**DISCLAIMER** The following instructions are provided without warranty of any kind. Flashing firmware does not come without risk. I can not be held responsible for any resulting equipment failure or otherwise undesirable results. Proceed at your own risk.
This tutorial explains how I successfully flashed my Linksys WRT54GL version 1.1 with the open source dd-wrt version 23 SP2 VPN firmware (generic). If you happen to have Linksys WRT54GL version 1 rather than 1.1 (you can tell by the serial number prefix of CL7A for version 1.0 and CL7B for version 1.1 per the Wikipedia entry and dd-wrt Wiki), you may have to follow slightly different instructions. The main difference is that you will need to flash to a smaller version of the dd-wrt firmware (the mini version) first due to a flash file size limit on the version 1.0 WRT54GL firmware before flashing to the standard, VOIP, or VPN versions.
As a bit of background information, I’m used a fully patched (as of April 6, 2007) Windows XP Pro with Service Pack 2 (SP2) and Internet Explorer 6 during the firmware upgrade process. The OS and web browser shouldn’t matter that much, but I have heard reports of Firefox causing some problems with the Flash for some people in the past though others have claimed to use Firefox without any problems–just a word of caution.
Before you begin, download the package and version of the dd-wrt firmware best suited to your needs though this tutorial walks through flashing to the open source dd-wrt version 23 SP2 VPN firmware. Once you’ve downloaded the file, go ahead an unzip the files. The zip package contains several files, you will only need the “dd-wrt.v23_vpn_generic” file. We’re going to be using the generic file rather than the wrt54g file because we’re going to be using the web GUI to upload the file.
I recommend verifying the MD5SUM hash of th the “dd-wrt.v23_vpn_generic” file to ensure the download wasn’t corrupt or hasn’t been comprised. If you don’t already have a tool to calculate MD5SUMs, I recommend using HashCalc although you must manually compare the sums with this tool unlike another tool I can’t seem to think of right now. The signature of the file should be baf91850d3204fd64b120467425b4a11. If you plan on flashing a different version, you can find of list of signatures on the dd-wrt hashes page.
While your at the dd-wrt website, I recommend printing (or at least saving, not bookmarking, to your hard drive) the following pages for reference since you will not have Internet access during this process:
- How to Flash the WRT54GL with DD-WRT Firmware
- Installation
- WRT54GL Specific Instructions
- Reset and Reboot
- Recover from a Bad Flash
It is best to turn off your firewall and anti-virus during this process to ensure that nothing interrupts the firmware flash. An interruption could cause the flash to fail and brick your router. If something does go wrong you may be able to recover from a bad flash.
Almost forgot to mention, you should ONLY perform the flash through an Ethernet cable using standard http (not https). Do not do this wirelessly (its best to temporarily disable the wireless adapter on your computer). Plug the blue Ethernet (Cat5/RJ45) cable that came with your router into the Network Interface Card (NIC) on the back of your computer and into one of the ports labeled 1, 2, 3, or 4. The “Internet” port on your router should be connected to your broadband source (i.e., cable or DSL modem). Please ignore the extra cable in the picture. It is not needed for the flash to work.
The last item that needs to be completed before uploading the new firmware is to reset your linksys router to the factory defaults. A few ways to do this exist. I chose to use the standard web interface, but the pressing and holding the reset button on the back of your router for 30 seconds should work just as well (assuming you’re using the factory linksys firmware, if not be careful). To reset the router to firmware defaults, go to the IP address of your router (most likely 192.168.1.1) and login with the user name and password you setup when you first installed the router (if you don’t know those use the reset button method). Once logged in, go to “Administration” tab and the “Factory Defaults” sub-tab. Select the “Yes” radio button next to “Restore Factory Defaults” then select “Save Settings”.
If the reset was successful, you will say a page that says “Settings are successful. You will be returned to the previous page after several seconds.”
Now that everything is setup we can begin the process of actually performing the flash. To upload the firmware, navigate to the “Firmware Upgrade” sub-tab under the “Administration” tab. On this page, select “Browse” to go to the place where you saved the “dd-wrt.v23_vpn_generic” file. Once located, hit open (no brainer). Then hit the “Upgrade” button. Please wait patiently for the upload to complete. Whatever you do, don’t interrupt it. If you’re going to be tempted walk away for a few minutes and come back.
If all goes well, you will great a screen that says “Upgrade is successful”. On that screen hit the “continue” button to, you guessed it, continue. If not successful, simply re-try the same steps or research the dd-wrt wiki for more info.
The next thing you should see is a prompt to login to the new dd-wrt interface. The default user name is “root” and the default password is “admin”. Be warned, I wasn’t able to log-in initially even though I got this prompt.
To confirm that your router is working you should ping it. To ping your router, go to “Start > Run” in windows. Then type in “cmd” and hit “ok”. At the command prompt type in “ping 192.168.1.1″. If the router is online, you will get a ping response that says Packets Sent = 4, Received = 4, Lost = 0 (0% lost).”
Since the dd-wrt web interface didn’t come up right after the flash, I rebooted my computer (the common solution to lots of Windows problems). That didn’t work even though rebooting probably isn’t a terrible idea. What did work was resetting the new dd-wrt firmware back to firmware defaults. To do this you need to hold the reset button on the back of the router while unplugging the router. Continue to hold the reset button as you re-plug in the router. Once the router is plugged in you should hold the reset button for 30 seconds to complete the hard reset. I had to do this a couple of times because I didn’t reset it correctly on the first try.
Once reset, go back to Internet Explorer and navigate to 192.168.1.1. At the prompt enter in “root” for the user name and “admin” as the password. Mysteriously, the dd-wrt web interface should come up.
Congratulations, you’ve successfully flashed your router! Since you’ve successfully flashed your WRT54G, you should checkout the Linksys WRT54G Ultimate Hacking
Now that your running DD-WRT firmware, make sure to make use of all the available security features. See my post on Securing Your Wireless Connection and other post in the dd-wrt category.
If you liked this post, consider subscribing to my feed and/or sending me something from my wish list. One other option is to send me a Linksys WRT54GL
I read the mryiad pages on the dd-wrt wiki and felt overwhelmed by it all. That is, until I read your page!
From removing the shrink wrap on my new Router to a completed installation took just ten mins.
Thank you!
Mark, I’m glad my tutorial could help. I tried my best to explain the whole process of installing the dd-wrt firmware from start to finish.
The dd-wrt wiki has all the information needed to successfully install the firmware, but it is spread out over several pages because it tries to provide instructions for several different router types, etc. I wanted to consolidate all of the information onto a single page with plenty of screen shots and lots of background information so that someone with a similar computer setup as myself could easily install this great firmware.
I have an college degree in Information Systems and must admit that I had to read through the wiki several times to get a firm grasp on everything I needed to do because I was afraid of bricking my brand new router. I knew when I started the installation that I wanted to share what I learned with others so I made sure to take lots of print screens.
Thanks for letting me know that my instructions helped you. Its good to know that I was able to do something for someone else. I use a ton of open source software but am not a programmer so I do what I can to give back to the community.
Enjoy your new router and keep an eye out for some more great tutorials to come from my site.
Thanks alot for this. I was quite stuck and worried that I might’ve bricked my player somehow. Your guide is perfect.
Jerome, your quite welcome. I’m glad my post could be of some help. Thanks for letting me know it helped you out.
Thank you. I used it for DD-WRT stnadard. The method is same. I takes really for 10 minutes.
Thanks for letting me know my tutorial also works for the standard version of DD-WRT. I thought it would since the VPN version is the largest and most complex. Glad I could be of help.
Thank you so much!
I was in a state of shock when I wasn’t able to log in right after I’ve upgraded the firmware but thanks to your easy solution everything is fine right now!
(State of shock because I bricked my WRT54G the day before =/)
Jean-Francois,
No problem…I too freaked out for a second when I couldn’t immediately log in after the upgrade, but tried the suggestion of unplugging while resetting (originally noted on the DD-WRT wiki) and got it to work. Thus, I was sure to include it in my instructions.
Thanks for letting me know you found these instructions helpful!
Now that you’ve got your router running, I suggest reading my follow-up post on Securing Your Wireless Network
Great guide!
I received my brand new WRT54GL with serial CL7B… yesterday. Today Saturday after 30 minutes work I’m running DD-WRT v23 SP2 on it. I found all information in your guide to be correct.
Thanks Erik. Enjoy your new Firmware!!!
Awesome article! I finally got my router running DD-WRT!
-A
I appreciate the complement Adam. I did my best to provide a full explanation of every step required to successfully flash the router in a single post.
–Matt
“I did my best to provide a full explanation of every step required to successfully flash the router in a single post.”
And it worked the first try. Better than the wiki entries on the DD-WRT site. Btw.. I corrected my post on my blog where I mentioned DD-WRT because I realized I forgot to link to your article! D’Oh!
-A
Making this work on the first try was my goal. The DD-WRT wiki has lots of great information, but you must dig around to find it. Plus, there is so much info that isn’t relevant to the average user’s setup. That’s why I wanted to put all of this stuff on a single page.
BTW, thanks for the link back!!!
Great guide, but 2 things:
My hash was different.
You should specify that after doing FACTORY RESET the password/login is admin/admin
I knew that, some people might not
-kohan69
Thanks kohan69,
I appreciate your tips, but I did specify the password/login after doing the factory reset as stated in the following sentence: “The next thing you should see is a prompt to login to the new dd-wrt interface. The default user name is “root” and the default password is “admin”.”
If your hash is different, you either had a corrupt file or more than likely installed a different version of the DD-WRT firmware. I provided the hash for the “dd-wrt.v23_vpn_generic” file and provided a link to the hash page for people installing different versions. Installing a different version would explain why your default password/login is admin/admin and not root/admin.
Thanks again and enjoy your new firmware!
If I remember correctly from reading through the wiki, old versions have the default as “admin/admin”
-A
I think you’re are correct Adam. I’m pretty certain the old versions had a default password of admin. I think you could get away with leaving the username blank though. Just going by the Wiki….never used the older firmware.
Sorry, my mistake. I downloaded dd-wrt.v23 the non-SP2 version, that’s why my hash was different.
But you misunderstood me about the password. I was referring to the login of linksys default firmware.
In your steps the user:
1. Using the default linksys firmware, resets the settings to factory defaults.
2. The user proceeds to upgrade firmware.
Well, after resetting to factory defaults, the user is prompted to login to the default firmware. And the user/password for factory defaults of linksys’ forimware is admin/admin
Thanks kohan69 for clarifying. I did mis-understand you…I didn’t mention the default user/password for the Linksys firmware because I assumed most of the readers of this tutorial had changed the user name and password when they first set-up their Linksys. I suppose it’s worth mentioning the default user name and password is admin/admin for the users who haven’t changed that information.
I highly, highly recommend that people change the default log-in and passwords for all routers and any other software they own. It is particular dangerous to have a default router user name and password combination because of a potential hack. See Symantec’s article on “Drive-By Pharming: How Clicking on a Link Can Cost You Dearly.”
I had problems with Httpd restarting after the flash… your 30 second reset instructions got it going.. Thanks your ROCK DUDE!
Thanks Zap! The 30 second reset thing is very strange, but it definetly works…can’t explain why. I can’t take credit for the idea, I first noticed it installation wiki.
Just about everyting included on my instructions is contained on the DD-WRT wiki; I just consolodated and expanded on all the things relevent to the Linksys WRT54GL version 1.1 with the open source dd-wrt version 23 SP2 VPN firmware (generic).
I read your instructions and those on the wiki. Then I ordered the DD-WRT54 v1.1 gl from Newegg.This was going to be a replacement for my old Linksys NR041. I did not want to install a wireless router until I felt I had some security that isn’t available with the manufacturer’s provided software.
I unplugged the from the hub and plugged it into the gl, logged in and flashed the dd-wrt.v23 generic. Everything went as described except I had openSuSe running and used Firefox. It was quick and clean. After I removed the old NR and placed the dd-wrt in service, all it took was a 30 second power off of the modem and router and I was back online. I plugged in a Linksys USB wireless stick and it work without a hitch.
Thanks for the tutorial.
elints, your more than welcome. Its good to know the tutorial works the same in openSuSe.
Nice article, Matt. Can you comment on the performance of the router when heavy traffic is running? (P2P, BT for example)
My GL1.1 is running the Linksys firmware now, But i’m worried if i’ll be able to get online (L2TP connection) and run everything stable.
