I used it for a while, but after I've had it for a few months, and want to improve/diagnose something, I can't easily tell which config I've changed from defaults, and so can't easily diagnose how I might have screwed it up, or predict how changes will impact the rest of the system.
I moved my router to NixOS, where I can now see the ~250 config that covers the custom setup needed for my ISP/LAN.
If asked, I'd still recommend OpenWRT for most techies, since it's easier to get started.
Do keep in mind that the OpenWRT backup does not contain information about which extra packages were installed after firstboot. I solved this adding a cron job which runs opkg list-installed > /etc/opkg_installed.txt and adding that last filepath to /etc/sysupgrade.conf so it gets added to backups.
That's a misconception. Nobody actually cares about security for packages that are not in the default install. For example, the initscript for sstp-client disables certificate validation unconditionally, see https://github.com/openwrt/packages/issues/25212
> Nobody actually cares about security for packages that are not in the default install.
Probably an exaggeration, but it's clear there are some packages that are insecure out-the-box.
cd /etc
git init
git add .
git commit -m 'default config'
git remote add ...
git push
# modify your configs
git diff HEAD
git commit -m 'yay i changed stuff and i know what i did'
git pushAll updates except semi-recent DSA changes were seamless.
https://discourse.nixos.org/t/how-minimal-can-a-nixos-image-...
NixOS works well for x86-64 and aarch64, but not so much armv7l, as so many consumer routers are.
The PC Engines happens to be x86-64 with decent storage expansion, but for sure if you want to target armv7l, NixOS is not a good choice.
systemd-networkd + kea + corerad is the software I use.
That's EOL now, so nowadays I'd look to ARM e.g. https://radxa.com/products/network-computer/e52c
For wireless AP i have an Mediatek MT7621 device, they are very well supported and provide proper wifi throuput
Btw what's the go-to device / vendor for OpenWrt these days? Seems like tplink is lagging behind with my last Archer C7..
Next hurdle is to make ISP upgrade their ONU to have a 2.5Gbps port so I can get ACTUAL 1Gbps out of it, but it will likely also mean they need to upgrade the entire string of GPON equipment, so likely have to wait for a bit.
Also have success with OpenWRT on the ultra low cost Mi AX3600, while hardware acceleration is not supported, it is nice to not have to run out of date Chinese firmware.
From my experience, given the local availability constraints, I often only get a handful of practical options to choose from.
For something like a successor to TP-Link Archer C7 with WiFi 6 support, I have chosen TP-Link Archer AX23 [1] and it seems okay to me so far as a cheap wired-to-wireless edge device.
Mediatek MT76xx/79xx (mt76 driver) are also considered very good.
See https://github.com/morrownr/USB-WiFi/blob/main/home/USB_WiFi... (yes this is specifically about USB adapters, but usually the same driver is used for built-in WIFI in access points as well)
https://wireless.docs.kernel.org/en/latest/en/users/drivers....
But if you want 10 Gbps for wired connection with upstream support, you need something else (like DEC750 which has no wifi).
OpenWrt 24 adds support for configuring the ISP's IPIP6 tunnel I need to access IPv4 on my IPv6-native connection - for now I've been manually installing the newer package straight out of the 24 RCs into my OpenWrt 23 install but now I guess I can upgrade the whole install!
I also tried pfSense/opnSense but it seems like the FreeBSD kernel struggles with 10 Gbit network connections without picking very specific hardware, but Linux works perfectly (had a similar experience with TrueNAS CORE vs SCALE)
Tried a bunch of the random tunables people were posting on forums, tried turning on the hardware offload the manual says you shouldn't touch, it made no difference.
I've always had good experiences with the Intel x520/x540 10G nics on FreeBSD though, and given the eBay pricing, there's been no reason for me to explore any other offerings. Sadly, my recently installed fiber internet is 1G only, but maybe one day they'll update; but I can't really test if my system can do 10G without a proper upstream.
Can this be used to replace NAT64?
Currently, I can get 1Gbps Internet for $15, while the cheapest package is 200Mbps for $5. I expect they'll offer 10Gbps in my area in the next few years for the same cost as the 1Gbps now.
Still, at that speed, the router CPU can actually become the bottleneck, and OpenWRT currently has pretty poor support for hardware accelerated routing.
Banana Pi BPI R4 or
NanoPi R6S
Sinovoip's OEM build is an ancient 21.02 one. Whereas in the official one wifi is completely broken, working SFP is pure luck as "many" modules (all four fiber ones I've got here) on kernel 6.6 either don't show at all or just fail to come up. This was known to OpenWrt's mediatek maintainer who preferred to "spot and fix" it on the go:
https://github.com/openwrt/openwrt/commit/6257ea018a7d5b8d4b...
Meanwhile there are about two kernel devs working on mediatek in their free time who've only begun upstreaming R4 support, eg. Frank W.'s DTS parts… for kernel 6.14. (The other dev is Eric. W.)
To quote Frank W.: "The patches i posted are mainly patches adding basic support,only slightly changed to get accepted for mainline. There is no network part yet,also no sfp. Maybe i add sfps in next round,but without full network part (which is much work) it will not work." ( https://forum.banana-pi.org/t/bpi-r4-and-sfp/16945/330 )
Edit: The R4 also needs a soldering mod for certain SFP modules, and prior board revs have resistors that break SFP if NVMe is present (I'd say: sure to get 1.1, but Sinovoip originally shipped that rev broken as well, and didn't increment to 1.2 for the fixed ones).
This is almost never required. They have a long list of supported devices, so unless you're trying to put OpenWRT on a device you already have that requires hardware mods, you should be able to easily find a compatible device that doesn't require this step.
then install is as easy as flashing a file via the stock ui.
i dont get people going with the free alternative (wich is great for a lot of people on a budget) and then crying its harder then the thousand dollars alternative.
I am currently on an old ASUS that was from the before times and it's "fine" but not updated any longer (even with the 3rd party firmware). So I'm in the market to get something new.
What's a nice all in one unit for OpenWRT? I have a very small 1000sqft house so generally speaking I have zero issues with range and everything is wireless anyway. I just want reliability and set it and forget it, generally speaking.
https://teklager.se/en/knowledge-base/which-router-should-i-...
The motherboard can run off of 12-19V DC input via 5.5mm barrel jack (e.g. any old unused high-power laptop charger), or 12V via a 4-pin CPU EPS power connector (they are commoned together). Since the case comes with a 250W 1U Flex ATX power supply, I'm doing the latter.
This lets me take the PSU's 12V rail out via the barrel jack (edit: with 18 AWG cable, I know) to power the modem and a couple of TP-Link 2.5 GbE network switches which all run on 12V, saving 3 wall warts. Both switches are velcroed to the top lid with 20cm patch cords for 2.5 GbE ports 1 and 4. I have 5 LANs at home, so the 6x wired ethernet ports this gives me are perfect.
OpenWRT runs pretty great on amd64 and I've been running the v24.10 branch (pre-release) for several months on it without issue.
It's been so solid, that I haven't bothered to move to the Netgear RAX120v2 that I bought as an OpenWrt upgrade. (It tested fine with OpenWrt 24-rc, then I put it in storage for a more pressing occasion to upgrade.)
I also got a Netgear WAX220 WiFi AP, which I put OpenWrt 24-rc on, and tested with an OPNsense box (since OPNsense isn't good for WiFi). I decided I preferred OpenWrt for my simple needs for the router, but it's a nice enough OpenWRT WiFi AP that I expect to need it again someday, maybe to hang off a beefy OpenWrt PC-based router that's running IDS/IPS or something.
I'm happy with OpenWRT on a NanoPi R4S, but that doesn't have wifi built in.
1:
https://www.reddit.com/r/openwrt/comments/1cr1lvp/is_the_asu...
2:
https://github.com/openwrt/openwrt/issues/14192#issuecomment...
What exactly are you planning to do? OpenWrt is quite flexible. There's this https://openwrt.org/toh/buyerguide.
> Can you do mesh networks?
Yes. Note also https://openwisp.org/ if you want to do a whole fleet of OpenWrt routers.
Wiki has you covered for beginners guide
This year I decided to replace all networking equipment with Ubiquiti (gateway, APs, switches). It's really expensive and it makes me feel like a sell out but I have had zero issues (it's been 6 months now).
I'm really happy that OpenWrt has a stable release and others continue to make progress. I'll probably be deploying some _spare_ devices that won't break my main network, try patches, submit bugreports, etc. But I'm enjoying the peace of mind now.
Not contributing much to the discussion about OpenWrt, sorry.
Edit: they've got sysupgrade packages for the r6c at least so the answer is yes
Wifi via NVMe Adapter needed some tinkering, but Mediatek ftw.
Most time wasted for the custom 3d printed case cover to fit the Adapter + wifi antennas
Gives 17 entries…
OpenWrt is distribution that works more or less the same on all of the supported hardware. IMHO, the Asus firmware is reasonable, so it's not a bad place to start, but some manufacturers have pretty minimalistic firmware and IMHO, something like OpenWRT that provides fairly consistent capabilities across a range of hardware is really handy (when OpenWRT supports your hardware anyway).
I run OpenWRT on an LTE gateway, and on my new APs, although I'm running off a fork right now because the ath11k drivers in 24.10 didn't work well for me in the rc builds; hopefully after this release settles down, snapshot builds will move to the newer linux kernel and I can switch to that.
Upshot: if you care about very long term support, openwrt is nice.
So I am going to now run my OpenWrt router as a VM on one of my home server just to get rid of some cables and clutter.
I really love OpenWrt but was tempted to try something new like pfSense or OPNsense, mainly because I now find PF way less confusing.
I also saw some people just love to build routers with OpenBSD and there are some great guides out there [0]
Any opinion or alternative I should consider?
Upside is the ability to have 10G
Instead they seem to focus on getting GPUs and Doom working... and now they even do hardware dev. And it's not even decent hardware, it's crippleware ewaste hardware.
It would be quite hard getting sane defaults for all sorts of configs, e.g. multi AP setup as in my case.