It's been a long time since I used 3rd party router software (and I think that was Tomato). If I was buying a router specifically for OpenWRT, what would be a good choice?
I recommend buying a miniPC that has at least 2 network ports and install OpenWRT on there. You can do it on ARM-based PCs or even x86_64 based PCs.
Then connect this miniPC to a cheap 8-port switch, and get some WiFi APs and connect those also to the switch.
This way you will get a much more powerful and reliable "router" that can't ever "brick". Better WiFi quality with good Prosumer / small business APs, and the ability to upgrade your WiFi independently of your router as needed.
Alas good wifi cards are extremely hard to procure and to fit to boxes. You can maybe get someone to sell you a $200+ AP-class wifi6 board.
Then you need some way to actually put it in a computer. Many are oversized mPCIe. We are starting to see some m.2 but it's rare & again they're likely to be oversized. Some have crazy power requirements, like having teo lugs to provide 5V on.
This is by far the worst served aspect of personal computing & it's such a shame. I with the adding card market existed. And many how great it would be if USB chipsets could be reliable AP. Maybe they have gotten better, but after years of religiously buying everything Alfa made & trying to see how good an AP it'd be before falling over, it feels like a relatively simple ask that would make the world of difference (lots of modest sized APs everywhere) is so unlikely to happen. For no good reason that I can tell.
actually procuring cards not hard. i bought a bunch of times in the past compex cards with atheros chipsets from https://www.shop.compex.com.sg/products and it's alter ego https://www.524wifi.com/ .
But I eventually gave up on going this route due to reasons that you described. Also it was turned out to be much more expensive to DIY compared to buying wifi ap and flashing it with openwrt.
So now I run as router/everything x86 with a bunch of 10g/sfp ports and a couple of r7800 flashed with openwrt as purely AP
Compex's march upwards in price has been absurd. The 3x3 wifi-5 cards were like $75 originally. I don't know how much Qualcomm is to blame here but all one can get a 4x4 cards now and they're almost all well over $200. With absurd constraints that make them hard to use in a normal system (weird shape, weird power needs).
It's also just so so striking to me that it's been most of a decade with Compex as the only company making add-on cards. There are some clones (Wallystech), but there's just like no market here. Qualcomm clearly Does Not Give A Fuck about selling chips to anyone else. No one else cares about add-on cards. The whole access-point market perpetuates on the vastest wave of apathy & disregard.
Don't forget that they don't really make those cards for "us". Their target market iirc is industrial systems/whatever. Probably if you buy a lot of 1000 cards price point is different than in online shop.
> With absurd constraints that make them hard to use in a normal system (weird shape, weird power needs).
hahaha. i had one AP built with pcie > minipcie attached to custom bracket to hold extra large card. and 5v stolen from sata port.
when it came time to rebuild it, i just gave up and went the route i described above.
Let's at least probe a little bit here. Is this a "fact" because of good inherent reasons? Or is this a "fact" because of circumstance?
In general, show your thinking. Why do you feel this way? Let's have something to discuss, to see where we might meet or where we can reasonably disagree.
That would fly against the assumption of most people that the router also is the 'modem' for one, and that the necessary 'modem' for whichever access-technology is often mandated by the ISP, for another.
Which you rarely can escape outside of business-contracts, regardless of concepts like 'router-freedom'.
In very rare circumstances you'll get to know the exact specifics of the low-level technicals before that shit is installed, and can plug in you own stuff without excess gear.
How does this work with routing? Does each AP get its own IP address, or is there some special protocol for running the APs "transparently" as though the router had its own built-in wireless antennae?
But it's typically really simple to set up. You just plug 1 or more APs into your switch and setup their WiFi info like name/password and signal formats and off you go.
I used to bring OpenWRT routers everywhere I go. But if you worry about performance I'd actually recommend you get a router that's supported by AsusWRT Merlin. I've had a lot of WIFI performance and range issues with cheaper routers on OpenWRT.
I recommend looking at the supported devices list, since some models have Chinese v2 models that are indistinguishable, but unsupported.
I do not recommend any of Asus routers because the hardware is unstable/buggy. The most recent purchase RT-AX58X was rebooting every 20-50 minutes, and there were no ways to fix it. Unless you want to buy multiple, test and return the buggy ones.
