OpenWrt on Netgear WNDR3700v1 with External LTE Modem

Good Morning,

I have some question about the configuration I will try to apply with your help.


  • My internet connection is provided on a 4g network with a D-Link DWR-960 mini router with 2 lan port
  • I have a Netgear WNDR3700v1 with DDWRT (last release)

Need that I would like to configure on my network:

  • VPN with Zoog VPN
  • Adblock centralized
  • Dynamic DNS
  • Access to NAS from the internet
  • Access to Luci from the internet

What is the best configuration that I can use between the DLink and Openwrt?

Is possible to connect the lan from DLink to the WAN of Netgear 3700v1 saving a lan connection of the router?

Is better the DHCP on the Modem Router or in the Netgear? (and why)

I will disable all the wifi connection on the Dlink modem instead of the netgear, so I can be protected with the VPN, right?

thank you in advange for all your help

Probably won't work, mobile networks are usually CGNATed.
Which also renders the DDNS useless.

Yes, but you can also convert the WAN port to LAN.
If you can't modify the DHCP settings on the d-link, connecting LAN-WAN might be the only option.

Depends on if the d-link will let you set your own DNS (for adblock) och default gateway (for VPN, might not be required).
If not, then the DHCP have to be running elsewhere.

Is the VPN for bypassing carrier data limits and/or geo blocking ?

On the D-Link DWR-960 there is a DynDns area with a (unknown by me) service of dyndns... If I configure the dyndns on the DWR-960 and the VPN on the Netgear, can my traffic be tracked?

I've seen that I can disable the DHCP on the Dlink, so, teorically I can disable dhcp on DLink and use the Dhcp driven by ddwrt (assigning a static ip on Dlink mac address)

the vpn is for privacy and some kind of geo blocking applied by the domestic carrier

It appears to be a paid service, from

That's useless, since the dyndns (still CGNATed) will point to your carrier,
while the VPN IP will be something completely different.

You could set up DDNS for your VPN tunnel, but that would assume you could
actually connect to the IP of the tunnel end point from the internet. If not, there's no point.

Define tracked.
You can always be tracked, since it's mostly done by browser cookies.
VPN doesn't prevent this in any way.

If the blocking is via DNS only, it's easy to bypass, by using public DNSes, like or
Unless the carrier blocks/intercepts all external DNS calls. Then it's still doable, just slightly harder :wink: