Hacker News new | past | comments | ask | show | jobs | submit login
WRT54G History: The Router That Accidentally Went Open Source (tedium.co)
677 points by uptown 6 days ago | hide | past | favorite | 318 comments

It's one of the most successful routers ever sold and yet network equipment manufacturers are still fighting tooth and nail to keep their devices closed source. It just doesn't make sense to me.

The manufacturers are mostly run by people who were trained in "standard" corporate governance. This includes the ways to protect corporate revenue streams by suppressing (legally, of course) competition, delivering a range of products by producing the top end model and crippling it to sell at a cheaper price point, and repeatedly reducing costs to increase profits in a "race to the bottom".

Until a new set of management philosophies is adopted for teaching, a large number of companies will keep doing the same thing, because in general corporate managers have a lead time associated with them, and we won't run out of the old school ones until 20+ years after philosophies change.

This is an opportunity for anyone who can do things differently, of course.

I see all this as a heartwarming story where a company was forced, with a "trap" set by GPL and its philosophy, to offer people for once a square deal: good hardware, fairly priced, you are free to do with it what you want. All this serves human needs better and the manufacturer could in fact turn a profit.

There is a faint, faint glimmer of hope that this is a peek of the far future of our techno-political-economic system. Of course with very different laws around intellectual property, company governance, customer protection, terms of participating in the market etc. We might be as far from it as the Enlightenment in 1750 (in a world built on overt serfdom and not even fully developed colonialism) was from the year 2000, but still. Makes me feel a teensy bit better about doing the right thing today, just because.

See how drones and 3d printers are evolving; who could fund the firmware development? who could fund the research? but now these cutting edge things are necessarily public and cannot both be a military advantage and cutting edge.

On the other hand this kind of "mistakes" are what is driving the new generation of POSIX clones for IoT untainted by GPL, like Azure RTOS, NuttX, Zephyr, RTOS,...

Copyleft exists to keep Free Software as Free Software. It doesn't prevent non-Free competitors from existing.

If you don't want to be part of the copyleft Free and Open Source software world, then you always have the option to not be a part of it. You can make your own competing product under a non-Free licence, or base your work on Free Software that uses a permissive 'copycenter' licence. This isn't a point against copyleft.

I am advocate of dual licensing, GPL + commercial.

So who doesn't want to pay can use GPL, who wants to make money can use the commercial license.

This clearly doesn't work for companies that like Apple, are now sponsoring POSIX clones for IoT deployments to play safe.

I'm firmly convinced that if a Chinese maker made a 100% open source keyboard or mouse, they could sell that for $30 instead of $3, and establish a global brand to boot.

Same thing for a lot of hardware, actually. Printers. Scanners. Etc.


An open source soldering iron, original by a Chinese company Miniware. I don't know how good their sales are, but the iron is so good it got that Louis Rossmann praised it (for the price, ofc). And it seems to be very popular (probably not nearly as much as Weller, but hey).

Turns out http://www.uychan.com/ is the original.

Since i can't edit, reply.

These are great soldering irons for the money.

Everybody says so. I'l have to get one for myself some day. With a cheap 24V scooter battery one could even use it in the field without a problem.

Oh, and i seem to have underestimated Louis's recommendation. He likes it a lot.


On the topic of open source for hardware; There's an open source software for Hantek oscilloscopes http://openhantek.org/ (not official) , which is yet another thing i'l have to get myself some day.

Isn’t that basically Keyboardio? Except it’s a San Francisco company selling them for $150; expensive, but still within reason for boutique mechanical keyboards.

Yea. And they are freaking fantastic.

That's what gl.inet is (weird name though).

Ive been kooking at rhem dor a while, any tries onw of their products?

I use their yellow mini router with 2x Ethernet and 1x WiFi 2.4 just as a media converter between WiFi and Ethernet for the laser printer that is too far from an Ethernet plug. That printer doesn’t have a WiFi card natively so instead I use that router to act like it. It’s a stony hello box, powered by usb (directly off the printer, this HP laser jet has a USB port to add storage to it) It runs openwrt internally from the factory, and you can click “advanced” to access LuCI and openwrt. It has one button to set it to WDS repeater and pass dhcp through. It’s pretty good, and I have no complaints.

I have one of their dual-channel mini routers, the GL-AR750. The preinstalled OS is a fork of OpenWRT that comes bundled with Wireguard, Samba, and several other useful programs, but the package repository doesn’t have the variety of the OpenWRT repository.

The hardware is fully supported by the OpenWRT project, so installing plain OpenWRT is easy.

But it’s still a relatively slow device (650 MHz MIPS 24Kc) with throughput well below 100 Mbps when encrypting. The faster GL-AR750S is still well below 100 Mbps when encrypting. That’s the tradeoff of a small and cheap device that can be powered by a USB 5V power adapter.

The more annoying part is that the 5 GHz WiFi has not been certified for DFS, and therefore DFS channels are disabled.

I've a GL-AR750S-Ext and it's excellent. Small, reliable, and properly configurable.

I also have a Linksys WRT1900ACS and it's a great piece of kit.

The point is that no matter the hardware, having the community-empowered OpenWRT at one's disposal is literally super-empowering.

Thank you the community. Thank you RMS.

> That's what gl.inet is (weird name though).

Company is from Hong Kong.

What kind of modem do they have? Huawei?


They can't though. Because if it was really open source, then another firm could just sell if for $3. Of course fabrication itself complicates things, but the gist remains.

Arduino is able to sell quite a lot of official boards for XX USD, when the same products are available unofficially for X USD.

Brand has value.

Yeah. For a basic keyboard/mouse, I wouldn't hesitate to pay $30 more for the "official" product. I wouldn't pay $100 more, but for it seems like there's a huge opportunity:

* Most mice on Aliexpress sell for $3 or so. I don't know the margin, but it's less than $3.

* I can't imaging anyone would hesitate to pay $5 more, and I wouldn't mind $30 more.

So yeah, off-brand could compete, and I'm sure students might buy it, but I think on-brand would do better.

And in either case, it wouldn't hurt. The $3 Aliexpress mouse vendors don't have any real IP moat. This is commodity tech.

That is true. And interesting to see how the value of retailer-brands relative to manufacturer-brands shift. I'm finding buying a no-name product from a retailer I trust to vet their goods. When buying from an open-online-marketplace-platform I really want to buy from a trusted brand to ensure quality.

what if it was OS but not FLOS?

Non-commercial open license, but the original author(s) would still retain full right including commercial.

Then the competitor couldn't just take the exact design and replicate it at a lower margin than the designer. Removing allowable commercial terms makes it significantly less "open" though, to that extent that many would argue it isn't open at all, like the various "shared source" approaches commercial software uses.

Another interesting approach would be something like the GPL, which I don't think is often used in hardware. Allow your competitors to use your design ... they just must contribute back improvements. Probably the incentives are wrong for this, but maybe not, it sorta seems like a bunch of the "no-name" chinese consumer goods operate like this. The produces are easy enough to reverse engineer that every just copies the basic idea and produces their own variants. This of course doesn't keep the inventor in an advantaged position, but at least keeps them competitive.

You can argue anything you like, black is white, the sky isn't blue, corporate exceptions mean it isn't "open at all" - but it clearly is at least more open then other than totally closed designs. If open means total freedom, including selling on at a lower margin; then yes, people might do express that freedom and undercut you - I can't see any way around that by definition, but I also don't see it as a problem - what's value is lost exactly?

I think what is a problem is that people can't use a subset of you design to make their own stuff. Maybe the solution to that is a common library of totally free design-pattern, but that still requires integration into a finished product?

> Allow your competitors to use your design ... they just must contribute back improvements.

won't this just lead to trivial improvements? perhaps a bug bounty, or similar, would be better? or even licensing the original design for either a set fee, or a %?

Oh sure, I'm actually in favor of these kinds of licenses. I mean, one way to think of them are GPL for commercial competitors and Apache/Mit/lgpl for "private" use (where private includes commercial, but not direct sales of of the product, such as using a DB and forking it for some kind of customization, the saas service using the DB doesn't compete with the DB vendor). All all cases there is some version of "open-ness," even OSI defined openness.

The key difference is I'll contribute to open projects (including AGPL). I won't bother adding to someone else's IP moat.

If you want an ecosystem, you need an ecosystem license. "Open" source has never worked for anyone that I know of, not for lack of trying.

There are plenty video games with mod ecosystems, so not everyone feels that way.

There are plenty open drivers for proprietry hardware too.

The Creality Ender 3 is Open Source I believe.

It's working on their brand - but isn't selling for a 10X price premium.

It is! https://github.com/Creality3DPrinting/Ender-3

It uses http://marlinfw.org/ with only modifications to the configuration (which, you need to do for any printer using Marlin). But the above link also includes the PCB design, mechanical design, and more.

The whole 3D printing community is a lot like this. See http://vorondesign.com/, an open set of design you can build yourself from off the shelf parts and a quality 3D printer.

Your standard bigco manager also believes a whole bunch of FUD about the lack of OSS secrity and what not, but it's 20 years unless upstarts eat their market.

Probably more likely for your average software company than hardware, but I suspect there's an inflection point in cheap hardware.

You can buy a new WRT today that supports FOSS firmware out of the box - https://www.linksys.com/us/wireless-routers/c/wrt-wireless-r...

And yet Linksys (and others) still sell their closed routers as well. One can only concluded that the Open Source support, while important for a niche group, is not enough for market dominance...

I bought one of these (WRT1900ACS) when I was working from home last year. It's good, but not great. Before anyone else buys one of these for their open source "support," you should know that Linksys/Marvell basically threw a buggy open source WiFi driver over the wall, failed to upstream it to the Linux kernel due to issues with the code, and abandoned it.

Although it works fine for my simple purposes, there's a discussion of some of its issues at the end of this PR: https://github.com/openwrt/openwrt/pull/2397

I have one and it works great for me. I'm not a heavy wifi user, mostly I want openwrt.

I've had several openwrt routers. Before this one I had a tp-link wdr4300, then an archer c7. The wrt1900acs has pretty fast, full-featured hardware.

I run firewall + adblock + privoxy + vlans. Because it has a USB port, I've added a USB GPS dongle so it does gps-based ntp time.

At first openwrt was a little daunting, but it has really grown on me.

One great thing about it is that the entire linux distribution is basically read-only, and all changes you make to your machine are in an infrequently-written overlay filesystem. If you back up /overlay/upper you will have all your config changes in a small tarball. All operations that do continuous writing like logfiles go to ramdisk, so it's easy on the flash and reliable during power failure.

Another thing is that if you follow the instructions, it's actually pretty straightforward to build openwrt for your specific configuration. I cut out the package manager and compiled everything I wanted into my image (or out of it, I turned off ipv6)

With a simple setup, you don't even have to bother with the gui. The config files are pretty simple and you can edit them directly.

I've also put openwrt on some network switches and once I got vlans going, my network got a lot more manageable.

I have a vlans:

- normal - machines can route to internet

- restricted - machines boot and have local dns - can get out (updates) only through the proxy

- test vlan - can't get to anything

the network switches are mikrotik and also running openwrt.

I have retired a rb750gl and rb2011ils, and now everything runs on a rb2011uias and a rb3011uias-rm (11 port)

I love the rb3011 - the rack mount tabs can be rotated 90 degrees and you can attach it under a shelf.

The two switches have SFP, and I can't help but think I should start messing with fiber.

Linksys is owned by Cisco, and I don't know what they do now, but at the time a Cisco low-end router had no specialty hardware to run a lot of their features. Those features were implemented in software.

So openwrt threatens their entry level and some of their mid-range devices, creating a conflict of interests.

Cisco hasn’t owned Linksys since 2013. Belkin bought it from Cisco and kept the brand.

Belkin was bought by Foxconn: https://en.wikipedia.org/wiki/Linksys#History

However modern WRT routers are also affected by NXP buying Marvell.

Both were then subsequently sold to the Sheinhardt Wig Company.

This feels like it needs a graph to explain what went where.

As FYI, it’s still owned by Foxconn; that was a joke.

It’s from 30 rock.

I had a WRT1900AC for several years. It was a very nice product, with very good community support.

Official support, however, was not good in my experience. Several years later I finally bought a Ubiqui Dream Machine Pro, and absolutely love it. Kinda miffed that they suffered a breach a month after I bought it, though.

I recently sold my UDMP and bought some mikrotik gear, because the device hat very tight limits on what ubiquiti wants you to do with it. No wireguard was an annoyance I could live with, but disabling NAT was not possible and a switch backplane running at 1gbps were the final blow. Also I do not want to have to log into an online account to use my (maybe airgapped) router.

The older Unifi routers, USG-3 and USGPRO-4, can run wireguard. The annoyance is, that you must configure it via config.gateway.json file and reinstall it after each firmware update. They also run without cloud accounts.

Pity that Ubiquiti goes the wrong direction with their newer products.

If you copy and paste the root parent comment of this whole thread here, we go full circle :(

Mikrotik's wired hardware is fantastic...but their wireless products leave a lot to be desired. I find that in most cases openwrt gives better wireless throughput on the exact same hardware under the same conditions. My other gripe with Mikrotik is that they pushed their own proprietary protocols like EoIP instead of supporting standards like vxlan (I know this will be available in RouterOS 7, but that is still not really out when I last checked).

I'm curious about what Microtik router did you choose?

My knowledge of their product line is pretty out of date now, but in another life I spent a few years setting up networks in hotels and condo buildings with Mikrotik gear.

Their software has the occasional wart if you're more used to enterprise gear like Cisco, but is generally decent and reliable. (The kinds of issues I'm talking about are like... it was really roundabout and difficult to get a single port with both VLAN tagged as well as untagged traffic flowing through it.)

I'm honestly always surprised their equipment isn't more well-known and popular in the tech crowd. While they've got some turnkey stuff, they also sell (or at least sold) devices that were pretty simply a handful of ethernet ports, a switch chip + CPU, and a mini-pcie port that you could add kinda whatever you wanted in to (they sell modules for 802.11, 3G/LTE, LoRA, etc). For a lot of models they'll also just sell you a bare board. Basically everything comes with a full software license (only real limit is max 200 vpn tunnels, max 200 hotspot users). They sell replacement parts down to bare boards to replace PSUs and things. Basically everything is powerable over PoE, most stuff has a SFP port, etc. Some of the models have had GPIO pins, and on basically all of them all the LEDs can be reprogrammed and are user-controllable. They've got equipment as cheap as $40. A lot of it is actually supported by OpenWRT.

Without having used it, if you just want something with wifi and more similar to a consumer router, looks like their hAP AC3 for $99 or something is probably decent. You're not losing anything buying the home gear, it's still licensed to the same level as all the other gear. Otherwise if you just need a router you can basically just start at the cheap end of their routers and look through the test results for something with acceptable performance for you.

Personally, I've been using a RB2011 for almost a decade as either a router or core switch and it's been great. Though the highest my connection speed's been throughout is probably 100mbps. These day's it's relegated to switching, and handles my setup where I've got all my PoE IP cams on one VLAN, main network on another, trunk running to my server where I've got the DVR and all my other stuff running, etc, etc. Hasn't had a single hiccup.

The hAP AC2 is almost essentially the same router and even cheaper. I replaced my UDM with it and I am way happier without the extra frills (no LED, no boot sound) and my uptime has been way more reliable

I use the RB4011, which even came with rack mounts. For the last year it's been working great (once you get the hang of how the configuration works). Can highly recommend.

I also use the CRS326, with a little less power than the RB4011, but with 24 Lan ports instead.

The only downside, compared to the UDMP, is the missing DPI

Me to, I’m considering a UDM-Pro for my 10Gbps internet upgrade coming soon but I’m a bit afraid that it won’t play nice with multiple external IP-addresses.

Microtik is certainly interesting but I’m lost as to which model I should choose.

Mikrotik hardware is very inexpensive. The rb4011 is the "default powerful small business router", and I've been enjoying it so far.

Yeh me too! I head pro doesn't allows proper mirroring either

I’ve dithered on the UDM-P, the reviews are very mixed.

I’m in a strange place with UniFi as a whole, as my APs are limiting download speeds to about 275mbps while upload speed is line speed, as is wired speed. There is lots on forums and Reddit about strange issues like this with Ubiquiti and they could really do with some firming up of their software.

Ubiquiti hardware is an great but their software has some of the worst QA I've seen in my life, the forum is basically an continuously ignored issue tracker where I've found dozens of problems I'm having with no solutions (about 200 aps and 150 switches/routers). Ubiquiti software is absolutely abysmal.

still rocking the wrt1900 and openwrt/lede

When I bought my WRT few years ago it was like $50. The one you have shared is like $150+. Why are routers so expensive for doing one simple thing?


And we haven't even reached RGB LEDs with routers yet. Brace yourselves.

I would expect an AC3200 router to be more expensive than a WRT54GL (which is $40 today). More capable hardware with a more expensive BOM will come at a higher price.

At the same time similar hardware tends to get cheaper over time and the WRT54GL hasn't really ever experienced a price drop - I'd be a bit more ready to attribute the price difference to "Because they can since the market is so locked up".

The WRT54GL was $60 in 2006[0]. That's about $75 today, adjusted for inflation. It's $40 today.

That's a price drop, hoss.


Yes, it may very well be the most successful router ever sold, but have you thought about how many new models were NOT sold because the oldie WRT54G was chugging along all too well?

