow the truly adventurous to do things with their router that the manufacturer never intended -- adding external USB connectors or aftermarket memory card readers, for instance. Though beyond the realm of most ordinary users, they open up fascinating possibilities for the hard-core hacker.

Finding a suitable router and DD-WRT build

The first step to take if you want to make use of DD-WRT is to find a router that supports it, or determine whether or not a router you have access to can support it. This isn't terribly difficult, since the DD-WRT site contains a list of supported devices that's updated regularly. If you've had good results with a particular manufacturer in the past, look for its name on the list and pick a recent model.

My manufacturer of choice is Buffalo, and my current DD-WRT router is the WHR-HP-G300N [21], most recently given a DD-WRT update by Buffalo itself back in May 2011. Belkin, D-Link, Netgear, and Linksys also have DD-WRT routers in their lineup, as do a whole slew of smaller manufacturers you may or may not have had experience with, including Accton, Gateworks, and Rosewill.

The next step is to pick a specific model of router. DD-WRT routers fall into roughly two camps, based on the chip sets they use:

Routers built with the Broadcom chip set can use a slightly wider variety of DD-WRT builds (more on this below).

Routers built with the Atheros and Ralink chip sets use builds that are made specifically for the router model. For example, my Buffalo router is built on Atheros and needs a build made specifically for it by Buffalo, but with a little work you can replace it with an unbranded DD-WRT build.

Broadcom routers also use two different flavors of DD-WRT depending on their make:

The "normal" build, also referred to in DD-WRT's documentation as NEWD. This is the one to use for recently manufactured routers.

The VINT build, which uses an older wireless driver designed for earlier revisions of the Broadcom chip set -- specifically, the 4710 and 4712 CPUs.

DD-WRT also comes in a number of different "sizes," with various features included or omitted. The smaller builds allow routers with less flash memory to use DD-WRT, albeit at a loss of functionality. The "micro" build, for instance, is designed to fit in a 2MB flash space and, thus, omits IPv6, OpenVPN, and the firewall. The "standard" build, with the vast majority of features, requires 4MB; the "mega" build (everything plus the kitchen sink) requires 8MB.

If you're in doubt about which build to flash, check the supported device list in DD-WRT's wiki. Each entry in the list contains some instructions on how to flash and which firmware build to use.

Flashing a router with DD-WRT

If you've picked up a router preloaded with DD-WRT, find out which version of the DD-WRT firmware it's currently running and see if it needs updating. If you're using a router that has a DD-WRT build supplied by the manufacturer, look for an update from the manufacturer first. The manufacturer may have hardware-specific adaptations of DD-WRT that you can't find anywhere else, or (like Buffalo) it may have firmware that is encrypted and can run only on that router.

The exact way to check if you need an update varies between routers, but the short version goes something like this:

In the router's manual, look up how to access the router's properties/administration pages. This usually involves connecting to a local address (for example, 192.168.1.1) via a Web browser.

Look there for the revision number of the loaded firmware. This might be listed either as a build number (say, 14998), a date (May 25, 2011), or both at once.

Go to the router manufacturer's website and look up the download page for that exact model of router. Router manufacturers often use abominably confusing naming conventions, so read carefully and look for all the details you can. For instance, Actiontec's MI424WR router comes in three hardware flavors: revisions A, C, and D. The most definitive way to find out which router hardware you have to is to check the underside or the back, and look for a label that describes the model number.

Check the date on the firmware available for that router against the firmware already loaded. If the available firmware is newer than the preloaded firmware, it's time to upgrade.

The process for flashing a router with DD-WRT firmware will depend on whether the manufacturer supports DD-WRT directly. If so, you can simply download and flash the firmware they provide. The DD-WRT firmware's management page includes a Web interface for uploading and automatically flashing the router, so the process is little more than a couple of clicks. Just make sure you're feeding the router the correct firmware file. Also, if there's an option to reset the router to its default settings, use that to make sure no legacy settings are lingering and might create initialization problems.

If the manufacturer does not support DD-WRT, you'll need to look up your router in the DD-WRT wiki and hunt for specific instructions on how to do this. Here things can get complicated. Some devices require a "TFTP flash" technique, where you connect to the router via the network and use a Trivial File Transfer Protocol client to upload the firmware. Or consider the flashing directions for the D-Link DIR-615 Rev. C [26] router, which requires some hackwork involving a hex editor on the firmware image. Those who have no fear of a command line and can follow directions closely shouldn't have a problem with the more advanced flashing techniques. If you don't count yourself in that category, you're best off either getting a local guru to do it for you or, once again, dropping the money on a router that has DD-WRT out of the box.

Recovering from a bad flash

Occasionally, a flashing attempt goes bad, leaving the router "bricked" -- it seems to be starting up, but otherwise doesn't provide network access and the management pages are unreachable. Another common symptom: The power light on the front panel of the router flashes nonstop.

Fortunately, a flash problem is rare, and there are ways to recover from it. The first thing to do is try a hard reset, or a "30/30/30" as the DD-WRT folks call it:

Unplug the router from the network (but not the power) and hold the hardware reset button for 30 seconds.

Keep the reset button held down and remove the power cord for 30 seconds.

Plug the power back in and keep holding reset for 30 seconds.

Let go of the reset button and unplug the power one last time for a minute or so. Restore power.

This resets the router to its factory default state, which is sometimes needed to get it to boot properly after a flash. If that doesn't work, then you'll need to look into one of the more advanced recovery procedures listed on the DD-WRT wiki. These include recovering via TFTP (as mentioned above) or using a JTAG cable -- a physical cable connected directly to the router -- for repair. If that sounds hairy, it is. JTAG involves hardware hacking, so is probably best suited for the hardcore and those who have absolutely no other choice. A truly wizardly DD-WRT hacker may also add his own boot logic (such as Micro Redboot), especially if he plans on trying out a variety of different firmwares.

DD-WRT features and functions

1 2 Page
Join the discussion
Be the first to comment on this article. Our Commenting Policies