I’m just getting into this and will be attempting an “upgrade” of a WRT54G Ver 4 next week. I’ve yet to come across a description of the features offered by each of the firmware loads, VPN, VoIP, generic, etc. I want to use the router primarily as a PPTP server, do all the loads support that feature or do I have to go with the specific VPN load? If i do am I missing out on other features? What does the VoIP load give you that the others don’t? Thanks
@Ran Sagy: I’m not much of a P2P user. I might use BitTorrent (BT) to download a Linux distro to help some open source projects save some of their bandwidth when I download large files, but that is about it. I haven’t done that with dd-wrt installed so I can’t really comment on how it performs.
With that being said, I believe the dd-wrt would work as good, if not better, as any other Linksys routers under heavy loads. I think your Internet connection speed would slow you down before the router does. One thing you need to be aware of is to set the max number of connections to the router to a large number (around 100) so lots of BT users can connect to your router. I recommend checking out the Router Slowdown page on the dd-wrt wiki.
One feature you may find useful on the dd-wrt is Quality of Service (QOS). QOS allows you to prioritize traffic by protocol. Basically, you can some applications to have priority over others. I would set everything as more important than BT so my web surfing or whatever wouldn’t slow down because of BT hogging all the bandwidth. The neat thing about QOS is that BT would only be restricted when other protocol traffic is present. Thus, when you’re away from your computer, BT could run at full speed.
Please clarify “My GL1.1 is running the Linksys firmware now, But i’m worried if i’ll be able to get online (L2TP connection) and run everything stable.” Are you wanting to run an L2TP server yourself or connect to a VPN box on someone else’s network via L2TP?
The dd-wrt will not function as a L2TP server (though it can function as a VPN server using OpenVPN which uses the SSL protocol in place of L2TP. Another solution would be to run an L2TP server on your home network and port forward traffic to it. I would put it in the Demilitarized Zone (DMZ) to help protect the rest of your network from outside attacks.
If you’re just wanting to connect to another network via L2TP, its very easy.The dd-wrt allows VPN passthroughs of IPSec, PP2P, and L2TP. The VPN passthrough allows you to run one of these VPN services on a server in your network, not on the router. Thus, you could set-up L2TP and the router would let external machines connect through it to the L2TP server.Please let me know if you have any other questions.
Thanks for the comment, Matt. My ISP allows me to establish a connection only through its L2TP server, So i imagine the passthrough should work. However, When i tried the Thinbor firmware, I couldn’t get online for some reason, I never had a ping to the ISP’s L2TP server no matter what i did.
@Lee: I decided to split this response b/c my last reply to Ran Sagy was so long.
Rather than trying explain what what each of the different firmware versions offer, I recommend you check out this chart. I’m not sure which firmware loads support the feature of acting as a PP2P server, but I believe both the VOIP and VPN versions do.
All version of the firmware should allow you to connect to PP2P VPN servers, but not all of them will act as a PP2P server. Personally, I would not run a PP2P VPN server because PP2P is not secure and could allow people to comprise your network. Read this post you’ll know why PP2P should NOT be used.
If for some reason you must run a PP2P server, the wiki has instructions on setting up dd-wrt to do this. You should also look at PPTP Tunneling
SSL VPN is much more secure solution than PP2P. Only the VPN version of the firmware allows you to run a SSL VPN Server via OpenVPN.
I think the main difference of the VOIP version of the firmware is it allows you to plug a VOIP phone directly into your dd-wrt router rather than requiring you to turn your computer on (see the DD-WRT Glossary for VOIP). This is really only useful if you’re using Vonage or some other similar service.
I hope you’re not more confused than you were before I responded Lee. If so, just send me your questions and I’ll try to clarify anything I confused you on.
@Ran Sagy: I made one minor adjustment to my comment after realizing I mis-defined the passthrough feature. Please see the edit on Comment 27.
I don’t know why an ISP would want to restrict your connection opens, but ISPs are doing that more and more these days. Just out of curiosity, could you explain why your ISP has an L2TP server you need to connect through?
Depending on how they are filtering/restricting traffic, you might be able to use SSH Port Forwarding to make any protocol look like standard Internet traffic. I would use port 443 which is used by https. An ISP must allow port 443 because all secure websites use this port; plus 443 is always encrypted so seeing encrypted traffic come through this port wouldn’t look strange. I don’t recommend doing this if you’re going to breaking some kind of terms of service by circumventing your ISP’s restrictions.
SSH isn’t as robust as VPN because I believe it only allows you to forward one port at a time whereas all ports are available through a VPN tunnel. However, SSH is still secure. SSH may work for you depending on your needs. Another tool to check out is Hamachi.
Perhaps i mis-represented my case. I simply need to ‘dial’ to an L2TP VPN to get online. After that i can use the connection normally. Similar to the default firmware’s L2TP feature.
I just mis-understood your need. I’m believe the L2TP passthrough would work, but am not sure. You’ve got an unusual connection case.
Matt
Thanks for the link to the chart, that’s exactly what I was looking for. The reason for using PPTP, even with it’s faults, is so that I can use my Palm Tungsten C, when travelling. It only comes with a PPTP client, and since I won’t be using it for long on any one access point (just email), there shouldn’t be a problem, it’s better than using nothing. I currently have it working via a computer running WinXP PPTP server at home. I’d like to get away from having to leave the computer on all the time. If i read the chart correctly then all the loads support both PPTP client and server? I may try the VoIP load, just to play with as I have a number of VoIP ATA’s that I use with Freeworlddialup. I can’t see that load making the Linksys work as an ATA as it would have to have a jack to plug in a phone,may be a SIP server.
Lee, I’m glad that chart helped. I agree that if you’re only using your Palm to check email then PPTP should work fine. It is better than nothing. Besides, the chances of people cracking the PPTP on random access points you’re using for a short period of time is small.
I think you’re correct, all the loads support a PPTP client and server (excluding the micro load).
Good point about the VoIP load…I never had a need for VoIP and didn’t think about the Linksys missing the phone plug. If you go with the VoIP version, I’d be curious to hear about what some of the other features do.
Well since last week I’ve updated a WRT54G ver. 4 to the VoIP firmware V23 SP2. It looks like the VoIP will act as a very basic PBX allowing your ATA (analogue telephone adapters) to route internal calls directly to each other rather than going to Vonage, FWD or whoever you are using, and then back, thus saving you money if you pay per call. It’s OK, but not something a lot of people will make use off given the cost of ATA’s or VoIP phones. The notes on the web pages indicate it is still a work in progress. It also looks like you have to be able to configure your ATA’s as well, and most if not all of the commercially supplied ones are locked to the provider.
I’ve been able to get the VPN using PPTP via both my Palm Tungsten C and a laptop running XP home. I can surf the net and send and retrieve emails using my providers SMTP. However, I’m unable to “see” any of the devices on my home network. I had assumed that I should be able to use the browser and go into any device on my network. I have even tried using windows explorer to see a network web server, no dice. If I go to the IP of the router (192.168.1.1) I get the router on the network I’m going out on , not the one at home. Does the IP have to be different? I’d love to change my home network to something like 192.168.5.XXX, but the DD-WRT only allows the router to be a “1″. Any reason why I can go out of the router back to the web but can’t get to a device on my home network? Is there a setting in the WRT54G that need to be enabled? Thanks
Thanks for letting me know what the VoIP version of the DD-WRT firmware offers. I’d agree that not many people will find it useful due to the cost and complexity, but it is neat that you can sort of configure your own PBX with a Linksys router.
Are you sure you can’t change the router’s IP to 132.168.5.xxx. I have this option under Setup > Basic Setup. It appears in the Router IP title.
I’m not sure why you can only connect back to the Internet and not to any device. It sounds like you have a routed connection rather than a bridged connection. A bridged connection will make whatever computer your connecting with look just like a member of the LAN.
Yes, you’re right about the IP for the router. It’s the DHCP server that doesn’t have the flexability to change from a “1″. I will play with the IP setting, will try on one of my servers first to see if I can’t reach it through VPN. I was expecting that i would have something like the “bridged” connection that you mention, by default.
I see what you’re talking about now Lee. I guess I should have read your post a bit closer. You’re right, there isn’t a way to change the IP to something other than “1″ for the DHCP.
I haven’t messed with the PPTP VPN at all. However, from my research of SSL VPN via OpenVPN, I have learned that Bridged connections are not the default/standard setup. Of course OpenVPN is entirely different than PPTP, but if a bridged connection is standard there it might not be in PPTP.
Like I said, I haven’t looked at PPTP enough to even know what, if any, options are available for the connection settings. OpenVPN requires you to provide information in the start up scripts. I also found that some useful information can be obtained by logging into the router via SSH and using the Linux shell.
Well I can now “see” devices on my network when using a browser. Changed all the IP’s of the static devices to 192.168.5.XXX. Also changed the IP’s that the routers assigns for PPTP to match. All subnet masks changed to 255.255.0.0, router too. Left the router IP as 192.168.1.1 for the time being. The one thing I can’t do, yet, is see the devices when using Windows Explorer, like my disk servers or other computers left on on my home network. Maybe there is another protocol thet windows uses that isn’t supported over PPTP?
hello saw yr guide is pretty amazing few question to ask what is the purpose of having a 3party firmware install does it bost bt speed? or just do it for fun sorry I am new to the router thing hehe hope you reply~
Thanks a lot for your guide. I guess it saved me a lot of time by not reading the general WIKI but special instructions for my hard- and firmware.
Just one note: I didn’t even get a login prompt after flashing the firmware. I guess I would have hyperventilated if I had not read your guide …
But after resetting the router everything worked fine.
Cheers,
Kleinenbroicher
@Lee: I apologize for my delayed response. To be honest I have no idea why you can’t see your in Windows Explorer. It could be possible that Windows uses a different protocol over PPTP, but being how PPTP used to be Microsoft’s preferred VPN protocol it doesn’t seem likely. You mentioned the only thing you can’t do yet is see the device in Explorer. I guess that means you’re able to connect to them and use them, just not easily traverse through their folders?
@Rock: Several good reasons exist to have 3rd party firmware installed. Unfortunately, a speed boost isn’t one of them. 3rd party firmware offers a lot more support for advance router features such as Quality of Service, VPN, static/dynamic routing, extra firewall configurations, increasing signal power (better wireless range), etc. Plus, its fun if you’re a geek like me
@Kleinenbroicher: I’m glad you found the guide useful. It is a more consolidated source for specific hardware and firmware while the Wiki offers a lot of info on a wide variety of setups. Also, I’m glad my note kept you from hyperventilating. Being afraid you bricked your router is no fun! I know I was worried when I flashed my firmware.
That’s right I can’t ‘ “see” any of the computers or file servers unless i FTP through to my file server. No devices show up on the network unless i use a browser and go directly to their IP. I’ll continue to play with it and see if i can’t get it working. Will let you know.
My apologies I must clarify, I downloaded the main 20meg file and there is are several files dd-wrt.v23_generic.bin, dd-wrt.v23_wrt54g, dd-wrt.v23_wrt54gs.bin, dd-wrt.v23_wsl54gs.bin and dd-wrt.v23_wrt54gsv4 etc.
I am assuming the VPN generic you are refering to in this tutorial is the first file I have listed?
@Lee: That’s very interesting. I’m not sure what would cause that. I’m sure you’ll get it figured out though.
@Mark: I’m sorry, I did misunderstand. You are correct, the first file you listed (dd-wrt.v23_generic.bin) is the VPN file I’m referring to. I’m not sure why they include all of the other files in the download when you clearly select to only download one of them.
Thanks Matt,
Apologies for my ignorance, but what are the main differences with all of those files? If I have the WRT54GL, should there be only one of those files I should be installing? e.g. the generic?
What is the difference between the generic and _wrt54g file? or the _wrt54gs? Can I install any of those three?
I am guessing of the others (wrt54gsv4, wrsl54g) I should definately not use those?
cheers,
Mark
Well I finally got it working but only after changing my router (and the entire network) to 192.168.10.XXX. Had to change the “trusted” zone in Zonealarm too. I guess there was a conflict with the originating router being the same IP as the WRT54G at my home. Now if i could just set the DHCP server to assign IP’s in the same range…..maybe the next version.
@Lee: Sweet!!! I’m glad you came back to explain the work around. It makes sense that the conflicting addresses now that you’ve mentioned it
It also make sense about the trusted zone. I always disable security features when I initially configure new network settings to make sure they’re not causing the problems. Once its working, I add the security back on and open any holes in the firewall I need to, etc.
Thanks again for coming back and sharing.
@Mark: You should only be installing the dd-wrt.v23_generic.bin file.
The dd-wrt.v23_wrt54gs.bin, dd-wrt.v23_wsl54gs.bin, and dd-wrt.v23_wrt54gsv4 are not designed for your router model. You should check the dd-wrt wiki for additional info on each of these. I don’t know the exact differences between each.
The dd-wrt.v23_wrt54g is designed for your router, but if I remember correctly, it should only be used if you’re flashing your router in a certain way (not the standard flash method described in my tutorial).
The wiki recommends the dd-wrt.v23_generic.bin file for WRT54GL. My instructions are specifically for that file as well. I have not tested any of the other files and am afraid that would cause problems when installing.
i am using a wrt54gl
the only thing i could add here is something that i read somewhere else where the poster stressed the point - DON’T GIVE UP too easily .
i tried flashing with firefox and ie browsers on two different wrt54gl routers - and i got the message - upgrade are failed - and the blinking power light -
i went through the shorting pins and grounding stuff but still had the blinking power light - i thought i would have to get a JTAG .
then i finally saw the post that talked about try and try again using TFTP - i was surprised when after a few tries with TFTP hitting the upgrade button immediately after powering the router on - that i finally got a good transfer !
but then the power light kept flashing and i could not get the login prompt from the router -
i tried the hard reset etc several times .
i once again was about to panic and take it apart and try the pin shorting etc .
then i noticed - about 2 minutes after the flash with tftp - if i just left it alone - the power light stopped blinking and everything was fine -
at first i loaded dd-wrt v23 sp3 and then when i tried playing battlefield 2 ( bf2 ) i notice very high pings to all of the servers - so i went in and set the qos and the pings got better but not as good as i hoped .
then i decided to be brave and try the newest tomato firmware - and it seems to work better for me - all around and especially in bf2 . ( not using the wireless right now )
Don’t give up is really good advice…something I probably should have stressed more in my tutorial. In most cases, even when you think all is lost, there is probably a work around to save the router if something doesn’t go as planned.
I haven’t read or heard anything about the new tomato firmware. I’ll have to go research that. Thanks for bringing it up. It might make a good article to write on sometime if you’ve got a blog. I check your website, but it looked like a your company site which is cool.
Thanks again for sharing your comment!
Guys, how do I install back the original wrt43gl firmware?? I have tried simply to flush it, but no success.
Thanks for the great tutorial. I just had one question please. You stated after the flash that you had to do a hard reset by holding the reset button on the back of the router while unplugging the router. My question is how long do you hold the reset button for before you pull the plug?
Hey there,
I was kinda worried about how “difficult” this upgrading of firmware might be, but with the use of this tutorial and another tutorial, just to be sure of course, my WRT54GL router with V23 SP2 firmware on it works wonders now. I havent experienced with much other than gaining wireless strenth, but I definately plan on it.
Thanks Matt
i went to the http://www.linksys.com site and then went to the support forum - looked up the firmware for my router wrt54gl and downloaded it . and i got the tftp program . then i used the tftp program to flash the router with the firmware that i downloaded .
push the reset button for over 10 seconds until you see the power light flashing or wait about 30 seconds then release - you can also try holding the reset button while powering on the router and hold it for about 10 seconds . the best way i found to flash is use the tftp program and if you have trouble flashing at first then try when you power on the modem - press the update or upgrade button on tftp program about a second after you apply power .
i had to do this several tries before it finally flashed - then after the flash - just wait about 2 minutes .
Great tutorial, could not be better !!!
great step by step explanation, simple and plain !!
good job, thanks for sharing your experience and knowledge
regards
Tellme
Well discovered the the DHCP of the router changes to match the IP you set the router to. So if it’s 192.168.50.1 it will issue IPs with 50 as the second to last set of digits. If you want to access, via, PPTP you are best to change that set of digits to something that isn’t going to be used by the router you are originating from ( most likely 0 or 1). Also played with the VoIP feature. I have 3 devices on Free World Dial up and it worked Just fine, allowing a voice path each time (which was hit and miss in the past). No port forwarding set up required. All your devices have to be with the same provider or you would still have to forward ports to the “odd” device, like if I had one on Vonage. It also requires that you can change settings in your ATA’s, which means you can’t set up most commercial devices as the settings are locked.
Hi all, sorry for the much slower responses than normal. I’ve been quite busy lately and am currently away in Alaska, so blogging has been much of a priority lately. If you do have any other questions please let me know and I’ll do my best to get back to you in a more reasonable time frame next time.
@Tana: I’ve never tried re-flashing to the original WRT54GL firmware. I’d imagine you would have to download the firmware from linksys and then upload it. I recommend reading through the dd-wrt wiki. If anyone else knows how to do this, please let Tana know.
@Baker: I’m glad you didn’t find flashing the firmware too difficult. It’s really not bad at all as long as you careful follow the directions outlined on the wiki or my site.
@edlogic: Thanks for the advice and pointers.
@tellme: I appreciate hearing that you enjoyed the tutorial and found it useful.
just to say that this site really did make the whole process very easy - I can’t recommend it enough, was all plain sailing, the wiki site although full of info was very daunting, this page cut straight to what you needed to know for all those who want to use dd-wrt but are not hard core techies.
Thanks
Chan
@lee: Thanks for providing that extra info about the VOIP version of the firmware. I’m glad you’ve been sharing because I don’t have the opportunity to mess with it.
@Chan: I’m glad you found the site helpful!!!
Worked like a dream!
If I had not read this, I would have panicked instead of resetting the router!
For a WRT54GL Ver1.1 which VOIP version do you recommend?
Paul, first off let me just say I’m glad you didn’t panic…I was a bit worried when I flashed my router (luckily, I read the DD-WRT wiki close enough to try the unplug and reset thing).
As far as the VOIP version, I honestly don’t know. I currently have no need for VOIP functionality and have never really looked in to using the DD-WRT VOIP version. That being said, I bet Lee (one of the other users who has made several good comments on this post) could make a good recommendation. He has experimented extensively with the VOIP firmware.
Lee, if you’re still subscribed to the comments, do you mind answering Paul’s question?
Great tutorial (it’s now on my Del.icio.us list - grin - ). I have a question that is a bit different, I think. I currently am running the “DD-WRT v23 SP2 (09/15/06) std” version on my Linksys.
I’m now intrigued by the VPN version and want to do a cross-grade (is that the best word?) from standard to VPN. What I’m wondering is, if I back up my settings, flash the drive, can I re-import those settings? Or will I have to do the manual method (which I have done before) and print out all of the config pages?
Also, how well does the VPN solution truly work? Once configured, can I use a built in Mac VPN or Windows clients to connect?
Thanks!
-HTD
Thanks for the tutorial. My new WRT54GL v1.1 router works great with DD-WRT v23 SP2 (09/15/06) std. I used IE7 to flash it. There is also no need to connect the “Internet” port on the router to a broadband source while flashing.
@HighTechDad: I haven’t ever changed from one version of the firmware to another, but I fairly certain you’ll have to manual transfer your settings due to the differences in the firmware source code.
The Administration > Backup tab on my firmware (VPN) has the following warning message: “Only upload files backed up using this firmware and from the same model of router. Do not upload any files that were not created by this interface!”
I honestly haven’t had as much time to work on my VPN to get it to work. Mainly because I want to do it the complicated way with a bridged connection and Public/Private key infrastructure. However, from everything I’ve read it works great once configured correctly
Any VPN client should work to connect, even a MAC one because SSL VPN uses a fairly standardized protocol. However, I haven’t tested this.
@Tomikmar: Thanks for the comment. I appreicate you letting us know that IE7 works for the flash and that a broadband source is not needed during the flash. I’m sure that info will be helpful to others reading my tutorial and hopefully the comment section as well.
HI Im new to this custom firmware and i just bought this wrt54GL router. I would like to enquire if installing 3rd party firmware like ddwrt will it increase the download speeds or even for BT software? even via wired or wireless? or just the signal strength only?
Chris, the new firmware will not really increase the speeds of your downloads, at least not the overall speeds. It can offer you the ability to increase the amount of bandwidth/speed allocated to certain protocols/file types.
For instance, you could have BitTorrent (BT) software receive have the highest possible download speeds (100% of your Internet connection speed) when no other application is using the network. Then for your convenience, the custom firmware can throttle down the BT download/upload speeds when you start surfing the Internet so that you web
surfing is not slowed down by BT.
This feature is known as Quality of Service (QOS) and is very useful if you have Voice over IP (VOIP) on your network. It works via both wired and wireless.
In short, to answer your question directly the custom firmware doesn’t increase overall download speeds. It does, as you correctly stated, increase signal strength.
One interesting thing to note about having increased signal strength is that your wireless connections that are located far away from your access point will have a faster internal network connection. Unfortunately, the amount of speed lost from having poor signal strength is not enough for you to notice a difference in your Internet connection though you may notice the speed difference if you’re transferring files across your LAN (i.e., between computers on your home network).
The main benefits of the 3rd party firmware like dd-wrt is the extra functionality provided such as Virtual Private Network (VPN) capabilities, QOS, etc.
Let me know if the stuff I mentioned above is completely confusing to you. If it is, then you probably don’t need to go through the time and trouble to install the 3rd party firmware on your router unless your just curious and like learning new things.
thank you a million times + 1 for this tutorial. It has definitely helped this noob in flashing his linksys!
Joey I’m very glad the tutorial helped out. Its good to know its written at a level that a noob can understand.
Hey, just wanted to say thank you for your great tutorial. I used it efficiently and was able to flash the firmware in no more than 10 minutes out of the box. Thanks again!
Hi Matt.
Firstly, my apologies for the length of this post, but you are the first glimmer of hope I have had and I want to provide full information.
After reading your tutorial and your answers to all these questions I’m hoping I might have found the beginnings of a solution to my problem. Although I have a fair bit of general IT experience (Windows mainly) I have never had occasion to set up a VPN before this. The few remote access needs we have had in the past have been served admirably by GoToMyPC.
Now we have a new Windows application which runs on all PCs (local and remote) but shares an SQL database on a central server. Seems to me that VPN is the sensible way to go. The computer distribution is like this:
MAIN OFFICE:
- WRT54GL (CL7B) - Linksys firmware v4.30.7
- OS: Windows NT4SP6
- LAN IP: 192.168.1.0
- Router LAN IP: 192.168.1.1
HOME OFFICE:
- WRT54GL (CL7B) - Linksys firmware v4.30.7
- OS: Windows XPSP2
- LAN IP: 192.168.2.0
- Router LAN IP: 192.168.2.1
- VPN Client: Win XP’s New Connection Wizard.
LAPTOP (Not purchased yet):
- No router
- OS: Probably Vista
- LAN IP: Can make it anything
I won’t bore you with all the gory details, but after much trying of various things I have been unable to establish a valid VPN connection. However, I can:
- Ping the MAIN OFFICE router from the HOME OFFICE client.
- Access the MAIN OFFICE router’s management screens from a HOME OFFICE PC.
- Use GoToMyPC from the HOME OFFICE client to a PC in the MAIN OFFICE.
The only way I know of to verify that the MAIN OFFICE VPN is correctly set up is by using Microsoft’s Port Query tool. Running it from a PC at HOME OFFICE returns the following (sensitive IPs and domains disguised):
—–Query Tool Start———-
Starting portqry.exe -n nnn.nnn.nnn.nnn -e 1723 -p TCP …
Querying target system called:
nnn.nnn.nnn.nnn
Attempting to resolve IP address to a name…
IP address resolved to blah.com
querying…
TCP port 1723 (pptp service): LISTENING
portqry.exe -n nnn.nnn.nnn.nnn -e 1723 -p TCP exits with return code 0×00000000.
AND FOR UDP:
Starting portqry.exe -n nnn.nnn.nnn.nnn -e 1701 -p UDP …
Querying target system called:
nnn.nnn.nnn.nnn
Attempting to resolve IP address to a name…
IP address resolved to blah.com
querying…
UDP port 1701 (l2tp service): LISTENING or FILTERED
Sending L2TP query to UDP port 1701…
UDP port 1701 (l2tp service): FILTERED
portqry.exe -n nnn.nnn.nnn.nnn -e 1701 -p UDP exits with return code 0×00000002.
—–Query Tool End———-
That looks OK to me, but I’m no expert. If there are other ways of verifying that the MAIN OFFICE VPN setup is working correctly, other than giving out the connection details to a stranger, I’d like to know about it.
I have searched the web widely in an attempt to solve this, and I keep coming across people with WRT54G/GL routers who cannot connect to their corporate VPNs, and the standard response from Linksys seems to be to deny there is a problem. There are literally hundreds of these instances.
OK Matt, I’ll stop there before this becomes a book, and wait to see what comments you have. Do you think flashing with DD-WRT will provide a solution? If so, would I have to flash both routers or just one?
In the future (if I can get this connectivity problem resolved), there will be more HOME OFFICES with routers and more LAPTOPS without. In other words, router-to-router VPN will be no good for the LAPTOPS; they’ll need to be computer-to-router or computer-to-server.
Thanks in advance for any advice you can give.
Great article, man! It helps me very much and I feel a little more sure when flashing my WRT54GL v1.1.
I want to thank you and give some good information to you and to the Linux community:
I flashed my firmware to dd-wrt.v23 SP2 vpn generic version (dd-wrt.v23_vpn_generic.bin) from Linksys stock version 4.30.9 (WRT54GL_4.30.9_US_code.zip) successfully on/with:
———————————–
Fedora release 7 (Moonshine)
Firefox 2.0.0.5
———————————–
Sincerely yours,
Boyan Boychev
Soporose: That is a long comment and a lot to process. Give me some time and I’ll try to give you some good ideas to help you find a solution. It’ll just take a while for me to respond.
boyan7640: I appreciate your complement.
Big thanks for sharing the information regarding your setup. I’m sure the Linux and dd-wrt communities appreciate knowing all works well with Fedora and Firefox when flashing the WRT54GL. It takes people like you sharing their personal experiences to keep fueling the Open Source revolution. Thanks again!!
Matt,
Thank you very much for the easy to understand step by step instructions on how to flash my linksys wrt54gl router. I have been warned not to over clock my router. Does anyone out there know what is the breaking point?.
Thanks Randy
> Soporose: That is a long comment and a lot to process. Give me some time
> and I’ll try to give you some good ideas to help you find a solution. It’ll just
> take a while for me to respond.
Thanks Matt. I look forward eagerly to any light you can shed on this problem.
I have even searched far and wide for a third-party solution, but nothing I have found in that regard is suitable for XP -> NT4. Seems all the third-party stuff requires that the VPN server to be a Windows 2003 Server, or another XP/2000 machine. If your corporate server is NT4 you’re out in the cold. However there are still an awful lot of very reliable NT4SP6 servers “out there”.
I’m at the desperate stage now, so your input will be much appreciated.
dd-wrt.v23_voip.bin is this the same for voip as the dd-wrt.v23_vpn_generic.bin for vpn?
My router is WRT54GL tks
@Randy: Glad you enjoyed the article. As far as your question regarding over clocking, I’m not sure what the breaking point is. I would be careful not to over do it. You should make sure that it is adequately cooled and know that over clocking may shorten the life of the Linksys processor.
The DD-WRT Wiki reads says WRT54GL v1.1 is stable when overclocked at 250MHz, with no extra cooling. Your mileage may vary.
@Soporose: I hope to have an answer to your comment before the weekends over.
@Noslenfa: The answer to your question is yes (i.e., dd-wrt.v23_voip.bin is the same for voip as the ), if I understand what you’re asking which I think I do.
hi andy,
thanks for all the instructions. i followed teh wiki and the install/flashing went off pretty smooth. however i’m having another issue..can’t access the internet.
i’ve a desktop and a laptop and both get ip’s from the router. i can ping the other machine and the router from any machine, but no internet. any ideas??
any help would be greatly appreciated. thanks.
woops pressed submit too soon
i’m sure this is more of some configuration in dd-wrt and not any hardware related issue as i’m able to ping the machines and the router.
@Andy: The first thing I would do is bypass the Linksys to make sure that your Internet connection is working at all. To do this, simply plug in the Ethernet cable coming from your Cable/DSL modem directly into your computer’s Ethernet port. If you’re able to connect then you know the problem is the router. If not, then call your ISP.
The next step would be to make sure you’ve got the cable coming from your cable/DSL modem plugged in to the correct port on you Linksys. It is the one on the far left (if looking at it from the back).
I’m not sure that you have a configuration problem on your Linksys. Have you checked the status page when you login to your router to see what it says under the Internet heading?
Can you ping anything on the Internet like “ping google.com”? What do you seen if you type “ipconfig /all” in your command prompt?
Without further info, its hard for me to diagnosis your connection problems. Look at this stuff and if you don’t find the problem, get back with me about what you see.
thanks matt. my mistake…i should’ve mentioned it’s not a linksys router..i was trying with a buffalo whr-g125.
anyways i got a workaround to make it to work..the good guys on dd-wrt forum answered my question..
since your post comes up in search..may be this might help someone.
this is what i’d to do (from the dd-wrt forum) to make it work:
do a hard reset
reconfigure router (if you have comcast - do “No STP”)
clone address to your machine
unplug cable modem (if you have the VOIP via the cable company - double modem - then pull its batteries also) for 5 minutes
plug ethernet back into the router / cable modem
make sure router is all configured and up
plug in cable modem
wait for everything to setup
check dd-wrt webpage
if no WAN IP - do DHCP renew
wait a minute
try to ping 208.67.222.222 (opendns server - good place to ping)
@Soporose: Before I begin let me apologize for being a little slow to respond especially since I failed to get back to you before the weekend was over. I ended up having a bit of unexpected stormy weather last night and I always turn off my computer and unplug the Internet connection so I wasn’t able to write my response last night as I planned.
VPN is a sensible way to go for your solution. There are several ways to
To get started let me say that I don’t think the DD-WRT is the optimal solution for your problem. It sounds like you need a more full-blown VPN solution but I don’t know the budget or size of your business. Where I work, we use an SSL-VPN with a RSA SecurID system which is extremely robust and secure. However, I work for a Fortune 500 company with a large IT budget and a ton of remote users.