The best part is that it makes third party firmware much harder, but at the same time their own firmware is proprietary abandonware in very short order.
I have been a casual Linux user from back when I did installs from Ubuntu ISO CDs in the mail. Broadcom is in everything and has always a huge pain to work with, it remains a huge pain to this day.
The router I see being recommended for openWRT lately is the Belkin RT3200 (also called Linksys E8450, they're the same device) because it's a cheap router you can get at Walmart and has 802.11ax (Wi-Fi 6) support out of the box with openWRT.
I have a few of these: WIFI6, 128MB Flash, 64-bit ARM A53, DSA, hardware NAT offloading, solid build quality and the price is right. If you look at the OpenWRT TOH you’ll see hundreds of models but historically some of them get more love than others. I think this model will be popular in the OpenWRT world in the same way as the TP-Link Archer C7, Netgear WNDR3700 and Linksys WRT54G models. At least I hope so.
This will largely depend on how much (read: bandwidth) you want to route. I used to be a big fan of the PCEngines ALIX boxes (https://openwrt.org/toh/pcengines/apu) because you could run pretty much anything on them, but with big gigabit connections nowadays, they're less well suited.
If you're looking to route the lower end of things, you're likely to be fine with an SBC like the above. If you're looking for more, then something with Hardware offload is worth looking out for. With OpenWRT, you're likely to be looking at either a fairly meaty X86 for gigabit, or an off-the-shelf for which it supports HW offload.
I have a Celeron J4125-based fanless mini PC which I run OpenWrt on. It has been fantastic for me and can route my 1000/25 connection at 100% without breaking a sweat.
It's a Qotom Q750G5. Similar models can be purchased from Protectli if you do not want IME or if you want coreboot.
Anyway, it is a fantastic little device which sips power and I'm very happy with it.
Edit: one last note -- I use this for routing only. I did not add the wlan module since I have dedicated access points installed in some of my closets.
Thing is that most users want some form of qos/aqm to guard against load induced delay, which the apu and similar low power devices cannot handle above a few hundred mbps
That's interesting, because you've identified the reason I asked the question - on my TP-Link router wired connections just flood out wireless connections, and make them unusable as long as I'm doing anything heavy (like downloading ISOs).
The solution's not going to be found in the firmware, is it?
Yes, in general, having a better router would probably help (although you haven't mentioned the exact model you have, maybe it's already fine and the problem is elsewhere).
Enabling SQM [1] would probably mitigate the issue further, at the cost of requiring more processing power.
I found this to be completely unnecessary when I moved to a 100Mbit symmetrical connection. Not sure if its the higher speed or having a better upload channel, but I completely got rid of all QoS/traffic shaping on my router and never felt the need to turn it back on.
The need for aqm is dependent on the status quo. Most providers nowadays use red/pie in the last mile and buffers-inducted delay rarely exceeds 100ms; much less so when it became clear that flow-queueing would be required and possible. Also multiple queues with codel on them have found their way into some wifi stack’s to deblot this access layer
Another vote for GL.inet devices here, I've got a couple of Mango's and a couple of Creta's. Both low end devices, but their wifi coverage is great for the price and size of device, and they're working well for me as Wifi-VPN gateways, although I don't push a lot of bandwidth through them.
The more you pay the more bandwidth they can handle, depends on how / where / why of the implementation.
Note also to actually research the GL.iNet router model before purchasing - they falsely label some routers as "official openwrt". For example, the GL-SF1200 is listed as an OpenWRT router by them but some of the binaries on it, run on an outdated Linux kernel, and have not been fully made available to the public by the manufacturers of the Chinese SoC used on it. Thus, it is unlikely to run any OpenWRT fork or even receive opensource updates - https://forum.openwrt.org/t/how-do-gl-inet-devices-become-su...
What I did was to look for good value second hand routers nearby to me on Kijiji (Canadian classified market similar to Craigslist) then narrow them down by OpenWrt support.
Using this method, I bought 3 wireless routers 2.5-3 years ago for a total of about 50 CAD. They have been running as dumb wireless APs (https://openwrt.org/docs/guide-user/network/wifi/dumbap) ever since, to great effect.