If its success has kept uncountable, "segmented" garbage devices from ever entering the market, I'd say WRT has been even better for the consumers than you think.

I think you both agree.

Unfortunately what is good for consumers in this case is bad for companies, because it reduces long term sales.

I'd think there must be another reason. Almost anything a corporation does is optimizing for the next quarter. Sales 2 years in the future are a problem for the next set of CxO's

Some candidate reasons: Open source is still to different and hence risky. Or maybe arrogance and not invented here syndrome.

Thanks for connecting those dots for me.

Certainly that's a good thing though. Conserving resources and discouraging needless waste of perfectly functional products is a good thing.


Or perhaps more importantly, who loses.

I would continue to buy their newer routers if they have open firmware a la WRT54G. New wifi standards came out, had to install routers for friends and family, and WRT54G itself kind of died after 3 or 4 years... (I bought a second one, but by then N standard was up and running, so 3rd was not Linksys)

But think of the economies of scale and the $ saved in terms of RnD and marketing

Cisco didn't want a threat to their lucrative enterprise market.

Imagine if they kept pumping out updated hardware supporting DD-WRT over the years, and eventually captured 80+% of the home networking market. Now consider that, during that time, a generation of future networking engineers cut their teeth on hi-po Linksys home routers, giving Linksys a segue into the lucrative enterprise market as this generation of people started gaining influence.

This ended up being one of magical events that could have been the turning point for a small, unknown company to take on a giant, and win. Instead, the opportunity was squished through a smart acquisition by Cisco.

while i understand your argument, enterprise/ISP routers have completely different functionality then home devices. most people in the network engineering field cut their teeth on enterprise gear in lower level positions.

for instance, home routers do data and control plane processing on a single CPU with no or very little NPU involved, while enterprise gear has this functionality.

not to mention the large array of technologies that are not even usable in small scale networks like VXLAN, BGP, IPVPN etc..

Actually I have found a use for VXLAN in my home network, when I was trying to set up a mesh and was finding that 802.11s support was poor and that WDS was creating annoying switching loops despite STP. So I just set up wireless links between routers, use OSPF to determine routes, set appropriate weights to prefer the 5ghz band (which periodically goes down because of DFS but otherwise gives higher throughput), and use VXLAN to create the logical network I want. It has worked extremely well for several months now and my wife is happy to not have cables going all over our house. There are probably "better" ways to do this but honestly, it works, it is flexible, and it is straightforward to extend to more routers if needed.

The Linksys routers where not really competing in that corporate market though.

Some Small Business may have used Linksys but they would not have been buying cisco kit in most cases.

I'm still using one WRT54GL 1.0 in rural area.

Because it just works and refuse do die.

That’s a terrible product to sell in today’s world

Care to explain why a product that does what it's supposed to is terrible to sell in today's world?

I believe it was a sardonic expression on bucking the inexorable trend towards consumerism and recurring-purchase/subscriptions

For me, it’s primarily because this device has stood still while faster, cheaper, more powerful devices with lower power consumption and more fully open-source firmwares have entered the marketplace.

The WRT54GL doesn’t have a fully open firmware—the WiFi remains closed—and has so little RAM and flash that OpenWRT, that started with the WRT54G, no longer supports it. DD-WRT is creeping in the same direction.

IPv6 support is more off than on. It’s never going to support DoT, WPA3, or other modern security measures. Most of the world is urbanized, and in an urban setting it’s a bit rude to use 54 Mbps 802.11g on the 2.4 GHz channels.

If you’re using it for an internal network on a farm, it’s fine, but if you’re in today’s world then you need to support today’s protocols.

How is it rude? The 2.4 GHz channel is open for all to use as they please as long as they comply with power limits.

I live in a residential neighbourhood, my router has both 5 GHz ac and 2.4 GHz. I run it in 2.4 GHz 802.11n mode.

In terms of raw data rate, each byte of data on 802.11g takes the airtime of about 3 bytes on 802.11n. Since 2.4 GHz WiFi penetrates obstacles so well, that’s airtime that you’re excluding from up to several nearby homes if you generate traffic on 802.11g.

I've been on 'n' mode for awhile, but even if I was only 'g' why should I care considering there are neighbors that use 40 Hz channels on the 2.4 band? Or neighbors that set their channel to other than 1,6,11?

Arguably worse!

Correct, you don’t need to care. But the commons only needs to be a tragedy if you let it be a tragedy.

Just because others behave badly or worse doesn’t give you the moral right to do badly.

We don’t need to be perfect. If everybody did as politely as we could, and did what we could to help others behave as politely as they could, then I think everybody would be better off. Well, “polite” is not quite a direct translation of the concept I have in mind… I’m not sure how to communicate it in English.

To be honest, you're using a small fraction of the available wireless networking bandwidth available in 2020.

54Mbps vs 600Mbps for just 2.4Ghz, and using 5Ghz gets you to over 1Gbps.

Not accounting for real world losses/overhead, but that would hold true for the WRT54G.

Products need to fail or become undesirable to use after 3 years so you buy a new one.

This one works 14 years without issue.

Except that 2 times was crashed and then start with blank settings.

Thus making the supplier $60 over 14 years.

Sell a whizzy router with go fast blue LEDs for $150 that dies after 3 years and you make $750 in 15 years.

Advertise it with some “value add” MITM dns hijacking by default and you can even get a recurrent revenue stream on top of it. Bundle it as “Internet security” and you can charge bothe the customer and the advertiser.

Actually much more than $60...

I've purchase other Linksys stuff and few mine friends bought new routers because of mine recommendation.

But that was before they switch to VxWorks OS. Once they switch i didn't recommend them anymore.

True dat.

(Message sent via WRT54GL)

That's why I'm so impressed with OPNsense and pfSense and a wide selection of build it yourself hardware selection with them. You can own and tinker with your own router top to bottom. Seems like a niche market and I'm wondering why they aren't catching on with this same community that embraced the WRT.

I think those that want to run an open source software stack, but not assemble the hardware themselves, are served pretty well by going to the OpenWrt website (the successor project around the original wrt54g open source release), and choosing a suitable router from the table of hardware they maintain, and then just install openwrt on top of the stock firmware.

That's what I've been doing ever since I jumped ship from ye olde WRT54G (currently I have a Zyxel Armor Z2, and I'm happy with it).

FWIW, "assemble the hardware themselves" means buy a > 5 year old desktop computer and add a multi-port PCI-express NIC. Or even a USB3 -> Ethernet adapter.

Moving to pfSense was the best decision I made for my home network.

I mean, the issue is some people don't want to run a whole desktop or laptop with a 20+ watt power supply to provide the occasional wifi to a phone/tablet. Unless you're running a media server plus other services (or you have a lot of end users on a fast connection) I feel like a pfSense setup is a bit overkill, and this is where OpenWRT on your ARM+Switching SoC-of-the-week excels.

I run OpenWRT on my Archer C7 and I'm very happy with it, though I actually don't even use it for wifi— it's a wired router only, with Unifi APs in the high traffic areas.

You can even buy one of these ready-made boxes and slap on pfsense.


I use this exact model + RAM + mSATA drive and its more than powerful enough to sit in front of my SMB gigabit fiber connection while running DPI/OpenVPN/zabbix/etc.

pfsense is awesome and the learning curve is pretty reasonable if you understand basic network theory. I love it.

I never dove into the WRT devices myself but it definitely has a niche.

Wonder if there's a chance some of the router projects and Pine64 could collaborate somehow to make a fully open router. Pine64 seems to be quickly developing some production chops and the various router projects also seem to be doing great work.

PC Engines makes a long-term series of pretty open router boards that works with vanilla Debian, current iteration is APU2: https://www.pcengines.ch/apu2.htm

It is pricier than low-end router, but they are high performance and are much easier to use.

One plus of this over just using old PC hardware is that you have a proper physical serial port and no video interface at all— there's no failure mode which exists on it that will have you dragging over a monitor and paging through BIOS screens or whatever in the corner of your basement.

If Pine64 threw a bunch of Ethernet ports into a Clusterboard that'd be a pretty killer platform for a router. Start with one SOPINE for the actual router stuff, then add more for things like NAS, print servers, home streaming, home automation, etc.

The issue with that is it's A64 based, you only get one native 1Gbps port on that and you kinda need at least 2 if you're using a router for it's routing functionality.

You could get a rockpro64 and stick a nice network card in it's pci-e slot and probably outperform the clusterboard.

The Clusterboard solves that issue by including a built-in unmanaged switch (which is indeed how all 7 SOPINEs can share a single Ethernet port). So a router-capable Clusterboard seems like it'd just be a matter of adding more ports (be it by using the same switch chipset and swapping SOPINEs for ports or by using a different chipset with support for more than 8 ports - assuming that the chip in question is indeed limited to 8 ports).

