NOTE: B2 appears to only be different in labeling. The default firmware claims B1 and even /proc/cpuinfo claim to be B1 revisions even though the packaging and the sticker say B2.

Numbers 0-3 are Ports 4 to 1 as labeled on the unit, 5 is the internal connection to the router itself.

Consult Flash Layout for a better understanding.

There are two ways of installing firmware, either by using normal D-Link firmware update web-interface or by using firmware recovery mode.

Note: Since original Firmware 2.05WW Build: 05Beta01 it is not possible to flash OpenWrt via the firmware update page. (worked on a B2 revision with Ubuntu's Firefox in 2.05NA and 2.06NA) It looks like Firmware 2.01EU behaves the same way. Please use the firmware recovery mode instead.

Note: This method works for revision C2 with Firmware 3.00 using Ubuntu's Firefox. I used openwrt-ar71xx-generic-dir-825-c1-squashfs-factory.bin

1. Login into the factory D-Link firmware web-interface as usual. Default procedure for the freshly purchased router is:
   1. Set the static IP 192.168.0.100/24 on the PC
   2. With any web browser go to http://192.168.0.1/, use "admin" as the username, and "" as the password (leave the field blank).
2. Proceed into the firmware update page, click "Browse" and select your OpenWrt image file (openwrt-ar71xx-generic-dir-825-b1-squashfs-factory.bin)
3. Click "Update" and let the router reflash itself.
4. Device should now reboot itself and boot up the OpenWrt.
5. Give the router some time to finish firstboot tasks (initial configuration, jffs2 initialization, e.t.c.).
6. The router's power LED should blink orange during bootup, as soon as it stops flashing, you can connect to it
7. obtain new IP from the router via DHCP and follow firstlogin

Note: The firmware recovery mode has following quirks:

• If you have a Windows machine available you can use Microsoft Internet Explorer 7 (a Windows running on a VM, like VMware, does not work)
  • Windows 8: Firefox cannot be used to update firmware (presumably applies to other versions of Windows).
  • Windows 8: Use Internet Explorer 10. Press F12. Select Browser Mode: IE8. Leave the compatibility setting at IE5 Quirks.
• If you are running Linux you can:
  • Set your interface to 100Mbps using sudo ethtool -s eth0 speed 100 autoneg off, install IE7 in Wine and use it to flash.
  • Later models (or some hardware combinations) may need sudo ethtool -s eth0 speed 100 duplex half autoneg off (e.g. B2, FW ver 2.05EU).
  • Use the following script.
  • firmware 2.02EU should still be available on ftp.dlink.de and it doesn't require IE, nor Mac.
  • 2.05EUB09_7 can't be downgraded to 2.04 but fortunately can be downgraded to 2.02EU
  • I had to disable both avahi, cups and IPv6 to get it working. (B2 FW ver 2.01EU)
• If you are running MacOS you can use Google Chrome Opera
• FW version 2.05EU seems very difficult to flash, there may be timing issues (that's just a guess). After downgrading to 2.04EU (get it from ftp.dlink.de) it worked the first time, using IE7 on a virtualbox Win XP "guest". YMMV.

1. Get into the D-Link recovery console with the steps below:
   1. While powering up the router, press and hold the reset button until the power LED starts blinking orange (usually takes around 45 (forty-five) seconds )
   2. Set a static IP on your PC to 192.168.0.100/24
   3. connect to http://192.168.0.1, mind the quirks!
2. Click "Browse" and select your OpenWrt image file (openwrt-ar71xx-dir-825-b1-squashfs-factory.bin, this binary image is available in the Backfire 10.03.1rc1 download directory and above)
3. Click "Update" and let router flash the image (don't worry if it reboots before it reaches 100%). The page should display "Device is Upgrading the Firmware" in blue letters with the current percentage in red (with an incompatible Browser it doesn't).
4. The router's power LED should blink orange during bootup, as soon as it stops flashing, you can connect to it
5. Tip! Note that default DHCP will allocate on 192.168.1.x, which is different subnet to the address you allocated above. This is why you can't connect until you change your IP address.
6. obtain new IP from the router via DHCP and follow firstlogin

→generic.sysupgrade

→generic.debrick

→generic.failsafe

Since this part is identical for all devices, see Basic configuration.