GL.inet are not using openwrt from factory. You can see in many forum threads. It's a custom one, sometimes derived from vendor SDK, like qsdk. I have one very nice small router from them, which can run mainline openwrt, but this is not always the case
More specific in my case: are there any APs that would be good replacements for Unifi AP AC models or above? Looking to replace my unifi setup with something simpler (don’t need to provision APs centrally as I just have one, but want the rock solid reliability and speed).
I bought a Netgear WAX202 and been pretty happy with it. At the time I bought it, I found it difficult to find many other 802.11ax models supported by OpenWRT here in Canada. I was also happy that it supported 802.11ax on both 5 GHz and 2.4 GHz bands, the latter of which is often missing. I'm not sure how valuable it will be, but that is the first major upgrade to the 2.4 GHz band since 802.11n (2009!) and I tend to keep my routers for a long time.
Good Life iNet devices all come with OpenWrt-based firmwares, and generally after some time you can upgrade to vanilla OpenWrt without having to resort to recovery mode or similar shenanigans.
Even if you don't, you can access the traditional OpenWrt web interface (Luci) on the vendor's firmware, alongside their (pretty nice) simplified web interface.
I'm a 100% with you. I've been running OpenWRT since the WRT54G days. It's not perfect but it's the original embedded Linux distro. I know plenty of people run UniFi these days but personally, I'll stick with my OpenWRT flashed APs attached to an OPNsense router/firewall.
That said, to each their own. I'm happy to see a multitude of options out there. One of these days I might just go back and build myself Linux/nftables router like the old days when I ran ipchains on a 100MHz 486DX4 running Linux.
I'll definitely take a look at Attended Sysupgrade, this is my first of hearing about it. Thanks for that.
I only really used UniFi for APs. Ubiquiti has really taken a turn for the worse in recent times though.
I too used to run a router on a 486 (?), circa 1998. It was shared out wirelessly with my neighbor, so he'd cover half of my 512 Kbps DSL bill (I was in middle school at the time). If I remember correct I ran the SmoothWall distro on it. Good memories of bygone times.
Seeing this headline I'm not actually sure my OpenWRT router/WiFi AP has been upgraded since I installed it in late 2015. I haven't really thought about it at all, actually. I think that counts as praise?
EDIT: ... turns out I was on a 2019 version. I just upgraded it from the web interface, completely painless experience. 10/10!
There was a breaking change to the switch config several versions ago: "There is no migration path for targets that switched from swconfig to DSA. In that case, sysupgrade will refuse to proceed with an appropriate error message" https://forum.openwrt.org/t/openwrt-21-02-0-first-stable-rel...
Would be interesting to see the size for each OpenWRT version on a graph. After one of upgrades I've discovered that I have no enough space for additional packages I've used in the past and that's how I've learned that it become significantly bigger over the time. Though it still very impressive that developers managed to trim Linux to be usable on routers with small flash (8Mb in my case) given how huge the mainline kernel and how fast it grows.
This doesn't absolutely answer your question (as it doesn't look at the size of the actual firmware), but I did a quick run to see how the amount of code changes in OpenWRT between releases, this is the results:
I wonder why OpenBSD isn't considered for a router OS. It is smaller and more conservative than the Linux kernel. They also aim for security and code auditability. Presumably the same utilities and packages would compile for it as well as Linux. Looks like what you'd want in a router OS.
I used openWRT a few months ago on my LinkSys WRT3200ACM, I was pretty motivated with the stuff I could do (VPN, block ads etc). Unfortunately, I had to go back to stock firmware because Wifi performance and issues connecting certain devices (vacuum robot). It was sad to have to give up on it.
It was suggested those type of issues were related to the 3rd wifi radio. It's recommended to disable it: https://openwrt.org/toh/linksys/wrt3200acm#wifi_driver_bug_a... . I have the same device, but only use it as router (no wifi enabled) and have a Belkin RT3200 as dumb AP for wifi 6 (as suggested in some other comment).
Me too. On a Netgear r7800 (which is well supported for Openwrt). After much testing, tweaking/changing settings/etc I couldn't get OpenWRT to match the performance of latest stock OEM firmware.
Even wired performance was about 3/4 of stock OEM for my 500MB internet speed. I couldn't use any of the cool anti-bufferbloat QOS options in OpenWRT because that made wired performance even worse (despite getting A+ on bufferbloat tests, the bandwidth loss wasn't worth it). WiFI 5G was spotty and less distance in my house plus would randomly just stop for 30 seconds every few hours.
