The open source community is great and companies like Mediatek have open source drivers too. The problem is by the time a router and its drivers gets to a really stable state, its wifi standard has become old or last gen. The RT3200 for example or E8450 is the one that is trending cause its relatively new and fast hardware with most issues solved. But now thats WiFi 6 and not 6E. By the time 6E routers get stable OpenWrt WiFi 7 will be available. So OpenWRT always trails one generation which is perfectly fine for home users usually.
If you really want something that runs a more recent version of OpenWRT (for security patches) and fast and stable wifi from the latest generation the best solution right now is to use OpenWRT for routing and get some prosumer Access Point. This combination has worked great for me. This is important if you want to deploy in a work environment where wifi needs to be stable and frequent reboots are not welcome.
I imagine that wi-fi long ago reached a standard of sufficient stability for the vast majority of home users, cafés and restaurants, etc. When I look at the router at friends’ houses or hanging on the wall at businesses, it is often a decade old, and no one complains about drops or having to reboot. (In apartment blocks people may sense that their wi-fi is a bit slow, but merely changing the channel away from the default will often make a big difference.) The many older-generation routers that have reliable and advanced OpenWRT support are perfectly fine for most non-corporate use-cases.
This is a problem first in terms of security and secondly why ISPs have their own hardware cause people will upgrade their plan and complain they are not getting the speeds because they don't even have the hardware to support it. Firmware bugs in routers are becoming common for DDoS attacks.
Yep. Our family still makes do with a WRT 54GS v5. A carefully configured DD-WRT installation (man, I did a ton of reading for that :) and memory expanded to 16 MB. Works fairly well, even for single-person Zoom calls and our son's gaming in Minecraft servers (+ Discord blabbering).
As for DD-WRT, my favorite setting is the timer for turning wifi off for the night, and a scheduled restart each morning. I also set the signal strength to as low as I could. This way, the router has been running with no issues whatsoever, maintaining a very stable download rate -- so it sure does make sense to dig in the DD-WRT (or OpenWRT) documentation and wikis.
I admit being somewhat attached to old-but-excellent hardware in general, though, so there's that.
One subtle benefit of cutting edge routers, a lot of routers nowadays are WiFI mesh routers. This traditionally was not very good, but at least at the moment a mesh between routers over WiFi 6E (which most devices do not support) works really well.
Shit I’m still using an Apple base station. I kept expecting them to come back. OpenWRT was okay but it is just a pain in the ass to figure out what model works with what version. Too many vendors have been compatible for only certain hardware revisions and I just don’t use enough Wi-Fi for it to be worth the effort. I have Ethernet again after a long time of not having it.
Well, that's only a problem if you're also constantly buying new devices that could use those standards. Eg everything that connects to my home wifi is a/b/g/n max so I just got an old ath9k wifi card for my router.
do you mean to hook those new APs as dumb APs to openwrt router? in that case just buy some wired routers for openwrt to save a few dollars.
for most people the newest wifi standard might not be that critical, any wifi standards after 802.11n worked well for me and they're fairly stable on openwrt.
I care less about speed and recommend you do too. I use OpenWrt for several reasons. It’s really easy to setup up openvpn or firewire to protect all your devices including iot. Secondly, I disable all radios except a single 2.4g to put a hard stop on beam forming capabilities. Call me paranoid but I don’t want my router to be capable of tracking movement throughout my house. Finally the adblock package is great. A really easy way to block ads on iot devices. OpenWrt can be installed on just about anything with luci supporting a lot of common routers. Ditch your factory spyware I mean firmware asap.
How often do you install updates? My ISP router is a piece of crap, but it's running the same software as a few million other routers, so when there's a vulnerability, at least my ISP pushes out an automatic update to fix it.
Obviously there's a tradeoff here, between the juicy target of a million homogenous ISP routers, and the ISP quickly patching them. But I bet there are also millions of routers running OpenWRT, albeit on a wider variety of hardware, with many disparate configurations and software versions. I'd expect some opportunistic hackers might see OpenWRT as a juicy target too.
Does OpenWRT have good support for automatic, unattended security updates?
Yeeeah, no thanks. I don't want my hardware running automatic upgrades of any sort.
I'd probably trust an open source team like OpenWRT's more than a shitbag company like my telco, or only-slightly-less-shitbaggy cableco, but as others have noted an open source effort likely won't ever have the resources to do it anyway.
I deeply dislike the cableco's ability to push firmware files to my DOCSIS modem, and I'm certainly not letting them any further into my network than that.
Sure, having your router get security updates is nice, but as a tradeoff for that, you're effectively giving your ISP a complete view into your home network. They could install firmware that gives them MAC addresses and then tags packet traffic by device, giving them a device-by-device, and hence person-by-person, packet-level (or at least connection-level, in the case of properly encrypted traffic) view of who is looking at what, all the time. With a more sophisticated beam-forming AP, they could physically track your devices (and thus people) around inside the house.
That data would be phenomenally valuable, especially as ad-tracking systems get shut down. And they've realistically got at least a few years of absolutely bald-faced shut-up-and-bend-over abusive behavior before Congress would get around to regulating it, and that's given both the worst-case for their behavior and the best-case for regulators. Very likely they could do shit like that indefinitely, especially if they own the router hardware. Who knows -- maybe they already are? It's not like they'd have to tell anyone in the US if they were.
I think I'd rather take my chances with random ransomware gangs than the guarantee of allowing a hostile actor -- my ISP -- into my private network. Those fuckers can stay where they belong, on the untrusted side of the firewall, pushing packets and nothing else.
"OpenWrt 23.05 supports over 1750 devices" this makes it pretty much impossible to do anything unattended, you will always break something, don't think anyone wants to take the responsibility.
> Does OpenWRT have good support for automatic, unattended security updates?
I don't think this would work similarly to how it does on ISP hardware. ISPs have the ability to test their updates against known network conditions. OpenWRT developers do not have the same guarantee, and they don't even make or control all the software you would be using on the device.
I switched to using OpenWRT about half a year ago. It is awesome. My router is basically a low-power Linux computer dedicated to networking. I can do whatever I want on it. One pain point for me with OpenWRT is that it doesn't support any decent routers or modem with ADSL. Yes, it does support some of those devices, but without ADSL functionality. And if you're wondering who needs ADSL nowadays, that would be almost everyone who lives in Germany. So the next solution is to run a modem.
Unfortunately, the German router/modem market is monopolized by the FRITZ!Box devices made by AVM GmbH. IMO, it doesn't do a good job of being an ADSL modem as it provides very little technical information on what's wrong with the connection. But it does come with a ton of features that have nothing to do with being a modem or a router such as support for proprietary IoT devices by AVM. Basically, this whole thing is crap. I got FRITZ!Box at first but then sold it. It's quite hard to not use it because all major German ISPs "support" it and encourage you to get it; all those magazines that review devices and rate them promote it; every single electronics store has a big section dedicated to them.
I've settled on using Draytek Vigor 167 as a modem and Unielec U7621-06 as my router. I ordered this router directly from Unielec. I love how modular it is. The Wifi are a separate PCIe modules, and there's a SATA connection on the router for a disk. And Unielec is one of the few companies that support an actual unmodified OpenWRT. And the best part is that it cost about 100$. The downside is that they so far don't support the latest Wifi standards and most of their devices have only 1Gbit ports, which is okay for me.
I see it differently: I'm running it just because of their IoT solution. Offline, super long range (DECT ULE) and being updated for 10 years. The latter amazing, there is other vendor coming even close. That alone is reason enough to have (self owned) Fritzbox.
But for more advanced users openwrt offers additional features. But worse wifi, no IoT, etc.
The second a wifi 6e (6ghz) router is supported I'll be on the openwrt train again. Until then, I'm stuck with my ISP router because it has faster wireless speeds than the openwrt routers available.
This has recently become far cheaper over the past few years. You can now get quite powerful fanless computers that come with 4-6x 2.5GBe ports, and they typically have a slot on the board that you can put whatever Wifi card you want in.
Yes, they are still more expensive at around $200-300 for the computer (even without memory, storage, or wifi card), but considering a few years ago you'd need to spend nearly twice that for a similar system (and usually with only 1GBe), it's becoming a much more attractive offer to start a home-lab with.
Serve The Home has some excellent videos on these mini-computers that I highly recommend:
In order to replicate the functionality of an access point, the device needs to support all 3 bands (2.4/5/6), not just have a slot for whichever single band I want to support.
That DIY setup has a lot more compute for routing, but actually does worse in trying to be used as an actual (wireless) access point (and still costs more).
> In order to replicate the functionality of an access point, the device needs to support all 3 bands (2.4/5/6), not just have a slot for whichever single band I want to support.
Many cards support multiple bands concurrently. Some of these devices have multiple slots as well, and if it doesn't you can get an NVMe to mPCIe adapter to enable a second slot. I personally use a Mediatek card for dual-band 2.4GHz + 6GHz and a USB adapter for the 5GHz band (mostly because I don't have an adapter for fitting more than 4 antennae).
