Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Best current model routers for OpenWRT, DD-WRT, Tomato, etc.?
253 points by zhan_eg on Dec 6, 2016 | hide | past | favorite | 120 comments
I'm in the process of choosing new device(s) for a small wireless network in multi-story building and prefer having devices supporting some open source router software/firmware (OpenWRT, DD-WRT, Tomato). The amount of models available is enormous, but as the last Ask HN[0] (from 3 years ago) on this topic was a good starting point I think some good up-to-date advice can come up now. malandrew the original poster told it well so:

> If one were to decide to buy a brand new model router to install open source router software on, where would you go to find out the best current models and be able to compare their features? > While it would be nice to know the best models as of today, I think it's more interesting to be taught how to fish instead of being given a fish. This also makes it easier for me (and anyone else) to pass this advice onto the next person.

[0] - https://news.ycombinator.com/item?id=6828699

The first thing you need to know is that the OpenWRT project is basically dead and that 95+% of the developers went over to the LEDE Project. However, LEDE has not yet published a stable release yet. You can get nightly builds that are in pretty good shape though.

I would highly recommend an ipq806x-based system, if you can afford it. Almost always matched with qca9880 radios. These are modern 802.11ac wave2 systems.

ipq806x is a Qualcomm-Atheros SoC. Go to wikidevi for specifications on the chips and all of the devices I mention below.

Check camelcamelcamel for recent pricing info if buying in the USA.

The list would be:

Linksys EA8500

TP-Link Archer C2600 (Not recommended due to TP-Link going anti-OSS. Modern versions require signed firmware and other DRM junk)

Trendnet TEW827DRU (Not yet accepted into LEDE, but could be any day now)

Netgear R7800 (Has a slightly faster CPU, but more expensive)

Netgear R7500v2 (Avoid the V1)

ZyXEL NBG6817 (Has the same slightly faster CPU as the R7800, but it's storage flash is goofy and I'm not 100% sure it's fully working. Ask the lede-dev mailing list first.)

The top issue that all of these devices have is that the 802.11 radio LEDs don't work yet because the driver is missing support for it. However, if you can live without blinking lights, these models are the way to go. This feature will almost certainly get fixed in the future.

I would tell you to go with the Linksys EA8500 if price/value is your concern. Otherwise the Netgear R7800 has a very active dev and probably has the best support. The ZyXEL NBG6817 looks really interesting to me, but I don't have one yet.

If $140-$200 USD is too much for you, look to some older 802.11ac devices. Like I said above, avoid TP-Link as they have started locking down their devices by removing serial ports and requiring signed firmware/DRM etc.

Your list here in comments is pretty good, though I'd avoid the TP-Link unless you can get one that is older (before TP-Link became anti-OSS.)

Good luck

Calling the OpenWRT project dead sounds like hyperbole to me. As I write this, both OpenWRT and its package repository have had commits in the last day. That doesn't sound like a dead project to me.

https://github.com/openwrt/openwrt https://github.com/openwrt/packages

I get that there is some strife, but calling OpenWRT dead would appear to be very very premature. FWIW I build OpenWRT from source and for the past few months have not been using CVS. I don't know the story behind it, but it looks like all development has moved to Github.

As an OpenWRT user it's a little worrying to find that many of the developers have left the project. Do you have any more info on why this happened?

This seems to be pretty comprehensive: https://lwn.net/Articles/686767/

All of the links here on the issue are good.

My personal take on the split is like this:

First off, OpenWRT as a project was very sick before the split. There was development going on with core stuff and bug fixes, but a lot of things were not getting done: Documentation, user-oriented outreach (forum, end-user help, new-dev help, etc), security response was a joke, and other many other issues. Some of the old core devs went AWOL and were really hard to reach and rarely made new commits or worked on the project, but they still had the keys to servers, DNS, and similar stuff.

Then one of the big dev servers over in Europe started going offline, and nobody knew why. Infrastructure like the user-forums, DNS, the bug tracker, and git/svn all would go down for HOURS or DAYS. People tried to reach out to the missing devs and got no reply... for DAYS.

That really kicked things off. People already were not happy with how the current set of project maintainers were running things. There were too few people with the keys to the kingdom and then when stuff broke, nobody was around to fix it.

The old devs are basically holding the name of the project hostage and preventing future progress.

So people forked and that's that.

The new LEDE Project has a lot of problems. I'm not a fan of how they have failed to scope out the project properly, but I think it's a better situation than the old OpenWRT project, which was dying a slow death. At least the new project has a chance at life instead of being smothered by the old devs who refused to share the keys to the kingdom with the active developers.

There was a pretty detailed discussion on HN on the split [0] I personally hope that the situation won't become as [1].

[0] - https://news.ycombinator.com/item?id=11624374 [1] - https://xkcd.com/927/

Sure, having competing standards isn't always a good thing but we're not talking about a standard here. It's a new router firmware distribution and I think having more of them is a good thing as it gives people more choice.

The major problem that I do see here is that LEDE has been forked from OpenWRT, but has nowhere near the level of device support that OpenWRT has. I have a TP-Link WDR4300 which I bought specifically because it was one of the routers which are highly compatible with OpenWRT. However, LEDE doesn't list this router amongst its supported devices (though there are newer WDRXXXX devices listed).

> However, LEDE doesn't list this router amongst its supported devices (though there are newer WDRXXXX devices listed).

What list are you looking at?

LEDE does builds for the WDR4300, and given that it's an ath9k router, it is and will continue to be very well supported. The only caveat is that I don't know whether they've added the necessary signature to allow the firmware to be accepted as a valid upgrade by recent TP-Link stock firmware, but once any third-party firmware is installed, there's definitely no barrier to upgrading to LEDE.

I was looking at this page: https://lede-project.org/toh/views/toh_available_864

But I see now that my device is listed under the "non-ideal" table of hardware page.

Hey, thanks for the great advice - here[0] is a comparison chart on Up/Downlink profiles and others from SmallNetBuilder for the first six models listed.

Do you have any real-life comparison of range/stability (and with what load on them?) on those models as from experience I know that raw comparison data on Wi-fi differs from reality.

Both this and some other Trendnet models I checked are not Wi-Fi Certified - has that been an issue for you?

As I'm in Europe the issue with TP-Link locking down firmware because of the FCC ruling [0][1] won't be a factor and I'm still not sure are they or TP-Link at fault?

[0] - http://www.smallnetbuilder.com/tools/charts/router/graph/117...

[1] - https://www.wired.com/2016/03/way-go-fcc-now-manufacturers-l...

[2] - https://www.techdirt.com/blog/wireless/articles/20150831/071...

On the contrary, I use the Archer C7 as my main router and in my experience, it is by far the best router I've ever had (having previously used FritzBox, Speedport, Technicolor, Netgear etc.) Here's a quick rundown of what happened: The part of the city I live in was upgraded to fibre for free (Fiber 200, with 180 down and 90 up guaranteed) and I needed a router that could handle that. The way Fiber 200 works is pretty simple: The provided optical end terminal converts the incoming fibre line to Cat5e. It then creates a VLAN, with separate IDs for TV, VoIP and Internet. So you need a router with unbounded VLAN ID config. Of course you can pay the $150 for the ISP provided one. But I didn't need VoIP, so the Archer C7 seemed perfect. Anyway:

Received C7 with old world-wide firmware. Immediately upgraded to the latest firmware, not realizing that this new version is region locked (no problem so far though). Tried to configure the VLAN for my Internet, realize that my ISP uses non-standard VLAN IDs which exceed the limit of the firmware. Call TP-Link (Germany). I was very surprised to speak to an actual engineer immediately. He knew the problem and recompiled the current beta firmware (with support for higher VLAN IDs) and sent it to me

Now we run into the first problem: You can't flash beta firmwares after upgrading to the region-locked one.

Call again - another very helpful engineer. He recommended flashing OpenWRT in recovery mode (FTP upload) and then flash the beta firmware from there. Flashed LEDE instead of OpenWRT (because I had it on hand), without any problems. Now I don't have any use for OpenWRT or LEDE. The functionality of the standard C7 firmware is more than enough for me. So I flashed the beta and everything worked.

Here are a few other points about this router:

- I pushed the internal switch to maximum capacity multiple times, even using unreasonable packet rates. The C7 doesn't even break a sweat.

- I use the built-in media server to stream music to my Dumb-TV. Works great.

- At one time, a friend brought his laptop over, which turned out to be infected. The C7 banned his device immediately, after it exceeded the DDoS protection limits I set.

- I never had any downtime on this router.

- WiFi performance is exceptional (up to 450M).

In conclusion: I would recommend the Archer over any router in this price range any day. The painless flashing of OpenWRT and LEDE makes it even more awesome. Add to that the awesome and competent support experience. And by the way: You receive an actual paper manual on how to request the GPL'd code that's used in the stock firmware.

How is a potential user supposed to figure this out?

If I go to what LEDE calls "ideal hardware for LEDE", at https://www.lede-project.org/toh/views/toh_available_864, none of the above routers are listed (with the possible exception of the Netgear R7500, but there is no mention of v1/v2).

I guess the docs are just out of date?

I am very sympathetic to your comment. The old OpenWRT and new LEDE did a really poor job of end-user interaction. There wasn't a list of recomended models which was kept updated. The regular documentation was often out of date. The forum was poorly administrated. Project goals were unknown. Lots of back-room dealing with little transparency of what project direction should be.

Hopefully LEDE will change this, but I'm not very optimistic. It's the same devs as before, and they didn't like dealing with end-users before, so why start now? It took LEDE over six months to set up and end-user forum, and they decided not to make a lede-user mailing list at all. Not very end-user friendly actions I'd say.

Note that I don't interact with DD-WRT, so that's why I don't make comments about DD-WRT.

I have the Asus RT-AC68U/TM-AC1900. I bought it from T-Mobile for $60 and flashed it to stock and then put Asuswrt-Merlin on it (but you can use Tomato or DD-WRT). It does take a little work to flash it to stock (like Telnet'ing into the router), but it wasn't bad and for $60 I ended up with a wonderful router. There are guides online for flashing it back to stock.

