Download OpenWrt Firmware
Open https://openwrt.org/toh/d-link/dir-882_a1#installation and select Firmware Install. At this step we need to download factory version.
Flash OpenWrt Firmware
- Connect to D-Link router through Ethernet cable.
- Power off the router
- Hold on the reset key and restart the router, release the reset key until you see the LED starts blinking.
- On the computer, manually assign a static IP address on the 192.168.0.xxx subnet, other than 192.168.0.1 (e.g. 192.168.0.2)
- Open a web browser and navigate to http://192.168.0.1
- Choose the firmware file you have downloaded previously and click on Upload.
- After the file has been uploaded, you should see a Device is upgrading the firmware message on the web browse
- The device will reboot automatically after the flashing process finishes
Configuration through OpenWrt LuCI web interface
- Change to DHCP mode after the router is restarted
- The gateway by default is http://192.168.1.1 without password
-
System > Administration
- change router admin password
-
SSH Access
- modify interface to LAN
- change SSH port to other
-
SSH Keys
-
past the content of your public key file. It will be a long
string starting with
ssh-rsa …
-
past the content of your public key file. It will be a long
string starting with
-
Network > Wireless > 2.4G AP & 5G AP
-
Device Configuration
- Advance Settings: modify country code
-
Interface Configuration
- General Setup: modify ESSID
-
Wireless Security
- Encryption: WPA2-PSK
- Cipher: Force CCMP
- Key: Your Wi-Fi Password
-
Advanced Settings
- uncheck Disassociate On Low Acknowledgement
- check Disable Inactivity Polling
- Time interval for rekeying GTK: 3600
-
Device Configuration
-
Network > Wireless > 5G AP > Device Configuration
-
Operating frequency
- Mode: AC
- Channel: 36
- Width 80mhz
-
Operating frequency
- Network > Wireless: Save & Apply
-
Network > Interface
- LAN > General Settings: modify IPv4 address to 192.168.0.1 if 192.168.1.1 as gateway has conflict with upstream
- WAN > Advanced Settings: unchecked Use DNS servers advertised by peer
- WAN > Advanced Settings: add and click + button for following DNS 1.1.1.1, 8.8.8.8, 8.8.4.4 in Use custom DNS servers
- Save & Apply
-
Network > Firewall > General Settings
-
Routing/NAT Offloading
- check Software flow offloading
- check Hardware flow offloading
- Save & Apply
-
Routing/NAT Offloading
-
Network > DHCP and DNS > Hostnames: add custom binding of
domain name to static IP for example blocking a website. You might
need to add two versions of mapping, one for IPv4 and one for IPv6.
- for blocking the domain it is recommended to use adblock
Configuration through OpenWrt SSH
Disabling password authentication
uci set dropbear.@dropbear[0].PasswordAuth="0"
uci set dropbear.@dropbear[0].RootPasswordAuth="0"
uci commit dropbear
/etc/init.d/dropbear restart
Obtain PPPoE Username & Password
The steps to obtain PPPoE will vary per country and operator. I’ve followed this tutorial.
Configure PPPoE
-
Network> Interfaces > Devices: Add device configuration
- Select VLAN (802.1q) as device type
- Select WAN as base device
- Introduce 20 in VLAN ID 20 (This configuration depends on the operator)
- uncheck “Enable IPv6”
- Save
- Save & apply
-
Network> Interfaces > Interface: click edit on WAN
configuration
- Change protocol to PPPoE
- Select Software VLAN wan.20 as device
- Introduce PPPoE username and password
- Save
- Save & apply
Adblock
- System > Software: Update lists
- System > Software: Search curl and install.
-
System > Software: Search
adblock
,luci-app-adblock
and install. -
Services > Adblock
-
General Settings
- enable force local DNS
- enable dns report
- Additional Settings > Download Utility: Select curl
- Edit Blacklist: add domain you want to block
-
General Settings
- Services > Adblock: Save & Apply
Other Utilities
- System > Software: Search htop and install.
You can also access router OS through SSH with
ssh root@192.168.0.1
and install the packages with
opkg
command. It is recommended to not upgrade
luci-*
packages, this package is web interface of router,
and it often generates conflict between the new version and old
version.
Upgrade Firmware
Go to
https://firmware-selector.openwrt.org/?version=22.03.2&target=ramips%2Fmt7621&id=dlink_dir-882-a1
and add luci
, luci-ssl
and any of your
packages, in my case are luci
, luci-ssl
,
curl
, adblock
,
luci-app-adblock
, htop
, click
Request Build, and download the
sysupgrade OpenWrt firmware and then enter System
> Backup/Flash Firmware to upload the bin file, it is
recommended to backup and export the configuration.
Benchmark
Wireless Speed Test
TX: Device - Wireless - Router
Install
iperf3
on OpenWrt and after than run iperf3 -s
. Then from a
client device connected to the network through wireless execute the
command
iperf3 -c <IP Address of Your OpenWrt Router> -p <iperf3
Server Port> -f m -t 30 -w 256k -P 4
.
TX: Device - Wireless - Router - Ethernet - Device
Install iperf3
on another device connected to the network
through Ethernet interface and then repeat the same testing again this
device. The reason we need to repeat the testing with this
configuration is because
your router might not be able to process the packets as consumer
efficiently but do switch packet quickly.
RX
Repeat the experiments but reverse the relationship of server and
client. You should now run iperf3 -s
in your device to
verify the download speed.
Map with a Free Domain
Verify NAT
First you need to confirm with your internet provider that your router doesn’t live behind a NAT or CGNAT. You can also manually verify this by checking your IP address when you search in Google and the IP address from OpenWrt GUI -> Network -> Interfaces -> WAN -> IPv4.
Create Domain
You can request a free domain with Duck DNS.
Keep the IP Address Up-to-Date
Expose Internal Service to Internet
From OpenWrt Luci GUI -> Network -> DHCP and DNS -> Static Leases, set your internal host with a static IP address so port forwarding can work.
Go to OpenWrt Luci GUI -> Network -> Firewall -> Port Forwards, then add rules to forward traffic from Internet to your internal host which lives inside of private network e.g. port forwarding to SSH server.
Reference
- Image formats
- D-Link Recovery GUI
- Canales wifi en la banda 5 GHz en España: Lo que nunca te han contado
- Todos los canales y bandas de frecuencias wifi legales en España en 2,4; 5 y 6 GHz
- ¿Es mejor un router wifi si tiene muchas antenas MIMO?
- When to Use 20mhz vs 40mhz vs 80mhz
- Wi-Fi Ping Spikes: Causes and Fixes
- Different Wi-Fi Protocols and Data Rates
- Edit /etc/hosts via WebUI