This will be a terse and succinct guide on how to install and setup DD-WRT client on your Netgear WNDR 3800 router / access point.
It worked for me, it’s not guaranteed it will work for you. Continue at own risk.
Oh, and use a cable into the LAN ports. It will make the process much more simpler.
The router will be flashed, and all settings will be gone anyways. It’s better to have factory defaults and have a smaller chance of bricking the device with default settings.
Press the reset pinhole with a needle or something other thin device and keep it pressed for 5 seconds, until the power light starts blinking amber / orange.
Download the 1.0.0.16 firmware from Netgear. It’s the last known firmware allowing flashing with a non-signed image.
Have a look at the folder in the betas section. Go to the latest year, and then the latest month. Locate netgear-wndr3800
in the list and download wndr3800-factory.img
.
Open the management interface of your router, it should be at 192.168.1.1. Default credentials are admin
and password
.
Open Administration -> Firmware Upgrade -> Choose file.
Select the downloaded image (wndr3800-factory.img
), and install it.
After about 5 minutes the process should be completed. Do NOT power cycle the device. Doing so will probably brick it.
For some reason, the DD-WRT defaults to start the WiFi radio without any encryption. With the cable still connected to the LAN ports, open the management interface at 192.168.1.1. At the first screen, you’re able to set the username and password you’ll use to log on later. Do not forget either the username or password. The only way to recover is to reset the device.
Under Wireless -> Basic Settings, set the access point names you’d like.
Under Wireless -> Wireless Security set the security options you prefer. WPA2 Personal
with AES
algorithm is a sufficient setup, until WPA3
becomes available during 2019-2020.
Usually the router will run the OpenVPN server, but in this case I was travelling and needed a safe connection. The advantage is that every device connecting through the WiFi router won’t have to have OpenVPN installed and configured. It’s only necessary to configure one client, the WiFi router.
OpenVPN client will run on the router, connecting to another OpenVPN server running on a Linux box elsewhere.
For veracity, the instructions on how to add a new client to an existing OpenVPN server running on Gentoo Linux are as follows (for my system):
It is possible to run multiple OpenVPN services under Gentoo, and as such, they have their own names. To simplify, I’m using the variable $vpn
for this.
$ export vpn="vpn"
$ cd /etc/openvpn/$vpn/easy-rsa
$ source vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/vpn/easy-rsa/keys
$ ./build-key routerclient
At this point, you’ll be filling out a certificate for your own use. Answer the questions.
Configuring OpenVPN on the router is pretty straight forward if you’ve configured any OpenVPN clients and server before.
Most of the settings are self-explainatory. It’s important the client settings are identical to the server settings.
local
and port
.TUN
or TAP
). Config dev
.proto
.If you’re using a static key file, most commonly called ta.key
with configuration option tls-auth
, the advanced settings have to be enabled and the contents of ta.key
must be pasted into the field TLS Auth Key
.
Config option | Usual filename | DD-WRT OpenVPN GUI Option | Starts with |
---|---|---|---|
tls-auth |
ta.key |
TLS-Auth | -----BEGIN OpenVPN Static key V1----- |
ca |
ca.crt |
CA Cert | -----BEGIN CERTIFICATE----- |
cert |
$vpn.crt |
Public Client Cert | -----BEGIN CERTIFICATE----- |
key |
$vpn.key |
Private Client Key | -----BEGIN PRIVATE KEY----- |
If there are additional options not covered by the GUI, they go into Additional Config. Custom values for sndbuf
and rcvbuf
goes there.
One final option. NAT
must be enabled if you’re going to connect to anything behind the VPN.
Press Save, and then Apply. Hopefully it will connect to your OpenVPN server.