I really wanted an open source firmware running on my consumer grade router and truly appreciate all the developers hard work that goes into OpenWRT - but nothing has changed unfortunately from my similar experience a few years ago with a supported Asus Router I had and tried OpenWRT on.
The consumer-grade router market is a mess and the choices are only between cheap mass market brand names and crappy firmware that is lucky to even be upgraded at all after a year or two. It must be a very unprofitable market because despite many millions of units sold each year and attempts like Ubiquity, etc none have taken off and/or put out anything better than other cheap unreliable stuff as the other brand names.
I would LOVE a ROBUST reliable and supported consumer grade router/wifi brand that isn't calling their higher-end products "gaming". Like what we had when Cisco owned Linksys and we got their WRT line, or Netgear had a "pro" line that was metal cased. They supported their firmware for years and shared open-hardware specs to we could have better 3rd party firmware's as well. I still have a metal-cased Netgear GB switch in use at a client for probably 10 years now!
OT: since we're speaking about the wrt3200acm, i have a question:
it seems that the four ethernet ports are connected to a single-chip ethernet switch, and appear as a single interface (called "lan" in my openwrt installation).
Is it possible, somehow, to "unbundle" them and make them appear as four different ethernet interfaces (like eth0...eth3) ?
I'm asking this because i have a vlan-capable switch and would like to have a separate network connection in each vlan, with the each network interface in its own zone.
You didn't specify if you are using openwrt and which version. I used wrt1900 and wrt3200 as router with one of the latest openwrt (not the one posted) and do precisely that, have each switch physical lan port on a separate interface and network range. It has been possible for quite a while, but the latest DSA changes to the linux kernel make the process much simpler.
Your router is already a VLAN-capable switch—that's how it separates the WAN and LAN ports. It's a 7-port switch: by default it's configured as four LAN ports, one WAN port, and two ports are wired up to the SoC (https://openwrt.org/toh/linksys/wrt3200acm#switch_ports_for_...). Using OpenWRT you can reconfigure the VLANs to suit your needs.
I quite like this build [1] for the WRT3200ACM. I run non-critical devices on the 2.4 network and only personal devices are on the 5. I used to have some intermittent Wi-Fi issues but haven’t had any since switching to the divested build.
If you have an old router, or are willing to pay the (sometimes literally) $5 for an ancient model, you can often put those old ones in AP repeater mode just for finicky hardware like those vacuum robots, leaving your 3200ACM to do fun stuff for modern clients. I think it would even make your 3200ACM faster for all its clients since it wouldn't have to process the wireless traffic for the older bands
Could it be related to WPA3 security? With OpenWrt you get a lot of "new" features like WPA3 etc. and sometimes older Wifi devices are not compatible. Then you need to change the settings (maybe downgrade to WPA2 on the 2.4Ghz Wifi).
That really means maintaining device tree files and complicated CI runners for every combination of device and distribution. There's a reason OpenWRT is so popular.
Yeah. I wish so much some AP grade chipsets made their way to off-the-shelf m.2 and USB hardware. I'd love to just run Debian, use my old Chromeboxes, but the availability of wifi add-ons is abysmal. I did have some OK success with wifi 5 Compex cards but wifi6 seems to have only exotic hard to get hardware with bizarre form factors available.
USB has always been a no go, works to a point then collapses, in my experience (buying every high end Alfa USB card I could get my hands on).
The sweet spot in my opinion is to use an ordinary Linux box as the router and just wire up whatever wireless router(s) you have lying around for the APs (give them a static address in the appropriate subnet and you're done). No need to run OpenWRT on on the AP, since it's just mindlessly pushing packets around on the internal network.
For bonus points, block it from accessing the internet itself.
I have a PC Engines apu2 board (x86 based) with a Mediatek Wi-Fi 6 card, running OpenWRT. Can do gigabit over Wi-Fi with PPPoE based WAN. If I had to get another AP it would probably be another apu2, too bad these are outrageously expensive now.
(should probably disclose that I am one of the devs that maintained the apu2 coreboot boot firmware)
My problem with APs running proprietary FW is that I don't trust them to be secure, even if the vendor does updates, you never know what they're doing in the background. E.g. some APs have a hidden secondary SSID for their proprietary mesh implementation. With OpenWRT I can set them up exactly the way I want to, using open standards (mesh, roaming) instead of vendor-specific crap.
