Need help with setting up a flash router using DD-WRT or Tomato

lrober007

New member
Mar 13, 2016
11
0
0
Hello,

I have a Netgear Nighthawk R7000. I know that it can be flashed since IPVanish has these routers on their site as well as Sabai tech since they work together. Since I own one that is not pre-configured, I would not want spend another $350 just to have one. I see that DD-WRT can be used to flash my router and it looks like Tomato can also. What I need to know is if there is an issue when I flash the router, is there a way to recover it to factory default if needed or will it damage the router for good if it doesn't take. Which flash would be better? I have read into this, but I would like to see what other minds here say about this. It will be my first attempt to try and do something like this. I want to make sure I can cover myself for any issues that may arise. Any insight would be appreciated. Thank you.
 

Stoofer

Moderator
Staff member
Apr 18, 2015
674
0
0
Wales
You will likely get more information by asking in the Hardware Forums at http://forums.cablecutters.com - think of these Forums as having more to do with the software side of things. But you're welcome to hang on in case anyone with a similar setup happens to pass by.
 

lrober007

New member
Mar 13, 2016
11
0
0
@ Stoofer
Thank you. I will take a look. I figured with the title of the forum thread, this would be a good spot. Sorry for that.
@gwilly7
Thanks for the information. I will look into that as well.
 
Last edited:

photoplay

New member
Sep 18, 2012
112
0
0
Hello,

I have a Netgear Nighthawk R7000. I know that it can be flashed since IPVanish has these routers on their site as well as Sabai tech since they work together. Since I own one that is not pre-configured, I would not want spend another $350 just to have one. I see that DD-WRT can be used to flash my router and it looks like Tomato can also. What I need to know is if there is an issue when I flash the router, is there a way to recover it to factory default if needed or will it damage the router for good if it doesn't take. Which flash would be better? I have read into this, but I would like to see what other minds here say about this. It will be my first attempt to try and do something like this. I want to make sure I can cover myself for any issues that may arise. Any insight would be appreciated. Thank you.
I don't use DD-WRT or Tomato and I'm not sure this will be of any use to you (I don't even know what a flash router is supposed to do) but I have the same router and use the firmware "Asuswrt-Merlin on Netgear R7000 by Vortex" (XWRT for Netgear R7000 v378.54_2). There is a more recent release but I found v378.54_2 most stable. There is also a "Link to the "back to stock" firmware (v1.0.3.80_1.1.38)" that you can download for this firmware that will get you back to stock Netgear Firmware, tomato or dd-wrt without bricking your device. Have tried it from Vortex firmware back to Netgear and it works. Firmware and "back to stock" can be found in first post at
Do some reading there for further information and insight.

**Note: From what I can tell Tomato by Shibby does have a back to Negear Genie firmware found under the date of 2015-02-25 10:38 in folder called Netgear R-series back to OFW (R7000-back-to-ofw.trx)
Code:
http://tomato.groov.pl/download/K26ARM/
I think it's the same file I referenced above in the Vortex firmware.
 
Last edited:

Petebutty

New member
Oct 15, 2013
15
0
0
Check on dd wrt website, I flashed a Netgear router last year for use as vpn router, as far as I can remember, once you flash, you cannot go back to the original firmware.

If you hard reset after flashing, it only resets to dd wrt default settings.
 

lrober007

New member
Mar 13, 2016
11
0
0
@ photoplay,
Thank you for this information. I will keep this as a way to flash if I can't configure my VPN with DD-WRT, I will look into this. I already flashed to DD-WRT and had an issue configuring the IPVanish VPN because it didn't take and wouldn't connect to the Internet. I had to flash again to get back to default since factory reset didn't resolve the settings issue I had to connect. I still might try your method.

@Petebutty,

I see that might be the case since I had this issue. I saved my old config from the manufacture stock firmware to realize I cannot revert back to it. I will have to figure it out. Thank you for your help.
 

Petebutty

New member
Oct 15, 2013
15
0
0
@ photoplay,
Thank you for this information. I will keep this as a way to flash if I can't configure my VPN with DD-WRT, I will look into this. I already flashed to DD-WRT and had an issue configuring the IPVanish VPN because it didn't take and wouldn't connect to the Internet. I had to flash again to get back to default since factory reset didn't resolve the settings issue I had to connect. I still might try your method.

@Petebutty,

I see that might be the case since I had this issue. I saved my old config from the manufacture stock firmware to realize I cannot revert back to it. I will have to figure it out. Thank you for your help.
Not sure how far you've gotten with this yet so here's a little info to get you started.

You need to get the router to connect to the internet when connected to your primary router before configuring your VPN.
to prevent ip clashes the vpn router ip must be changed, e.g. My primary router is 192.168.1.1 so I changed the vpn router to 192.168.2.1

My provider is private internet access, they have a complete instruction on thier website for configuring open vpn on ddwrt.

It took me a little while to get it sussed out tho as networking isn't really my thing but I got there after a few shouts and head scratches.

Sure ipvanish will have a tutorial for you to use too.
 

JoeBean

New member
Mar 16, 2016
1
0
0
@ photoplay,
Thank you for this information. I will keep this as a way to flash if I can't configure my VPN with DD-WRT, I will look into this. I already flashed to DD-WRT and had an issue configuring the IPVanish VPN because it didn't take and wouldn't connect to the Internet. I had to flash again to get back to default since factory reset didn't resolve the settings issue I had to connect. I still might try your method.

@Petebutty,

I see that might be the case since I had this issue. I saved my old config from the manufacture stock firmware to realize I cannot revert back to it. I will have to figure it out. Thank you for your help.
The R7000 can be flashed back to stock. I've done it in the past and a lot of others have as well (it's usually called "revert to stock" if you're looking for it). Go to Netgear's website and download the firmware (1.0.4.30 is current), extract the files from the zip, and flash the chk file back through the web interface in dd-wrt. A few people have apparently had problems with the stock chk file working, though. If that's the case here try the trx back to stock file in the first post here.
.

There's also a step-by-step on the process going both ways at here.

Also note that you might have more success with XWRT, availablehere. DD-WRT has some positives but it's definitely not new user friendly (nor are there forums - just try asking a question!)

As for getting DD-WRT to work with the VPN etc, the first thing you need to do is make sure the firmware you flashed supports your hardware. There are plethora of versions of DD-WRT firmware, each customized for specific hardware, and if you don't get the right one you'll run into problems, from occasional crashing to unsupported hardware (eg. wireless drivers) to completely bricking your device. The Kong builds for the R7000 are currently the most recommended from what I can gather. The easiest way to find reliable firmware quickly is to use google to search dd-wrt.com for R7000 ("site:dd-wrt.com r7000 firmware") and find a recent forum post (ignore the wiki, it's info is out of date 90% of the time) with someone who uses your router and see what firmware they list (often shown in their signatures, which will be up to date). For example, a quick search find this user with 199 days uptime.

Once you have a stable/supported firmware uploaded it's just up to configuring OpenVPN. Start by connecting to the router, preferably by cable, and logging in (default address is 192.168.1.1). Go to Administration, Reset to Factory Defaults. This wipes the NVRAM on the device so that you don't have corrupt data messing things up. This is essentially the same as the 30/30/30 reset that you'll often hear about with dd-wrt, but you should not do a 30/30/30 on most newer routers. It can cause more problems than it fixes. Instead, just do the factory reset.

Next, connect the WAN port (yellow on the back, separate from the 4 network ports) to your DSL or cable modem. Go to Status, WAN. Check the IP Address listed there. If the IP is 192.168.x.x your modem is also a router and having 2 running at the same time can cause problems. You can do what Petebutty mentioned and ensure that the third octet (first x in the address above) is different than dd-wrt's address range (eg. dd-wrt defaults to 192.168.1.x, so if the IP the modem gives you a 192.168.2.x the two can work together ok. If not, you'll need to change dd-wrt's LAN IP address at Setup/Basic Setup). However, when this is the case I prefer to log into the modem and set it to bridge mode so that it doesn't do any DHCP assignments or routing. Your router will then see the WAN IP (your IP on the internet) in the WAN Status page. How to set the router to bridge mode differs by model - google the manual for your modem if you need to do this. In a few cases you may have to call the ISP and have them do it for you.

If you have no IP listed under WAN status it likely means you need to change the WAN connection type. Most ISPs these days don't need this, but a few still do. Anyway, you'll need to go to Setup, Basic Setup and change the Connection Type. By default it's DHCP. But you'll have to contact your ISP to find out what they want there.

Anyway, once that's done you should have the R7000 connected to the modem and your computer connected to the R7000, preferably by cable. Now try browsing the internet. Make sure that works before you go any further. If it doesn't work OpenVPN won't work either. Once it's working OK you can follow the IPVanish instructions found here to finish setup. As mentioned there, it takes a few minutes after reboot before the tunnel is established. When you go to whatismyip.com it should be different than the IP you saw under WAN status. If not, there's a problem and your VPN is not working.

If your IP is different you're almost done. Make sure IPv6 is disabled or you'll leak your identity that way (I believe it still is disabled by default). Go to Administration, Management and make sure IPv6 is disabled. Finally, you need to configure DNS to not allow your upstream (ISP) gateway's default DNS server to be used, or you'll be leaking DNS queries. There are a few ways to do that, but probably the simplest way is to go to Setup, Basic Setup and to set the Static DNS entries (if this is greyed out you need to turn on the DHCP server, which should be set to on so that the router is assigning IPs) to the DNS servers of your choice, the most common being Google 8.8.8.8 and 8.8.4.4 and OpenDNS at 208.67.222.222 and 208.67.220.220. Make sure you fill all 3 DNS entries or if the first 2 are down it'll default to using your ISP's DNS. Also, for added protection follow the instructions here about intercepting DNS port to prevent users from accidentally having their device/computer set to use the ISPs DNS (some ISPs around here take the user's PCs and manually put their DNS server IPs in the connection settings, and by default this would override DD-WRTs settings).

Now you can play around getting wireless settings, etc. as you like and you should be good to go!
 

lrober007

New member
Mar 13, 2016
11
0
0
Thanks to everyone that has posted.
@Petebutty,
I didn't think I would need to change the router's IP address so i will give it a whirl. I still have DD-WRT installed and will try that before I continue. IPVanish support seems to think that the script they gave me should work if I copy and paste it as it is on their site. I only need to change the username, password, and the protocol to have it work. It didn't. I will see what's up next. Thank you for your help.

@JoeBean,

This might be what I need to look at. I will certainly mess with this tonight when the rest of the house is asleep so I can see what I can do. I will try anything to get this VPN router going. I will let you know how it all turns out. Thank you very much!
 

Petebutty

New member
Oct 15, 2013
15
0
0
No problem

I did the same thing, configured it all, plugged it in to the primary router and, damn it!

Then I couldn't connect to the routers web client. That's when I unplugged it and changed the ip address, it was conflicting with the primary routers address.

Once I changed the ip it ran fine.
 

os-warped

New member
Nov 21, 2015
12
0
1
Firmware: DD-WRT v3.0-r28493M std (12/10/15) is the build I am using on the netgear r7000. My vpn is PIA. It has been a very solid. Very pleased with my setup. Overhead for VPN is not noticeable with my config. With my setup I can choose access through the router or ISP router/modem. 192.168.1.1 isp or 11.1 netgear router.