Naterrific Technology and Social Commentary.

The Ultimate DD-WRT Setup: Wireless Bridging, No-IP, and OpenDNS.

Summary:

For 99% of the population, the stock firmware that's included with wireless routers is just fine. For the remaining 1% of power-users, it just doesn't cut it. Whether it be increased signal range, a wireless mesh, or just the need to tweak settings under the hood, there's always a reason to want more from that commodity piece of hardware. The following guide will cover enabling No-IP, OpenDNS, and creating a bridged wireless network across your environment.

Enter DD-WRT:

DD-WRT is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.

The graphical user interface is logically structured, and it is operated via a standard Web browser, so even non-technicians can configure the system in only a few simple steps.

Apart from the simple handling, speed and stability are also in the focus of our development work. Compared to the software preinstalled on many WLAN routers, DD-WRT allows a reliable operation with a clearly larger functionality that also fulfills the demands of professional deployment.

In the following scenario, we're going to build a wireless bridge network that makes use of both No-IP and OpenDNS.

No-IP, OpenDNS, and DNS-O-Matic:

Your typical home Internet connection is DHCP and changes its IP address on a semi-regular basis. Again, this doesn't matter to 99% of the users. However, if you connect back home on a regular basis, it makes it impossible to find your host. No-IP allows your router to dynamically update a DNS name that always points back to the DHCP address, e.g. remote.example.org.

On the other hand, OpenDNS allows you to take back control of your DNS settings. DNS is the service that resolves names to IP addresses, e.g. remote.example.org to 192.168.1.10. The DNS service is typically handled by your ISP and results in advertising redirects, HTML injection, tracking, etc. OpenDNS allows you to control all aspects of your DNS settings, including some impress features like content filtering, malware detection, and phishing protection. Both No-IP and OpenDNS have free services. You'll need to create an account on each one for this tutorial.

There's one more service we'll use, courtesy of OpenDNS: DNS-O-Matic. It uses the same credentials as OpenDNS so there's no need to create a new account. DNS-O-Matic acts as a proxy to update both OpenDNS and No-IP all in one shot. This ensures that your DHCP address is always current with both services. After registering with both No-IP and OpenDNS, add both of the services to DNS-O-Matic. To summarize:

1. Create an account with No-IP and create a hostname, e.g. example.no-ip.org.
2. Create an account with OpenDNS and create a profile name, e.g. Home Public IP.
3. Finally, log into DNS-O-Matic using your OpenDNS credentials, and add both No-IP and OpenDNS as services to be automatically updated.

The Home Network:

In this example, the network will cover three floors with the Internet link being on the ground floor. I've got non-wireless electronics on all three floors that require a network drop, and I don't plan on running Cat6 all over the place. The design will look something like this:

The Wireless Hardware:

DD-WRT runs on a wide variety of commodity hardware. For this example we'll be using the Netgear WNDR3300. They can be found used and refurbished for around $50 each. It supports 802.11 A, B, G, N and has gigabit Ethernet ports. Not a bad deal and they're fully supported by DD-WRT. As we can see in the example, we'll be using 802.11 N for the wireless backplane, and gigabit Ethernet and 802.11 G for clients.

Installing DD-WRT:

The first step is replacing the default Netgear firmware with DD-WRT. The proper firmware images should be downloaded and saved to your desktop. You'll need the following files:

1. dd-wrt.v24_std-wndr3300.chk
2. dd-wrt.v24_std_generic.bin

Log into the DD-WRT router database and type in WNDR3300. The most recent versions of the files will be listed. It's usually recommended to use the latest development release. Even though it's listed as "development" it's actually quite stable.

Next, you'll need to replace the stock firmware with DD-WRT. Follow these steps, except using the latest firmware which is linked above. To summarize, you'll log into the Netgear WNDR3300, flash it with the first file, wait for it to reboot, and then flash it with the second file. At this point you'll have a fully-functioning DD-WRT installation. Repeat this process with all 3 APs listed in the example.

Helpful hint: visually label each AP with a name, e.g. AP1, AP2, and AP3. AP1 will be configured differently than the other two and it'll save headache down the road.

Configuring AP1:

AP1 is essentially the brains of the operation. It'll be acting as the primary router for the network and have both the 802.11 G and N radios active. You'll first connect to the web interface at http://192.168.1.1 and set both the username and password. After logging in, you'll see a basic dashboard of DD-WRT. We'll walk through each step of configuration.

1. Click on Setup -> Basic Setup. This sets the basic network settings.
   1. WAN Connection Type should be set to Automatic Configuration - DHCP.
   2. Router Name should be set to something unique, e.g. AP1.
   3. Router IP can be set to the IP range you'll be using. I'm a big fan of 10.0.0.0/8 since there's obviously a lot of space. In this example, we'll have the Local IP Address as 10.15.25.1 and the Subnet Mask as 255.255.255.0.
   4. At this point, click Save and Apply at the bottom to set the values for DHCP.
      Please note: You'll now need to reconnect to the router at http://10.15.25.1 instead of the previous address.
   5. DHCP Type should be set to DHCP Server and Enable.
   6. Set the Start Address as something slightly higher so you'll have static IPs when you need them. I'd recommend 10.15.25.25
   7. Make sure all of the options for DNSMasq and DHCP-Authoritative are checked.
   8. Under Time Settings, check Enable for the NTP Client and set the Server IP to pool.ntp.org
   9. Click Save and then Apply.
      
