before buying expensive routers check OpenWRT’s table of hardware and buy one that is supported by the current OpenWRT release and has decent specs. There is a detailed installation guide for each supported device in the wiki too so there are no excuses it’s dead simple. Free yourself from stupid hardware manufacturers and their planed obsolescence products.
- Edit: also here is the new version of the table of hardware with more details They seem to have buyers guide too in the wiki.
- Edit2: seems like GL.iNet devices ship with OpenWRT out of the box with their GUI on top and you still have access to openwrt under the hood if you need it which sounds awesome so look into them if you’re interested. Thanks you guys who brought them up.
- Edit3: there is firewall sulotion called OPNSense which is not limited to commercial routers like OpenWRT and can be run on any x86 hardware of your choice (like N100 mini pcs) so look into it if you’re interested. Many thanks to the guys who contributed in the comments
- Edit4: Sorry for the multiple edits but some of you guys suggest some fantastic insights that I had to add. Anyways here is a list of good candidate devices for hassle free installation and yet powerful enough hardware from OpenWRT’s Forum
- I promise it’s gonna be the last Edit. OpenWRT has a official device they made themselves called OpenWRT ONE (I think the second one is also in the works). It hase good specs for home network and you support the project too. Here is the link to official Retailers
For the more rookie people, check out routers that are based on openwrt and have rookie GUI.
OpenWRT is great and powerful but unless you are trying to level your networking skills, it can turn into a biatch real quick beyond basic set up.
That’s interesting like which devices? Could you elaborate
GL.Inet ships their routers with OpenWRT built-in. You no longer need to setup openwrt yourself, and it has a user friendly GUI that allows you to set up most of the basic/standard stuff without having to go into the openwrt interface. They even have easy setup options for the popular VPN providers so you don’t need to upload the wireguard config, you just log in (unless you have custom settings).
Got one of their devices, really happy with it
Seconded. They seem to have a lot of features that I didn’t expect to have. I also didn’t realize it was OpenWRT until now.
GL. Inet GUI is proprietary as far as I know
It’s openwrt just themed on top for user experience. I have 2 and I also have an openwrt only router I built myself. The GL.inet routers are great and work as advertised every time whilst my diy solution is less reliable (because I built it) and I need to usually tinker with it more.
GliNet makes great openwrt based devices, they have their own more userfriendly front end, but allow power users to enable acess to the standard openwrt features and packages under the hood.
deleted by creator
You prolly right for the audience here but my comment is going after the broader audience tbh
Imagine a world where normies start using openwrt routers as default 🐸
It just has to work and that product already available, a seach string away
deleted by creator
Even if you don’t care about privacy, OpenWRT is insane. You can do nutty things. Highly recommended
I bought a Dlink because it was cheap and was high end hardware. You can’t even add a firewall rule without adding a backdoor to Dlinks cloud portal.
Big mistake obviously.
If you can replace it do it. If that’s not an option them harden it as much as you can in setting
The long term strategy is to run a proxmox host as your Layer3 platform and install a virtual owrt instance there. Then you are relieved of the HW drama that surrounds owrt. Obviously a second proxmox host is needed for your backend servers, I’m not advocating for a singular VM platform. Once you virtualized your router, you can comfortably experiment with pf,opn,fire,vya …platforms.
Oh and skip Mikrotik, those people are so in love with their routerOs they fail to see its going to be their headstone … bigger than John Holmes’.
I just bought the openwrt one a couple of minutes ago after using networkd+hostapd+nixos as my router for more than 2 years.
Congrats. It’s definitely a nice device for 89$ and you support the project at the same time. Unfortunately it’s not available here.
There’s also freshtomato for specific chipsets that aren’t supported by openwrt yet.
Also powerful but I reckon if you’re at this level then you already know about it; https://opnsense.org/
As a matter of fact I heard about them but I don’t know much about OPNSense. Do they support devices other than ones they sell? They seem to be rather about professional environment not home network am right?
It supports any x86 device you throw at it. I’m running it on a hodgepodge PC I built out of scrap.
Damn I’m sold next step I gonna look into them
Basically OpenWRT is for dedicated, purpose built hardware, highly compact and essentially “embedded”. OPNSense is for running a (potentially much more capable) firewall on x86/x64 (even if it’s a small specimen like N100 or whatever). They fill a somewhat different role.
You can use on any computer really (with network connections of course).
I use on a minisforum PC with 2 NICs attached to it. For this solution is usually needed APs (which tends to be better in general, just more expensive). There are people that even use opnsense with proxmox (which is a VERY advanced use case) to have the machine for more things.
One interesting detail: with opnsense you can actually have on the same machine adguard for DNS installed as a service for opnsense (and use opnsense to actually force all DNS to to there, as long is not doh, but that is a bit of a different story).
Some routers allow you to turn the router into an AP. I just got my micropc and working on installing OPNSense right now. I plan to switch my current router to AP mode until I can get my hands on a decent AP.
That is for sure a good gap solution. It depends a lot on the space we are talking, and more critically, number of concurrent devices connected. For some use cases converting routers to APS is for sure good enough.
Yeah, great point. We are in a small starter home, only about 10 concurrent Wi-Fi devices. It’s working great now, although the Wi-Fi gets a bit spotty in the backyard and detached garage. I will certainly be upgrading when the budget allows.
I don’t see LibreCMC (https://librecmc.org/) mentioned anywhere in this thread, so correct that.
Unlike Open WRT, LibreCMC is recognised by GNU to be a fully free Linux distribution, and you still get the time-honoured LuCi web administration interface.
LibreCMC runs on much fewer devices as OpenWRT, which can be a feature for those who are overwhelmed by the length of OpenWRT’s list.
deleted by creator
Mikrotik with RouterOS for European-made router without chinese backdoor
I honestly don’t know much about Microtik’s RouterOS but in a few occasions I had I realised it is way too complicated for home user and their OS is not FOSS and needs payed license too. I’m sure it’s great once you get the hang of it but it’s unnecessary pain when there is OpenWRT available with a lot of devices you can choose not just one specific manufacturer
Mikrotik is proprietary, and has a bad security track.
That’s a shame. It would’ve been nice to have a good European manufacturer for network devices
Mikrotik is such pain in the dick. Not used them in the last 5 years but hated working with them in the past.
I had a managed switch from mikrotik, returned it. Skill issue. Its good, but the tplink that replaced it worked just as fine for the sameish price and one tenth the hassle.
This. I cringe whenever I see someone using an ASUS or TPLINK.
ASUS [routers] are fine. I’ve been using them for years (several models, lately their ExpertWifi EBM68). What’s the issue?
I disagree. Your machine should be setup such that you don’t have to trust the network that you connect to.
With multi-layered defense you should protect your network, but not trust that you always succeed.
Sure. And you should be confident that your traffic is secure when you connect to public WiFi or directly to an AP that’s been owned by the NSA
If you’re specifically targeted by the NSA or even a national security service there is not much you can do. However, assuming that the network is always hostile is a sensible position. Because it is.
Encryption works. The NSA cannot break lots of tech. Just check their own top secret documents that were leaked by Snowden.
You don’t have to break encryption if you compromise the endpoint.
True. That’s why I love my sys-net VM in Qubes. I don’t even have to trust my WiFi drivers.
I like Qubes OS and ran it daily, for years. While it’s not completely bullet-proof (there are ways to break out of VMs and x86 hardware is probably riddled with exploitable bugs and deliberate backdoors) it’s the best publicly available usable thing we have.
Any recs for a OpenWRT-supported router? The list is pretty deep
https://forum.openwrt.org/t/best-newcomer-routers-2024/189050/2 this comes right from their forum and is a good list
Glinet is leading.
I am surprised considering they are china based. I guess with foss software it aint as much of an issue?
As long as there are no hardware backdoors openwrt should overwrite firmware/software ones.
deleted by creator
Running 3 C7s V5 at home. First one I bought initially not intended for OpenWrt, however once I realized it works really well I got 2 more. Dirt cheap on local marketplace.
Archer C7 is perfectly good and fast router for vast majority of people.
I remember the majority of routers in the past could not handle many half-open connections which had very negative impact on torrenting. Asus routers were the only ones that didn’t have that limit and i stuck with them since. Is that still a problem that exists?
I have port forwarding setup on my devices (Google WiFi running OpenWRT). I can connect to most piers on qbitorrent. My only limit seems to be my bandwidth Which is what we want.
Thank you, though that doesn’t really answer my question. Torrenting also worked back then but it would become slower than a router that could handle more half-open connections. If you have fast peers and a small number of torrents, it would probably not matter, but if you seed 100+ torrents at the same time, you’d notice.
