DD-WRT wireless TKIP woes

The DD-WRT firmware has always been rock stable for me and I’ve been on various builds of it on a total of three work horse Linksys 54G routers for at least five years. In addition, lately DD-WRT have done VPN-duty for me on a more recent Netgear WNR3500L.

With no warning one of my trusty old 54’s suddenly dropped wireless – the SSID was no longer to be found.

Some long debugging later revealed the that the router had changed wireless security settings to WPA2+TKIP while WPA2+AES is the only recommended wireless security setting on DD-WRT. Resetting to WPA2+AES fixed the issue and attributing the strange change of setting to some freak issue during a recent reboot I was once again a happy camper.

Some weeks later, after another reboot, wi-fi was gone again. And this time it was impossible to change back to WPA2+AES under the Wireless security tab. I tried different options for saving the correct setting but every time the router immediately reverted back to TKIP again.

During a second round of debugging the root caused was spelled out for me in a forum thread – my trusty 54 had simply run out of NVRAM. This type of memory is used for storing router settings and statistics, stuff that must be non-volatile during reboots. Running out of NVRAM will cause DD-WRT to fail to persist settings (with no indication of the cause). The amount of free NVRAM on a device can easily be checked by executing

nvram show > /dev/null

either through the web interface (Administration → Commands) or by logging in via ssh or telnet (user=root, pswd=WiFi password).

There are multiple options for freeing up NVRAM, the one I used was clearing WAN bandwidth historical data.

Advertisements