This will be a terse and succinct guide on how to install and setup DD-WRT client on your Netgear WNDR 3800 router / access point.
It worked for me, it’s not guaranteed it will work for you. Continue at own risk.
Oh, and use a cable into the LAN ports. It will make the process much more simpler.
The router will be flashed, and all settings will be gone anyways. It’s better to have factory defaults and have a smaller chance of bricking the device with default settings.
Press the reset pinhole with a needle or something other thin device and keep it pressed for 5 seconds, until the power light starts blinking amber / orange.
Download the 220.127.116.11 firmware from Netgear. It’s the last known firmware allowing flashing with a non-signed image.
Have a look at the folder in the betas section. Go to the latest year, and then the latest month. Locate
netgear-wndr3800 in the list and download
Open the management interface of your router, it should be at 192.168.1.1. Default credentials are
Open Administration -> Firmware Upgrade -> Choose file.
Select the downloaded image (
wndr3800-factory.img), and install it.
After about 5 minutes the process should be completed. Do NOT power cycle the device. Doing so will probably brick it.
For some reason, the DD-WRT defaults to start the WiFi radio without any encryption. With the cable still connected to the LAN ports, open the management interface at 192.168.1.1. At the first screen, you’re able to set the username and password you’ll use to log on later. Do not forget either the username or password. The only way to recover is to reset the device.
Under Wireless -> Basic Settings, set the access point names you’d like.
Under Wireless -> Wireless Security set the security options you prefer.
WPA2 Personal with
AES algorithm is a sufficient setup, until
WPA3 becomes available during 2019-2020.
Usually the router will run the OpenVPN server, but in this case I was travelling and needed a safe connection. The advantage is that every device connecting through the WiFi router won’t have to have OpenVPN installed and configured. It’s only necessary to configure one client, the WiFi router.
OpenVPN client will run on the router, connecting to another OpenVPN server running on a Linux box elsewhere.
For veracity, the instructions on how to add a new client to an existing OpenVPN server running on Gentoo Linux are as follows (for my system):
It is possible to run multiple OpenVPN services under Gentoo, and as such, they have their own names. To simplify, I’m using the variable
$vpn for this.
$ export vpn="vpn"
$ cd /etc/openvpn/$vpn/easy-rsa $ source vars NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/vpn/easy-rsa/keys $ ./build-key routerclient
At this point, you’ll be filling out a certificate for your own use. Answer the questions.
Configuring OpenVPN on the router is pretty straight forward if you’ve configured any OpenVPN clients and server before.
Most of the settings are self-explainatory. It’s important the client settings are identical to the server settings.
If you’re using a static key file, most commonly called
ta.key with configuration option
tls-auth, the advanced settings have to be enabled and the contents of
ta.key must be pasted into the field
TLS Auth Key.
|Config option||Usual filename||DD-WRT OpenVPN GUI Option||Starts with|
||Public Client Cert||
||Private Client Key||
If there are additional options not covered by the GUI, they go into Additional Config. Custom values for
rcvbuf goes there.
One final option.
NAT must be enabled if you’re going to connect to anything behind the VPN.
Press Save, and then Apply. Hopefully it will connect to your OpenVPN server.