If you're looking for information, I suggest SmallNetBuilder. They have very thorough reviews: http://www.smallnetbuilder.com/tools/rankers/router/view. It looks like the RT-AC68U is their #1 pick for AC1900 router now. It used to be their #2 pick under their previous testing methodology (after the R7000 Nighthawk from Netgear). That's slipped to #3 under the new testing and the Asus has taken the top slot.

Asuswrt-Merlin isn't such a radical departure from stock, but it has some nice features and allows me to do things like edit the etc/hosts to block certain things.

The Asus RT-AC68U is probably one of the top 2 AC1900 routers out there and T-Mobile is selling it for a song (even if you're not a T-Mobile customer). It's a little work to re-flash it so read a guide and see if you're comfortable with that. Or you could buy a stock RT-AC68U and get SmallNetBuilders #1 AC1900 router overall, for 2.4GHz avg throughput, 2.4GHz max throughput, 2.4GHz range, 5GHz avg throughput, and 5GHz range.

I'm on the Asus RT-N56U with Padavan firmware. It's bliss. I'd recommend the entire RT-N*U line, as a friend picked another model up on my recommendation and is equally as impressed. A bit more on the expensive side, but worth it (especially for that juicy hardware NAT). Only tested in the home, I have no idea how they would fare in an office.

I'll third the Asus RT series.

I just replace my FIOS router with an ASUS RT-AC66U running AsusWRT-Merlin (I understand the stock firmware is based on Tomato). It is very fast, stable, has great coverage and is extremely configurable/hackable. I think I paid $75 for it from Amazon Warehouse Deals.

> extremely configurable/hackable.

Except for the closed-source WiFi drivers, which also limit the choice of kernel versions.

Just got the same one. More information and a link to the purchase site here: https://slickdeals.net/f/9330575-asus-tm-ac1900-wireless-ac1...

I have yet to open it as I'm using my landlord's Verizon crap model, but once I move to my new place, I'm looking forward to flashing Merlin or DD-WRT.

I second this recommendation. I've been running this in my house for quite some time now. The author keeps up with patches and I've not had any problems with it. I use it to route to my internal network, access my network via SSH and VPN, and put the entire house (20+ clients) on VPN when I need to. My house does all of its entertainment over the net (no cable/sat).

I recently got one of these, since I use a separate router and put it into access point mode, I didn't bother to flash it to 3rd party firmware, but it seems to work fine.

RT-N66U with Advanced Tomato here. Couldn't be happier

I know others have recommended this already, but I would also say that your best bet is to buy some Ubiquiti hardware. An EdgeRouter X + UniFI Pro dual-band AP is on the order of $200 from Amazon and has way, way better functionality than SOHO hardware of same price point, with the principal issue that it is enterprise hardware, and is very much not point-and-click to set up. I think the tradeoff in functionality and build quality is worth it, though.

I recently replaced my PC router running pfSense with an EdgeRouter X - at ~$50 the power savings alone will probably pay for it in less than a year, and the only thing I can't do with it that I could do with pfSense is create a standalone OpenVPN endpoint - so I'm moving that functionality to a server that was running anyway.

Don't leave out Mikrotik hardware from the mix. Mikrotik routers are much better than consumer-grade things you buy at Best Buy and provide advanced features.

I can second this. I recently upgraded my home network to an EdgeRouter PoE + Netgear R7000 (flashed to DD-WRT) and wish I would've gone with Ubiquiti across the board. That side of things was much, much easier to get configured how I wanted it than DD-WRT on the Netgear. The VLAN tagging in DD-WRT for that hardware only partially worked via the GUI configuration, and I ended up having to go in via the CLI to finish it off.

Pretty far out of my depth here, but I did the same w/ 3 Long Range Dual Band Pro APs and I'm quite pleased... so thirded.

One huge plus of the EdgeRouters and EdgeOS (a Vyatta fork) is that they have a Debian base. Just about any package you need is an `apt install` away. There really isn't any competition that lets you do that on a $50-100 platform that runs on a few watts.

>the only thing I can't do with it that I could do with pfSense is create a standalone OpenVPN endpoint

Pretty sure you can do this, check the forums.

+1 Not just a Debian base. When you SSH into them, they drop you right into a bash shell! Surprisingly open in that respect. I hear there have been some GPL disputes when it comes to source code though.

Their recent firmware has made it pretty plug and play. Edge router has a nice wizard for setting up basic routing and the AC pro can be setup via their UniFi phone app. Shouldn't take you any longer than an hour to be fully setup.

This was a really nice experience. Just went through this as a total novice -- never setup these APs and I'm not super knowledgeable in this area, but setup was really easy via a nice iOS app. Important configuration options were all available and all 3 APs I'm running are using the same SSID with no problems.

I use two devices to handle usual definition of the router:

  1. Mini PC[1] running as a router (pfSense);
  2. eero to handle the wifi.
Why? I've tried many times to use dd-wrt, openwrt and tomato firmwares on my routers, but every time I failed miserably: it's either something stops working, or I need to schedule routers reboots and so. So I gave up. Since that time, mini pc [1] is the third system which routes my traffic, acts as VPN gateway, proxy server and so on on my home network and I've never been happier. With eero I've got even better coverage comparing to the previous Airport Express.