I'm happy with it, but I did have to get a heatsink for it, since otherwise it overheats easily. Since I got it they released a couple of dual-band dual-concurrent cards like this one: https://www.asiarf.com/shop/wifi-wlan/wifi_mini_pcie/wifi6e-... , which is pretty neat, since you don't need to get a separate card for 2.4GHz devices.
Thanks. There's a message on the page of the newer card "Main board Power Supply design please provide 3.3V 3.5A, minimum 3.3V 3A" - do you think this would be a problem for an APU2?
I imagine with a sufficient power supply it should not be a problem, at least I haven't had any problem with mine yet. I have a friend who's using one of their DBDC cards in an apu2 and he also hasn't had power issues yet.
> One more thing - how is the signal range for you?
With four 5dBi antennas it's sufficient to have >800mbps in every corner of my single bedroom apartment. Other than that I have no means to test, sorry :)
I'm also an Omada fan. I just have two APs right now but I love controlling them from a single dashboard and look forward to adding their ER605 router so I can put my security cameras on a separate VLAN.
I had been shaky in my opinion of them, being a China-based company, but after hearing the rave reviews I had to give them a shot. I've been nothing but happy and impressed. Wi-Fi APs are supposed to serve a few basic purposes, and serve them well. TP-Link has a winner so far in Omada.
I just need to get my controller setup now, so I can play with the dashboard. I had heard some features are missing from the controller that are on the AP web interface though. Which of them had you noticed missing?
Why Omada over Unifi? Aren’t they mostly the same? Both need a controller running somewhere, and not sure why one would be better/worse than the other.
Actually not true. Omada has the ability to be controlled from a controller, but it is not required. It has a built-in web administration panel. Beyond that TP-Link just puts out a solid product, at a solid price point, without all the constant issues you tend to get with how Ubiquiti keeps mucking with their firmware.
I'm working on getting on your level but not quite there yet.
On a semi-related note I will say it's infuriating that replacement Linux networking stack components are released with features missing. I hadn't dug into nftables enough yet to say whether that is the case, but netplan and, to a lesser degree, systemd-networkd have driven me bonkers.
Most of my gripes were related to IPv6 and DHCPv6-PD. The people supporting the replacements never seem to be in any rush to add missing features back into the replacement. Most would think you'd wait until the replacement has reached feature parity with it's predecessor(s) before pushing it out to mainline.
Are there any ONTs supported by OpenWRT? I got a 2gigabit optical connection recenetly and everything is perfect but it gets complicated if I want to add a router too (PPPoE pass-through should work though). Basically I'd prefer less devices than more but currently just using the ONT on its own (honestly the only thing I miss is the USB-attached drive in the router that I used for downloading and sharing)
Probably depends on the ISP and what sort of ONT we're talking. My ISP gives me a separate ONT with an ethernet connection for the router. In OpenWRT I set up a PPPoE interface on top of a tagged VLAN with the appropriate credentials and it works pretty well, I can get a public IP or an entire IPv6 prefix depending on cretendials.
I honestly don't know why they bother with this PPPoE + VLAN setup on top of a modern fiber network, but it is what it is.
You could probably get an ONT in an SFP package, if you want to eliminate a separate box. The problem there is that ISPs tend to have an allowlist of permitted ONTs on the network. Some ONTs allow you to change the serial number so that may work in place of the ISP box.
I simply stopped buying consumer grade routers that is supported for 6 weeks and then using custom firmware like WRT to make it stable and give me the features that I needed.
I just bought a decent router - TPLink Omada ER605 - part of their prosumer range - stable - UI is easy and it can do LTE switchover and handle multiple types of VPN's.
I guess its becoming less hip but I love my UniFi setup. Rock solid, amazing performance. It’s lacking some features I’d like to tinker with but ultimately it’s the best WiFi setup I’ve ever had.
The result is a soft brick of the router if you try to upgrade.
The fix has been released in master and branch 22.x but there is NO official stable firmware with the fix currently.
The faulty firmwares are still up (4 days currently)
IMHO, the handling of this is pretty bad as the bug was known beforehand, there was a fix or a rollback fix but none was taken into account.
https://forum.openwrt.org/t/mr8300-doesnt-boot-22-03-4-as-ex...