[NOTE] - For Asus units, the standard 30/30/30 method will reset the router but you will need to use the Restore button followed by a Power cycle. The only exception (so far) is the RT-N16 model, follow the same method as stated above but use the WPS button instead of the Restore button. If all else fails to reset you can also do it by command line (all units). Login to the router via telnet/ssh and issue the command "erase nvram". This will reset the nvram partition to defaults for this Make of router.....redhawk
An alternative method to restore DD-WRT to default settings without using the reset button is via telnet or SSH. This is useful if locked out of the web interface or the reset button is disabled, broken, or 30/30/30 doesn't work. This should not be done on some models, so refer to the device wiki and/or forum device threads.
SSH, or Secure Shell, is an encrypted protocol and associated program intended to replace telnet. It can also be used for creating secure tunnels, somewhat akin to Virtual Private Networks, and for use as a network file system (Sshfs). Unless changed, everything SSH operates on port 22.
SSH operates just as telnet with a user/password combination or on a Public/Private key infastructure. For the latter to work, a small public key is given to the server and the server gives your client its public key. Your client encrypts information to the server using the servers public key and the server encrypts information sent to you using your public key. Private keys are never exchanged, and are used to decrypt the information encrypted with the associated public key.
The DD-WRT firmware can use user/pass logon or only allows connections from clients whose public keys are manually entered via the web interface. Multiple keys can be entered by placing them on separate lines.If you want to use user/password to login using SSH use user "root" with the password you set in the webinterface
Public key authentication is one of the most secure methods of logging into SSH. It functions similar to HTTPS, as all transmissions are encrypted with a key that only the client and server will have. Another plus...if you use this method instead of password authentication, no one will be able to crack away at your router trying to guess the password!
If you don't want the hassle of generating ssh keys, you may use the password logon method. However, please be aware that this method is much less secure! (passwords may be truncated to 8 characters or less)
Provides a secure alternative to standard telnet.A good Windows Client to use is PuttyConfigure the client to use the Private Key you saved earlier.Most Linux distros have telnet and SSH clients by default.
Secure Copy (SCP) allows one to copy files to and from the router and a remote host--usually a desktop machine.Some good Windows clients to use are FileZilla and WinSCP.Configure the client to use the Private Key you saved earlier, or use "root" and the webinterface passwordRemember: only the /tmp and /jffs partitions are writable!
So the other day I was making my usual password changing rounds on my accounts and devices. One of the things that I do change regularly is my password for DD-WRT. Somehow I changed it and could no longer access the device.
Well the things in THIS( =com_kunena&func=view&catid=3&id=2353&limit=6&limitstart=6&Itemid=142)posting did not work as far as I can tell. So I did some more work and:FIRST THIS APPLIES to an OpenVPN client on a DD_WRT router NOT to the client on a PC.It is helpful to be able to telnet to the router and issue commands in this way. The notes below are done by telnet.
EDIT: Please note if you use the last entry above in the firewall (iptables -I OUTPUT -o br0 ! --dst a.b.c.d -j DROP) you will lose access to the router. Thus if the tunnel goes down ...well you know. So you may want to leave this entry off the GUI and if/when you are set up properly and then run it from the telnet prompt. That way if you need router access you can reboot and be OK.First determine the router interface(s).the command is netstat -rOn the far right of the output interfaces are listed.In my case I was using iptables for the tun0 interface .... the interface on the router is tun1 .. !!so the firewall commands needed to look like this:iptables -I FORWARD -i br0 -o tun1 -j ACCEPTiptables -I FORWARD -i tun1 -o br0 -j ACCEPTiptables -I INPUT -i tun1 -j REJECTiptables -t nat -A POSTROUTING -o tun1 -j MASQUERADEiptables -I OUTPUT -o br0 ! --dst a.b.c.d -j DROP # if destination for outgoing packet on eth+ is NOT a.b.c.d, drop the packet, so that nothing leaks if VPN disconnects# the above line can be duplicated for as many Air servers as you wish to connect to, just insert the appropriate Air server entry-IPFill a.b.c.d with the remote server ip in your air.ovpn fileAfter running these (you may want to run iptables -F first to flush previous) with YOUR interfaces determined from above, save the firewall and REBOOT.Then after reboot telnet again and run the commandpsThis will tell if Openvpn started .. in my case the start is unreliable. If OpenVPN is not running try this command(sleep 30 && (ps | grep openvpn | grep -v grep || openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down /tmp/openvpncl/route-down.sh --daemon))&This will check if it is running and if not will start the client.Now you can use the ps command to check and after then check your connection to AirVPN. You can also check the iptables with the command netstat -vnL.Hope this is helpful to some and saves some work/head scratching.Comments on the above very welcome, CheersEDIT: Please note if you use the last entry above in the firewall (iptables -I OUTPUT -o br0 ! --dst a.b.c.d -j DROP) you will lose access to the router. Thus if the tunnel goes down ...well you know. So you may want to leave this entry off the GUI and if/when you are set up properly and then run it from the telnet prompt. That way if you need router access you can reboot and be OK.Also this start-up command (enter in Admin>Command window and save start-up) seems to insure the client runs ..sleep 60(sleep 30 && (ps | grep openvpn | grep -v grep || openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down /tmp/openvpncl/route-down.sh --daemon))&It takes longer to connect but seems to do so each time correctly.
Now, when the Internet connection is debugged and distributed via Wi-Fi, you can proceed to setting up IPTV from Rostelecom. To do this, you need to use the PUTTY application or create a telnet session via CMD. In the second version it will be necessary to open the command windows line, and then enter and confirm "telnet 192.168.1.1" (if the IP address of the router has not changed).
You should always use root as a username, regardless of which username you set before, and the password must be the one that you set. To exit the telnet session, you must enter exit. Using telnet is acceptable at the stage of exploring DD-WRT, but since this protocol does not have any protection, you must disable it and switch to SSL when you start using the router in production mode. To do this, go to page Services (service)\u003e Services in the web interface, as shown in.
Want more security? Then configure the login using the public key and without the use of a password - this will protect against attempts to break through by brute force and no one can enter the system without having a copy of the private key. First you need to create an encrypted key pair, on Linux you can do this using the ssh-keygen command.
The -C option adds a comment inside the public key file, which is actually a plain text file. Subsequently, by this comment, if necessary, I can identify this key. Now you need to copy the generated public key to the DD-WRT device by placing the contents of the file with the key in the text field located in the SSH section of the page Services > Services and disable login with a password, as shown in.
It remains to press the button Saveand then the button Reboot Router. If you already had an open SSH session, it will automatically be closed, and the next time you log in, the password will not be checked. If you need to add multiple keys, they must be separated by a newline character.