1. Download OpenWrt Firmware
  2. Flash OpenWrt Firmware
  3. Configuration through OpenWrt LuCI web interface
  4. Configuration through OpenWrt SSH
    1. Disabling password authentication
  5. Obtain PPPoE Username & Password
  6. Configure PPPoE
  7. Adblock
  8. Other Utilities
  9. Upgrade Firmware
  10. Benchmark
    1. Wireless Speed Test
      1. TX: Device - Wireless - Router
      2. TX: Device - Wireless - Router - Ethernet - Device
      3. RX
  11. Map with a Free Domain
    1. Verify NAT
    2. Create Domain
    3. Keep the IP Address Up-to-Date
  12. Expose Internal Service to Internet
  13. Reference

Download OpenWrt Firmware

Open https://openwrt.org/toh/d-link/dir-882_a1#installation and select Firmware Install. At this step we need to download factory version.

Flash OpenWrt Firmware

  1. Connect to D-Link router through Ethernet cable.
  2. Power off the router
  3. Hold on the reset key and restart the router, release the reset key until you see the LED starts blinking.
  4. On the computer, manually assign a static IP address on the 192.168.0.xxx subnet, other than 192.168.0.1 (e.g. 192.168.0.2)
  5. Open a web browser and navigate to http://192.168.0.1
  6. Choose the firmware file you have downloaded previously and click on Upload.
  7. After the file has been uploaded, you should see a Device is upgrading the firmware message on the web browse
  8. The device will reboot automatically after the flashing process finishes

Configuration through OpenWrt LuCI web interface

  • Change to DHCP mode after the router is restarted
  • The gateway by default is http://192.168.1.1 without password
  • System > Administration
    • change router admin password
    • SSH Access
      • modify interface to LAN
      • change SSH port to other
    • SSH Keys
      • past the content of your public key file. It will be a long string starting with ssh-rsa …
  • Network > Wireless > 2.4G AP & 5G AP
    • Device Configuration
      • Advance Settings: modify country code
    • Interface Configuration
      • General Setup: modify ESSID
      • Wireless Security
        • Encryption: WPA2-PSK
        • Cipher: Force CCMP
        • Key: Your Wi-Fi Password
      • Advanced Settings
        • uncheck Disassociate On Low Acknowledgement
        • check Disable Inactivity Polling
        • Time interval for rekeying GTK: 3600
  • Network > Wireless > 5G AP > Device Configuration
    • Operating frequency
      • Mode: AC
      • Channel: 36
      • Width 80mhz
  • Network > Wireless: Save & Apply
  • Network > Interface
    1. LAN > General Settings: modify IPv4 address to 192.168.0.1 if 192.168.1.1 as gateway has conflict with upstream
    2. WAN > Advanced Settings: unchecked Use DNS servers advertised by peer
    3. WAN > Advanced Settings: add and click + button for following DNS 1.1.1.1, 8.8.8.8, 8.8.4.4 in Use custom DNS servers
    4. Save & Apply
  • Network > Firewall > General Settings
    1. Routing/NAT Offloading
      • check Software flow offloading
      • check Hardware flow offloading
    2. Save & Apply
  • Network > DHCP and DNS > Hostnames: add custom binding of domain name to static IP for example blocking a website. You might need to add two versions of mapping, one for IPv4 and one for IPv6.
    • for blocking the domain it is recommended to use adblock

Configuration through OpenWrt SSH

Disabling password authentication 

uci set dropbear.@dropbear[0].PasswordAuth="0"
uci set dropbear.@dropbear[0].RootPasswordAuth="0"
uci commit dropbear
/etc/init.d/dropbear restart

Obtain PPPoE Username & Password

The steps to obtain PPPoE will vary per country and operator. I’ve followed this tutorial.

Configure PPPoE

  1. Network> Interfaces > Devices: Add device configuration
    1. Select VLAN (802.1q) as device type
    2. Select WAN as base device
    3. Introduce 20 in VLAN ID 20 (This configuration depends on the operator)
    4. uncheck “Enable IPv6”
    5. Save
    6. Save & apply
  2. Network> Interfaces > Interface: click edit on WAN configuration
    1. Change protocol to PPPoE
    2. Select Software VLAN wan.20 as device
    3. Introduce PPPoE username and password
    4. Save
    5. Save & apply

Adblock

  • System > Software: Update lists
  • System > Software: Search curl and install.
  • System > Software: Search adblock, luci-app-adblock and install.
  • Services > Adblock > Additional Settings > Download Utility: Select curl
  • Services > Edit Blacklist: add domain you want to block
  • Services > Adblock: Save & Apply

Other Utilities

  • System > Software: Search htop and install.

You can also access router OS through SSH with ssh root@192.168.0.1 and install the packages with opkg command. It is recommended to not upgrade luci-* packages, this package is web interface of router, and it often generates conflict between the new version and old version.

Upgrade Firmware

Go to https://firmware-selector.openwrt.org/?version=22.03.2&target=ramips%2Fmt7621&id=dlink_dir-882-a1 and add luci, luci-ssl and any of your packages, in my case are luci, luci-ssl, curl, adblock, luci-app-adblock, htop, click Request Build, and download the sysupgrade OpenWrt firmware and then enter System > Backup/Flash Firmware to upload the bin file, it is recommended to backup and export the configuration.

Benchmark

Wireless Speed Test

TX: Device - Wireless - Router

Install iperf3 on OpenWrt and after than run iperf3 -s. Then from a client device connected to the network through wireless execute the command iperf3 -c <IP Address of Your OpenWrt Router> -p <iperf3 Server Port> -f m -t 30 -w 256k -P 4.

TX: Device - Wireless - Router - Ethernet - Device

Install iperf3 on another device connected to the network through Ethernet interface and then repeat the same testing again this device. The reason we need to repeat the testing with this configuration is because your router might not be able to process the packets as consumer efficiently but do switch packet quickly.

RX

Repeat the experiments but reverse the relationship of server and client. You should now run iperf3 -s in your device to verify the download speed.

Map with a Free Domain

Verify NAT

First you need to confirm with your internet provider that your router doesn’t live behind a NAT or CGNAT. You can also manually verify this by checking your IP address when you search in Google and the IP address from OpenWrt GUI -> Network -> Interfaces -> WAN -> IPv4.

Create Domain

You can request a free domain with Duck DNS.

Keep the IP Address Up-to-Date

Expose Internal Service to Internet

From OpenWrt Luci GUI -> Network -> DHCP and DNS -> Static Leases, set your internal host with a static IP address so port forwarding can work.

Go to OpenWrt Luci GUI -> Network -> Firewall -> Port Forwards, then add rules to forward traffic from Internet to your internal host which lives inside of private network e.g. port forwarding to SSH server.

Reference