Featured Image

Wiimmfi with DD-WRT

How to create a virtual access point (VAP) for Nintendo DS WFC and WiiConnect24 games.
Published:

Getting Started

Wireless Router used to install DD-WRT: NETGEAR R6400v2 (r6400v2otp)

DD-WRT builds tested working in this guide: r42335 (2020-02-10) and r47745 (2021-12-04)

Remember: Always backup your NVRAM first by going to Administration > Backup before making major changes like this. If your DD-WRT install gets bugged out you can always try rebooting the router or do a factory reset by going to Administration > Factory Defaults.

After you click Apply Changes and/or Reboot, it may take several minutes to complete and you may experience network interruption. This is normal, so be patient. If you see a "site can't be reached" or "connection timed out" error in your browser, try to go to your DD-WRT GUI homepage. In my case it will be located at http://192.168.1.1/index.asp.

Disclaimer: While it is very unlikely, I am not responsible if you damage your equipment in any way.


Wireless Settings

The Nintendo DS only supports 2.4GHz 802.11b wireless with WEP security. Before you begin, make sure these settings in the DD-WRT GUI are correct:

  1. Go to Wireless > Basic Settings.
  2. On your 2.4GHz interface, make sure Wireless Network Mode is set to Mixed.
    • Mixed will support 802.11g, 802.11b, and 802.11n, so it's the most compatible.
  3. Make sure Channel Width is set to 20MHz.
  4. Save if necessary.
  5. Go to the advanced tab for your physical wireless interface.
    • In my case it is Wireless > WL0-Advanced.
  6. Make sure AP Isolation is disabled, Preamble is set to Long, Shortslot Override is set to Auto, and Bluetooth Coexistence Mode is disabled (the defaults).
  7. Optionally, disable Wireless GUI Access.
    • You will need to be connected to another interface to access the DD-WRT GUI if you disable this.
  8. Save if necessary.

Create a Virtual Access Point (VAP)

To connect your Nintendo DS to a WEP-secured access point while keeping your normal WPA2-secured access point(s) intact, we'll need to create a virtual access point:

  1. Go to Wireless > Basic Settings.
  2. Underneath your 2.4Ghz interface, click Add Virtual AP under Virtual Interfaces.
    • Take note of the new interface name, in my case it is named wl0.1.
  3. Type in a name (SSID) for the virtual access point.
  4. Save and Apply Changes.
Virtual Access Point settings

WEP security is better than no security. Here's how to turn on WEP security for our VAP:

  1. Go to Wireless > Wireless Security.
  2. Under your VAP, change Security Mode from Disabled to WEP.
  3. Enter a unique passphrase and click Generate.
    • Make sure it is not the same password you use to connect to your existing wireless network.
  4. Take note of Key 1 that appears.
    • This is your WEP Key, you will need it later when connecting with your Nintendo DS.
  5. Save.
WEP settings

DHCP Configuration

Because we use WEP security, we want our VAP to have its own network isolated from our regular network (Unbridged). With our unbridged VAP we'll also need a way to automatically serve IP addresses to our Nintendo DS consoles. At this point it's up to you to decide what subnet should be used in the design of your home network. In my case, hosts connected to the VAP will get IPs in the 192.168.2.0/24 subnet while the rest of my network will reside in the 192.168.1.0/24 subnet.

So, let's get our new network properly configured:

  1. Go to Setup > Networking.
  2. Scroll down to the VAP we created and set Bridge Assignment to Unbridged.
  3. Enable Net Isolation and Forced DNS Redirection.
  4. Enter the IP Address (Default Gateway) and Subnet Mask you want to use.
    • In my case, it will be 192.168.2.1 and 255.255.255.0, or 192.168.2.1/24 in newer builds.
  5. Enter the Optional DNS Target.
    • This is where you will put the Wiimmfi DNS server address (as of this writing, it is 164.132.44.106), so we can force-redirect any Nintendo DS console to the Wiimmfi servers.
  6. Save and Apply Changes.

Now let's enable DHCP so we can give out IPs on our new network. My build of DD-WRT uses the dnsmasq-dhcp server by default, so the steps are fairly simple:

  1. Go to Setup > Networking.
  2. Scroll down to DHCPD - Multiple DHCP Server and click Add.
  3. For the first dropdown box that appears, choose the VAP you created.
    • It is wl0.1 in my case. You can leave the rest of the dropdowns alone.
  4. Save.

Our hosts will now receive IP addresses starting from 192.168.2.100 up to 192.168.2.150, with a default gateway of 192.168.2.1. This makes connecting our Nintendo DS as easy as possible.

Network settings

Quality of Service

If there are any users hogging bandwidth on our VAP subnet and slowing the rest of the network down, we can mitigate it with Quality of Service.

I won't cover all the details of setting up QoS in DD-WRT here, but these steps work for my specific router and connection.

  1. Go to NAT / QoS > QoS.
  2. Click Enable QoS.
  3. Set Queuing Discipline to FQ_CODEL.
  4. Enter no higher than 95% of your Downlink and Uplink speeds in kbps (kilobits).
    • Use an online speed test to figure these out.
  5. Save.

Now let's set up our priorities:

  1. Under Netmask Priority, type in your regular subnet and click Add.
  2. Do the same again, but type in your VAP subnet and click Add.
    • In my case they are 192.168.1.0/24 and 192.168.2.0/24 respectively.
  3. For your regular subnet, change Priority to Premium.
  4. For your VAP subnet, change Priority to Bulk.
  5. Save.
Quality of Service settings

Network Hardening

THIS IS THE PART WHERE YOU RESTART YOUR ROUTER!

Check if your DD-WRT firewall is working properly on all service ports with GRC ShieldsUP! (you'll want Stealth results to pass this test). You can enable the firewall and limit Telnet/SSH access by going to Security > Firewall.

To stop the public Internet from accessing your DD-WRT GUI or busybox shell, make sure the router WAN IP (your public IP) cannot be accessed using Telnet (port 23), SSH (port 22) and HTTP (port 80/port 443). You can disable all Remote Access settings under Administration > Management (if it asks you to input a remote IP range, just use a private non-routable subnet, like 192.168.1.2 to 192.168.1.254). You'll also want to make sure hosts on the VAP cannot access the default gateway IPs with these services, or any other hosts on the network for that matter.

If you set up any access restriction policies or QoS policies, make sure those are working properly while connected to the VAP. You can use any laptop or smartphone with a web browser to test these.

IF YOU MADE ANY CHANGES, SAVE AND REBOOT!


Connecting to Wiimmfi

Now you can connect to Wiimmfi with the network we created. Just search for an access point, input the WEP key and that's it. You don't need to fiddle with the DNS server on the console itself, and you don't have to use manual mode. It just works.

Nintendo Wi-Fi Connection Settings screen

For the Nintendo 3DS, go to System Settings > Internet Settings > Nintendo DS Connections.

For the Nintendo DSi, go to System Settings > Internet > Connection Settings.

You can also access the Nintendo Wi-Fi Connection Settings screen by using a Wi-Fi compatible game. Your game manual provides information on how to do this for the game you are playing.

Nintendo Wi-Fi Connection - Getting Started (step-by-step guide)

Nintendo Wi-Fi Connection - Initial Setup Help

You can find a list of common Nintendo DS Connection Error Codes and possible solutions in the Nintendo DSi Operations Manual (PDF, page 50).

Tags: networking