Netgear WNR2000 V3

The Netgear WNR2000 V3 router is an old and inexpensive router that can be made "better than new" by installing DD-WRT third-party firmware.

The Netgear WNR2000 V3 is a capable little consumer "N300" router with outdated factory firmware that wasn't all that great to begin with. If you have (or buy) one of these, it can be made into a very reliable (if basic) router by installing open-source third-party firware.

The Good:

  • The Atheros CPU runs plenty fast at 400MHz
  • There's plenty of RAM: 32 megs
  • Very inexpensive (under $15 used)
  • Extremely reliable (once DD-WRT is installed)

The So-So:

  • Only a 2.4GHz radio
  • 10/100 Fast Ethernet instead of Gigabit
  • Internal antennas only (but they're surprisingly effective).

The main limitation of this router is the flash space. Available space for firmware is very small because Netgear partitions the 4 megs of ROM space in an unusual manner.

The unusually small 3648 kB of ROM space severely limits your third-party firmware choices on the WNR2000V3.

If nothing else, you can configure a WNR2000V3 router as a simple access point. Just give the router's LAN interface a static address within your LAN's IP address range, disable the DHCP server, configure wireless settings, and connect an Ethernet cable to a LAN port. (The WAN port will be unused if your router is a simple AP.) (Reference)

Installing DD-WRT Firmware

There's a version of DD-WRT that *just* fits if you use a specific release (29837 from 06/06/16).

Flash over to DD-WRT

The process is covered on the web. Here's an overview:

  1. Downgrade the Netgear firmware if necessary (V1.01.26.img).
  2. Do a freshly reset.
  3. Flash dd-wrt "factory" firmware (r18777 flashing file: wnr2000v3-factory_NA.img).
  4. Clear browser (in Firefox or Pale Moon: Ctrl+Shift+Delete).
  5. Do a factory reset.
  6. Flash the "webflash" firmware (r29837 file: wnr2000v3-webflash.bin).

Repeat the last three steps (re-flash the 29837 firmware from itself) if you want extra "insurance" that router will start its new life completely free of anomalies.

Hardware Factory Reset

  1. Make sure nothing's plugged into the yellow WAN port.
  2. Press the reset button until the blue wireless indicator on the front panel turns off.
  3. Wait until the blue wireless indicator lights up again.

Configure DD-DWRT

DD-WRT on a WNR200V3
DD-WRT build 24461 on a WNR2000V3

The starting point is a freshly-reset router.

Set Administrator username and password

Freshly-reset DD-WRT will prompt you to set the Administrator username password. Use a username like "wnr2kadmin" or something else that's not "root" or "admin". Set a reasonably long password that has at least one capital letter and at least one non-alphanumeric character.

Temporarily disable wireless.

 Wireless -> Basic Settings
  Wireless Network Mode: Disabled
 <Apply Settings>

Basic Settings

 Setup -> Basic Setup
  WAN Setup -> Optional Settings
   Router Name: [same as SSID, except remove special characters other than "-"]
   Hostname: Same as the router name
  Network Setup -> Router IP
   Local IP Address: Change the third number to some number between 20 and 250.
   It will be 192.168.<some-number>.1
  Network Setup -> Network Address Server Settings (DHCP)
   Start IP Adress: 101
   Maximum DHCP Users: 100
   DHCP Static DNS 1 & 2:
    208.67.222.222 & 208.67.220.220 (OpenDNS)
    84.200.69.80 84 &.200.70.40 (DNS.Watch)
  Time Settings
   Time Zone: Zulu
   Server IP/Name: 0.north-america.pool.ntp.org (or other if appropriate)
 <Apply Settings>

Unplug the Ethernet cable from your computer, wait 15 seconds, and re-connect it.

Visit your router at its new address to continue.

MAC addresses

If you don't know what this means, no worries. The factory-provided MAC address will work fine.

 Setup -> MAC Address Clone
  Enable
  Leave the OUIs (first three hex-pairs) alone and re-configure the address part.
 <Apply Settings>

After changing your router's MAC address(es) unplug the cable from your computer, wait 15 seconds, then re-connect it.

Wireless

First enable wireless security.

 Wireless -> Wireless Security
  Security Mode WPA2 Personal
  WPA Algorithms: AES
  WPA Shared Key: Passphrase with more than twenty characters.
 <Apply Settings>

Now configure and Re-enable wireless.

 Wireless -> Basic Settings
  Wireless Network Mode: NG-Mixed (*)
  Wireless Network Name (SSID): wireless (or whatever you want **)
 <Apply Settings>

Now your wireless is secured and re-enabled.

(*) NG-Mixed is optimal because it turns off 802.11b, which is recommended. If you have an old 802.11b devices use Mixed or, better yet, de-commission the old device.

Reference: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=876186

(**) If you use a generic SSID ("wireless", "NETGEAR", "default", etc.) it will give you some privacy advantages. If you don't mind identifying yourself by broadcasting your unique ID from your wireless devices (phone, laptop, tablet) then use any unique SSID. Perhaps use netgear-nnnn where "nnnn" is the last four characters of your router's serial number.

Reference: https://wigle.net/gps/gps/main/ssidstats

Terminal Access

If you don't plan on using shell access, turn it off. If you do plan on logging in, use SSH.

 Services -> Services
  Secure Shell
   SSHd: Enable (only if you plan on logging in with SSH)
  Telnet
   Telnet: Disable
 <Apply Settings>

If you enabled SSH, restrict it to access from your LAN only.

 Administration -> Management
  Web Access
   Enable Info Site: Disable
  Remote Access
   SSH Management: Enable
   Allow Any Remote IP Range: Disable
   Allowed Remote IP Range: 172.16.16.172 to 172
 <Apply Settings>

In case you're wondering, allowing only the reserved private 172.x.x.x address effectively disables remote SSH access to the WAN port in the absence of a specific setting to do that.

Scheduled Reboot

For rock-solid reliability, set your router to reboot itself once a week.

 Administration -> Keep Alive -> Schedule Reboot
  Check Enable
  Set the day and time (e.g. 3:45 Sunday)
 <Apply Settings>

Configuration Backup

Save your work. (Optional)

 Administration -> Backup
  <Backup>

Rename the backup file to something you'll recognize. If you set your router's name to "wireless", this would be a good name for the file:

  wireless-WNR2000V3-nvrambak.bin.

That's it. Now you have a dependable router that will provide secure and reliable Wi-Fi service.

Stock-To-DD-WRT Steps Summarized

  • Set NIC to static 192.168.1.2 and connect one Ethernet cable (from computer to a LAN port).
  • Boot the router into recovery mode.
  • Use tftp2.exe (Win) or tftp (Linux) to flash 00-wnr2000v3-V1.0.1.26.img .
  • Set NIC to DHCP while the router is rebooting.
  • Browse to 192.168.1.1 and log in with admin/password .
  • Use "Router Upgrade" to flash 01-dd-wrt_18777-wnr2000v3-factory_NA.img .
  • Browse to 192.168.1.1 and set a relatively easy username and password.
  • Use Administration -> Firware upgrade to flash 02-dd-wrt_r29837-wnr2000v3-webflash.img (with reset).
  • Clear browser
  • Browse to 192.168.1.1 and set a relatively easy username and password.
  • Use Administration -> Firware upgrade to flash 02-dd-wrt_r29837-wnr2000v3-webflash.img (with reset).
  • Browse to 192.168.1.1 and set a umpredictable username and long/unpredictable password.
  • Set Wireless -> Basic Setup -> Wireless Network Mode to Disabled (Apply Settings)
  • Configure and deploy the router.

Modifying a More Recent DD-WRT Release

You can install a recent DD-WRT version that "fits" within the available space by modifying a more recent DD-WRT release. The firmware's size can be reduced using a Firmware Modification Kit. Here are some rough notes:

  1. Untar the fmk.
  2. Copy the firmware into the ./fmk/ directory.
  3. Unpack the firmware.
  4. Unpack the web files.
  5. Delete all of the contents from some language files, thus shrinking their size to zero bytes.
  6. Repack the web files.
  7. Repack the firmware.

Answers

If my password is lost and my reset button doesn't restore factory defaults, how do I do a factory reset?

The hardware reset button will not restore factory defaults if v29837 is installed. Your last (only?) resort in the event of a lost password on a WRN2000V3 running DD-WRT v29387 is to boot the router into recovery mode (by holding the reset button down, powering it on, and waiting until the Power LED blinks green), install an old version of the stock firmware (using Netgear's tftp2.exe or tftp from the command line), and reload DD-WRT (as shown above).

Links

Page last modified on April 21, 2017
Powered by: PmWiki and Quick Wiki CMS