> That DIY setup has a lot more compute for routing, but actually does worse in trying to be used as an actual (wireless) access point (and still costs more).
You don't need a lot of compute for routing packets, especially if you are able to set up flowtables and bypass most of that processing anyways. The extra compute is excellent for other services that you might set up on it though, which is why I explicitly mentioned it's a good starting point for a home lab.
All that aside, the real cost of DIY isn't the dollar amount. It's the time and effort required to set it up and maintain it. The only point I mentioned about cost is that it's significantly cheaper than it was a few years ago. If all you want is to reduce cost then it's unlikely you can beat recycling an old desktop computer with an additional 6E card thrown in.
Not really. Put your coax modem into bridge mode. There aren't any DOCSIS 3+ pcie cards afaik, and these devices don't usually have pcie slots available (maybe nvme, but that would require an adapter and a new chassis)
The nature of open source community projects is they’re generally slower to get hardware support than commercial developers. That’s not a knock against openwrt (or any project), just the reality. 6E support will probably land once WiFi 7 is on the horizon, so if you approach things like this, you’ll always be waiting.
Is 6E that much better (in applications where openwrt is typically used) than 6 to justify waiting for 6E?
Yes. 6 GHz spectrum has 7 channels that are 160 MHz wide.
Contrast that to the 5 GHz spectrum which only has 2 channels that are 80 MHz wide (excluding DFS). DFS is not an option in many places, and even the US only gets 1 channel that is 160 MHz wide (also DFS).
5 GHz spectrum is almost always congested and gets half the spectrum width.
I’ve only used DD-WRT (for many years on my routers), and awhile back I perused the version control history which led me to believe that it was maintained by only a few key individuals.
Perhaps I’m wrong, or it’s simply a very mature project - but can anyone comment on the security or community around DD-WRT relative to OpenWrt? Just a bit worried that I’m exposing some sensitive workloads through firmware that is vulnerable or not well scrutinized by the public.
I've been using openwrt since ~2007 or so. It's a marvel & has been so good.
But I cannot wait to get off such a special purpose system. I would much rather be running a regular & general purpose OS. I'd rather have systemd and regular builds of packages.
Ooenwrt exists mostly because good wifi is coupled to byzantine difficult hardware that requires absurd patches & guesswork to make that hardware useful. There's been no hope for most of these systems to ever get their support up-streamed. We are seeing some positive changes very recently, with for example Qualcomm & MediaTek both seemingly not far from being usable, which is lightyears better than where we have been. Conceivably we could run whatever on these devices at that point.
Also super sad is how hard it is to avoid these frustrating quirky devices in the first place. Trying to buy wifi add-ons is enormously challenging. M.2 (or often still mini-PCIe) cards are made by very very few folks, hard to find, and often around $200. Once you acquire one, now you're faced with it's awkward size that won't fit most places, and the often weird power demands like having some 12v lugs you have to hook up.
Ideally I'd love to scatter a couple rpi and some usb wifi cards around. It's been a while, but ~5 years ago I was buying & trying every Alfa (a good name that makes usb cards for a variety of chipsets) usb card I could, and usually hosting an AP started great but would quickly fall apart. Realtek only supported like 8 client devices, for example. Other chipsets would crash & even rmmod & re modprobing drivers wouldn't bring the device back up. Some just had terrible performance. It's such a pity USB gets such poor treatment, that there aren't some capable usb cards that can be a decent AP.
Plugging a project we've been working on -- https://www.supernetworks.org. It's dockerized router software tailored for privacy & security that will happily coexist on a general purpose system.
I remember running OpenWrt on an Asus router back around 2004 or 2005, it was very interesting. I ran an IPv6 tunnel broker with SixXs, network services (I remember DHCP and DNS, which I learned quite a bit about in the process).
It was a great way to give users control over their devices and put them to uses their creators probably never thought of. Most ended up being used as Routers/APs in SOHO networks, I assume, but some were used for tasks that people approach with Beagle Boards and other SBCs these days. In the history of computing, it's a recurring theme that once a small enough, cheap enough machine becomes available (think of e.g. the PDP-8 back in the 60s), people find all kinds of uses for them that before (almost?) nobody would have considered using a computer for.
I've been using a couple Teltonika routers recently. I specifically chose them because their OS is derived from OpenWRT... it's a breath of fresh air compared to the myriad consumer routers OS I've been through before which are all extremely flakey and locked down. It's also nice to not have to hack around to get a decent OS installed, feels like buying a "Laptop for Linux", but a router.
I'm not sure what plain OpenWRT is like these days but RutOS is a really nice balance between "just works" and "highly configurable"... and if you really can't find what you want to do through the UI it's completely open and hackable as far as I can tell.
I'll preface this by saying that I have not seen this one myself.
But it is somewhat common for certain manufacturers to sell routers that claim to be OpenWrt-based/compatible, without actually being supported by vanilla OpenWrt. So you get a custom OWRT build, often with no further support, which is not that different from having a OEM firmware.
I haven't used any routers like that, and I don't know about vanilla OpenWRT support for RUTx devices, but RutOS is free and open source, continually developed, and they provide an SDK for customisation [0]. So far RutOS firmware updates have been frequent, something like monthly, and there has even been some modem firmware updates for my 5GLTE router (never saw a modem firmware update for any other modem/router i used).
They are marketed towards industrial not consumer and come with the associated price tag, so maybe that has something to do with it. They also use the same OS across all their devices so it makes sense that it's in continuous development.
I was specifically looking for a 5GLTE modem/router when I came across teltonkia, at the time there was no other 5GLTE modem/router available that could run OpenWRT or similar, it was closed source unknowns all around except for them, so I was pretty happy to find them.
Why the unusually generic description? I knew this project when it was still described as "alternative open-source router firmware", and looking at the supported hardware list, it seems like that's still its main purpose.
Can confirm on this one as a great bargain for the capabilities when I picked it up 1–2 years ago. Beside general home network (600/600), it also forwards the requests to my home server, blocks ads, handles WoL, & hosts coturn. Eventually I should set it up for Wireguard for a VPN.
I have been looking into using OpenWrt recently since my current router Ethernet is capped at 500mbps on my gigabit internet, but I am overwhelmed by router choices.
Does anyone have a recommendation for a router that can handle 1Gbps internet and also has fairly fast output with clients connecting to it via WireGuard?
There's actually a sticky post about this kind of situation on the OpenWRT forum. It boils down to: "gigabit routers" aren't; use a SFF Intel box with a separate switch and AP for those speeds. [1]
I don't know if there's a specific name for them, but there's a cottage industry of fanless "network appliances" based on low-power Intel processors, loosely similar to Intel NUC, but with different form factors depending on how many Ethernet interfaces they have. Some of the better-known integrators on AliExpress include Topton, Kingnovy, and Qotom, and you'll find a ton of examples if you search AliExpress for "pfSense". There's also an American vendor, Protectli, that offers several variations of this hardware with a warranty, support, and Coreboot firmware (at a premium over AliExpress prices, of course).
Use a Raspberry Pi 4 for your router and use other ’routers’ as dumb access points. It is the best setup I’ve had.
Its CPU is easily fast enough to handle the advanced software flow control that allows really good QoS. My ping times don’t meaningfully change whether my connection is loaded or not.
Then you can upgrade the wireless without having to replace your router which does all sorts of non Wi-Fi functions.
It does require using an external USB3 gigabit Ethernet adapter.
Just use BananaPi-R3, it is working great with flow offloading, wireless ethernet dispatch (offloading Wi-Fi). It has great support from Mediatek, achieving ~1.4Gbps over Wi-Fi without any CPU usage. It is really great device and not very expensive. Official support for OpenWRT from 23.05.
https://wiki.banana-pi.org/Banana_Pi_BPI-R3
I have the same issue with my router - it supports 1gbps but that’s a total over all ports. That total includes the WAN port. So the max throughout you can get from one port to the internet is half the max - 500 mbps.
Is that really true? With full duplex, you should be able to route 1Gbps in and 1Gbps out simultaneously. Are you sure you aren't just hitting a CPU or ISP bandwidth limit?
I am still looking for a decent setup where I can run pfSense plus a 10 port switch plus some WiFi in a decent centralized way with excellent IPv6 support.
My ISP doesn't even support IPv6 ever since they enabled CGNAT.
Prior I have had issues with IPv6 breaking the internet (due to poor or buggy adoption) and interestingly I've had no issues with CGNAT when I was expecting issues, so I'm not convinced how important IPv6 is right now, really.
(For those who haven't heard of CGNAT, it's basically a system where for residential grade connections multiple houses/connections are allocated to the same IPv4 address and the ISP hardware will manage some state internally to keep track of where each packet should go. The downsides of CGNAT are often exaggerated because 99% of P2P applications already use NAT hole punching instead of port forwarding anyway, which is fully compatible with CGNAT)
If you really want something that runs a more recent version of OpenWRT (for security patches) and fast and stable wifi from the latest generation the best solution right now is to use OpenWRT for routing and get some prosumer Access Point. This combination has worked great for me. This is important if you want to deploy in a work environment where wifi needs to be stable and frequent reboots are not welcome.