      
2. Click on Wireless -> Basic Settings. This sets the basic wireless settings.
   1. For Physical Interface wl0, set the following values:
      1. Wireless Mode is AP.
      2. Wireless Network Mode is NA-Only.
      3. Wireless Network Name is something unique that you'll remember, e.g. MyWireless-N. This name should be different than interface wl1.
      4. Wireless Channel is Auto.
      5. Channel Width is Auto.
      6. Wireless SSID Broadcast is Enable.
      7. Network Configuration is Bridged.
   2. For Physical Interface wl1, set the following values:
      1. Wireless Mode is AP.
      2. Wireless Network Mode is G-Only.
      3. Wireless Network Name is something unique that you'll remember, e.g. MyWireless-G. This name should be different than interface wl0.
      4. Wireless Channel is Auto.
      5. Wireless SSID Broadcast is Enable.
      6. Network Configuration is Bridged.
   3. Click Save and Apply Settings.
      
      
3. Click on Wireless -> Wireless Security. This sets the basic wireless security settings.
   1. The settings should be the same for both interfaces wl0 and wl1.
   2. Security Mode is WPA Personal.
   3. WPA Algorithms is TKIP.
   4. WPA Shared Key is a unique key you'll later use as a password. Set one and write it down.
   5. Click Save and Apply Settings.
4. Click on Services -> Services. Here you can set DD-WRT to use OpenDNS.
   1. Scroll down to DNSMasq.
   2. Set DNSMasq as Enable.
   3. Set Local DNS as Enable.
   4. Add the following under Additional DNSMasq Options:
      no-resolv
strict-order
server=208.67.222.222
server=208.67.222.220
   5. Click Save and Apply Settings.
      
      
5. Click on Setup -> DDNS. Here you can set DD-WRT to use DNS-O-Matic.
   1. Set DDNS Service as Custom.
   2. Set Do not use external ip check as No.
   3. Set DYNDNS Server as updates.dnsomatic.com .
   4. Set your User Name and Password as your OpenDNS credentials.
   5. Set Host Name as all.dnsomatic.com .
   6. Set URL as /nic/update? .
   7. Click Save and Apply Settings.

       

All done! AP1 is now configured to act as the primary access point for your network. Both OpenDNS and No-IP should be configured properly.

Configuring AP2 and AP3:

The next step is to configure AP2 and AP3 to act as client bridges to AP1. The process is the same for both AP2 and AP3, minus the IP and hostname. You will initially connect to each device at http://192.168.1.1.

1. Click on Setup -> Basic Setup. This sets the basic network settings.
   1. WAN Connection Type should be set to Disabled.
   2. Router Name should be set to something unique, e.g. AP2 or AP3.
   3. Router IP should be set to a static IP on the same subnet as AP1. In this example, we'll have the Local IP Address as 10.15.25.2 for AP2 and 10.15.25.3 for AP3. The Subnet Mask is 255.255.255.0.
   4. At this point, click Save and Apply at the bottom to set the values for DHCP.
      Please note: You'll now need to reconnect to the router at the IP address in the previous step.
   5. Under Time Settings, check Enable for the NTP Client and set the Server IP to pool.ntp.org
   6. Click Save and then Apply.
2. Click on Wireless -> Wireless Security.
   1. The settings should be the same for both interfaces wl0 and wl1.
   2. Security Mode is WPA Personal.
   3. WPA Algorithms is TKIP.
   4. WPA Shared Key is the password you specified for AP1.
   5. Click Save and Apply Settings.
3. Click on Security -> Firewall.
   1. Set SPI Firewall to Disable.
   2. Click Save and Apply Settings.
4. Click on Wireless -> Basic Settings.
   1. For Physical Interface wl0, set the following values:
      1. Wireless Mode is Client Bridge.
      2. Wireless Network Mode is NA-Only.
      3. Wireless Network Name is the value from AP1, e.g. MyWireless-N.
      4. Network Configuration is Bridged.
   2. For Physical Interface wl1, set the following values:
      1. Wireless Mode is Client Bridge.
      2. Wireless Network Mode is Disabled. We're only going to be using 802.11 N for the backplane.
      3. Wireless Network Name is the value from AP1, e.g. MyWireless-G.
      4. Network Configuration is Bridged.
   3. Click Save and Apply Settings.

Testing the Connection:

Plug your desktop or laptop into AP1 so you've got a network connection. You should be able to access the Internet. Once AP2 and AP3 have powered up, attempt to ping their IP addresses, e.g. ping 10.15.25.2 and ping 10.15.25.3. It might take a few seconds while the APs connect back to AP1. You should begin to receive an ICMP response.

In Conclusion:

That's it! Now AP2 and AP3 are joined to AP1. You can literally place AP2 or AP3 anywhere within wireless range of AP1. They'll act as switches connected directly back to AP1. It's completely transparent to anything that's connected. You can add additional APs following the exact same steps above.

On top of that, you can also enable port forwarding within DD-WRT. In combination with a dynamic DNS entry from No-IP, this will allow you to connect back to your network while on the road without having to remember your DHCP IP address.