Thanks to visit codestin.com
Credit goes to github.com

Skip to content
/ dd-wrt Public

My home DD-WRT configuration for privacy, security, and performance.

License

MIT license
19 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

collinbarrett/dd-wrt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
vpn-refresh.sh
vpn-refresh.sh
 
 

Repository files navigation

DD-WRT Configuration

My home DD-WRT configuration for privacy, security, and performance. Documenting mostly so I can remember my preferred settings whenever I update/reset the router.

All settings are kept as default unless otherwise noted below. Sensitive information is annotated with "{REDACTED}".

Current Router

Current DD-WRT Build

3rd-Party Services

Configuration

Setup

Basic Setup

WAN Setup
WAN Connection Type
  • Ignore WAN DNS: 1
Network Setup
Dynamic Host Configuration Protocol (DHCP)
  • Forced DNS Redirection: 2
  • Forced DNS Redirection DoT: 2
NTP Client Settings
  • Time Zone: {REDACTED}

Tunnels

  1. Import Configuration from ProtonVPN
  2. Configure
    • DNS Servers via Tunnel: {empty}
    • Kill Switch: 1
    • Allow Clients WAN Access: {unchecked}1
    • Source Routing (PBR): Route Selected sources via WAN1
    • Source for PBR: 192.168.1.631
    • Watchdog: Enable1
      • Server IP / Name: 1.1.1.11

Wireless

Basic Settings

Physical Interface wlan0 [5 GHz/802.11ac]
  • Service Set Identifier (SSID): {REDACTED}
  • Network Mode: AC / N Mixed3
  • Channel Width: VHT804
  • Channel: {least congested, maybe prefer 149-161, don't use Auto}4
  • Extension Channel: {paired with Channel leads to least congested}4
  • Advanced Settings:
  • Firmware Type: VANILLA5
  • TX Power: 304
  • Protection Mode: RTS/CTS4
  • RTS Threshold: Enable4
  • Threshold: 9804
  • Short Preamble: Enable4
  • Single User Beamforming: Enable4
  • Beacon Interval: 3004
  • DTIM Interval: 14
  • Airtime Fairness: Disable5
  • Sensitivity Range / ACK Timing: 31503
Virtual Interfaces wlan0.1
  • Service Set Identifier (SSID): {REDACTED}
  • Advanced Settings:
  • Protection Mode: RTS/CTS4
  • RTS Threshold: Enable4
  • Threshold: 9804
  • AP Isolation: Enable4
  • DTIM Interval: 14
Physical Interface wlan1 [2.4 GHz]
  • Service Set Identifier (SSID): {REDACTED}
  • Network Mode: N / G Mixed4
  • Channel: {least congested, don't use Auto}4
  • TurboQAM (QAM256): Enable4
  • Advanced Settings:
  • Firmware Type: VANILLA5
  • TX Power: 304 (consider lowering to 27 or 24 if clients are sticking to 2.4 GHz over 5 GHz too much)
  • Protection Mode: RTS/CTS4
  • RTS Threshold: Enable4
  • Threshold: 9804
  • Short Preamble: Enable4
  • Beacon Interval: 4004
  • DTIM Interval: 14
  • Airtime Fairness: Disable5
  • Sensitivity Range / ACK Timing: 31503
Virtual Interfaces wlan1.1
  • Service Set Identifier (SSID): {REDACTED}
  • Advanced Settings:
  • Protection Mode: RTS/CTS4
  • RTS Threshold: Enable4
  • Threshold: 9804
  • AP Isolation: Enable4
  • DTIM Interval: 14

Wireless Security

Physical Interface wlan0
  • WPA Shared Key: {REDACTED}
Virtual Interfaces wlan0.1
  • Security Mode: WPA
  • Network Authentication: WPA2 Personal
  • WPA Shared Key: {REDACTED}
Physical Interface wlan1
  • WPA Shared Key: {REDACTED}
Virtual Interfaces wlan1.1
  • Security Mode: WPA
  • Network Authentication: WPA2 Personal
  • WPA Shared Key: {REDACTED}
  • Custom Config: vendor_vht=14

Services

Services

DHCP Server Setup

  • Static Leases:1

    MAC Address Hostname IP Address Lease Expiration
    {REDACTED} tv 192.168.1.63
Dnsmasq Infrastructure

  • Query DNS in Strict Order: Enable

  • Maximum Cached Entries: 10000

  • Additional Options:6 1 2

    no-resolv

# ask clients to cache locally served block responses
local-ttl=3600

# block abusive requests
address=/.data.microsoft.com/0.0.0.0
address=/scribe.logs.roku.com/0.0.0.0
address=/.comcast.net/0.0.0.0

# NextDNS
server=45.90.30.0
server=45.90.28.0
add-cpe-id={REDACTED}

# end

Administration

Keep Alive

Schedule Reboot
  • Enable:
  • At a Set Time: 02 00 Monday

Footnotes

  1. WireGuard client setup guide 2 3 4 5 6 7 8 9

  2. VPN and DNS guide 2 3

  3. QCA BEST WIFI SETTINGS 2 3

  4. QCA Wireless Settings 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

  5. DD-WRT Netgear R7800 Install Guide 2 3 4

  6. NextDNS Setup Guide

About

My home DD-WRT configuration for privacy, security, and performance.

Topics

dns openvpn vpn jq dnsmasq dd-wrt entware protonvpn nextdns

Resources

Readme

License

MIT license
Activity

Stars

19 stars

Watchers

1 watching

Forks

4 forks
Report repository

Languages