Unfortunately I can't seem to find any detailed info on the Clusterboard components/schematics on their wiki, so I don't know what more it'd entail.

Ofcourse you can add a switch to it but that doesn't magically give you more routing bandwidth. You'd have to do router-on-a-stick which halves your bandwidth

Good point. And the SODIMM-based pinout doesn't seem to include support for PCI-E or additional Ethernet, so that is indeed a bit limiting (though I'm betting some of the pins could be repurposed if both ends are configured for it, e.g. if there was some way for a SOPINE and baseboard to negotiate "hey, neither of us have camera support, so let's use the camera pins for extra Ethernet").

Turris Omnia is supposedly one of these routers. I have their old model from a few years back, and it's been serving quite well for all my needs. The OS is their custom version of OpenWRT, and you can do stuff like LXC, Wireguard and all that quite easily.

The only problem is the ARMv7 hardware, which doesn't really cut it with modern Internet speeds anymore, especially with Wireguard.

That said, I can't wait for pfSense and opnSense finally support Wireguard. And pihole should finally get a FreeBSD version. I'd much more prefer the sense systems over the wrt, but the time is not yet here.

I think the big motivation for the Omnia is the Turris project, not open source per se. Security threat analysis and automatic updates from the nonprofit organization that runs the Czech DNS registrar. LXC, Wireguard, and the customization options from the mini-PCIe slots are a bit of a bonus.

The Omnia doesn’t have great OpenWRT upstream support, and the wireless performance sucks. 2GB of RAM seems enormous for a router, but when I put a medium-size number of clients on it (100-ish), its security monitoring features overran the memory and oom-killed essential services. Fortunately, that can be turned off.

And the Turris project seems to be retreating from modern Internet speeds. The Omnia can’t keep up with 1Gb full-duplex fiber, but they’ve moved onto their next product: The MOX/Shield is even slower. (1.6 GHz CPU vs 1.0 GHz CPU)

I have recently (one week ago) found out that MOX can easily route (and maybe even NAT) 2.5gbps with just about 50% of CPU usage, via the XDP framework. Unfortunately it is not easy to get XDP to endusers.

For me the interesting part on MOX is modularity. You can have 24 switched ethernet ports, which is interesting for network admins at least.

…So it can route 2.5 Gbps, by cutting out Linux’s entire networking stack and rebuilding the minimum necessary in eBPF. Not slowed down by NAT or TC yet.

How do you do the I/O? As I understand the MOX, it has one SGMII interface for the built-in 1G Ethernet port, SDIO and PCIe for the WiFi interfaces, and a single 2.5 Gbps SGMII interface to the rest of the Ethernet ports. To get 24 ports, you connect 8-port modules together via their 2.5 Gbps SGMII interfaces.

Seems like the I/O should be enough for 1 Gbps full-duplex, which is enough for a home router with a gigabit Internet connection, but it can’t do 2 Gbps full-duplex.

What do you mean by "doesn't really cut it with modern Internet speeds anymore"?

Turris Omnia can route 2.5gbps easily, via SFP cage.

Not when running Wireguard client in it. Without I get 1 Gbps, but when having Wireguard on, we peak at 300 Mbps, loads between 3 to 5 and the CPU temperature goes above 100 degrees.

I put the system now to a spot where it kind of has lots of air around, so the temps peak only around 95 degrees now, but the loads are still crazy.

btw there is a possibility for porting Omnia on FreeBSD, so pfSense support :)

ANY more work in this space would be great. The SG1100 seems similar already though. Most configs of the Pine64 I'm looking at are single Ethernet port though, I'm not a fan of the router on stick config, even the one in the SG1100 is confusing internally.

I would love to see some more prebuilt pfsense boxes with useful options (like built-in 4G) - there are some on Amazon without detailed specs and some small vendors that don’t feel like shipping in all of the EU (can’t blame them for the regulatory and tax challenges).

TekLager is a Swedish shop that has a fe quite nice options.


I believe the underlying BSD is the issue here, everyone that says they tried to do it says it is an awful experience. Similar story for the problems with realtek Ethernet chips.

For the 4G? It's not ideal but there are some options [0] - though the list would be nicer if it had a few filters, like interface and supported bands.

[0] https://docs.netgate.com/pfsense/en/latest/cellular/hardware...

I'd love to find a compact router/machine that has SFP/Gigabit switch and optionally PoE capability with pfSense support.

Sadly, my annoying Mikrotik is the only thing I've found until now :(

That's a big wish list for compact.

It's 3 common things, one of which marked optional. The only "big wish" on that is the desire to run decent software of the users choice on it which is a big wish for anything except a PC-turned-network-device.

I know. Mikrotik managed to build it though (HeX PoE), but sadly it has a pretty old SoC.

On the other hand, Ubiquiti has given end users an option for business class wireless and routing that wasn't available. You want a "real" router in 2005? eBay > Cisco.

It's funny, Ubiquiti keeps getting talked up on HN, but every time I try to shop for their equipment out of curiosity, it's basically panned everywhere else. Don't know what to make of it.

Yep, that's because it is a mixed bag. Certainly a step up from normal consumer grade stuff, and not as expensive as 'real' enterprise hardware. Had a lot of promise, and lots of hn folks like myself converted.

But I said had, because in 2020 the company seems to have transformed into a money-grabbing shitshow. Cloud for everything, deprecating fine hardware and fine software in favor of unneeded cloud stuff. Crappy firmwares with no easy way to rollback. CEO is supposedly running the company in the ground with outsourcing, constant crunch etc. There are some disgruntled ex ubiquity employees here and on reddit, if even half is true of what they say the company really needs to turn around soon, it is probably already to late.

> Certainly a step up from normal consumer grade stuff

Same mass-market Qualcomm SOCs as the other mass-market vendors, just better packaged and marketed.

Smallnetbuilder consistently found them middling in performance.

I have ubiquiti gear for my home network. It's pretty good for what it is, which is basically "consumer networking gear for power users" but I'm not sure I'd use ubiquiti to do serious networking for an enterprise environment. Maybe a small business/doctor's office type of environment.

If you're doing serious business with your WiFi then the UBNT stuff is probably not quite good enough.

I have one of the flying saucer shaped APs, but it's super old and only does B/G. It was under a hundred bucks and unlike my old APs it doesn't get angry at certain devices and deauth them randomly from the network. Or other APs I've used that start disconnecting users once you have more than 15 devices connected at once. The configuration software is a bloated Java daemon that I have to manually start then connect to with a client. It's not all that user friendly, but I've been around networks enough to get it working.

So it's basically the cheapest AP that isn't regularly malfunctioning consumer garbage.

I use a pfsense box (check comments for link) but Ubiquiti gear for WiFi APs/controller/PoE/switches. Been very happy with the setup despite the latest concerns with them posted here.

Their security gateways are universally hated on, and for good reason - one major one is that enabling DPI causes a ridiculous drop in throughput rate, even on the newer machines (which also have faulty firmware). Stay away from them.

Me neither. I switched out my trusty old Microtik AC router for a combination of a Unifi AP AC Pro and UniFi Security Gateway in order to get a bit more distance, and performance and reliability has been shoddy.

I eventually got a TP-Link WiFi 6 AX3000, and it's been super solid, significantly faster, and required almost zero manual setup. The Unifi itself required a PoE adapter and a router, and of course needs the controller application to do anything.

(The controller app with its easily-corrupted and hard-to-upgrade MongoDB database is perhaps the worst part of it. My two devices occasionally required re-"adopting" for no discernible reason. I was unable to upgrade the controller at one point because apparently (?) they stopped bundling MongoDB, and the controller refused to use the version I installed manually. Of course, this breakage happened after the software updated, so the only way to fix it was by restoring the old version and database files from backups.)

Maybe Ubiquiti products make more sense when you need dozens of access points across a big building, but definitely not in a small city apartment.

I don't think that's an environment in which Ubiquiti gear makes sense. It's much more useful for the people who have a 3-story house and have to have a separate downstairs and upstairs Wi-Fi network to get decent coverage.

It is useful even in apartments: you can have your router near entrance, where the ISP terminates, and then AP elsewhere in the apartment, where you can get better reception for your devices.

Agree, but I would at least expect performance and reliability to be better than a consumer router.

What do you mean when you say “the Unifi itself required...a router?”

The Unifi Security Gateway is a router.

Sorry, the AC.

Any access-point-only device will require that, it’s not a unique requirement to the Unifi access points.

Of course. But it could be a lot simpler, too. For example, USG doesn't have PoE (only the EdgeRouter X does, I think), and the AC itself doesn't have a power adapter. Both things would have made things simpler.

My wish is for a prosumer wireless router that's rock stable. I've burned through numerous routers that all have had weird issues. The closest I've gotten was my Microtik AC Lite, which I loved, but it doesn't have an external antenna, so its range was questionable.