[1]: https://www.aliexpress.com/item/Latest-windows-8-mini-pc-min...

I found https://www.amazon.com/Qotom-Q190G4-Celeron-Processor-Barebo... a fantastic device for the price. There's a non-Atom Celeron, a Broadwell chip and four Intel LAN ports in a <$150 package without moving parts. My home is small so this also handles the wifi for me.

How do you make it do WiFi? USB WiFi adapter?

It has two mini PCIe slots, one for mSATA, one for wifi. It has the usual antenna holes as well. You need an mPCIe card (Intel 7260HMW is popular) and two U.FL to RP-SMA connectors and be done. But yes, you could use USB as well. They sell kits as well but they use inferior cards IMO.

Thanks! I have an ASRock Beebox which has mSATA WiFi card installed by default, but I've never trusted the signal due to its lack of external antennas. I was wondering how well it performs in your setup :)

What OS you running on that?

Arch Linux. I don't need a fancy UI, I can configure my networking just fine. I also use it as a media player.

I also use a MiniPC running pfSense and couldn't be happier. I made the switch 3 years ago, after running a Linksys WRT54G-TM on OpenWRT for 5+ years.

pfSense is simple to get started with, powerful enough for small to medium businesses and "just works."

The initial setup might be a bit more $$$ ($150 for hardware), but it will last you a long time.

Which MiniPC did you use? I'm considering a similar setup, so options to consider would be welcome.

Looks like it was a Gigabyte GB-BXBT-2807[1]

I added a 32gb ssd drive and a USB Ethernet dongle as well (for 2nd interface).

The box has wifi, but no driver support from FreeBSD. My WIFI is supplied via a UniFI AC LITE.

1. http://www.newegg.com/Product/Product.aspx?Item=N82E16856164...

Thanks. I've looked at the AC Lite and the AC PRO also, but haven't narrowed the search for a small box to run the router.

Seems the box you linked to has only 1 ethernet port. How do you connect to both WAN and AP?

I added a USB <-> ethernet adapter. I didn't love the idea , but I researched a bit and bought a FreeBSD supported one (Linksys).

Have had 0 problems with it so far.

pfSense is really a good choice, I'm successfully using it for two years without any major problems on a dual-wan setup and some 50 clients.

How much coverage and clients does a single Eero manage - by the reviews I read, I think it shines only when multiple ones are used, but that makes them a pricey solution.

I use a mini PC as router too, running Ubuntu though. It works really well for me. I chose linux instead of pfSense because it is a lot more flexible, and I was already quite proficient in managing linux systems.

For now, by my research the best candidates are

- TP-Link Archer C7 (supported by both DD-WRT and OpenWRT, and recommended by the latter)

- Linksys WRT1200AC/1900AC (supported by both DD-WRT and OpenWRT)

- Ubiquiti UAP-AC-LITE/LR/PRO (OpenWRT, diffrent models depending how much speed/range do you need. No routing here, just access points.)

For any models discussed, please keep in mind that depending on the hardware version, the firmware support is different.

I'll second the recommendation on the TP-Link Archer C7. It's a really nice, not too expensive, piece of kit. Bought one for my folks to replace a cheap old Walmart-grade LinkSys, and it was night and day better - now my dad can pick up usable signal in his garage, 500 yards away from the router.

Here are 3 links that might be usefull: http://rooftopbazaar.com/routerfirmware/



Initially I was also planning to buy the Archer C7 but it seems OpenWRT is not flawless on it. This is unfortunate since that appears to be the recommended router for OpenWRT, so there is nothing on which OpenWRT works perfectly.

That was the situation 10 months ago. I'm not sure if things have changed since then. If they did, the OpenWRT has not been updated: https://wiki.openwrt.org/toh/tp-link/tl-wdr7500 According to some recentish posts on their forum there may be hope: https://forum.openwrt.org/viewtopic.php?pid=342710#p342710

I wonder if it isn't better to just go DIY ( http://arstechnica.co.uk/gadgets/2016/09/diy-homebrew-router... ) with pfSense or with the PCEngines apu1d4 and use a separate switch and access point.

Right now, it is very important to have a router with firmware you can trust and upgrade, otherwise sooner or later it will join a botnet. Therefore for me any router option without FLOSS firmware support is eliminated.

Edit: Just read the comment above about OpenWRT being dead. Looking into LEDE.

I am running an Archer C7 v2 on OpenWRT. Works flawlessly. Some notes though:

- 5ghz only worked after manually inserting the latest firmware blob for the qca9880 chip and setup only works via shell for it, setting any options for it from the web interface breaks stuff

- it's fast enough... I'm running a freeradius2 server on it, SMB shares on two 32gb USB pendrives, miniDLNA, DHCP for ~50 physical and virtual clients, a VPN tunnel to a VPS and so on. Never hits full load.

- 2.4ghz range is massive, 5ghz less so obviously...

- it is absolutely stable however, uptime exceeds two months and the only reason for shutting it down back then was a move, almost nine months before that

If you're simply looking for APs I would recommend Unifi UAP-AC-Pros though.

I didn't even have to install any blobs, 5GHz just worked. I think mine is a v2 as well.

If 5ghz works it's a v2 I think. Install is a while in the past, so if it worked out of the box for you all the better :)

I got Linksys WRT1900ACS at home. The router works very well with original firmware but as you expect is very limited in terms of features compared to opernwrt(and others open source alternatives). I was running openwrt for almost 6 months. Even that it said even on the box it works with openwrt the wifi support is complete shit! The wifi driver is performing so bad it will turn your life in to living hell. Expect disconnects and low bandwidth when using wifi (for both 5G and 2.4G). Recently I restored the original firmware and the wifi is performing great but is just a wifi router now. Nothing more. I lost all the additional features that motivated me to buy it. I want to throw it out the window!! Imo stay away from linksys if you want open source firmware and advanced features.

I have a TP-Link Archer C7, and while it has generally been pretty good, the last six months or so it will simply drop all connectivity and require a reboot. Pretty frustrating (happens 2-3x/week) and has me looking for another replacement. This is with stock firmware though, so I would hope, but haven't tried, that alternative firmwares would fare better.

I've had the same issue happen, running Archer C7 running OpenWRT. But I'm not 100% sure it's actually the router or whether it's really a problem with my ISP. I haven't seen the issue in a couple of months now, yet I've made no changes to my setup.

I did have considerable issues getting both wifi interfaces to work well at the same time, but that's probably more due to my own incompetence more than anything. I did finally manage to make it work, much like how you'd wiggle antennae on an old tv back in the day and suddenly you got a signal.

Why not just try flashing OpenWRT? I've been using the Archer C5 with OpenWRT for over a year and everything has been working flawlessly. Setup is incredibly easy as well.

In my experience the alternative firmwares were worse.

I ended up contacting TP-Link support and they were actually quite helpful though. They sent me a beta firmware that's mostly resolved the issues. I don't know if it's been publicly released yet though (I got it around a year ago now from memory).

Software support for the Marvell platform used by those Linksys routers is nowhere near as mature as for Qualcomm-Atheros hardware. It's improving, but definitely hasn't seen the kind of thorough widespread testing that QCA platforms get.

This comment is correct. Atheros was a long-time Linux/OSS friendly-ish vendor, where Marvell isn't. Marvell has been making some positive moves, but they are still GPL violators and don't work with the community like QCA does. That being said, some Marvell-based routers are pretty well supported now, like the Linksys AC1900.

I'm having pretty good luck with the WRT1200AC on DD-WRT. Note that OpenWRT doesn't seem to support v2 of this device, which is what you'll get if you buy one now.

I highly recommend just building a Thin-ITX router. I have a post of how I built mine here:


I paid too much for parts. You can easily construct one of these for under $200. I'm sick of ARM and needing a different image per device.

AVOID the ClearFog and BPI-R1:



I cannot recommend either of them (although if I had to, the BPI-R1 is better than the ClearFog. Just don't expect it to be stable)

I bought the Buffalo N300 not long ago:


I've been extremely happy with this purchase, admittedly I'm a bit of a high-demand user (I host a number of minor services for myself and friends including TeamSpeak, minecraft, as well as operating two Xbox Ones) so I needed something with good port forwarding support and UPNP. Rock solid, straight DD-WRT interface with minor branding, shell access, and monitoring support. This router's been an absolute champ and I'd recommend it to anyone.

I'll second Buffalo. I have the N600 [0], and I'm pretty happy with it. I started with the built-in DD-WRT firmware, installed OpenWRT soon after, and recently moved to LEDE, without any issues. I don't really use many advanced features, but I find it's really stable. One really nice thing I appreciate is dnsmasq. It puts your DHCP entries on the local DNS, so you can access your machines by their hostnames via straight DNS, no WINS or Bonjour needed.

[0]: https://www.amazon.com/Buffalo-AirStation-HighPower-Wireless...

I've stuck with buffalo for the last ... 6-8 years, and I have yet to see any of my buffalo routers need a restart, let alone die permanently. Coming with (a customized) DD-WRT out of the box is just a bonus, at that point.

They may not have the greatest wifi range in the world, but I haven't found a router to beat them at stability.

Clarification: I have no idea on the WiFi quality, I use an Airport Extreme in bridge mode behind it for Wifi. This serves 8 physical hosts and 6 virtuals over gigabit without fail, however, plus all the activity on the Wifi network.

Another N300 user here, very happy with it! No problems at all, and I've gotten work to start using them as our low-cost multipurpose routers in a pinch(they can openvpn!).

I used to run a modified advanced tomato (advancedtomato.com) on a few Asus routers. But the build process is terrible and I got sick of maintaining it. Looked at openwrt and lede, but still a pain to maintain.

I recently decided on the ubiquiti edge router x ($49), ac-lr access point($90), and pihole($50) on a raspberry pi for DNS. The pi also runs DNS crypt. But now everything gets regular updates and the firewall config and stats on the edge router are great.

DNS crypt? The google came up with several possibilities.

Probably this one: https://dnscrypt.org/

If all you need is a wireless network the UniFi AP-AC series is great. I don't have any reason to put OpenWRT on it.

In the past two years, I've bought...

- TP-Link Archer C7. This supports our office of ~30 ppl and has been bullet-proof since day 1.

- TP-Link N600. Cheaper but still 5GHz. Also super stable, I use it as a wifi bridge daily.

- I just bought a Netgear R6300v2 which will go in my home. Have not used it much yet but for the price it's an ARM core with a lot of Flash & RAM so I'm excited.

Caveats: I don't know if in practical terms new-ish TP-Links (later than Q2 '16) are harder to flash due to them supposedly cracking down on third-party firmware. At the time they were super easy, I just downloaded the latest from ftp://ftp.dd-wrt.com/betas/ and followed standard instructions.

Caveat #2: For Broadcom/ARM builds you probably don't want to use builds from ftp.dd-wrt. Intead you want KONG's build, see: http://www.desipro.de/ddwrt-ren/K3-AC-Arm/Readme and search the forums for latest KONG builds.

Finally, reading Amazon reviews for any supported model helps as well, you'll find a few ppl who relate their experience putting ddwrt on it.

EDIT: if your budget is $100+ I've also read good things about the Netgear R6400 and ASUS AC66 and AC68 but don't have any direct experience there.

Heads up! If you're quick, the TMo-branded ASUS AC68 is on sale for $60 after coupon WIFI40. http://www.t-mobile.com/accessories/t-mobile-wi-fi-cellspot-...

This is not quite what you ask for and a little more expensive that some options, but I use a PC Engines APU2 running Alpine as my router+wifi access. Great little machine that is much more functional than typical home router hardware, and it boots using coreboot. A good option if you like setting up everything by hand.

More about APU2 at http://www.pcengines.ch/apu2b4.htm

Thanks for the option - are you using an Wi-Fi card on PCI, or you have access point connected by the LAN ports?

If it is the first option - there are two recommended Wi-Fi cards - which one you are using and how many client devices does it manage?

It has WLE200NX a/b/g/n PCIe with antennas (all from PC Engines), plus an Alfa g/n 2000mW adaptor at the end of a long USB cable, positioned for better reception in another building ~150 feet away (n devices are mostly fine without it but especially old b/g devices had a hard time). Before that, wifi had been managed by an RT-N66U, and a repeater had been required to reach the other building. For my setup the APU2 actually replaced 3 devices which had previously been required: Erlite-3 router, RT-N66U, plus repeater. And more to the point, replaced 3 key network infrastructure devices, all running different commercial/closed software, with a single device running a security focused Linux distro and open source boot firmware.

As to load, it manages just a household's worth of machines, maybe ~10 wireless clients and ~10 more devices on the LAN side. The load on the machine is effectively zero. I would personally be confident building such a setup for even 100 clients. The 2 PCI + 2 USB3 offers many expansion options and the SoC itself is tens of times faster than most home routers.

A router has nothing to do with providing WiFi. You should have a separate router and WAP.

For the router, any fanless mini-PC with two ethernet ports. Run OpenBSD or pfSense.

I built a firewall/router out of this board, with Linux and shorewall. It took a trick with the installer to get it to go, but it's run for a couple of years now without hardly a thought. I love it.


I agree with the separation comment, but you can buy a radio for this board, and make it do wifi as well. The case even has pre-cut holes for the antennas. I've thought about doing it just for the fun of it.

I love the APU2, but it draws 5 times more power than my TP Link.

At 11 cents/kWh for electricity, and an average load of 9W, that makes the APUD14 cost a whopping $8.67 per year to run. I'll gladly trade $7 over the course of a whole year in order to have a general-purpose OS on which I can run all sorts of interesting things.

Power is three times as expensive over here. It's a very poor trade.

I wonder, are there simple powerful just AP's comparable to the already mentioned routers? Just with less features...

I had the Asus AC68U, which was the best rated consumer router on smallnetbuilders, in terms of wifi range and speed. I just replaced it with a Ubiquiti AC-PRO access point which is much cheaper than the Asus. The Ubiquiti is maginally better in my informal testing with the two in the same location. After ceiling-mounting the Ubiquti in a more central location, it blows the asus out of the water. It went from ~100 MBit -> 500+ on the old "dead spot" desktop, the raspberry pi on that desk went from 22MBit to 72MBit. The rest of the house has better coverage than before.

For a router, I use openbsd and this guide: https://news.ycombinator.com/item?id=13052673

The router is an AMD that runs almost any unix, so it is more or less immune to obsolescence due to lack of software updates (Linux and *BSD all have to abandon headless x86-64...)

Total cost was ~$300. The router was $200 of that and should last until my home internet connection is ~1GBit (OpenBSD probably can't NAT quite that quickly on that hardware--haven't measured it).

[edit: fixed asus model number]

As long as you can do without 802.11ac, make sure you get something supported by the ath9k driver, which IIRC is the only driver that doesn't need a firmware blob. So all the people working on bufferbloat etc. are using that driver for their tests, so you'll get the improvements first.

I have a TP-Link TL-WDR3600 v1 running OpenWRT. It was cheap, and works fine.

Direct from real world experience, a few points of architectural guidance.

1. Use WiFi routers for WiFi.

Avoid firewalling, NAT, authentication protocols, the strongest levels of encryption, or other packet changes/control on the WiFi Router.

