before buying expensive routers check OpenWRT’s table of hardware and buy one that is supported by the current OpenWRT release and has decent specs. There is a detailed installation guide for each supported device in the wiki too so there are no excuses it’s dead simple. Free yourself from stupid hardware manufacturers and their planed obsolescence products.
- Edit: also here is the new version of the table of hardware with more details They seem to have buyers guide too in the wiki.
- Edit2: seems like GL.iNet devices ship with OpenWRT out of the box with their GUI on top and you still have access to openwrt under the hood if you need it which sounds awesome so look into them if you’re interested. Thanks you guys who brought them up.
- Edit3: there is firewall sulotion called OPNSense which is not limited to commercial routers like OpenWRT and can be run on any x86 hardware of your choice (like N100 mini pcs) so look into it if you’re interested. Many thanks to the guys who contributed in the comments
- Edit4: Sorry for the multiple edits but some of you guys suggest some fantastic insights that I had to add. Anyways here is a list of good candidate devices for hassle free installation and yet powerful enough hardware from OpenWRT’s Forum
- I promise it’s gonna be the last Edit. OpenWRT has a official device they made themselves called OpenWRT ONE (I think the second one is also in the works). It hase good specs for home network and you support the project too. Here is the link to official Retailers
Even if you don’t care about privacy, OpenWRT is insane. You can do nutty things. Highly recommended
I just bought the openwrt one a couple of minutes ago after using networkd+hostapd+nixos as my router for more than 2 years.
Congrats. It’s definitely a nice device for 89$ and you support the project at the same time. Unfortunately it’s not available here.
There’s also freshtomato for specific chipsets that aren’t supported by openwrt yet.
For the more rookie people, check out routers that are based on openwrt and have rookie GUI.
OpenWRT is great and powerful but unless you are trying to level your networking skills, it can turn into a biatch real quick beyond basic set up.
That’s interesting like which devices? Could you elaborate
GL.Inet ships their routers with OpenWRT built-in. You no longer need to setup openwrt yourself, and it has a user friendly GUI that allows you to set up most of the basic/standard stuff without having to go into the openwrt interface. They even have easy setup options for the popular VPN providers so you don’t need to upload the wireguard config, you just log in (unless you have custom settings).
GL. Inet GUI is proprietary as far as I know
It’s openwrt just themed on top for user experience. I have 2 and I also have an openwrt only router I built myself. The GL.inet routers are great and work as advertised every time whilst my diy solution is less reliable (because I built it) and I need to usually tinker with it more.
Got one of their devices, really happy with it
Seconded. They seem to have a lot of features that I didn’t expect to have. I also didn’t realize it was OpenWRT until now.
Thanks I had no idea that sounds great. I looked online they’re devices are not available at all where I live but that’s may not be the case for other.
GliNet makes great openwrt based devices, they have their own more userfriendly front end, but allow power users to enable acess to the standard openwrt features and packages under the hood.
People mentioned glinet but there are others, I think even linksys and asus has a version if you don’t like China based company.
basic setup is more than enough for most people though. and on most devices its a matter of literally just using the built in updater, making it super easy to install.
the only real bummer of openwrt is some routers don’t work well with it.
You prolly right for the audience here but my comment is going after the broader audience tbh
Imagine a world where normies start using openwrt routers as default 🐸
It just has to work and that product already available, a seach string away
yeah, i WAS meaning more the people who would use the update function at all on a router.
Also powerful but I reckon if you’re at this level then you already know about it; https://opnsense.org/
As a matter of fact I heard about them but I don’t know much about OPNSense. Do they support devices other than ones they sell? They seem to be rather about professional environment not home network am right?
It supports any x86 device you throw at it. I’m running it on a hodgepodge PC I built out of scrap.
Damn I’m sold next step I gonna look into them
I have Opnsense running on a tiny N100 mini PC from AliExpress for myself, but for my elderly parents I have a OpenWRT based solution from Banana Pi. They insist on always switching off their power completely when they leave the house, and I think OpenWRT handles that much better.
Basically OpenWRT is for dedicated, purpose built hardware, highly compact and essentially “embedded”. OPNSense is for running a (potentially much more capable) firewall on x86/x64 (even if it’s a small specimen like N100 or whatever). They fill a somewhat different role.
Well explained. I get it now
I use it too in a VM, but this doesn’t support being installed on routers, right?
It doesn’t support being flashed to a low-end commercial router like you’d do with OpenWrt, no. Those tend to require special firmware and binary blobs, hence OpenWrt has to specifically support a model or it likely won’t work. It’s like flashing Android ROMs.
OpnSense is great if you’re in the market for totally owning your own router, though. You can get an N100 box with 2 NICs off of ebay or something and slap OpnSense on that. That’s arguably more FOSS than flashing OpenWrt to a cheap commercial router.
You can use on any computer really (with network connections of course).
I use on a minisforum PC with 2 NICs attached to it. For this solution is usually needed APs (which tends to be better in general, just more expensive). There are people that even use opnsense with proxmox (which is a VERY advanced use case) to have the machine for more things.
One interesting detail: with opnsense you can actually have on the same machine adguard for DNS installed as a service for opnsense (and use opnsense to actually force all DNS to to there, as long is not doh, but that is a bit of a different story).
Some routers allow you to turn the router into an AP. I just got my micropc and working on installing OPNSense right now. I plan to switch my current router to AP mode until I can get my hands on a decent AP.
That is for sure a good gap solution. It depends a lot on the space we are talking, and more critically, number of concurrent devices connected. For some use cases converting routers to APS is for sure good enough.
Removed by mod
I honestly don’t know much about Microtik’s RouterOS but in a few occasions I had I realised it is way too complicated for home user and their OS is not FOSS and needs payed license too. I’m sure it’s great once you get the hang of it but it’s unnecessary pain when there is OpenWRT available with a lot of devices you can choose not just one specific manufacturer
OK, no RouterOS then
Mikrotik is proprietary, and has a bad security track.
That’s a shame. It would’ve been nice to have a good European manufacturer for network devices
There is not much value added in Latvia. At least some of their hardware is supported by OpenWRT https://openwrt.org/toh/mikrotik/start though.
Mikrotik is such pain in the dick. Not used them in the last 5 years but hated working with them in the past.
I had a managed switch from mikrotik, returned it. Skill issue. Its good, but the tplink that replaced it worked just as fine for the sameish price and one tenth the hassle.
I could configure them and do everything I needed, helped many businesses with them as part of my job. But always hated it because it was such a hassle to work with them.
This. I cringe whenever I see someone using an ASUS or TPLINK.
ASUS is Taiwanese. TP-Link is Chinese
They usually cheap and good option to flash openwrt
ASUS [routers] are fine. I’ve been using them for years (several models, lately their ExpertWifi EBM68). What’s the issue?
I don’t see LibreCMC (https://librecmc.org/) mentioned anywhere in this thread, so correct that.
Unlike Open WRT, LibreCMC is recognised by GNU to be a fully free Linux distribution, and you still get the time-honoured LuCi web administration interface.
LibreCMC runs on much fewer devices as OpenWRT, which can be a feature for those who are overwhelmed by the length of OpenWRT’s list.
ibreCMC runs on much fewer devices as OpenWRT
as always, thats always the disadvantage of the most secure and private foss software. also looking at grapheneos.
Yea. That is THE one reason why I’d never touch GrapheneOS as long as it only runs on Pixel hardware.
I don’t recommend GL.inet routers. I have the Marble and it is slower than my ISPs router. It has a thing called network hardware acceleration, and it breaks my home server. Services just stop working well with it. So I keep it turned off. When I reported the issue they said it is working for them and came up with a completely hypotical setup…
With AdGuard enabled it frequently froze and I had to reboot it. For some reason even without AdGuard name resolution is noticeably slower. Doesn’t matter if I use my ISP’s DNS or not.
Also, DynDNS doesn’t support custom names, so I installed an alternative service for mywire.org.
Overally, this box came with drawbacks, but no doubt about it is hackable in the good way.
I would like to try openwrt’s own router, next time.
I disagree. Your machine should be setup such that you don’t have to trust the network that you connect to.
With multi-layered defense you should protect your network, but not trust that you always succeed.
Sure. And you should be confident that your traffic is secure when you connect to public WiFi or directly to an AP that’s been owned by the NSA
If you’re specifically targeted by the NSA or even a national security service there is not much you can do. However, assuming that the network is always hostile is a sensible position. Because it is.
Encryption works. The NSA cannot break lots of tech. Just check their own top secret documents that were leaked by Snowden.
Any recs for a OpenWRT-supported router? The list is pretty deep
Gl.inet routers all come with openwrt installed out of the box
It comes down to specs and your needs but these are a must in my opinion:
- having atleast 128 mb of storage or some way to expand it.
- 256 mb of memory or more
- suppot WiFi 6 or better 6E or 7
- Support for mesh protocols if you need it
- Decent multi core chipset if you gonna run intensive tasks on it (like VPNs or DNS filtering) etc… the list goes on but like I said It really comes down to your needs ( on a side note consider read the details and installation guide page before buying some brands and models are easier than others to tinker with for sure)
This is a helpful starting place, thanks!
You’re welcome. Sorry I didn’t named some specific devices but that’s because device availability and price changes drastically region to region so something maybe a great deal where I live but that may not be the case for you or the other way around.that said Xiaomi and some Hauwei maybe tp-link devices are the best bang for the buck in my corner of the world look into those maybe that’s the case for you too. Also Here is the new version of the table of hardware with more details
https://forum.openwrt.org/t/best-newcomer-routers-2024/189050/2 this comes right from their forum and is a good list
Glinet is leading.
I am surprised considering they are china based. I guess with foss software it aint as much of an issue?
As long as there are no hardware backdoors openwrt should overwrite firmware/software ones.
I know openwrt actually realised a openwrt router.
I bought a flint 2 from glinet And it works pretty well
Yeah, my Flint 2 has been a workhorse for about a year and a half now. They just recently released the Flint 3, but I don’t feel any urgency to upgrade. And even when I do, I’ll probably repurpose my current Flint 2 to be an access point on the other side of the house.
My only real complaint is that since it only has 4 LAN ports, (3 if you switch the first one to be a second WAN port) you basically need to run a dedicated switch as well. Not a huge issue in the grand scheme of things, (unmanaged switches are super cheap, after all), but I run a small Dante audio-over-IP system, which requires low latency. So I try to avoid having a bunch of switch hops in between my devices, as each switch hop adds some latency. I basically split each of those four LAN lines to a separate room, and each room has its own switch. So I’m never more than three switch hops (room 1 switch > router > room 2 switch) away from any other device.
What I did when I was looking for a newer router to run OpenWRT was to look at their supported hardware list, narrow down to the ones with recent WiFi protocol support (in my case, WiFi 6), then compared prices. I was able to buy a used Belkin router for $20 on Ebay that did the trick.
Well, GL iNet 's router software is based on OpenWRT, so all of their’s. The UI of nicer, so I just leave their version on there; go through the “advanced settings” menu item to get the LuCI interface.
One that supports the latest standards, though I’d suggest a Gl.iNet router if you don’t know much about networking as OpenWRT is quite confusing.
I’m using a Linksys MX4300 I got from woot for like $20, seems pretty good.
tp-link archer c7 is commonly recommended as the cheapest one that runs it well. you aint running a lot of services and it only has gigabit lan and wifi5 but its dirt cheap.
I remember the majority of routers in the past could not handle many half-open connections which had very negative impact on torrenting. Asus routers were the only ones that didn’t have that limit and i stuck with them since. Is that still a problem that exists?
I have port forwarding setup on my devices (Google WiFi running OpenWRT). I can connect to most piers on qbitorrent. My only limit seems to be my bandwidth Which is what we want.
How does DD-WRT fare? I’ve been using that, but I only have old routers. I mean, old. But I only have mobile data, so they’re mostly for playing around. Except for the one which supports Wireguard in DD-WRT. That’s very useful as a client. Unfortunately, it’s also the least stable one, rebooting every few minutes and eventually ending up in a bootloop after 1 to 2 hours.
I’ve got I think 8 routers now, 6 of them have Wi-Fi, 1 has 802.11n (the unstable one), the rest peaks with 802.11g.
I use both OpenWRT for my newer router and DD-WRT for an older router (802.11n) that’s being used for my building’s HOA. Both work great for me. No stability problems. However, I’m not using Wireguard with either of them. It’s mostly fairly basic functionality.
Sorry I don’t know much about DD-WRT to be honest. I myself have a Google WiFi mesh pack of three devices which I bought second hand for about 30$. They are excellent value in my opinion so maybe look into that if you’re interested
