It's been a long time since I used 3rd party router software (and I think that was Tomato). If I was buying a router specifically for OpenWRT, what would be a good choice?
I recommend buying a miniPC that has at least 2 network ports and install OpenWRT on there. You can do it on ARM-based PCs or even x86_64 based PCs.
Then connect this miniPC to a cheap 8-port switch, and get some WiFi APs and connect those also to the switch.
This way you will get a much more powerful and reliable "router" that can't ever "brick". Better WiFi quality with good Prosumer / small business APs, and the ability to upgrade your WiFi independently of your router as needed.
Alas good wifi cards are extremely hard to procure and to fit to boxes. You can maybe get someone to sell you a $200+ AP-class wifi6 board.
Then you need some way to actually put it in a computer. Many are oversized mPCIe. We are starting to see some m.2 but it's rare & again they're likely to be oversized. Some have crazy power requirements, like having teo lugs to provide 5V on.
This is by far the worst served aspect of personal computing & it's such a shame. I with the adding card market existed. And many how great it would be if USB chipsets could be reliable AP. Maybe they have gotten better, but after years of religiously buying everything Alfa made & trying to see how good an AP it'd be before falling over, it feels like a relatively simple ask that would make the world of difference (lots of modest sized APs everywhere) is so unlikely to happen. For no good reason that I can tell.
That would fly against the assumption of most people that the router also is the 'modem' for one, and that the necessary 'modem' for whichever access-technology is often mandated by the ISP, for another.
Which you rarely can escape outside of business-contracts, regardless of concepts like 'router-freedom'.
In very rare circumstances you'll get to know the exact specifics of the low-level technicals before that shit is installed, and can plug in you own stuff without excess gear.
How does this work with routing? Does each AP get its own IP address, or is there some special protocol for running the APs "transparently" as though the router had its own built-in wireless antennae?
I used to bring OpenWRT routers everywhere I go. But if you worry about performance I'd actually recommend you get a router that's supported by AsusWRT Merlin. I've had a lot of WIFI performance and range issues with cheaper routers on OpenWRT.
I recommend looking at the supported devices list, since some models have Chinese v2 models that are indistinguishable, but unsupported.
I do not recommend any of Asus routers because the hardware is unstable/buggy. The most recent purchase RT-AX58X was rebooting every 20-50 minutes, and there were no ways to fix it. Unless you want to buy multiple, test and return the buggy ones.
The router I see being recommended for openWRT lately is the Belkin RT3200 (also called Linksys E8450, they're the same device) because it's a cheap router you can get at Walmart and has 802.11ax (Wi-Fi 6) support out of the box with openWRT.
I have a few of these: WIFI6, 128MB Flash, 64-bit ARM A53, DSA, hardware NAT offloading, solid build quality and the price is right. If you look at the OpenWRT TOH you’ll see hundreds of models but historically some of them get more love than others. I think this model will be popular in the OpenWRT world in the same way as the TP-Link Archer C7, Netgear WNDR3700 and Linksys WRT54G models. At least I hope so.
This will largely depend on how much (read: bandwidth) you want to route. I used to be a big fan of the PCEngines ALIX boxes (https://openwrt.org/toh/pcengines/apu) because you could run pretty much anything on them, but with big gigabit connections nowadays, they're less well suited.
If you're looking to route the lower end of things, you're likely to be fine with an SBC like the above. If you're looking for more, then something with Hardware offload is worth looking out for. With OpenWRT, you're likely to be looking at either a fairly meaty X86 for gigabit, or an off-the-shelf for which it supports HW offload.
I have a Celeron J4125-based fanless mini PC which I run OpenWrt on. It has been fantastic for me and can route my 1000/25 connection at 100% without breaking a sweat.
It's a Qotom Q750G5. Similar models can be purchased from Protectli if you do not want IME or if you want coreboot.
Anyway, it is a fantastic little device which sips power and I'm very happy with it.
Edit: one last note -- I use this for routing only. I did not add the wlan module since I have dedicated access points installed in some of my closets.
Another vote for GL.inet devices here, I've got a couple of Mango's and a couple of Creta's. Both low end devices, but their wifi coverage is great for the price and size of device, and they're working well for me as Wifi-VPN gateways, although I don't push a lot of bandwidth through them.
The more you pay the more bandwidth they can handle, depends on how / where / why of the implementation.
Note also to actually research the GL.iNet router model before purchasing - they falsely label some routers as "official openwrt". For example, the GL-SF1200 is listed as an OpenWRT router by them but some of the binaries on it, run on an outdated Linux kernel, and have not been fully made available to the public by the manufacturers of the Chinese SoC used on it. Thus, it is unlikely to run any OpenWRT fork or even receive opensource updates - https://forum.openwrt.org/t/how-do-gl-inet-devices-become-su...