Didn't your AC ship with an injector?

AFAIK, only the 5-piece package ships without injector, the individual ones do have it.

No injector came in the box. I remember reading forum discussions about it at the time that explained which models/packages came with the injector, but I forget what they said.

That's bummer.

I've purchased only nano-HDs and AC-lites, and they all came with one in the box. What didn't have any is Cloudkey 2 Plus. I had to get a third-party injector for that one (or Quickcharge USB charger with USB-C cable - I went with injector).

Many APs are routers. Unifi ones are bridges.

I work in IT, and I and several others use UBNT. I have not had any reliability issues, but you do not want to be hasty with version upgrades unless you need it to fix a bug. Read release notes.

I have an Edgemax ER-Lite router and a UAC-AP-Pro access point, and a security camera for testing.

If you can, it's best to stick with one lineup of products. Unifi is one line, edgemax is another, amplifi is another, and so on - having one management plane is optimal. I have thought about getting a Unifi router so everything is done through one control center, but I don't need to.

tl;dr - I think they are great for the money. You can do advanced stuff with the routers as well, like VPN gateways and BGP if needed, but not always easily in the GUI.

the bgp implementation on all ubiquiti's products is a tangled mess. it hogs CPU, is unstable and does not support most "nice bgp features".

I don’t think there’s any good options outside of commercial brands. If my Airport Time Machine and Extreme die, I’ll probably switch to premium Netgear equipment.

Meraki would be nice except Cisco owns it now and they are experts at milking you with annual fees.

> If my Airport Time Machine and Extreme die, I’ll probably switch to premium Netgear equipment.

Why just replace them with second hand units?

Apple may no longer sell them, but they are still widely available.

I assumed I wouldn't easily find them, but I will get them if I can!

/r/homelab, which is where I heard about it, seems to like it.

I've had UniFi equipment for a while now and am generally happy with it, though I'm not doing anything terribly crazy. Well, maybe crazy for a home user, but not nearly as crazy as some of the /r/homelab folks get.

I've got multiple VLANs, firewall rules controlling traffic, multiple WiFi networks. I'm using 2 switches (8 port 150W PoE, 24 port non-PoE), a USG, and an AP AC Pro. It all works fine.

My only complaint is that the new version of the controller software rearranged all of the settings and I haven't figured out where everything lives.

You can (still) switch back to old settings in the new controller. The latest one switched the client view to a newer one too, but fortunately the old one is also available.

I've been trying to avoid using that escape hatch since, presumably, the new settings will eventually be the only settings.

There's also a search in there which has proved helpful.

I treat it as prosumer grade equipment. I use it at home but not at the office. My general rule of thumb is if I need it to make money, it's not going to be Ubiquiti.

I have UBNT gear at home, and have had it for four years to replace my apple AirPort Extreme. I got rid of the AirPort Extreme because I thought apple would abandon it. I’ve been very happy with the UBNT platform since. I do wish there would be a decent upgrade to the USG 3 coming soon

I feel it’s really pervasively good marketing, and maybe the performance was better back when the WiFi link was not usually the bottleneck. (Ref: Bufferbloat, hard to verify because Ubiquiti flouts open-source licenses.)

> It just doesn't make sense to me.

you probably typed that, and everyone here will read on a macbook, which just switched from bash to zsh to avoid GPL. On a BSD kernel to avoid GPL. with browser and OS build by a compiler that had to receive tons of features to catch up with the GPL one. On browsers that were built on top of GPL (chrome) and LGPL (safari) engines but that magically become BSD along the way.

All the evidence suggest Open source is a toxic gold mine for corporations.

If you really want a small fully open source router these days, you can build your own VyOS (evolution of Vyatta) install ISO, which is fully open source, and install it on some small x86-64 system with multiple 1/10GbE interfaces. Or install pfsense, which is also fully open source.

because working through the absolute trash fire that has been closed source merchant silicon SDKs was/is a competitive advantage.

things like P4 will move the competitive advantages farther up the stack where they belong

It's why I decided to make my current router a full PC running Linux with a couple of NICs and am looking into getting wireless working directly on it.

I’ve done this in the past and had great results. The only downside is that running a regular PC drawing ~100W 24/7 can easily add up to $100/year depending on electricity costs and eventually an embedded device would pay itself off.

I am running pfSense on a Supermicro X9SCL 1U pulling <40W, with an old SSD as the bootdisk. gig nics & everything else.

Sure you can half the power draw again with an embedded device, but diminishing marginal gain.

Can't say if it applies to your case, but as a firewall/router I use a "thin client" with a TransMeta processor, the actual model is Fujitsu Futro S, there are/were several sub-models, mine is an old S220, it runs Zeroshell (a Linux distro) with an added "normal" PCI network cards and it is like 15W:


Thin clients were fun, but they aren’t nearly fast enough for modern multi-gigabit Internet connections. They can route maybe up to a couple hundred Mbps.

I’m wondering whether a mini-PC can route even 1 Gbps at line rate. Lots of people are using mini-PCs as routers, but most of them have only 1×1Gbps Ethernet interface and no PCI slots. The Minisforum DMAF5 has 2×1Gbps Ethernet interfaces, but that’s an off-label use and I haven’t seen any benchmarks.

Of course, if you go all the way up to mini-ITX, then there are plenty of options for various performances of CPUs and network interfaces.

I can't say for sure what you can do with a miniPC, but I did 1 Gbps routing with all packets going through userland and back to the kernel (because of any over elaborate at&t router bypass) on a pentium g3258 (haswell, dual core, 3.2 Ghz) and it was fine. A transmeta box seems probably a bit old, but relatively few people have gigabit internet. If you wanted that box to do wifi too, that might be problematic; but I generally use wireless routers configured in access point mode to be access points. In access point mode, as long as the networking hardware and drivers are decent, you get fine performance; you don't need great NAT acceleration or properly managed memory for state tables on the wireless devices, since that's managed on the router/firewall/could be a home server too.

Benchmark sites like userbenchmark.com and cpu-monkey.com rate the 7-year-old 3.2 GHz Haswell as having roughly the same single-core performance as the 2-year-old 2.1 GHz (3.7 GHz single-core turbo) Zen+ CPU in the DMAF5. But that doesn’t cover the I/O performance, especially with Realtek Ethernet interfaces.

Most mini-PCs are using 2-GHz-or-lower Gemini Lake CPUs with much worse single-core performance, but much better video I/O performance. But that still doesn’t cover network I/O, and Realtek vs Intel. (And Intel i40 vs i211.)

Relatively few people have gigabit Internet, but it can happen suddenly. 3 years ago, I upgraded from 20 Mbps DSL to 1 Gbps symmetric fiber. Bye-bye to my old MIPS 24K router. But all these years later, my brother 1 mile away is still waiting.

> looking into getting wireless working directly on it. reply

This is, unfortunately, pretty hard to do well. 5 GHz AP support is particularly complicated, as the AP is required to take some special steps to avoid interfering with other services using the band, including weather radar. Most consumer cards don't implement these steps, limiting them to operating as a client on those frequencies.

I got a QCA986x/988x (forget exact model but that's what lspci says) and I'm reading it works with ath10k driver. Wish me luck. Really hope multiple BSSID works but that's why I bought 2.

I'm not throwing out my Asus access point yet.

The limitation is only on the DFS channels. Channels 36–48 and 149–165 are free of radar. And also crowded in a modern urban environment.

I’m not sure what the device manufacturers are doing to prevent unauthorized use of DFS channels, but I have a cheap router with a QCA9887 (GL.iNet GL-AR750) and it doesn’t use DFS channels no matter what firmware you put on it.

Dynamic frequency selection isn't hard if you decide not to use that spectrum. Even without the radar spectrum, 5GHz spectrum is fairly unused.

To be fair, there are a number of companies who have made a go at open source routers but ended up deciding on a proprietary path after all—thinking especially here of Ubiquiti's RouterStation line and the Mikrotik RouterBoard. Plus there are a number of options for open source router OSes that you can install on standard PC hardware.

I don't know that this proves anything one way or another, but I think it's a bit simplistic to imply that this kind of thing doesn't exist purely because it's never been tried.

the WRT3200ACM is available for purchase, is an almost-direct descendant of the WRT54GL and is supported out of the box by OpenWRT/Linux.

Well, the original WRT54GL (Linux version with 8MiB RAM) cost me ~$50 when it was new, the WRT3200ACM is offered for $250. A descendant perhaps, but no replacement.

I really like my Xiaomi Mi 3G. Cheap, has both 802.11ac and 1Gbps ports, runs OpenWRT. The only issue I have with it is no AES support on the CPU. My VPN speed is effectively limited by one of its cores running at 100% decoding OpenVPN traffic.

Use WireGuard as VPN OR change OpenVPN encryption to Chacha20

I recommend buying the WRT1200AC used on Ebay. They usually sell for $30-50 USD + shipping.

Yep, those are pretty much all I buy nowadays for home / small office routers. Absolutely rock solid.

Correct. That's why I sought it out and may or may not have baffled / actively disregarded the Best Buy sales guy who wanted to sell some other routing hardware that was 'newer'.

This message delivered to you with its help, and I am definitely going to be looking for its descendant when the time comes to replace this one....IF it is still open-source-ready.

Does OpenWRT implement some of the more obscure features, like MIMO and what not? I'm still using DDWRT on a Trendnet AC1750 supported router. I definitely don't need much more but I could use some bandwidth and power range for local transfers and such.

I used these before I switched to pfsense at my SMB. They're great. I use the WRT3200ACM at home + a UniFi AP for better range upstairs and have been very pleased.

Especially when they stop pushing firmware updates and leave the whole thing open to become part of a botnet.

Seriously, keep the damn thing open.

This. It drives me crazy that companies want to lock down the firmware, but then won't take responsibility for keeping their locked down firmware from being taken over by bots. If they hate maintaining the software so much let the community take over.

If I were a AP manufacturer I would have like 1 software guy total, and his job would be to make sure the drivers for the hardware is always up to date on the open source software that my product ships, and to contribute bug fixes and feature improvements to that software.

Well, I like to think that anyway. I have some suspicions that chipset manufacturers like to keep their documentation behind NDA that precludes anybody who signs it from contributing to open source software.

Neither of those options push the user to buy a new router every few years.

“Open” is not the only problem.

I tried prioritizing “open.” I had a customized firmware on a fully open-source (even open-source WiFi firmware) Atheros-based router. And “open” turned out to mean, “enough rope to hang yourself.” I didn’t dare update that thing for years because I installed it in an inconvenient location and I couldn’t trust that it would continue to work if I installed upstream updates.

Now I emphasize update automation. The closed firmwares of ISP routers are not great, but the ISPs take charge of maintaining them. I don’t recommend plain OpenWRT to non-technical users because it doesn’t auto-update.

Maybe a Turris router, because they have the CZ.NIC people in charge of updates. Even there, the transition from Turris OS 3 to Turris OS 5 has been disruptive because of the upgrade from OpenWRT 15 to OpenWRT 19 and its migrations to Device Tree and Distributed Switch Architecture. At least CZ.NIC is still updating the Turris OS 3 packages.

It depends a lot on what you mean by successful. Was the WRT54G successful in terms of sales numbers and value delivered to users? Absolutely. But in terms of internal hype, ever-increasing revenues, and executive promotions? Probably not.

Some routers openly tout the hackability of their routers to add open source firmware as a selling point. But those were also relatively expensive.

When routers are ordered in bulk from ISPs in certain countries, the ISP is the customer, not the end user. The ISP often doesn’t want the end user to be able to do things like enable IPv6 and things that could boost the effectiveness of Bittorrent. A closed-source design ensures that only the ISP can change certain settings.

I suspect it's more that when someone flashes a router with custom firmware, they are far more likely to then spend hours on the phone with tech support because they have messed up the MTU settings or can't get VoIP to work because the the SIP ALG isn't working properly anymore...

For every person that delves into the internals who knows what they're doing, there are 10 people who delve into the internals following some incomplete and outdated online heresay...

The support angle is the party line for why they want to own the boxes, but there has never been any actual data to back this up. Further I do not see this being a real problem, hell I use a custom router but if I have a problem I have hook up the ISP router to talk to customer service, I am fine with that.

The real reason they want this is 2 fold

1. Money. it is always money. They want to be able to advertise "Internet for only $30" but then tack on 20-30 in "other fees" to get that bill up, $5-10 for a router is an easy gain

2. Control. Companies like comcast have lots of control over the endpoints to the point where they can manipulate the firmware do do what ever they need for traffic management or even offer public wifi access to all your neighbors...

I don’t disagree with your points 1 and 2, but IME having worked in telecom for more than a decade your point about there being no data to back it up is wrong. Probably no data that you have been privy to, yes. Your lack of exposure to data does not equate to a lack of data. IME, internal analysis of trouble tickets along with unit cost is driving most moves by an ISP to make installation and usability simple, automated, and specifically not result in support calls. Remember that 90+% of their customers have the expectation that it just works like a power utility and buy their kids’ gaming machines from Costco and Walmart. They really don’t care about config customization and prioritize the assumption that it “just works” far above their flexibility to load custom firmware.

1 really doesn’t hold water. Some ISPs in the US still waive the fee if you don’t rent equipment, so that doesnt really strengthen the argument. I now have an ISP that doesn’t waive the fee but that doesn’t matter either, since it is not optional it is just part of the total sunk cost. I still use my own router.

Your whole argument doesn’t hold water because even with Comcast you can bring your own equipment. They don’t go out of their way to help you... but they don’t stop you either. Don’t see how that is “control”.

Maybe you will not call tech support when your own equipment fails but you clearly have no experience in a support role if you think other people won’t!

Just spend some time on GitHub issues for more popular open source projects to get an idea, and the multiply that by at least 10 for the general public.

Both Comcast and my current ISP both simply refuse to assist if you do not have their equipment. I have experiences both "Please hook up your ISP provided router and if you are still experiencing problems please call back"

Hell half the time they do not even help when you do have their equipment. It took me 3 months of calling support before my current ISP agreed to send a tech to look at my ONT that was clearly resetting itself, Tech replaced the ONT has not had any problems since.

ISP, all ISP's, customer service is terrible, there is not a ISP on the planet that has good service. Or atleast in the US

This is the real reason. 90+% of their customers are, for lack of a better word, idiots when it comes to “hacking”. The ISP just doesn’t want to deal with it. And for the 10-% who do know what they’d be doing, the ISP doesn’t care because it’s another configuration they have to support.

There’s a reason ISPs won’t help you if you hook your own router up. It’s not malicious. Just then doing what makes sense from a financial and a training standpoint.

It’s scummy, but the Dunning-Kruger effect with tech is very real.

I'm fine with that... if they can prove it. They have to release stats that show what percentage of customers called in with a custom firmware and how long it took the techs to solve their issue.

I guaran-fucking-tee you someone smart enough to flash a custom firmware will likely have scoured the Internet for the answer first. Most of the time, they'll find their answer somewhere on a forum / blog post. I would actually be willing to bet money that technical support spends far less time with these people than it does with older customers who "can't be bothered with reading" or younger customers who grew up in the "it just works" generation.

There seems to be a middle ground of people, I think we're called the Analog-To-Digital generation, that had to actually put effort into learning technology, because so much shit had to be manually configured, that we gained a pretty solid understanding of tech and we don't have the fear of it that I see in people even just five years older than me (I'm 40), and the lack of interest in digging around in the "guts" that I see in people far younger than me (25 and under).

When I was ~25 in the late 90s (now in my late 40s) I spent 3 months with a 'custom' guy. He was going in and re-writing our software stored procedures. They had to work a particular way or the whole harry ball came flying apart. 2 level one techs, 3 level two techs, 3 on site rebuilds with 3 installers and 4 senior engineers. 3 months of work. All because 1 dude decided to change things out and did not follow our extensive docs and use the people we dedicated to help him. All because he wanted a feature but did not want to pay for it but did not want to admit he broke the multi million dollar system they bought. It was like an hour of work for me and 1 line of code. But he jerked us around for months and cost us thousands of dollars of time and work and would scream at us for hours on end that nothing worked because he broke it.

BTW The dudes who worked the .COM boom/bust stuff are hitting their 50s. When you are on your 15th uber framework sometimes you just wing it and dig in only if you have to. Or as I say to my fellow devs 'what useless tech skill am I going to learn today that I did not want to know about'. For my first couple of stacks I can tell you everything you want to know for hours on end. For current ones that passion is mostly gone. Crunched out of me with endless meetings and forms to fill out.

> I guaran-fucking-tee you someone smart enough to flash a custom firmware will likely have scoured the Internet for the answer first.

Or they followed a "how to get free movies/tv/sports" guide which told them to follow these simple steps, and something went wrong, and they have no idea what to do next, and they're offline now too.

I would say 90% of their customers don’t want to be hacking their router, and 90% of those that do don’t really know what they’re doing.

Probably. And in that case, the ISP would be even more justified in not supporting “non standard” configurations.

So they can say:

Connect the modem we gave you with our settings, and if it works using that it’s not our problem.

It’s not that hard.

> The ISP often doesn’t want the end user to be able to do things like enable IPv6 and things that could boost the effectiveness of Bittorrent.

In what country are ISPs blocking ipv6 because it makes BitTorrent effective?

I didn’t say that ISPs are disabling IPv6 because it has any connection to Bittorrent, I said that IPv6, on one hand, and Bittorent-accelerating features, on the other hand, are two things that some ISPs in various countries may want to block.

For example, in Poland the router that Orange forced fiber customers to accept for 2019 came with closed-source firmware, and while there was a hack to enable IPv6, the ISP – who alone had superuser privileges on the device – issued a command to the router each night at midnight to disable IPv6, because it considered IPv6 a "beta" feature not meant for wide use (a limbo it has been stuck in for years now). The customer, without access to the router internals, had no way to permanently override it. Fortunately, if I understand correctly, EU legislation is phasing out any obligation to accept only the ISP-provided router.

> As Lifehacker put it way back in 2006, it was the perfect way to turn your $60 router into a $600 router, which likely meant it was potentially costing Cisco money to have a device this good on the market.

The margin on routers is lower than cloud subscriptions.

Hardware with margin to support open source is available from companies like Netgate but pricing isn’t competitive with consumer products.

Which is kinda ironic, since obviously router software is the worst.

Answer is right there in the article: it cannibalized more expensive router sales.

So, I worked for Broadcom for some years after this went down. This post is purely descriptive to give people some insight into the history from inside the company; I'm not commenting on who should have done what (although I was not directly involved, so if someone who was comments, take their word over mine).

Broadcom made an error of judgement here, but this incident fostered a deep distrust of open source, at senior levels, that persisted for more than a decade after; perhaps to this day.

Firstly at this point Cisco was, at the time, Broadcom's largest customer by a large margin. This caused huge tension in that relationship that was totally unforseen, and was very painful for a while.

Secondly, a at a certain point it dawned on Cisco and Broadcom that the GPL lawsuit was not like a normal business dispute , because businessmen after a certain point will settle for money even if they didn't get everything they want. Sure a few people will keep going to the detriment of their own business, but most aim to make profit, not expound a principle. Many companies in the position of the FSF would have settled for a cut of the revenue. But the FSF wanted the source code released, and they were prepared to kill the business to get it. So Cisco and Broadcom had to concede. The source code was released, and OpenWRT was born.

The fallout, though was that subsequently Broadcom router ICs were designed with hardware accelerators which were separate from the main CPU. They were driven by separate CPUs on the same SoC that did not run linux and whose drivers could not be demanded under the GPL. none of the open source firmwares can run these devices efficiently unless someone spends weeks reverse engineering them.

I'm not sure about the last point. I would think hardware dedicated accelerators were done because it was the cheapest way to achieve that performance not because it allowed to somehow bypass GPL. However, choosing to not run Linux but some proprietary OS could most certainly have something to do with that.

At the end of the day, was it a good thing? I would say it was. It opened many generations of home router hardware to being modded/replaced with user controlled software. It even created a market of its own where certain consumer router hardware is advertised as being designed to run custom/third-party software and where vendors themselves ship with some heavily modified software and release the sources for it from day 1 (which are the only wifi routers I shop for these days).

Indeed, hardware accelerators weren't introduced because of the GPL. What changed was that previously they were connected to the main cpu and driven by drivers that fell under the GPL; to avoid the GPL secondary CPUs were introduced not running linux at all.

I can't speak to Broadcom's motivations, but the end result has certainly been that they are the least open source-friendly WiFi vendor, behind Qualcomm-Atheros, Mediatek, Marvell and Intel (client only). When Linksys wanted to do a successor to the WRT54 series trading on its open source reputation, Broadcom wasn't an option because they've made themselves the NVIDIA of WiFi.

I don’t know why WiFi AP manufacturers don’t just give up and just use stock open source firmware on their devices. They are not even trying to get the sw right. The first thing I do when buying one anymore is ditch the built in tinker-toy firmware and install an open source one. Lots of companies that make hardware treat software as just another line item on the BOM like a bolt or a screw, and source the cheapest shit they can find, rather than treating the software as an integral part of the product that needs the same polish as the external box and marketing materials.

FRITZboxes are better in terms of their software. The names and descriptions for the various controls are written in proper language, and there are loads of graphs and stats for the nerds. My only gripes are that the interface relies too much on JavaScript (you get sent back to the login when you refresh the page...) and that, at least on my model, there is no way to perform a factory reset without plugging in a phone handset (who has one of those these days!).

Of course, OpenWRT still kills it in terms of support for standards. FRITZboxes have their own stupid mesh protocol that's only compatible with other FRITZboxes, not implementing e.g. 802.11s.

To be fair, the FRITZ suite also wants to (and does) support Cable internet (afaik the only non-ISP-supplied modem or router-modem you could even buy in europe), DECT, and a range of 433MHz home automation products. And of course, you mentioned their homebrew mesh stuff.

So there's a lot of non-standard tech available in those boxes and it is no huge surprise that this is kept proprietary.

IQRouter[0] uses OpenWRT, or at least is based on something like OpenWRT, and by default measures your bandwidth so it can manage traffic to reduce congestion. Recommended by Jim Gettys[1]. I've been pretty happy with it.

[0] https://evenroute.com/iqrv3

[1] https://en.wikipedia.org/wiki/Jim_Gettys

Probably because they can ensure their software works properly. I recently dug out an old Asus RT-N16 and the latest Tomato firmwares are all completely broken. WAN DHCP doesn't work. Took me a couple of hours to figure out. Turns out it was broken a year or two ago and nobody has noticed (it's a pretty old router; I doubt anyone still uses it). The official firmware worked fine.

The point is the manufacturers have a much higher incentive to ensure everything works than open source developers.

The ASUS firmware at least seems to support way more features than Tomato did, at least without resorting to the command line. E.g. my ISP requires the VLAN ID to be set. I doubt open source router GUIs have a nice option for that.

It's not that old, works tolerably for a small household if the link speed is below 100Mbps. Freshtomato worked fine last time I checked. Too bad these chips suffer performance loss with OpenWRT, though.

The sad thing is ten years later the market is still dominated by devices with half its RAM.

I had a Buffalo router that did that; IIRC it came with their proprietary firmware and a copy of DD-WRT on a CD. (Might have been the other way around; this was about a decade ago.)

I don't believe they would have been in much legal issues: they'd have to make sure the copy of DD-WRT they shipped was fine, but if you get updates / flash your own, there's no reason they'd be on the hook.

There's some manufacturers doing this, or close.

https://www.gl-inet.com/ uses OpenWRT as a base for their firmware, and also provides clean images or you can install from OpenWRT images directly. Their specialty seems to be the form factor of the devices, and while they put some effort into a web frontend, and it's fine, they also make OpenWRT support a feature.

Buffalo does something similar.

only kind of hardware where this seems to be commonplace is 3d printers. super modular in general, you can usually just swap in hardware from one machine to the next, unless it's a super commercial grade machine. I get the principle doesn't transfer as well to other devices in all cases, but I wish more stuff was like that

It's probably mostly due to legal liability. Real or perceived. It's gonna be risky to convince a jury you did your fiduciary duty to either consumers or stockholders when opposing lawyer is saying "so you subjected my client's data to you didn't even write? Code anyone one on internet can change at anytime, etc. etc.

legal is not about what is true or right or fair or probably it is about risk reduction/mitigation. A 20% chance to lose court case is too much. Or even chance of bad PR is something to be avoided.

Doubt... Look at all the CVE on that kind of hardware, limited liability and actual loss of control to contractors. In this case, leading to not knowing you are actually selling Open Source technology.

Look at the longevity of this router and all the features: "it was the perfect way to turn your $60 router into a $600 router". With closed firmware, you can artificially lock features and prevent everyone from adding them to cheap devices. You can also stop updating firmware after few years so everyone trash old devices and buy a new one.

Fun fact: Open Source is good for the environment.

> You can also stop updating firmware after few years so everyone trash old devices and buy a new one.

Routers aren't really the kind of devices that become obsolete quickly though, are they? A bulk of all users will just use they one they will get from their ISP. Since the main interest of ISPs is reduce ongoing costs for support (reduce calls to hotline and sending out technicians for the setup of a new router), they should also be motivated to provide cheap, long lived routers.

They are motivated to provide cheap, managed, reliable, plug-and-play units. Changes are driven by feature sets they need to stay competitive (eg new WiFi or wps standard) and wholesale deals.

If this were the issue you'd think there would already be a series of lawsuits against the free software drivers currently available.

LOL, Yeah like all the open-source software that drives 95% of the Internet?

If this could be done, it would have been done already.

I still have one of these in a box. Maybe two as I used to encourage friends to buy them years ago.

I only stopped using it(with some custom firmware) about a year and a half ago because it was just too slow - and had gotten this weird issue where it would cut off the internet to some devices while keeping them on the network.

It was really by luck that I had one of these in my teenage years initially to play with. I sometimes wonder what hobbies I would have developed if I hadn’t lucked out and found working computer in the trash, or my parents had bought something that wasn’t such an easily moddable desktop (AMD K6-2 was the CPU in the first computer they purchased).

Anyway - the WRT54G really was a fun piece of hardware to play with.

> because it was just too slow

The WAN to LAN throughput on a wrt54g is only like 34mbits/s. It’s just too slow to handle a fast internet connection. I guess the fact that so many are still being used shows how ISP connection speeds have stagnated.

Or that there simply is no need for that high a bandwidth. Netflix, e.g., uses fancy compression algorithms and you can almost watch their HD offerings with ~3mbps. They do recommend 5mbps and 25mbps for their 4k content.

I so wished, I could get here a 6mbps connection for half the price of my current 65mps line.

So there's a need for it, it's just that you don't have a need for it.

I'm happy with my 1gbps connection where I can download a 50GB game in less than 10 minutes.

I know that there is use for it ("any space will be filled"). A buddy of mine has two teenage boys -- 'nough said. I just don't see that as explaining the market for 100Mbps+ connections to the home and such routers.

Your use case reminds me of the (mystical?) fellow who allegedly complained that his new graphics card didn't allow him to play his favorite 3D FPS game and watch a movie simultaneously.

I have no idea what you're talking about. Honestly I think you're a bit out of touch with how people use the internet today.

I've got two monitors.

I've played an MMORPG before where I have a YouTube video playing on the other monitor.

This has been possible for probably 10 years.

Also yes. People live in homes with other people either as a family or house/flat sharing.

Who all use the internet at the same time.

What if they all want to watch 4k video in their room? Whilst their consoles (Nintendo Switch, PS5 or Xbox Series X) are downloading games/updates.

If they want to maintain 4k streaming, they're going to need a fast download speed.

Google Stadia, Amazon Luna, Nvidia GeforceNow are game streaming applications, they require good throughput in addition to low latency.

Low latency requires an uncongested connection.

What if they work on photos and videos in the cloud? They can load them up faster to work on. Rather than requiring a signifant local storage.

Especially if they have symmetric upload speeds.

100Mbps+ is clearly beneficial.

You're conflating your lack of need for fast internet with everyone else not needing it.

I do this. I watch Netflix and play video games at the same time. So I guess my point is this is a use case which exists. My GPU handles it just fine though.

Another point is that old wireless tech is inefficient so it reduces your smartphone's battery life. Faster connection able to work faster, so the device can go to sleep state early, even when streaming Netflix.

You might not have a need for it but others do. It really sucks to buy a new game after work and see that you won't be able to play it that night because it has a 5 hour download time.

Bro, when I want to play games with friends I frequently have to update to play because I play so rarely. Speed means lower latency to startup.

If you still want to live that WRT life with something like OpenWRT/LEDE (I think they re-merged now just under OpenWRT but I'm running LEDE currently) then I can highly recommend this [0] updated version. I have it and I can get gigabit speeds (wired) through it just fine and don't have any issues with the wireless other than at the far, far end of my house and only sometimes.

My next router will probably be a Ubiquity setup so I can setup 2-3 AP's for full coverage and coverage out to the (detached) garage but that setup is not cheap or simple and my current issues are so minor that it will be a while before I pull the trigger on that.

[0] https://smile.amazon.com/gp/product/B01JOXW3YE/

I'm still running a WRT54GL with Tomato firmware on at my parents place. I used it until I upgraded to a faster one, but the reason it's still running is that it provides the longest 2.4GHz range which is perfect for a large house. I've tried Ubiquity, newer ASUS routers and the range is shorter and their devices prefers to connect to the WRT54G. And my parents don't need super fast wifi, just a stable one.

One fascinating sidebar in the WRT54G history was the Fon [0] "Fonera" project, which was one of the reasons I bought WRT54G specifically. (Which I found in a box just recently, Fon stickers beside it.) Fon had the idea of trying to build a network of independent residential wifi that users could share roaming among each other. It was a paid wifi network, so people that had a Fonera AP at home could opt for either free access wherever they went as benefit of running an AP or a simple profit sharing option (but then they'd pay for their own roaming).

The original Fonera projects were all built on top of OpenWRT.

It was cute idea for trying to make guest-accessible wifi ubiquitous. It ran up against shifts in law in some countries making network AP owners more personally responsible for accesses to their wifi. Also, it never really hit network effects that the scale mattered. I ran a Fonera AP through a large chunk of college/grad school and can't say that I ever saw another AP in the wild to take advantage of the free roaming (and if I had it switched to the profit-sharing mode I never would have seen a dime).

Fon pivoted entirely out of the Fonera residential wifi project in 2016. It was a neat idea, but it didn't survive.

[0] https://en.wikipedia.org/wiki/Fon_(company)

I don't recall which wifi router I used, but also I setup fonera for about a week. I also don't believe I ever saw one in the wild. I thought it was an interesting idea.

Man I used one of those forever, I think I finally threw it out once 100Mb switch and G wifi wasn't quite enough. Tomato was probably my favorite firmware for it. I remember bricking it with a bad update one time and having to jumper two pins with a paper clip to put it in tftp mode in order to load working firmware.

A buddy of mine got divorced and found himself in a tiny apartment with ethernet and not a router. I dug up my WRT54G but yeah, G wifi... In the end, we found an unused TP-Link Archer C7 for him, but that WRT54G brought back some memories.

The highly coveted WRT54G!

I picked up a number of these at thrift stores over the years. Occasionally I'd get lucky and get the "WRT54GL" version. I was sometimes persuaded to exceed my "$5 or less" budget for a "L" version.

They were great for having a little Linux-box to do oddball utility stuff-- ad-hoc OpenVPN endpoints, caching DNS server, captive Wi-Fi portal controller.

They were eerily solid for their built-to-a-price-point nature.

A few years back, I spotted two of these for $0.50 at the thrift store amongst all the outdated DSL modems and answering machines. My tech hoard was already large enough at that point so I made sure they worked, flashed the factory firmware, and turned around and sold them for $25 each on craigslist in under 24 hours. Easiest beer money I ever made.

Its spiritual successor was the Asus RTN-16. I still have one sitting on my bench, running TomatoUSB. I got it 9 years ago, and for the past 5 years it's been a 2.4ghz wifi bridge, connecting the hardwired devices in my office to the wifi router in my house. It just keeps working, so I keep using it.

Of course I can't forget the first time I got a WRT54G. My brother in law had one just sitting around unused (around 2006 I think) and while I didn't know a lot about them, I asked him about the router. I ended up trading him a well used laptop for it. The router was the locked down version. Then it died. Oh well.

How is respecting the licence of software you use an accident and a problem? The managers who believe that are completely insane. Even the market segmentation theory: you can not just sell perfectly capable hardware but artificially limited by software to a very narrow set of features and pretend you care about e.g. limited natural resources. Likewise attempting to limit the hackability (and reparability) of devices is starting to look criminal in my eyes.

What's a reliable company for multi-AP setups that also respect my privacy? Ubiquity had that whole phone home scandal.. Eero I'm not sure yet.

I have pfSense for the routing but now just need access points. So far I've been using an old Asus ac86u on Merlin as an AP but the reception is not great in other rooms due to the fact that walls in my apartment are concrete with rebar.

If you can live with only 802.11ac, I've had great results flashing OpenWRT onto Mikrotik wAP AC boards. Performance peaks at about ~400mbps TCP throughput at 2x2 MCS-9. WPA3 works without problems. For multi-ap, setting up 802.11r is fairly straightforward, k/v requires some custom scripting to generate the neighbor reports. Be careful not to get the new revision with the two chain radio as the chipset is different and not yet supported by OpenWRT.

I just use the wAP ac (and cAP ac) as-is. I don't feel compelled to install OpenWrt.

They're great devices even with the stock firmware, but their wireless drivers are quite dated (no wave2 support, no WPA3, no 802.11r/k/v). They do have a beta package with wave2 support but it's not supported on the low RAM devices like cAP / wAP AC.

I use a pfSense+UniFi combo. I know about the scandal, but they added an option for the user to control it and as far as I know, they haven't done anything questionable since - software quality aside.

(Actually I know the internet loves to bitch about Ubiquiti but my experience has been just fine. Maybe it's because I don't have a Unifi router.)

Yeah, it might be an overreaction but the fact they did that does show that they have people who are clueless in their company and don't respect their customers

Given the target market of their product I would expect any such attempt to be quickly found so I guess there's not that much risk to use them

I'm looking for the same as well. I've heard good things about actual enterprise APs, though they seem to be quite expensive. Ruckus APs are 4x the price of my current Ubiquiti APs.

I'll probably do more research into this when Wi-Fi 6E becomes more commonplace. For now, I just block outbound internet access on the management network for my Ubiquiti APs and controller.

Mikrotik. Maybe?

I've seen a few articles that use a raspberry pi in fact

CommScope Ruckus?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact