DD-WRT Configuration

My home DD-WRT configuration for privacy, security, and performance. Documenting mostly so I can remember my preferred settings whenever I update/reset the router.

All settings are kept as default unless otherwise noted below. Sensitive information is annotated with "{REDACTED}".

Current Router

• Netgear R7800
• DD-WRT Netgear R7800 Wiki

Current DD-WRT Build

• v3.0-r53562 (10/03/23)

3rd-Party Services

• ProtonVPN
• NextDNS

Configuration

Setup

Basic Setup

WAN Setup

WAN Connection Type

• Ignore WAN DNS: ✓[^5]

Network Setup

Dynamic Host Configuration Protocol (DHCP)

• Forced DNS Redirection: ✓[^6]
• Forced DNS Redirection DoT: ✓[^6]

NTP Client Settings

• Time Zone: {REDACTED}

Tunnels

1. Import Configuration from ProtonVPN
2. Configure
   • DNS Servers via Tunnel: {empty}
   • Kill Switch: ✓[^5]
   • Allow Clients WAN Access: {unchecked}[^5]
   • Source Routing (PBR): Route Selected sources via WAN[^5]
   • Source for PBR: 192.168.1.63[^5]
   • Watchdog: Enable[^5]
     • Server IP / Name: 1.1.1.1[^5]

Wireless

Basic Settings

Physical Interface wlan0 [5 GHz/802.11ac]

• Service Set Identifier (SSID): {REDACTED}
• Network Mode: AC / N Mixed[^2]
• Channel Width: VHT80[^3]
• Channel: {least congested, maybe prefer 149-161, don't use Auto}[^3]
• Extension Channel: {paired with Channel leads to least congested}[^3]
• Advanced Settings: ✓
• Firmware Type: VANILLA[^1]
• TX Power: 30[^3]
• Protection Mode: RTS/CTS[^3]
• RTS Threshold: Enable[^3]
• Threshold: 980[^3]
• Short Preamble: Enable[^3]
• Single User Beamforming: Enable[^3]
• Beacon Interval: 300[^3]
• DTIM Interval: 1[^3]
• Airtime Fairness: Disable[^1]
• Sensitivity Range / ACK Timing: 3150[^2]

Virtual Interfaces wlan0.1

• Service Set Identifier (SSID): {REDACTED}
• Advanced Settings: ✓
• Protection Mode: RTS/CTS[^3]
• RTS Threshold: Enable[^3]
• Threshold: 980[^3]
• AP Isolation: Enable[^3]
• DTIM Interval: 1[^3]

Physical Interface wlan1 [2.4 GHz]

• Service Set Identifier (SSID): {REDACTED}
• Network Mode: N / G Mixed[^3]
• Channel: {least congested, don't use Auto}[^3]
• TurboQAM (QAM256): Enable[^3]
• Advanced Settings: ✓
• Firmware Type: VANILLA[^1]
• TX Power: 30[^3]
• Protection Mode: RTS/CTS[^3]
• RTS Threshold: Enable[^3]
• Threshold: 980[^3]
• Short Preamble: Enable[^3]
• Beacon Interval: 400[^3]
• DTIM Interval: 1[^3]
• Airtime Fairness: Disable[^1]
• Sensitivity Range / ACK Timing: 3150[^2]

Virtual Interfaces wlan1.1

• Service Set Identifier (SSID): {REDACTED}
• Advanced Settings: ✓
• Protection Mode: RTS/CTS[^3]
• RTS Threshold: Enable[^3]
• Threshold: 980[^3]
• AP Isolation: Enable[^3]
• DTIM Interval: 1[^3]

Wireless Security

Physical Interface wlan0

• WPA Shared Key: {REDACTED}

Virtual Interfaces wlan0.1

• Security Mode: WPA
• Network Authentication: WPA2 Personal
• WPA Shared Key: {REDACTED}

Physical Interface wlan1

• WPA Shared Key: {REDACTED}

Virtual Interfaces wlan1.1

• Security Mode: WPA
• Network Authentication: WPA2 Personal
• WPA Shared Key: {REDACTED}
• Custom Config: vendor_vht=1[^3]

Services

Services

DHCP Server Setup

• Static Leases:[^5]

  MAC Address	Hostname	IP Address	Lease Expiration
  {REDACTED}	tv	192.168.1.63

Dnsmasq Infrastructure

• Additional Options:[^4] [^5] [^6]

  no-resolv
  bogus-priv
  server=45.90.30.0
  server=45.90.28.0
  add-cpe-id={REDACTED}
  

Administration

Keep Alive

Schedule Reboot

• Enable: ✓
• At a Set Time: ✓ 02 00 Monday

[^1]: DD-WRT Netgear R7800 Install Guide [^2]: QCA BEST WIFI SETTINGS [^3]: QCA Wireless Settings [^4]: NextDNS Setup Guide [^5]: WireGuard client setup guide [^6]: VPN and DNS guide