Let me also say that I recommend you upgrade any Windows NT servers you have to an OS supported by Microsoft. NT servers are very insecure since Microsoft doesn’t patch widely known vulnerabilities anymore. Any scriptKiddie could hack one of those…now that I’ve got all of that out of the way let me answer your question about the dd-wrt firmware.
The dd-wrt firmware is better than the standard Linksys firmware and offers a lot more features. Not only does it have VPN pass through like the standard Linksys firmware, but it can act like a VPN server with support of public/private key encryption.
The dd-wrt would allow you to connect one of your laptops (no router) to the office router via VPN. Once connected to the router, you should be able to set up the appropriate configuration to forward your traffic to the appropriate server(s).
The dd-wrt would also allow you to connect the home office routers directly to the office routers assuming both Linksys routers were flashed with the new firmware.
I’m not familiar with Microsoft’s Port Query tool but one other way to verify if the office VPN is correctly setup is to actually make a good connection to it. You haven’t been able to do this yet but you think the WRT54GL has a bug that prevents you (and many others on the Internet) from connecting.
However, if you could borrow another kind of router that is known to work with VPNs, you could do a real test of the office VPN. If it still doesn’t work, then you know its a configuration issue.
Also, you could also setup a test very insecure test environment (i.e., no sensitive information and not connected to the corporate LAN) with the WRT54GL’s standard firmware. What I mean about being is secure is that every single firewall should turned off and has all the necessary ports open. Once you get this setup you can test the VPN and know that no random security configuration is preventing you from connecting. If it works, then you can add layers of security till you locate the problem and know what to correct.
Something else that may work as a solution is Hamachi which is a zero-config VPN solution. If you didn’t mind using GoToMyPC in the past, then you should try Hamachi before doing anything else. If it works then you’ve saved yourself a ton of trouble.
OpenVPN is another open source VPN solution but it is very complicated to set up. Once setup though its supposed to be great. One other lesser known, but good from everything I hear, is iPIG (Private Internet Gateway) from iOpus.
Hope all of this info helps. Let me know if you have any questions about what I said or anything else. Also, be sure to come back and let me know what solution worked for you. Helps me learn more!!
Thanx Matt! Although I am tech-savvy enough to know whats going on in great detail, this page here summarizes the required information very nicely. And since I have nothing better to do now I’ll post my experience of flashing my newly purchased WRT54GL here.
We have frequent power outages in this part of the world (Lahore, Pakistan) and although I timed my routers firmware flash quite decently right after electric power was restored after a power failure (assuming that the next one would be at least a few hours into the future), the power just had to go out in the middle of the upload. Then after a nailbiting half an hour when the power finally came back. And much to my dismay the power light was blinking fast with no other LED showing any activity except the one for the port to which my laptop’s wired LAN interface was connected. The router did however give me a DHCP IP and was pingable
I followed the management mode guide in the “recover from a bad flash” wiki page. To my surprise the tftp method worked effortlessly and the transfer took only 8 seconds contrary to the page’s warning that it would be painfully slow. As noted the tftp method only works with Linksys’s original firmware. But all in all I was quite releived to see the web admin page working once again. So with my fingers crossed and praying that the lights wouldn’t go out this time I started the firmware upload once again. This time all went well and after fiddling around with my DD-WRT router for an hour or so all I have to say is: “Dang this thing is sweet”.
Hi Matt.
Thanks for the detailed reply.
> To get started let me say that I don’t think the DD-WRT is
> the optimal solution for your problem. It sounds like you
> need a more full-blown VPN solution but I don’t know the
> budget or size of your business. Where I work, we use an
> SSL-VPN with a RSA SecurID system which is extremely robust
> and secure. However, I work for a Fortune 500 company with a
> large IT budget and a ton of remote users.
Very small business, very small budget. Only one remote user to start, maximum of five when all concerned have their access. Despite NT server, quite reasonable security measures are in place, as is very robust backup system. But even so, security is not a big deal. Even if the data were stolen it’s pretty worthless to anyone else, even to someone in the same business.
> …if you could borrow another kind of router that is
> known to work with VPNs, you could do a real test of the
> office VPN. If it still doesn’t work, then you know its a
> configuration issue.
Not easy to do in a small town, and I’m not in the USA.
Re: Hamachi, I looked at it early on. Neither it nor iPig support NT Server.
> The dd-wrt firmware … can act like a VPN server…
> The dd-wrt would allow you to connect one of your laptops (no
> router) to the office router via VPN.
> The dd-wrt would also allow you to connect the home office
> routers directly to the office routers assuming both Linksys
> routers were flashed with the new firmware.
This sounds like the most promising option for our circumstances.
Correct me if I’m wrong, but is it correct to say that what I’m trying to do at the moment (and failing at) is establish a PC-to-Server (XP-to-NT) VPN, passing it right through the WRT54GL’s at each end.
On the other hand, what your suggestion would be doing is establish a router-to-router connection. That should be easier to verify, than wondering if the server VPN is correctly configured, yes?
Can you give me the exact URL of the DD-WRT firmware I should download? There seems to be so many versions spread all over the place. I have the CL7B routers with Linksys firmware v4.30.7.
Many thanks for your help.
Hello, again!
I will give you all Linux fans more good information:
I flashed my firmware to dd-wrt.v23 SP2 vpn generic version (dd-wrt.v23_vpn_generic.bin) from Linksys stock version 4.30.7 (WRT54GL_4.30.7_US_code.zip) successfully on/with:
———————————–
CentOS release 5 (Final)
Firefox 1.5.0.12
———————————–
Sincerely yours,
Boyan Boychev
Matt, can you please tell me if this firmware will possibly eliminate the latency problem that I am having with RR? Without the router connected web pages complete almost immediately but with the router connected (Wrt54gl v1.1) graphics on web pages lag to a standstill and when I ping various sites there are dropped packets but not the router disconnected. My neighbor down the block has the exact same problem with a different version from Linksys…Please detail what is going on if you can…Neur
@Andy: Thanks for the info on the buffalo whr-g125. I’m not familiar with those routers so I’m glad the