I think all of these consumer-grade routers kind of suck. A WiFi access point, a cheap unmanaged L2 switch, and any random cheap x86 machine as a router will work miles better and give you infinitely more flexibility.
You can run OpenWRT on x86 if you want, or use OPNSense, or just run Linux or FreeBSD yourself if you want to get your hands dirty and configure it yourself.
Agreed, though worth adding that basic managed switches are so cheap at this point as well, even new let alone used, that probably worth it. Brand new, a basic Omada 8 port gigabit switch starts at $70. Having 4 of those ports be PoE+ is only another $20. UniFi is similar, or Mikrotik for less, and of course can find tons of used stuff that is still fine at bargain prices. An entry level WiFi 5 WAP is $60 or WiFi 6 $100 (again, new). For the HN crowd it'd probably be worth shelling out to be able to have 8+ SSIDs, VLAN support, etc. If you use their routing too can have a single pane of glass for it all, or separate out routing/firewall/services from the rest.
I run OPNsense on x86 for my routing and then Omada or UniFi for switching/WiFi and it's definitely nice. While it's somewhat more effort to setup, solid network infrastructure proves very handy over and over for both experiments and self hosting, smart home security etc. In aesthetics as well honestly since dedicated PoE WAPs also just plain look better, no visible antennas just smooth plastic disks (that you can then paint or put decals on to make them blend right into a wall or ceiling) with a single easy-to-hide cable. In houses, coverage can be far better optimized, WAP(s) can go exactly where they need to.
Well yeah, though not just "advanced features" but also "basic maintenance and polish of existing features". That's why I moved routing and such to OPNsense and switched a couple hundred switches/WAPs out for Omada kit instead. However in Ubiquiti's defense, and while they've been a total dumpster fire, there have actually been some belated positive moves after years of stagnation except for UI bikeshedding the last few releases. It's finally moved to more modern Java and Mongo for example, and implemented at least basic PPSKs. Granted the latter seems buggy as hell and they've just had a critical security vulnerability. But even so mildly positive signs, maybe they've started to get some of their house in order. I'd be delighted if so, it'd be nice to have two decent local only SMB-tier networking options.
I've been waiting for an article like this! OpenWRT doesn't want to endorse specific devices[1], which is fair. But it leaves casual users like me in the dust. My router is >10 years old and I've been meaning to upgrade. But I don't have time to read every router's 1000+ post thread in the forum trying to figure out which one is best. Just tell me what to buy, dammit!
I'm not doing VPN or anything heavy with them; I had to deploy a couple routers last month. My "what's walmart got for $100" adventures, in hopes that others may benefit:
I found Linksys ea8100 and Netgear R7450, and they're acceptable "ramips-mt7621" devices for openwrt. The linksys may have gone unavailable / clearance, not sure.
They also had a Linksys E7350 which was not flashable and a Linksys e5400 which was 100mbit, last generation holdover I think.
The Flint 1 is shipping, which is the best router I've ever owned. In terms of performance (runs Wireguard effortlessly), affordable, better coverage of my home than the $400 NetGear, Linksys, Asus routers I've tried (I suspect because the US commercial routers throttle their transmit power), these are super reliable. I'm happy to stick with v1 but also pre-ordered v2 just because I'm a fan. I only wish they would add mesh support (though they do have mesh routers, they are just lower specs).
I get why one would flash OpenWrt on hardware that is no longer manufacturer supported but is there any indication that security is improved or at least equal before then?
That's an excellent question, and not one I've seen rigorously investigated.
My own completely subjective opinion (as an infosec type) is that OpenWrt is probably better for security than the vendors code since 1) the vendors aren't security companies and have an at-best iffy history with security, 2) OpenWrt releases more often than vendors, so there's a better chance (chance, not guarantee) more bugs are being fixed quicker and 3) platform diversity means OpenWrt code paths are being tested under more conditions that any single vendor does (probably). But that's all subjective and lumps all vendors into the same bucket; likely some are much better than others.
I’m still using my Turris Omnia. It’s not strictly OpenWRT (it’s a derivative distribution packaged by Turris) but it’s been doing a great job for years.
I like small SBCs or little fanless x86 PCs for this. You rarely need >1Gb for home anyway, and can easily run openwrt or even pfsense.
Then either Ubiquiti or just a mesh setup for access points. TP-Link Deco has a really good AP mode and is pretty inexpensive.