What I did was to look for good value second hand routers nearby to me on Kijiji (Canadian classified market similar to Craigslist) then narrow them down by OpenWrt support.
Using this method, I bought 3 wireless routers 2.5-3 years ago for a total of about 50 CAD. They have been running as dumb wireless APs (https://openwrt.org/docs/guide-user/network/wifi/dumbap) ever since, to great effect.
GL.inet are not using openwrt from factory. You can see in many forum threads. It's a custom one, sometimes derived from vendor SDK, like qsdk. I have one very nice small router from them, which can run mainline openwrt, but this is not always the case
More specific in my case: are there any APs that would be good replacements for Unifi AP AC models or above? Looking to replace my unifi setup with something simpler (don’t need to provision APs centrally as I just have one, but want the rock solid reliability and speed).
I bought a Netgear WAX202 and been pretty happy with it. At the time I bought it, I found it difficult to find many other 802.11ax models supported by OpenWRT here in Canada. I was also happy that it supported 802.11ax on both 5 GHz and 2.4 GHz bands, the latter of which is often missing. I'm not sure how valuable it will be, but that is the first major upgrade to the 2.4 GHz band since 802.11n (2009!) and I tend to keep my routers for a long time.
Good Life iNet devices all come with OpenWrt-based firmwares, and generally after some time you can upgrade to vanilla OpenWrt without having to resort to recovery mode or similar shenanigans.
Even if you don't, you can access the traditional OpenWrt web interface (Luci) on the vendor's firmware, alongside their (pretty nice) simplified web interface.
I'm a 100% with you. I've been running OpenWRT since the WRT54G days. It's not perfect but it's the original embedded Linux distro. I know plenty of people run UniFi these days but personally, I'll stick with my OpenWRT flashed APs attached to an OPNsense router/firewall.
That said, to each their own. I'm happy to see a multitude of options out there. One of these days I might just go back and build myself Linux/nftables router like the old days when I ran ipchains on a 100MHz 486DX4 running Linux.
I'll definitely take a look at Attended Sysupgrade, this is my first of hearing about it. Thanks for that.
I only really used UniFi for APs. Ubiquiti has really taken a turn for the worse in recent times though.
I too used to run a router on a 486 (?), circa 1998. It was shared out wirelessly with my neighbor, so he'd cover half of my 512 Kbps DSL bill (I was in middle school at the time). If I remember correct I ran the SmoothWall distro on it. Good memories of bygone times.
Seeing this headline I'm not actually sure my OpenWRT router/WiFi AP has been upgraded since I installed it in late 2015. I haven't really thought about it at all, actually. I think that counts as praise?
EDIT: ... turns out I was on a 2019 version. I just upgraded it from the web interface, completely painless experience. 10/10!
Would be interesting to see the size for each OpenWRT version on a graph. After one of upgrades I've discovered that I have no enough space for additional packages I've used in the past and that's how I've learned that it become significantly bigger over the time. Though it still very impressive that developers managed to trim Linux to be usable on routers with small flash (8Mb in my case) given how huge the mainline kernel and how fast it grows.
This doesn't absolutely answer your question (as it doesn't look at the size of the actual firmware), but I did a quick run to see how the amount of code changes in OpenWRT between releases, this is the results:
I wonder why OpenBSD isn't considered for a router OS. It is smaller and more conservative than the Linux kernel. They also aim for security and code auditability. Presumably the same utilities and packages would compile for it as well as Linux. Looks like what you'd want in a router OS.
I used openWRT a few months ago on my LinkSys WRT3200ACM, I was pretty motivated with the stuff I could do (VPN, block ads etc). Unfortunately, I had to go back to stock firmware because Wifi performance and issues connecting certain devices (vacuum robot). It was sad to have to give up on it.
It was suggested those type of issues were related to the 3rd wifi radio. It's recommended to disable it: https://openwrt.org/toh/linksys/wrt3200acm#wifi_driver_bug_a... . I have the same device, but only use it as router (no wifi enabled) and have a Belkin RT3200 as dumb AP for wifi 6 (as suggested in some other comment).
Me too. On a Netgear r7800 (which is well supported for Openwrt). After much testing, tweaking/changing settings/etc I couldn't get OpenWRT to match the performance of latest stock OEM firmware.
Even wired performance was about 3/4 of stock OEM for my 500MB internet speed. I couldn't use any of the cool anti-bufferbloat QOS options in OpenWRT because that made wired performance even worse (despite getting A+ on bufferbloat tests, the bandwidth loss wasn't worth it). WiFI 5G was spotty and less distance in my house plus would randomly just stop for 30 seconds every few hours.
I really wanted an open source firmware running on my consumer grade router and truly appreciate all the developers hard work that goes into OpenWRT - but nothing has changed unfortunately from my similar experience a few years ago with a supported Asus Router I had and tried OpenWRT on.
The consumer-grade router market is a mess and the choices are only between cheap mass market brand names and crappy firmware that is lucky to even be upgraded at all after a year or two. It must be a very unprofitable market because despite many millions of units sold each year and attempts like Ubiquity, etc none have taken off and/or put out anything better than other cheap unreliable stuff as the other brand names.
I would LOVE a ROBUST reliable and supported consumer grade router/wifi brand that isn't calling their higher-end products "gaming". Like what we had when Cisco owned Linksys and we got their WRT line, or Netgear had a "pro" line that was metal cased. They supported their firmware for years and shared open-hardware specs to we could have better 3rd party firmware's as well. I still have a metal-cased Netgear GB switch in use at a client for probably 10 years now!
OT: since we're speaking about the wrt3200acm, i have a question:
it seems that the four ethernet ports are connected to a single-chip ethernet switch, and appear as a single interface (called "lan" in my openwrt installation).
Is it possible, somehow, to "unbundle" them and make them appear as four different ethernet interfaces (like eth0...eth3) ?
I'm asking this because i have a vlan-capable switch and would like to have a separate network connection in each vlan, with the each network interface in its own zone.
You didn't specify if you are using openwrt and which version. I used wrt1900 and wrt3200 as router with one of the latest openwrt (not the one posted) and do precisely that, have each switch physical lan port on a separate interface and network range. It has been possible for quite a while, but the latest DSA changes to the linux kernel make the process much simpler.
Your router is already a VLAN-capable switch—that's how it separates the WAN and LAN ports. It's a 7-port switch: by default it's configured as four LAN ports, one WAN port, and two ports are wired up to the SoC (https://openwrt.org/toh/linksys/wrt3200acm#switch_ports_for_...). Using OpenWRT you can reconfigure the VLANs to suit your needs.
I quite like this build [1] for the WRT3200ACM. I run non-critical devices on the 2.4 network and only personal devices are on the 5. I used to have some intermittent Wi-Fi issues but haven’t had any since switching to the divested build.
If you have an old router, or are willing to pay the (sometimes literally) $5 for an ancient model, you can often put those old ones in AP repeater mode just for finicky hardware like those vacuum robots, leaving your 3200ACM to do fun stuff for modern clients. I think it would even make your 3200ACM faster for all its clients since it wouldn't have to process the wireless traffic for the older bands
Could it be related to WPA3 security? With OpenWrt you get a lot of "new" features like WPA3 etc. and sometimes older Wifi devices are not compatible. Then you need to change the settings (maybe downgrade to WPA2 on the 2.4Ghz Wifi).
That really means maintaining device tree files and complicated CI runners for every combination of device and distribution. There's a reason OpenWRT is so popular.
Yeah. I wish so much some AP grade chipsets made their way to off-the-shelf m.2 and USB hardware. I'd love to just run Debian, use my old Chromeboxes, but the availability of wifi add-ons is abysmal. I did have some OK success with wifi 5 Compex cards but wifi6 seems to have only exotic hard to get hardware with bizarre form factors available.
USB has always been a no go, works to a point then collapses, in my experience (buying every high end Alfa USB card I could get my hands on).
The sweet spot in my opinion is to use an ordinary Linux box as the router and just wire up whatever wireless router(s) you have lying around for the APs (give them a static address in the appropriate subnet and you're done). No need to run OpenWRT on on the AP, since it's just mindlessly pushing packets around on the internal network.
For bonus points, block it from accessing the internet itself.
I'm working on getting on your level but not quite there yet.
On a semi-related note I will say it's infuriating that replacement Linux networking stack components are released with features missing. I hadn't dug into nftables enough yet to say whether that is the case, but netplan and, to a lesser degree, systemd-networkd have driven me bonkers.
Most of my gripes were related to IPv6 and DHCPv6-PD. The people supporting the replacements never seem to be in any rush to add missing features back into the replacement. Most would think you'd wait until the replacement has reached feature parity with it's predecessor(s) before pushing it out to mainline.
