OpenWrt Installation and Configuration on D-LINK DIR-882-A1

Author: Gao Date: 2022-10-30
openwrt network router hard router
OpenWrt Installation and Configuration on D-LINK DIR-882-A1
  1. Download OpenWrt Firmware
  2. Flash OpenWrt Firmware
  3. Configuration through OpenWrt LuCI web interface
  4. Configuration through OpenWrt SSH
    1. Disabling password authentication
  5. Obtain PPPoE Username & Password
  6. Configure PPPoE
  7. Install Adblock
  8. Other Utilities
  9. Upgrade Firmware
  10. Benchmark
    1. Wireless Speed Test
      1. TX: Device - Wireless - Router
      2. TX: Device - Wireless - Router - Ethernet - Device
      3. RX
  11. Map with a Free Domain
    1. Verify NAT
    2. Create Domain
    3. Keep the IP Address Up-to-Date
  12. Expose Internal Service to Internet
  13. Reference

Download OpenWrt Firmware

Open https://openwrt.org/toh/d-link/dir-882_a1#installation and select Firmware Install. At this step we need to download factory version.

Flash OpenWrt Firmware

  1. Connect to D-Link router through Ethernet cable.
  2. Power off the router
  3. Hold on the reset key and restart the router, release the reset key until you see the LED starts blinking.
  4. On the computer, manually assign a static IP address on the 192.168.0.xxx subnet, other than 192.168.0.1 (e.g. 192.168.0.2)
  5. Open a web browser and navigate to http://192.168.0.1
  6. Choose the firmware file you have downloaded previously and click on Upload.
  7. After the file has been uploaded, you should see a Device is upgrading the firmware message on the web browse
  8. The device will reboot automatically after the flashing process finishes

Configuration through OpenWrt LuCI web interface

  • Change to DHCP mode after the router is restarted
  • The gateway by default is http://192.168.1.1 without password
  • System
    • Administration
      • change router admin password
      • modify interface of SSH access to LAN
      • SSH Keys
        • past the content of your public key file. It will be a long string starting with ssh-rsa …
  • Network > Wireless > 2.4G AP & 5G AP
    • Device Configuration
      • Advance Settings: modify country code
    • Interface Configuration
      • General Setup: modify ESSID
      • Wireless Security
        • Encryption: WPA2-PSK
        • Cipher: Force CCMP
        • Key: Your Wi-Fi Password
      • Advanced Settings
        • uncheck Disassociate On Low Acknowledgement
        • check Disable Inactivity Polling
        • Time interval for rekeying GTK: 3600
  • Network > Wireless > 5G AP > Device Configuration
    • Operating frequency
      • Mode: AC
      • Channel: 36
      • Width 80mhz
  • Network > Wireless: Save & Apply
  • Network > Interface: modify gateway to 192.168.0.1 if 192.168.1.1 has conflict with upstream
  • Network > Interface: Save & Apply
  • Network > Firewall > General Settings
    1. Routing/NAT Offloading
      • check Software flow offloading
      • check Hardware flow offloading
    2. Save & Apply

Configuration through OpenWrt SSH

Disabling password authentication

uci set dropbear.@dropbear[0].PasswordAuth="0"
uci set dropbear.@dropbear[0].RootPasswordAuth="0"
uci commit dropbear
/etc/init.d/dropbear restart

Obtain PPPoE Username & Password

The steps to obtain PPPoE will vary per country and operator. I’ve followed this tutorial.

Configure PPPoE

  1. Network> Interfaces > Devices: Add device configuration
    1. Select VLAN (802.1q) as device type
    2. Select WAN as base device
    3. Introduce 20 in VLAN ID 20 (This configuration depends on the operator)
    4. uncheck “Enable IPv6”
    5. Save
    6. Save & apply
  2. Network> Interfaces > Interface: click edit on WAN configuration
    1. Change protocol to PPPoE
    2. Select Software VLAN wan.20 as device
    3. Introduce PPPoE username and password
    4. Save
    5. Save & apply

Install Adblock

  • System > Software: Update lists
  • System > Software: Search curl and install.
  • System > Software: Search adblock, luci-app-adblock and install.
  • Services > Adblock > Additional Settings > Download Utility: Select curl
  • Services > Adblock: Save & Apply

Other Utilities

  • System > Software: Search htop and install.

You can also access router OS through SSH with ssh root@192.168.0.1 and install the packages with opkg command. It is recommended to not upgrade luci-* packages, this package is web interface of router, and it often generates conflict between the new version and old version.

Upgrade Firmware

Go to https://firmware-selector.openwrt.org/?version=22.03.2&target=ramips%2Fmt7621&id=dlink_dir-882-a1 and add luci, luci-ssl and any of your packages, in my case are luci, luci-ssl, curl, adblock, luci-app-adblock, htop, click Request Build, and download the sysupgrade OpenWrt firmware and then enter System > Backup/Flash Firmware to upload the bin file, it is recommended to backup and export the configuration.

Benchmark

Wireless Speed Test

TX: Device - Wireless - Router

Install iperf3 on OpenWrt and after than run iperf3 -s. Then from a client device connected to the network through wireless execute the command iperf3 -c <IP Address of Your OpenWrt Router> -p <iperf3 Server Port> -f m -t 30 -w 256k -P 4.

TX: Device - Wireless - Router - Ethernet - Device

Install iperf3 on another device connected to the network through Ethernet interface and then repeat the same testing again this device. The reason we need to repeat the testing with this configuration is because your router might not be able to process the packets as consumer efficiently but do switch packet quickly.

RX

Repeat the experiments but reverse the relationship of server and client. You should now run iperf3 -s in your device to verify the download speed.

Map with a Free Domain

Verify NAT

First you need to confirm with your internet provider that your router doesn’t live behind a NAT or CGNAT. You can also manually verify this by checking your IP address when you search in Google and the IP address from OpenWrt GUI -> Network -> Interfaces -> WAN -> IPv4.

Create Domain

You can request a free domain with Duck DNS.

Keep the IP Address Up-to-Date

Expose Internal Service to Internet

From OpenWrt Luci GUI -> Network -> DHCP and DNS -> Static Leases, set your internal host with a static IP address so port forwarding can work.

Go to OpenWrt Luci GUI -> Network -> Firewall -> Port Forwards, then add rules to forward traffic from Internet to your internal host which lives inside of private network e.g. port forwarding to SSH server.

Reference