→wireless.overview This router requires the packages kmod-ath9k and wpad-mini.

Note: This may void your warranty!

To remove the cover simply:

1. Remove the two (2) back rubber feet. (closest to the ethernet ports and antennas)
2. Unscrew the two (2) screws underneath the feet.
3. Pry case halves apart from back side to front side, carefully.

To remove the board from the casing:

1. Unscrew the two (2) front (inner) screws and remove the LED shield.
2. Lift board from front and slide out in a forward motion.

Remember to use 12V↔3.3V serial port voltage converter or you might break the router by over-voltage.

COM port settings: Speed:115200, Data bits:8, Stop bits:1, Parity:none, Flow control:none

How to connect to JTAG interface, and how to reflash the device with JTAG tools

See port.jtag for more JTAG details.

See the LED section in /etc/config/system on general LED configuration.

The DIR-825 has 11 blue and 2 orange LEDs: The four LAN LEDs are controlled by the switch chip. By default they show link and blink for activity. They are LED Bank 0. To configure the RealTek RTL8366S, you can use swconfig, e.g.

swconfig dev rtl8366s port 0 set led 2

If you want to see the BLUE POWER ON and the BLUE GLOBE ( planet ) blinking when it receives information, then do the following setup:

For UCI configuration of the LEDs use this set of commands:

uci set system.led_wan_orange=led
uci set system.led_wan_orange.sysfs=d-link:orange:planet
uci set system.led_wan_orange.default=1
uci set system.led_wan_blue=led
uci set system.led_wan_blue.default=1
uci set system.led_wan_blue.sysfs=d-link:blue:planet
uci set system.led_wan_blue.trigger=netdev
uci set system.led_wan_blue.dev=eth1
uci set system.led_wan_blue.mode=link tx rx
uci set system.led_power_orange=led
uci set system.led_power_orange.sysfs=d-link:orange:power
uci set system.led_power_orange.default=0
uci set system.led_power_blue=led
uci set system.led_power_blue.sysfs=d-link:blue:power
uci set system.led_power_blue.default=1
uci commit system

After rebooting the device this setup becomes active.

→hardware.button

The D-Link DIR-825 has two buttons:

The WPS (WiFi Protected Setup) button is located at the right side (or the top when standing) and can be easily pressed with a finger. Also the WPS LED is integrated into the Button. For some unknown reason this control is named powersave in various places.

The Reset button is located at the back and cannot be pressed with a finger, you need a small item to push it in.

It was reported that in order to enable second USB port it is sufficient to solder in two straight bridges in place of L66 (take a look to the corresponding photo in the "Photos" section). After that you will need to solder in second USB header or - easier way - to solder in short-tailed female USB type A connector (sample photo is also available in the "Photos" section).

Discussion and more information can be found in this thread.

vavasik did this mod and reported his experiences in this thread.

He used two Samsung K4H511638D-UCB3 chips from Samsung DDR SODIMM 512 MB. Maybe other chips from other manufacturers can be used, only they has to have 32Mx16 organization. Chips with other organization, such as 64Mx8, are not suitable.

Next to the soldering, the bootloader (U-Boot) and the calibration data partition has to be changed, because the D-Link bootloader/calibration data partition does not start with the 128 MB RAM. He used the bootloader/calibration data partition from Netgear WNDR3700. It's done through a full reflash, check the forum for the binary. It turn the D-Link DIR-825 into an Netgear WNDR3700.

The Netgear stock firmware does not recognize the 128 MB RAM, it only shows/uses 64 MB RAM, but it starts.

An detailed tutorial from vavasik can be found here.

Don't do this if your are inexperienced in soldering, you will for sure destroy the contacts→Trash!

→Internal Layout

Feel free to add here any info we haven't covered yet! Thank you!

I was able to upload the openwrt-ar71xx-generic-dir-825-b1-squashfs-factory.bin in recovery mode with Internet Explorer with compatibility view enabled (menu Tools/Compatibility View). Without it it was loading forever. Other browsers (Chrome, Firefox, Opera) were not working. Tested with Windows and Linux. Also I switched my 1Gbit cart into 100Mbit mode.

It may be necessary to run the original firmware and configure the device at least once. I flashed the router right away using the firmware recovery interface which resulted in configuration problems in OpenWrt. All wireless network devices did not have valid MACs instead they used 00:00:00:00:00:00 and refused therefore to work properly. Even trying to read the MAC from the sysfs failed. After flashing the original firmware and configuring the device once using the D-Link Webinterface everything worked as expected after flashing OpenWrt again.

Besides flashing in recovery mode from a MacBook Pro using Google Chrome and the default Gigabit plug worked just fine!

Read about VLAN

• Gateway: 210.190.90.33
• SN-Mask: 255.255.255.248
• ISP IPs: 210.190.90.34 - 210.190.90.38
• Router Model: D-Link DIR-825 rev. B1
• Firmware Version: OpenWrt Backfire 10.03.1 / LuCI 0.10.0 Release (0.10.0)
• Kernel Version: 2.6.32.27

Separate the LAN-Switch in such a manner, so that you can use the 4th LAN-Port as a global Port for the 6 given IPs from your ISP.

 Internet
 |
 ISP
 |
 D-825 Router with openWRT
 |_______________________________.
 | LAN1 | LAN2 | LAN3 |   LAN4   |
 |                    |    |     
 |  your local LAN    |  Switch Netgear ProSafe 5
 |   192.168.1.1      |    |
 |                    |  global ips from your ISP
 |____________________|_ 210.190.90.34 - 210.190.90.38

o) Go to Network / Switch and do the configuration as shown:

Separating the LAN1 + LAN2 + LAN3 from the LAN4

Very important is to hit the SAVE button ( !!! not the Save & Apply !!!)

In case if you wonder why the port 0 (zero) corresponds to the 4th LAN-port, see this: switch.ports

o) Go to Network / Interfaces / LAN / Physical Settings and do the following:

( you have to change the settings from "eth0" to "eth0.1" )

Now you should hit the button "Save & Apply" !!!

( Info: wait a bit and then you will see that your router is not responding any more → this is normal, give him a little time ( 1min max) then unplug the power supply from the router, then wait 10sec and plug it back in! )

o) Go to Network / Interfaces

You will find here only the LAN (green) and WAN (red) interfaces. Now we will have to add the VLAN-Interface ( I called it GLAN, you can call it GAN - it doesn't matter) - the G because of the global IPs!

o) Adding the GLAN Interface

a) Add new interfaces

b) Type in the name for the new interface: GLAN ( this is in my case, u can call it whatever u want)

c) Protocal of the new interface: Static address

d) Create a bridge over multiple interfaces: NO

e) Cover the following interface: VLAN Interface: "eth0.2"

f) Hit the Submit button

GLAN configuration overview:

This is what you will see, when you click the Interfaces

This is what you should see, after you added the GLAN Interface

To be sure that you have the right settings, check the /etc/config/network output:

root@dir825:~# cat /etc/config/network

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'proto' 'static'
        option 'ipaddr' '192.168.1.1'
        option 'netmask' '255.255.255.0'
        option '_orig_ifname' 'eth0'
        option '_orig_bridge' 'true'
        option 'type' 'bridge'
        option 'ifname' 'eth0.1'

config 'interface' 'wan'
        option 'ifname' 'eth1'
        option 'proto' 'dhcp'

config 'switch'
        option 'name' 'rtl8366s'
        option 'reset' '1'
        option 'enable_vlan' '1'
        option 'enable_vlan4k' '1'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '1'
        option 'ports' '1 2 3 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '2'
        option 'ports' '0 5t'

config 'interface' 'GLAN'
        option 'proto' 'static'
        option 'ifname' 'eth0.2'
        option 'ipaddr' '210.190.90.33'
        option 'netmask' '255.255.255.248'

o) Go to Network / Firewall and add a new GLAN-Zone:

a) name: GLAN

b) Input: accept

c) Output: accept

d) Forward: accept

e) Masquerading: YES

f) MSS clamping: YES

g) Covered networks: GLAN

h) Hit the Save & Apply button

o) Then check if GLAN is assigned to the correct firwall zone:

o) Go To Network / Firewall / Custom Rules and add the following lines (be aware to make changes for your own IPs | also the names of the variable can be changed)

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

#################
### Variables ###
###################################################

# public ip
PUBLIC="210.190.90.0/29"
# HOSTS
FTP="210.190.90.34"
DNS1="210.190.90.35"
DNS2="210.190.90.36"
MAIL="210.190.90.37"
BACKUP="210.190.90.38"

# gets the wan-ip address
WANIP=`nvram get wan_ipaddr`

###################################################
# disable NAT for FTP -> WAN
iptables -t nat -I POSTROUTING -s $PUBLIC -j ACCEPT

###################################################
# allow traffic to routed public net
iptables -I FORWARD -o eth0.2 -j ACCEPT

###################################################
# block public -> lan, allow lan -> public
iptables -I FORWARD -i eth0.2 -o br0 -m state --state NEW -j DROP

###################################################
# block access to the router GUI/telnet/DNS/etc. from PUBLIC net, allow from HOSTS
iptables -I INPUT -i eth0.2 -j DROP
iptables -I INPUT -s $FTP -j ACCEPT
iptables -I INPUT -s $DNS1 -j ACCEPT
iptables -I INPUT -s $DNS2 -j ACCEPT
iptables -I INPUT -s $MAIL -j ACCEPT
iptables -I INPUT -s $BACKUP -j ACCEPT

###################################################
# block access to WAN IP from PUBLIC net
iptables -I INPUT -i eth0.2 -d $WANIP -j DROP

Now hit the Save & Apply button

This are the settings of your machine (ex. FTP):

IP: 210.190.90.34
SM: 255.255.255.248
GW: 210.190.90.33
DNS: 210.190.90.33

!!! Be aware to turn ON a firewall, because now the machine is exposed to the public !!!

We have recently developed a script and performed some correction based on your work you can find it here

http://openwisp.caspur.it/wiki/owf/FlashingDlinkDIR825#notextile-Automatic-flashing-script-notextile

With this script it's not necessary to force your NIC to work @ 10/100 Mb/s and it's not necessary using IE7

a custom image with ipv6 support: radvd, wide-dhcpv6, 3g stick support, made for RCS-RDS Fiberlink dual stack PPPoE service, but should be okay for static wan settings on other ISPs: http://www.ip6.ro/firmware/dir825/

Since Attitude Adjustment beta 2, some images are suffixed with "-fat" to indicate they will be able to use more flash that the factory firmware uses by default. It does this by moving the wireless interface calibration data at the end of the flash. This is a dangerous operation and should only be performed if you know how to back this flash partition (/dev/mtd5). To upgrade, you'll need to copy the whole image in /tmp and use sysupgrade -i the caldata question. Downgrading to a non-fat image will get the caldata back in place so it can be used by the factory firmware, after upgrading to a fat image, you must downgrade before getting back to a factory image.

Before: /dev/mtdblock4 576.0K 308.0K 268.0K 53% /overlay After: /dev/mtdblock4 2.1M 328.0K 1.8M 15% /overlay