Are there any ONTs supported by OpenWRT? I got a 2gigabit optical connection recenetly and everything is perfect but it gets complicated if I want to add a router too (PPPoE pass-through should work though). Basically I'd prefer less devices than more but currently just using the ONT on its own (honestly the only thing I miss is the USB-attached drive in the router that I used for downloading and sharing)
Probably depends on the ISP and what sort of ONT we're talking. My ISP gives me a separate ONT with an ethernet connection for the router. In OpenWRT I set up a PPPoE interface on top of a tagged VLAN with the appropriate credentials and it works pretty well, I can get a public IP or an entire IPv6 prefix depending on cretendials.
I honestly don't know why they bother with this PPPoE + VLAN setup on top of a modern fiber network, but it is what it is.
You could probably get an ONT in an SFP package, if you want to eliminate a separate box. The problem there is that ISPs tend to have an allowlist of permitted ONTs on the network. Some ONTs allow you to change the serial number so that may work in place of the ISP box.
Readit News
The result is a soft brick of the router if you try to upgrade.
The fix has been released in master and branch 22.x but there is NO official stable firmware with the fix currently.
The faulty firmwares are still up (4 days currently)
IMHO, the handling of this is pretty bad as the bug was known beforehand, there was a fix or a rollback fix but none was taken into account.
https://forum.openwrt.org/t/mr8300-doesnt-boot-22-03-4-as-ex...
Not as significant, but annoying on Netgear hardware that’ll (soft-)brick itself if you reflash it with a different or lower version.
I did find this (https://openwrt.org/toh/views/toh_available_16128) but that's a lot of choices to wade through.
I recommend buying a miniPC that has at least 2 network ports and install OpenWRT on there. You can do it on ARM-based PCs or even x86_64 based PCs.
Then connect this miniPC to a cheap 8-port switch, and get some WiFi APs and connect those also to the switch.
This way you will get a much more powerful and reliable "router" that can't ever "brick". Better WiFi quality with good Prosumer / small business APs, and the ability to upgrade your WiFi independently of your router as needed.
Something like this for example:
https://liliputing.com/linkstar-h68k-is-a-pocket-sized-route...
Alas good wifi cards are extremely hard to procure and to fit to boxes. You can maybe get someone to sell you a $200+ AP-class wifi6 board.
Then you need some way to actually put it in a computer. Many are oversized mPCIe. We are starting to see some m.2 but it's rare & again they're likely to be oversized. Some have crazy power requirements, like having teo lugs to provide 5V on.
This is by far the worst served aspect of personal computing & it's such a shame. I with the adding card market existed. And many how great it would be if USB chipsets could be reliable AP. Maybe they have gotten better, but after years of religiously buying everything Alfa made & trying to see how good an AP it'd be before falling over, it feels like a relatively simple ask that would make the world of difference (lots of modest sized APs everywhere) is so unlikely to happen. For no good reason that I can tell.
Which you rarely can escape outside of business-contracts, regardless of concepts like 'router-freedom'.
In very rare circumstances you'll get to know the exact specifics of the low-level technicals before that shit is installed, and can plug in you own stuff without excess gear.
https://liliputing.com/linkstar-h68k-is-a-pocket-sized-route...
> At the heart of the little computer is Rockchip’s quad-core ARM Cortex-A55 processor with ARM Mali-G52 2EE graphics
How is the linux support for this ?
I recommend looking at the supported devices list, since some models have Chinese v2 models that are indistinguishable, but unsupported.
https://www.asuswrt-merlin.net/
https://github.com/RMerl/asuswrt-merlin.ng/wiki/Supported-De...
Ah, hardware vendors. Never change.
If you're looking to route the lower end of things, you're likely to be fine with an SBC like the above. If you're looking for more, then something with Hardware offload is worth looking out for. With OpenWRT, you're likely to be looking at either a fairly meaty X86 for gigabit, or an off-the-shelf for which it supports HW offload.
It's a Qotom Q750G5. Similar models can be purchased from Protectli if you do not want IME or if you want coreboot.
Anyway, it is a fantastic little device which sips power and I'm very happy with it.
Edit: one last note -- I use this for routing only. I did not add the wlan module since I have dedicated access points installed in some of my closets.
The more you pay the more bandwidth they can handle, depends on how / where / why of the implementation.
Using this method, I bought 3 wireless routers 2.5-3 years ago for a total of about 50 CAD. They have been running as dumb wireless APs (https://openwrt.org/docs/guide-user/network/wifi/dumbap) ever since, to great effect.
Even if you don't, you can access the traditional OpenWrt web interface (Luci) on the vendor's firmware, alongside their (pretty nice) simplified web interface.
https://www.gl-inet.com/
They come with OpenWrt on them, plus the vendor's web interface. You can flash regular OpenWrt which is the first thing I do.
Make sure any model you look at is supported on the ToH. It takes a while for brand new models to appear in stable owrt releases.
