Posted: Sat Apr 09, 2022 17:17 Post subject: Custom DD-WRT factory default settings (specific use cases)
Hi there. I know this has been asked before, but I have some doubts and I need some advice. I need a couple of builds with specific changes to the factory defaults. I haven’t tried yet, but is it possible to change every factory default (at least the ones on the GUI) with the mod kit? Or for changing those values you necessarily need to compile a new build?
The Story
Just to let you know why I want this, it’s because of a couple of situations. I’m the « tech » guy of the family (you know, the one that everyone thinks can build a NASA spaceship from scratch, when most of the time he just googles what they ask him ), and, long story short, my parents live in a place where they can only get CG-NAT (no cable, just 4G LTE modem, and the company won’t give us an static ip even after offering them to pay for it), and my family also has an apartment where they get dynamic ip (bridged modem). Both places have an R7000 with DD-WRT as main router, and modems are connected directly to the WAN port (both modems are bridged, auto dhcp on DD-WRT WAN).
I want, if possible, to change some factory defaults to be able to upgrade the firmware from my house (via telnet. I know is risky, but I’m willing to take the risk. I won’t be upgrading very often though). The problem is that, in both cases, if I upgrade and factory reset, I’ll lose internet connection and won’t be able to set them up.
- In one build, I would like to only change the ddns settings and enable the remote management setting (with a custom port, for safety reasons), so after upgrading the router not only goes online, but updates the hostname’s ip so I can continue setting it up from scratch by remotely accessing the GUI (perhaps the username and password of the router may also need to be set, to be able to log in by the remote GUI feature). In this case the upgrade would be from an old DD-WRT build, so I think nvram erase is mandatory to avoid issues, but if defaults aren’t changed I won’t be able to connect after the reboot. Is it possible to do this with the mod kit? Or only by compiling a new build? If the answer is compiling, I read that you can pay BS for him to make you a custom build. If that is indeed possible, what’s the right way to get to him for this? Wouldn’t want to bother him much.
- The other case is because, like said, my parents are behind CG-NAT. I’m configuring a site-to-site OpenVPN setup (my router being the server, their’s the client) because ddns is of no use in this situation, and I need remote access to the router and IP cameras. In other words, I need a public IP for that house (dynamic or static), and my only chance being them double natted at ISP side without the possibility to get a static ip is by making a VPN tunnel so their router and devices can be reached through my router acting as a server (with working ddns). The concept is the same as the other situation: if I upgrade, after reboot or nvram erase connection would be lost for good. In this case, I would want to have a build in which factory defaults include the OpenVPN client configuration (including certs and keys), so after nvram erase the router can be reached from the VPN tunnel for further configuration.
Is all of this possible (I guess so, but I’m no expert)? Can these things be done with the mod kit, or compiling is the only answer?
And I’m pretty aware of the risks of doing this, but regardless of that I want to give it a try. To avoid unnecessary issues I would only want those settings changed, I would configure the rest from scratch on both routers, so the other defaults should be left at, well, their defaults. And sadly I don’t have a server or notebook at any of both sites, so Teamviewer is not an option.
I’m not an expert by any means, but shouldn’t this work? I mean, if the remote upgrading process goes without issues, if the only defaults that are changed are ddns and remote management on one build, and the OpenVPN client defaults on the other, that shouldn’t break anything and I should be able to connect. That’s what I think though, I could perfectly be wrong. I’ve done remote upgrading before, but those times I had the possibility to use Teamviewer with a notebook afterwards and enable ddns and remote management to be able to connect after the upgrade. In these cases, the upgrade process could go smooth, but after reboot I’ll end up with unreachable routers . I’m willing to take the risk, and I promise I won’t blame anyone here if I end up with a couple of nice looking bricks
What *I* would do given the situation? I would have a duplicate router that I kept and updated locally, then shipped it to the remote location as a "drop in" replacement. The user at the remote end then ships back the old router in the same box. Rinse and repeat. Simple.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Sat Apr 09, 2022 19:36 Post subject:
You only need to reset nvram maybe once or twice a year if you upgrade dd-wrt often or someone who monitors development says to do it, lately has been nvram changes, so a reset may be needed in most cases.
Or if you upgrade from a really old build more than or 6 months old to a latest available build.
For best results upgrades should be done minimum once a month since many CVEs are patched more often these days, but thats just me.
Also for firmware upgrades remotely its simple, you upload the firmware to /tmp on router renamed as firmware.bin, after some time the router will self flash and reboot itself.
But from a remote point of view, teamviewer FTW sod shipping and keeping duplicate routers. The way I deal with remote upgrades via teamviewer, use to be UltraVNC, Temaviwwr works better for novices on the other end and you can setup a master password for accessing it, you just need the client number then and the preset password, so resetting the router, isn't so much of an issue since after its reset it gains a WAN IP anywho on reboot, and you be able to reconnect to teamviewer after some time to reconfigure things via the local browser on the remote machine. _________________ Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers DD-WRT Inspired themes for the phpBB Forum DD-WRT Inspired themes for the SVN Trac & FTP site Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord
You only need to reset nvram maybe once or twice a year if you upgrade dd-wrt often or someone who monitors development says to do it, lately has been nvram changes, so a reset may be needed in most cases.
Or if you upgrade from a really old build more than or 6 months old to a latest available build.
For best results upgrades should be done minimum once a month since many CVEs are patched more often these days, but thats just me.
Also for firmware upgrades remotely its simple, you upload the firmware to /tmp on router renamed as firmware.bin, after some time the router will self flash and reboot itself.
But from a remote point of view, teamviewer FTW sod shipping and keeping duplicate routers. The way I deal with remote upgrades via teamviewer, use to be UltraVNC, Temaviwwr works better for novices on the other end and you can setup a master password for accessing it, you just need the client number then and the preset password, so resetting the router, isn't so much of an issue since after its reset it gains a WAN IP anywho on reboot, and you be able to reconnect to teamviewer after some time to reconfigure things via the local browser on the remote machine.
Yep, at least one of the routers has a pretty old DD-WRT version (Kong’s, so at least a couple of years). I really think it would be wise to nvram erase it at least once. That’s why I would like to know if one could change those settings with the mod kit (enable remote access, changing remote access default port, setting my personal ddns settings as defaults, and perhaps already setting a username and password up, idk if that would be necessary for the remote connection). Remote upgrading is not an issue (for now), the thing is that I won’t have access to the router after nvram erasing and rebooting.
Sadly, no device there that can be used with cloud based remote desktop app, like Teamviewer. In few words, I would like to remotely upgrade a router, with the possibility to access to it after it goes to defaults. Since there they have dynamic ip, I figured the only way would be to change ddns and remote access defaults (and user name and password, perhaps). I’m clearly out of my comfort zone, but shouldn’t changing only those default settings without changing anything else work? I obviously know nothing about the internal functioning of the firmware, but if that’s possible sounds like a good way to remotely upgrade that router. At least is the only solution I could think of (for the meantime there’s no possibility to leave a notebook or something like that there).
What *I* would do given the situation? I would have a duplicate router that I kept and updated locally, then shipped it to the remote location as a "drop in" replacement. The user at the remote end then ships back the old router in the same box. Rinse and repeat. Simple.
This avoids all the nonsense involved in trying to remotely upgrade the router. Because unfortunately, these third-party firmwares (dd-wrt, freshtomato, merlin, etc.) are simply NOT robust enough to deal w/ in-place upgrades. As we tell ppl all the time, you should *always* do a factory reset and manually reconfigure. Which of course is problematic for someone in your position.
Yeah, the thing is a little more complicated . The router at the apartment I mentioned is the one that’ll surely need an nvram erase after remotely upgrading it (it’s running an old Kong version), and sometimes we rent that apartment. And obviously we have to keep a working wifi with internet when there’s people there. I haven’t thought about your solution and honestly is pretty smart, but in this situation could be problematic. If I upgrade, loose connection, nobody goes there for a while to install the router replacement (which is the common situation), people who rent may come and find a defaulted DD-WRT router.
But shouldn’t changing that couple of settings, if possible, solve the problem? I suppose those changes don’t break anything else, and if the defaults include my ddns info and set remote access to enable, I should be able to reach it, an after a nvram erase. The point ls hopefully finding a way to be able to nvram erase the router, with it becoming reachable when it goes online after reboot (in a dynamic ip/ddns scenario).
Posted: Sun Apr 10, 2022 3:04 Post subject: Re: Custom DD-WRT factory default settings (specific use cas
raulo1985 wrote:
is it possible to change every factory default (at least the ones on the GUI) with the mod kit? Or for changing those values you necessarily need to compile a new build?
Take a look at upgrading using easyddup (sticky in the General Questions forum). At one point it asks you if you want to erase nvram. It also asks if you want to Save & Restore basic settings. You can put your essential nvram variables in easyddup-vars.ini.
My router is in a difficult to access area and lives on a different subnet than dd-wrt's default after an nvram erase. With easyddup I can upgrade it with nvram erase without any physical access to it.
With a carefully customized easyddup-vars.ini, easyddup may be able to achieve your nvram erasing remote upgrades without losing your essential settings for remote access.
Obviously practice locally to iron out the procedure first.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Sun Apr 10, 2022 8:39 Post subject:
There you go another good tool to the rescue;
Personally Ive never had a setup where I couldn't run teamviewer or some sort of VNC or shell/telnet where routers are attached to. Usually home routers are for homes, where usually there are laptops or some device that supports some kind of tool I can use to remote access.
If I cant attach teamviewer/VNC to any devices on such networks, there are always other ways like some external device running a terminal that is remotely accessible via some tunnel. Ive setup some low power devices that run a basic Linux with a shell for instance as a backup to any access, short of some HW failure, physical access is rare; well was rare, I dont manage those anymore.
TBH managing remote networks isn't new, and making things difficult for yourself by limiting your options could be better managed in future.
But yoyoma's tool may help you without extra steps only some basic ini config entries.
is it possible to change every factory default (at least the ones on the GUI) with the mod kit? Or for changing those values you necessarily need to compile a new build?
Take a look at upgrading using easyddup (sticky in the General Questions forum). At one point it asks you if you want to erase nvram. It also asks if you want to Save & Restore basic settings. You can put your essential nvram variables in easyddup-vars.ini.
My router is in a difficult to access area and lives on a different subnet than dd-wrt's default after an nvram erase. With easyddup I can upgrade it with nvram erase without any physical access to it.
With a carefully customized easyddup-vars.ini, easyddup may be able to achieve your nvram erasing remote upgrades without losing your essential settings for remote access.
Obviously practice locally to iron out the procedure first.
Haven’t thought of that, thanks, will look into it. Do you know if it works for all DD-WRT builds without messing up the nvram? And can you change all the GUI default settings? If so, sounds like a good solution without resourcing to compiling, which could be more risky with not enough knowledge. After all, for the moment I just want to change the remote access default to enabled, change its default port, and add my personal ddns settings, so after a nvram erase and reboot the router can be reached again after it goes online.
the-joker wrote:
There you go another good tool to the rescue;
Personally Ive never had a setup where I couldn't run teamviewer or some sort of VNC or shell/telnet where routers are attached to. Usually home routers are for homes, where usually there are laptops or some device that supports some kind of tool I can use to remote access.
If I cant attach teamviewer/VNC to any devices on such networks, there are always other ways like some external device running a terminal that is remotely accessible via some tunnel. Ive setup some low power devices that run a basic Linux with a shell for instance as a backup to any access, short of some HW failure, physical access is rare; well was rare, I dont manage those anymore.
TBH managing remote networks isn't new, and making things difficult for yourself by limiting your options could be better managed in future.
But yoyoma's tool may help you without extra steps only some basic ini config entries.
Good luck.
That’s why this one is a challenge, I always had a device at site too where I coule remote desktop to troubleshoot. I plan to build a small linux server for my parents (they go to this apartment from time to time) in the future, mainly for entertainment (Plex server), and then I’ll have a device there and life will be simpler, but until then doesn’t hurt to learn if it’s technically possible (and I would do some tests with some routers I have here before remotely bricking a router that’s almost in a galaxy far, far way….). For now they just have smartphones and a smart tv, and that’s enough tech for them for now. A simple laptop is alien rocket science for them, so never needed one there. But as I plan to build a server for Plex, I can use it for these purposes too. It’s just that I’m not sure that’s gonna happen soon.
My dad is rather sick and doesn’t get out much, so I’m trying to make things easier and pleasant for them (and my dad loves movies, so a Plex server will come). But I’ve had a lot of expenses lately, so I think I have to focus on building the VPN tunnel (story for another topic) and being able to troubleshoot things from home. Going there to be with them is the priority, so money has to be spent in that too. Having a device there doesn’t seem like the priority (but sooner or later, it will come).
Anyway, will try the easyddup route, but just to know, is it possible to achieve the same with the mod kit? Or it doesn’t help to change those values?
And while I’m asking, with either of these methods can you change the OpenVPN or Wireguard default settings too? In the future I might do the same with a DD-WRT router that is behind CG-NAT (my parents house, cg-nat so ddns is of no use), so in order for the router to be reachable after a nvram erase and reboot I guess the way would be to change its defaults for it to automatically connect to my DD-WRT server at home (site-to-site) to continue setting the router up through the tunnel.
I know the risks, but I think it can be done in both situations if done carefully. But I’m mainly interested to go with the remote access/ddns settings changes first, that router is behind dynamic IP and also is not as far away as the other one (so, if something goes wrong, the travel ticket is cheaper 🤷🏻♂️). We’re going to rent that apartment for a couple of months soon, so I should go with that one first.
The other one ls giving me its own set of type of headaches, and I already truly hate CG-NAT and the companies that don’t even sell you a public ip. But I’m not that in a hurry with that one because at least they have a working wifi, can watch the cameras locally (from the outside, I would need port forwarding, but CG-NAT… ), and that’s about it. I can’t access the router (CG-NAT…), but I trust the thing doesn’t need troubleshooting for a while. But not being able to watch the cameras from the outside is a bum, so one day I would like to be able to upgrade and nvram erase, with defaults that leave the router reachable for me. But the apartment one (dynamic, ddns, remote access enabled) is priority, guests will get there in a couple of weeks. And no device there neither
PS: do you know if you can also change the default username and password of the router? I figure that, if I nvram erase and reboot a router with remote access enabled and my personal ddns settings as defaults, I will be asked for username and password when trying to connect. Can those defaults be changed with easyddup? Or is not necessary and the behavior would be the same as when you reset the router (asking for you to choose your own username and password, even though you’re remotely accesing the router because of the changed defaults)?
), and, long story short, my parents live in a place where they can only get CG-NAT (no cable, just 4G LTE modem, and the company won’t give us an static ip even after offering them to pay for it), and my family also has an apartment where they get dynamic ip (bridged modem). Both places have an R7000 with DD-WRT as main router, and modems are connected directly to the WAN port (both modems are bridged, auto dhcp on DD-WRT WAN).
. I’m willing to take the risk, and I promise I won’t blame anyone here if I end up with a couple of nice looking bricks 
), and that’s about it. I can’t access the router (CG-NAT…), but I trust the thing doesn’t need troubleshooting for a while. But not being able to watch the cameras from the outside is a bum, so one day I would like to be able to upgrade and nvram erase, with defaults that leave the router reachable for me. But the apartment one (dynamic, ddns, remote access enabled) is priority, guests will get there in a couple of weeks. And no device there neither 