Resources are always constrained. Mentioned processes consume resources and the load only appears under real world conditions that you did not anticipate or could not replicate in test.

2. Distribute (as much as possible). A little work/cost up front will save you down the line.

A lot of WiFi routers support multiple radios (IE 2 radios). That gives you three points of failure for every router - one for each radio, and one for the router. Take one dual band router down and everyone in the coverage area loses connectivity in both bands.

Separating these will provide improved redundancy, throughput, offloading, and etc.

What fanless mini PC should I use to run a VPN gateway at line speed? I see a lot of random boxes reccommended on aliexpress, but which one should I buy? Should I just get whatever one, as long as it has the right AES instructions? Or are some of them awful?

mikrotik routerboard with a ubiquiti wap. I've never been happier.

Have you tried the Mikrotik WAPs?

I'm just about to order a Mikrotik hAP AC Lite.


It's for a one-floor collective house in Latvia, so it's kind of nice to get an AP from a Latvian company. :)

I just ordered the hAP AC non lite. I have a gigabit internet connection so I couldn't deal with the 100mbit ports. I'll get that and an RB3011uias-rm tomorrow! Got that because of some of the traffic shaping I'm planning on doing will need routerOS 5 and more processing power. I'm in the US and a huge fan of Mikrotik stuff, they don't get the exposure they deserve on threads like this.

They also have a new cheaper wAP ac which has a single gigabit port and work outdoors!

We just got some 100 Mbit fiber to the house and we don't do a ton of heavy file sharing so it'll be fine for us.

A stone's throw from the house is a field where we plan to have some activity in the spring and summer, so I'm thinking we could then get an additional outdoor wAP.

Yeah, finding out about Mikrotik at all took a fair bit of googling and researching but they seem cool!

Latvia has a bit of an electronical engineering tradition, especially in radio, as I understand...

late reply but I have several AC lites that I have purchased. If you don't mind the fact that it is only 100M ports its more than anyone could ask for in the home.

Very interesting question I've asked myself a year ago. I ended up buying an old Netgear WNDR3800 for $15, and put OpenWRT on it. And it works great! It has enough ROM to install most of the services you would probably need need (ssh, iptables, smb, shadowsocks, dnsmasq, time machine, dyndns, are running altogether perfectly well) and enough RAM as well. OpenWRT itself isn't perfect, and I had to setup an package building environment on my machine to install some packages (typically shadowsocks) on the latest stable build (currently 15.05.1). But it works. And it works great. Speed is good, and I don't see anything I would have to complain about that disturb my needs/usage. I like the modularity and I love having a real Linux I can ssh to as router.

I've been quite interested to read about the fact developers from OpenWRT are moving to LEDE. Maybe it could be worth it to wait - as I said, OpenWRT isn't perfect and I'm sure a lot of improvements can be done. I haven't tried LEDE though. But I think, for a small office/home network, just getting an (reasonably)old/cheap yet powerful, compatible hardware and put OpenWRT on it is quite a good solution at the moment.

I've used OpenWRT in different incarnations over the years, and at this point my suggestion is to forget about OpenWRT and buy some Unifi hardware from Ubiquiti. You get almost the same amount of control from Ubiquiti's pro line, plus the hardware is really solid and it all Just Works.

Now that the enterprise-level Ubiquiti stuff is so insanely cheap, there's basically no reason IMO to fool around with open-source router projects.

Among the open source router options, what's the best for multi-WAN and flexible QoS?

I was looking at switching from ASUS on Merlin to Tomato for better QoS and to try out multi-WAN that was added in shibby about a year ago. I really want the internet to be reliable and fail over to a 2nd connection and then back fairly seamlessly.

Am I better off using pfSense (or something else) vs trying one of these integrated router/wireless firmwares?

Years ago I started looking for multi-WAN and got the very disappointing Linksys / Cisco RV042. It worked, but the interface was crap and it lacked a lot of the features that even consumer routers had. For an office of up to 50 people (and 2x devices) we've been using an ASUS RT-AC66R on Merlin and it's worked pretty well in that it's rock solid stable for many months at a time, has a bit of features - now including nice graphs for per-host bandwidth monitoring, and basic QoS and multi-WAN. The biggest issue is that QoS options are limited and it's hard to know if it's even working properly. The multi-WAN auto failover seems buggy and that seems like an area that Merlin hasn't touched.

I recommend buying a simple Access Point (AP) but with enterprisy components, like xclaim xi-3, and treat it as a stupid radio device while running layer 3 services with DHCP, firewall, etc on a separate device (or a vm) with pfSense. This way if you have problems with radio signal, you can just replace or buy a different brand AP without changing anything on your network stack.

Pipe dream: take over production of AirPort Extreme from Apple, release the hardware specifications to the public, and make it easy for users to install their own kernels, e.g., NetBSD.

Reality: as someone else said already, PC Engines or Soekris are the best you can do. They make the hardware and let users make the software. These companies appear to have some longevity. Easy to run user-compiled kernels of choice.

Ubiquiti is not an option if you want to compile your own kernels. The drivers are proprietary. They make the hardware and the software. Users assumed to be incapable? Apparently they cannot survive selling hardware alone. Longevity of this company is uncertain. Humble opinion only.