There seems to be some experimental openwrt build for GL.iNet Flint (GL-AX1800), but it still has some issues with fans: https://forum.openwrt.org/t/gl-inet-ax1800-new-router-openwr...
That said, to each their own. I'm happy to see a multitude of options out there. One of these days I might just go back and build myself Linux/nftables router like the old days when I ran ipchains on a 100MHz 486DX4 running Linux.
I'll definitely take a look at Attended Sysupgrade, this is my first of hearing about it. Thanks for that.
I too used to run a router on a 486 (?), circa 1998. It was shared out wirelessly with my neighbor, so he'd cover half of my 512 Kbps DSL bill (I was in middle school at the time). If I remember correct I ran the SmoothWall distro on it. Good memories of bygone times.
EDIT: ... turns out I was on a 2019 version. I just upgraded it from the web interface, completely painless experience. 10/10!
Deleted Comment
Deleted Comment
https://pastebin.com/04s1TL49
Here is the latest ones:
Command used:Small example is busybox - it's still small, but getting bugfixes/features and new applets.
OpenWrt already abandon devices 4/32: https://openwrt.org/supported_devices/openwrt_on_432_devices and probably next abandoned will be 8/64 within two or three years.
Unless it is a matter of driver support?
Edit: typos.
Even wired performance was about 3/4 of stock OEM for my 500MB internet speed. I couldn't use any of the cool anti-bufferbloat QOS options in OpenWRT because that made wired performance even worse (despite getting A+ on bufferbloat tests, the bandwidth loss wasn't worth it). WiFI 5G was spotty and less distance in my house plus would randomly just stop for 30 seconds every few hours.
I really wanted an open source firmware running on my consumer grade router and truly appreciate all the developers hard work that goes into OpenWRT - but nothing has changed unfortunately from my similar experience a few years ago with a supported Asus Router I had and tried OpenWRT on.
The consumer-grade router market is a mess and the choices are only between cheap mass market brand names and crappy firmware that is lucky to even be upgraded at all after a year or two. It must be a very unprofitable market because despite many millions of units sold each year and attempts like Ubiquity, etc none have taken off and/or put out anything better than other cheap unreliable stuff as the other brand names.
I would LOVE a ROBUST reliable and supported consumer grade router/wifi brand that isn't calling their higher-end products "gaming". Like what we had when Cisco owned Linksys and we got their WRT line, or Netgear had a "pro" line that was metal cased. They supported their firmware for years and shared open-hardware specs to we could have better 3rd party firmware's as well. I still have a metal-cased Netgear GB switch in use at a client for probably 10 years now!
it seems that the four ethernet ports are connected to a single-chip ethernet switch, and appear as a single interface (called "lan" in my openwrt installation).
Is it possible, somehow, to "unbundle" them and make them appear as four different ethernet interfaces (like eth0...eth3) ?
I'm asking this because i have a vlan-capable switch and would like to have a separate network connection in each vlan, with the each network interface in its own zone.
https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tut...
https://www.kernel.org/doc/html/latest/networking/dsa/dsa.ht...
A friend of mine got it and wasn't working well for him.
We both used OpenWRT on that.
It seems that the version he was using (more recent than mine) doesn't work well on that hardware.
Which is as unfortunate as ironic since the WRT3200ACM is the spiritual successor to the WRT54g that spawned the whole OpenWRT/dd-wrt thing.
Regarding mine... I plan on switching to some kind of x86 and run pfSense. I'll probably keep it around and use it as a wireless access point only.
[1] https://divested.dev/unofficial-openwrt-builds/mvebu-linksys...
USB has always been a no go, works to a point then collapses, in my experience (buying every high end Alfa USB card I could get my hands on).
I used to do that. But then I found OpenWRT which took away all the grunt-work and just worked OOB. So why wouldn't I use that instead?
For bonus points, block it from accessing the internet itself.
On a semi-related note I will say it's infuriating that replacement Linux networking stack components are released with features missing. I hadn't dug into nftables enough yet to say whether that is the case, but netplan and, to a lesser degree, systemd-networkd have driven me bonkers.
Most of my gripes were related to IPv6 and DHCPv6-PD. The people supporting the replacements never seem to be in any rush to add missing features back into the replacement. Most would think you'd wait until the replacement has reached feature parity with it's predecessor(s) before pushing it out to mainline.
I honestly don't know why they bother with this PPPoE + VLAN setup on top of a modern fiber network, but it is what it is.
You could probably get an ONT in an SFP package, if you want to eliminate a separate box. The problem there is that ISPs tend to have an allowlist of permitted ONTs on the network. Some ONTs allow you to change the serial number so that may work in place of the ISP box.