I'm currently using a Ubiquiti Edgerouter X (previously an ERLite) for routing/NAT and a UAP-AC-LR for WiFi (along with an OnHub in bridge mode, for AB testing).

Previously, I used a UAP-LR reflashed with "normal" OpenWRT as I hated their controller/config software, but now there's Android and iOS apps for basic AP configuration.

EdgeOS (a Vyatta fork) isn't as user friendly as other "consumer" routers, but every tech friend who owns one has fallen in love with the price/performance and feature set.

I'm using Nexx WT3020 https://wiki.openwrt.org/toh/nexx/wt3020 for my easy VPN project, but I've got the GL-iNet in mind also.

The idea of these is to connect them to your main router and have a "protected Wi-Fi network" that routes all traffic through VPN, while you can always go back to your normal Wi-Fi network to not use VPN.

If anyone's interested in talking about it, hit me up at hello@tscr.io

It's not exactly what OP asked for but some readers may find it worthwile:

The Raspberry Pi is well supported. If you happen to have one that's collecting dust and want to have a look at OpenWRT. Or to try things without fear of bricking the main router. I use a spare v1 for "traveling". Add a cheap Wifi dongle, an LTE dongle and one of those portable USB batteries and you have something to play with.

This isn't a good recommendation as anything other than a toy. The RPi doesn't have enough processing power to handle adequate speeds.

The Pi 2 should have enough power, the Pi 3 has more than enough.

What they don't have is good I/O. USB 2.0 only. And the 100mbps Ethernet is attached through it.

YMMV, but 100mbps is not enough speed for me. That rules out the Pi.

I bought a netgear NightHawk R7000 (dual core 1GHz) this year and it is great. Despite it being connected by a wire through my ISP provided router, the wifi bandwidth is about 40% better. DD-WRT installation was easy and is solid.

Carambola 1 and 2 from 8devices[1] worked for me.

[1] http://www.8devices.com/products/carambola

Are there any efforts to test the long-term stability of the open router distros on specific hardware? I'd give money to a legit 'OSS router lab'.

Does anyone want to share their experience / recommendation for a router with 4G / LTE SIM card slot?

I think I'm going to be needing one soon.

Not an open source one, but we use Cradlepoint routers for our remote offices that need to fail over to 4G / LTE. I quite like them.

It's an answer to a different question but Wirecutter did a nice roundup of all the new (proprietary) mesh WiFi systems


HN discussion https://news.ycombinator.com/item?id=13102698

If LEDE has a stable release that supports mesh networks it will be nice.

tplink c7. period. you can go and read the detailed reviews on whirlpoolforums. the amount of ram available is 512mb which is huge.

if i were you, i would take an el cheapo j1900 intel box (from aliexpress) with quad lan ports and run pfsense on it. perhaps the best bang for buck configuration known to man!

Taking into consideration the do-it-all directions the linux kernel is heading, I am more in favour of security conscious solutions, such as an APU board with BSD on it. For myself, this is still a concept. I've decided to learn more about bsd, security and networking before jumping into implementation and purchase of hardware.

Next year though! Next year!

What do you guys think about raspberry Pi configured as a wap? Are we there yet??

Maxes out at 50-100 Mbps, depending on packet size. Wifi-USB-CPU-USB-Ethernet for every packet.

PC Engines APU2 (or Soekris net6501) + OpenBSD is the best router you can get.

I think the Turris Omnia (https://omnia.turris.cz/en/) looks fantastic, and plan on getting one when my budget allows.

On further (re)inspection though it seems you'd still be tied to your ISP's router/modem :(

Perhaps there's a good standalone/mPCI modem out there somewhere?

I just received my Turris Omnia yesterday and I have to say that I'm very pleased with it. The build quality is good and it looks very nice in person. The web UI is snappy and everything was a joy to set up. The OS is based on OpenWRT so all the guides/documentation for OpenWRT works on Turris.

I previously used the Netgear R7000 "nighthawk" with DD-WRT and it worked just fine but the lack of updates and up to date documentation was very offputting. Somehow the whole setup felt like a massive hack.

I'm very surprised that there is no more talk about Turris Omnia here on HN. It's Open Hardware running Open Software. One would think that people here would be very interested in that kind of product.

Turris Omnia has a SFP port, so if your ISP has that option, you can get rid of your modem.

Good call, but my line in is RJ25 so probably not gonna happen.

It is very good and the option to install a msata card is really useful.

I recommend a custom built PC and pfsense.

pfSense for the routing part (and many other features not found in consumer Wi-fi routers) is very good, but is using it for Wi-Fi such a good idea ? The mantra in the pfSense forums is not to hassle with Wi-Fi, as it is a big pita.

Moreover, are there any AC cards supported? Based on the list provided by them[0] and info on the forums there aren't?

[0] - https://docs.google.com/spreadsheets/d/11cF4UoNL68Me5ZC6qhjF...

pfSense is FreeBSD based right? If so, then no, there is no AC support at all in most of the BSD operating systems out there. AC is a pretty big fundamental difference from bgn. There are devs working to support it, but anything out there is likely to be alpha/beta state right now.


Wrong thread bro!

Go on...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact