this post was submitted on 02 Aug 2023
353 points (98.1% liked)

Technology

59428 readers
2858 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Just like the operating system on your computer & cell phone, you can change the software running on your router.

top 50 comments
sorted by: hot top controversial new old
[–] TheDevil@lemmy.world 39 points 1 year ago (3 children)

I would take these projects over stock firmware on traditional home routers any day. And I have done where I’ve been unable to rig a more permanent solution. They have an honourable mission in a section of hardware filled with absolute junk.

But the trouble is the sheer number of hardware targets and meagre resources on these devices combined with the contempt of third party firmware from most manufacturers make them hard to flash and leave them rarely updated, if you’re lucky enough to have a supported device. Even then they are prone to quirks and bugs. Some devices do receive and are capable of receiving updates but they often cost more than the equivalent low TDP general purpose computer.

Just imagine: the developers of DD-WRT have to target not just each individual router model but every single revision as the manufacturers have a habit of switching major components or even entire chipsets between product revisions. On top of that the documentation for the components used might be sparse or non existent. I’m impressed that these router distributions can make it work at all but that doesn’t make it any more practical or sustainable.

At this point you may as well flip the router into modem mode and run OPNsense or PFSense and get a fully fledged operating system running on far more resources than any of these SoCs. Assuming you have the power budget you’ll get assured updates and far more flexibility with fewer compatibility issues and quirks. My passively cooled N5105 box with 8GB of ram and a 128GB HDD happily routes a 1gb/s WAN while simultaneously hosting a busy home assistant instance. The resources aren’t even maxed out.

Following my experience I will always opt to run dedicated APs. DD-WRT WiFi support is amazing considering what they have to work with, but there are only so many wifi chipsets they can support and because they try to support as much as they can there are always problems with something. I really don’t have time to constantly troubleshoot the wifi following cryptic posts from years ago. Ubiquity stuff isn’t flawless either but it’s stable and a lot less prone to hard to trace issues. YMMV.

DD-WRT and friends I love you, you really saved my ass a few times when all I had was some shitty CPE. You’re still way nicer than Cisco gear. But I find it hard to justify using a gimped out SoC from a couldn’t-care-less manufacturer when I can buy a 5W TDP passively cooled x86 computer for ~100usd.

[–] d3Xt3r@lemmy.world 10 points 1 year ago* (last edited 1 year ago) (2 children)

I will always opt to run dedicated APs

Any recommendations for a dedicated Wi-Fi 6+ AP that supports open firmware?

[–] TheDevil@lemmy.world 6 points 1 year ago* (last edited 1 year ago) (2 children)

The short answer is no, because it’s a pain in the ass and offers little tangible benefit. But I can speculate.

If I was going down this path I would look for an x86 box with a wifi card that is supported by OPNsense or PFsense(that’s usually going to be dependant on available *BSD available drivers). I don’t how well they would function but I would expect quirks. You could also check the compatibility lists of the open router distributions to find something that’s well supported. You can check the forums for posts from people with similar goals and check their mileage.

You might even be able to achieve this with an ESP32.

But what are you hoping to achieve? Do you mean open radio firmware or do you mean open drivers? Or an open OS talking to a closed radio? What’s the benefit?

Radios in any device are discrete components running their own show.

Open drivers should be possible. However I have a feeling that open firmware for wifi access points radio hardware is going to be extremely hard to find. The regulatory agencies really don’t want the larger public to have complete control because of the possibility of causing interference and breaking the rules(for good reason - imagine if your neighbour had bad signal so he ignorantly cranks up the power output, not realising that he can’t do the same with his client devices, rendering his change useless).

I seem to remember a change in FCC rules some time back that seemed to disallow manufacturers obtaining certification for devices that permitted end users to modify the firmware, much to the concern of open router users at the time. The rule was aimed at radio firmware but the concern was that the distinction would be lost and the rule applied to the entire router by overzealous manufacturers who hate third party firmware at best.

A fully open radio is basically an SDR. Can you move packets over an SDR? Hell yes, but now you’re in esoteric HAM radio territory. It’s going to be a hell of a fun project and you’re going to learn a lot, but in so far as a practical wifi ap, your results will be limited.

I use FOSS wherever it’s practical but if you want working wifi just stick to the well tested brand names. For what it’s worth you probably won’t gain any security by going open, if there’s any weakness it’ll probably be baked in at the protocol level which open devices would need to follow anyway. At least a discrete AP can be isolated and has no reason to be given internet access.

[–] ridethisbike@lemmy.world 5 points 1 year ago (1 children)

We get it, you're the smartest man in the room. None of that was helpful for that poor soul who asked you for a recommendation on how to step away from OTS routers.

[–] TheDevil@lemmy.world 8 points 1 year ago

He asked for a recommendation which I can’t provide because I haven’t gone down the route he wants to know about, hence the first line and my explanation of why I chose not to do that.

I then speculated how I would do it if I were in his position. Then I broke down his question to help him examine what he really wanted: a completely free(as in open source) appliance, a free operating system and or free drivers.

Then finally I explained why you’re unlikely to get a truly free radio. I’m sorry if you or others found this unhelpful, I was just trying to condense quite a lot of information into a short post.

I did just see this posted: https://lemmy.ninja/post/224052

[–] phx@lemmy.ca 2 points 1 year ago (1 children)

Opnsense and PFsense run on top of BSD underpinnings, so as long as the base OS sports the hardware you should be ok there, but:

I still don't really recommend throwing it all on one device. At the minimum, it's unlikely that a white-box PC with a wifi card is going to be as good for signal etc as a multi-antenna wireless device in hardware designed for such.

DD-WRT and OpenWRT can both do VLAN's and per-interface routing, so what I'd recommend instead is having AP's that run that software connected to port(s) or a VLAN intended for your wireless network, then having that run through your firewall (running PFsense, opnsense or whatever). You can even bind a specific SSID to a VLAN and separate your internal vs guest networks so they can't talk to each other (or at least, not without rules on the firewall host). That also allows you to run a bit of cable and space out multiple AP's in such a way that it provides better coverage, while still managing rules/routing/DHCP/etc so the central firewall.

load more comments (1 replies)
[–] redcalcium@lemmy.institute 2 points 1 year ago* (last edited 1 year ago)

I think Asus routers are about as close as you can get because the stock Asus firmware itself is based on an opensource firmware, which means 3rd party projects such as asuswrt-merlin has an easier time to develop their 3rd party firmware because the stock firmware's source code is available. They are more expensive than other routers though, which might a be a tough pill to swallow especially when vendors such as TP-Link sells their router for dime a dozen.

[–] Aux@lemmy.world 4 points 1 year ago (4 children)

The problem with DIY solutions is that you will be missing out on all advanced hardware features available in prosumer and industrial routers. It's always better to just buy top of the line ASUS router than going DIY. DIY won't give you WiFi 7 or even WiFi 6E. DIY won't give advanced antenna array. The list goes on.

Another point for ASUS routers is that Merlin firmware is available for most of them. And new routers are added all the time. Simply because Merlin is based on official firmware from ASUS. And it adds a lot of nice features, plus gives you SSH access so you can do whatever you want.

And last, but not least, ASUS supports old routers for many years, adding new features and fixing bugs. So if you're not comfortable with flashing custom stuff, you are still better off with ASUS product than with a competitor, as some companies tend to drop support after a measly 9 months since release (looking at you, TP-LINK).

Basically, always go with hi end ASUS - the best hardware plus really good software and support.

[–] weedazz@lemmy.world 8 points 1 year ago (1 children)

Couldn't you use the prosumer router as an AP for the opnsense appliance?

[–] Aux@lemmy.world 1 points 1 year ago (1 children)
[–] Stephen304@lemmy.ml 2 points 1 year ago (1 children)

Because then you get the best of both worlds, powerful routing hardware that can easily route and firewall at multi gig speeds, extreme flexibility in software packages to run on your open router platform, and a prosumer AP with best in class wifi performance, antenna configuration, mimo, solid chipset and driver, etc.

Doing everything on a prosumer router running mips or arm with limited package selection at best and a locked down router is at worst is subpar just as trying to get good modulation rates with a client oriented wifi card running in AP mode with subpar antenna configuration.

If you want the best wifi and the best routing/firewall/IDs with the widest package selection (and ability to just run any x86 application) then a separate router box running an x86 based os like opnsense,pfsense,whatever paired with a high end AP (business AP is a good choice) will always be the way to go unless you value compact, low power, or simplicity over achieving the best performance.

[–] Aux@lemmy.world 1 points 1 year ago (1 children)

How many devices are you realistically running in parallel that a high end WiFi router is not enough for you? Up to 100 devices is easy. Even with a smart home you'll be fine.

[–] Stephen304@lemmy.ml 2 points 1 year ago (1 children)

I'm not sure if you understood my comment fully since none of the benefits I gave have to do with number of devices. Again, the main reasons I listed are that dedicated router boxes on x86 hardware is much more flexible configuration-wise and has many more software packages and addons that can be easily installed compared to consumer routers. You can have plugins like nginx, radius, wireguard, snort (as well as full power to run ids/ips at full speed), etc. For configuration, you have more control over multicast, ways to customize local dns resolution, the full range of local hostname resolution settings, DNS failover, multi wan with the full ability to tune failover metrics, advanced routing rules using hostname aliases that periodically auto-update, advanced dhcp flags and dhcp6/SLAAC settings, virtual IPs (a huge help when doing 0-downtime migrations between hardware or subnets), network bridges, GRE and LAGG, v6 router advertisements, and so so much more.

If I had a consumer combo router there's a good chance I would not have vlans, all my roommates would see each other's smart devices and it would be pretty annoying. I wouldn't be able to selectively route only traffic to google servers from only my laptop, phone, and chromecast through the same Germany VPN so that all the non-google traffic would be unVPNed, and I wouldn't be able to set multiple multi-wan failover modes (let alone gateway groups to group failover WANs) so that for example one vlan fails over from the fiber connection to the copper connection while our neighbors connection fails over from the copper connection to the cable internet connection. I would have no ingress load balancer on my router handling incoming traffic to my homelab, and I would have to use extra media converters to get my SFP+ fiber connection to connect to a consumer router's 2.5G port (did we even have consumer routers with mgig 4 years ago? That's around when I got my fiber).

None of this has to do with number of devices, but total capacity is a bonus of having nicer hardware than consumer crap. This wouldn't be a benefit to most people, which is why my main points are about configurability and flexibility with third party packages, but it is a benefit to me since I have 4 gig of total wan and a 10G link to my core switch. If any 2 of the 10 people in this apartment decide to download from steam at the same time, they will both get a full gig download with plenty of bandwidth left over for the other 7 people to be streaming or doing whatever. Again nothing to do with number of devices, more to do with how many simultaneous high-bandwidth uses you expect to coincide. Of course I could just have everyone share a single gig connection (or 1.2 gig which is currently the maximum residential plan you can get here), but then I would need to deal with traffic shaping / queues, another thing that opnsense coincidentally excels at, having way more traffic shaping options. You can even do traffic shaping on a per-destination basis - for example you could use an auto updating ASN alias to categorize traffic to steam or netflix, then dynamically apply different traffic shaping rules based on which user is accessing those services.

TL;DR, consumer routers cannot come close to achieving a fraction of the configuration options that open router platforms have. While you might see benefits in capacity if you invest in a good uplink and high end APs (I have uap u6 pro which is "good for 350 devices", though really I bought for the higher single device performance and higher modulation rates and better mimo configuration), even people with slow internet and very few devices can benefit from the immense amount of configurability that these OSes provide - you're practically one step away from running a bare OS with open source packages installed and editing a slew of config files where you can use every obscure configuration option that any of these FOSS contributors ever put into these daemons. In fact many of the opnsense configuration pages have an advanced text box at the bottom where you can put in extra config directives in case the UI doesn't include a knob for something you need.

It's great, 10/10 recommend opnsense or pfsense

[–] Aux@lemmy.world 1 points 1 year ago (1 children)

You can have all of that with ASUS router out of the box.

[–] Stephen304@lemmy.ml 2 points 1 year ago (4 children)

No you can't. You're being silly. They don't even support lacp with more than 2 members out of the box. No gateway groups, no unbound with adjustable cache ttl and cache revalidation. I would know I switched away from Asus specifically because of it's shortcomings, many of which cannot even be fixed by ddwrt such as low system memory for state table, which btw can easily be filled up by torrenting. My opnsense box has a huge state table because I just dropped in 8GB of ram.

You only need to look at the Asus router admin interface to see how many more pages of configuration options opnsense has.

load more comments (4 replies)
load more comments (3 replies)
[–] fouloleron@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

Great comment. I ran dd-wrt for years, but finally picked up a used Ubiquiti router and purchased the Eero Pros for wifi. Software does the security now.

[–] DrAnthony@lemmy.world 21 points 1 year ago (6 children)

It's awesome to see these projects are still alive and kicking but they feel like a relic of a past era nowadays. Much like how stock ROMs on Android have improved to the point that rooting isn't really beneficial in most cases anymore, the stock firmware on the majority of routers is perfectly serviceable. I'm sure there are still some corner cases where they are as transformative as ever though.

[–] TurnItOff_OnAgain@lemmy.world 15 points 1 year ago

I installed MerlinWRT on my Asus router and it greatly improved the smart steering between 2.4 and 5ghz. Before installing it the router would steer me back and forth very often no matter what I set it too, and I would often drop connection. After Merlin it is rock solid.

[–] CannedTuna@sh.itjust.works 6 points 1 year ago (2 children)

I agree. Back in the day I used to run DD-WRT on a cheap $75 router to get features you’d only get on $200+ routers, but now a days I think there’s better options. UniFi for example is great if you don’t mind spending a bit extra. Otherwise I’d rather just use PfSense.

[–] Water1053@lemmy.world 5 points 1 year ago (1 children)

Same here! These days I have less time for tinkering and enjoy everything behind the Unifi "pane of glass".

[–] CannedTuna@sh.itjust.works 4 points 1 year ago

Same. I just don’t have as much time to troubleshoot things when stuff goes wrong these days.

[–] BrianTheFirst@kbin.social 4 points 1 year ago* (last edited 1 year ago) (1 children)

I run OpenWRT on my Unifi AP :D

[–] CannedTuna@sh.itjust.works 3 points 1 year ago (1 children)

Chaotic neutral move. Nice.

In all seriousness, how is it?

[–] BrianTheFirst@kbin.social 6 points 1 year ago

It makes wifi! I'd say that stability and performance are probably identical. I don't especially mistrust Ubiquiti, but running open source feels nice, and it gives me nerd cred.

[–] BrianTheFirst@kbin.social 4 points 1 year ago (1 children)

I have worked with a gigabit ISP for a number of years, and personally haven't seen that much improvement in stock firmware. If anything, I feel like it's more a matter of hardware improving to the point that the clunky stock firmware can run ok.

[–] DrAnthony@lemmy.world 2 points 1 year ago

Maybe I should revise my statement to "consumer routers an informed user would consider buying".

[–] spez_@lemmy.world 3 points 1 year ago

I'm using a GL.iNet router which is running off of OpenWrt. The front end looks very modern

[–] a_spooky_specter@lemmy.world 2 points 1 year ago

Yea I feel like I'd lose features if I tried to do a different firmware on my Amplifi alien

[–] Molecular0079@lemmy.world 14 points 1 year ago (1 children)

Ever since I found out my old Netgear R7800 didn't have a functional IPv6 firewall, I've been riding happily on the OpenWrt train. Now I absolutely refuse to buy routers that I can't flash with OpenWrt.

[–] avidamoeba@lemmy.ca 9 points 1 year ago (2 children)

I'm a bit surprised OpenWrt is in the same list as the rest. It really is in a league of its own on a technical and functional level. OpenWrt is much closer to a typical server Linux OS. Yes you can use it as a dumb flash-it-and-go firmware replacement on supported hardware, but it can do so much more.

[–] vividspecter@lemm.ee 4 points 1 year ago* (last edited 1 year ago) (3 children)

You can also run openwrt on x86 boxes and not just a random selection of embedded devices. That might feel silly, but you get the benefit of Linux's more advanced bufferbloat mitigation and a nice clean and relatively easy to understand UI.

load more comments (3 replies)
[–] Molecular0079@lemmy.world 1 points 1 year ago

I was actually under the impression that DD-WRT was sort of on-par, but then again I've never tried it.

[–] 1984@lemmy.today 7 points 1 year ago* (last edited 1 year ago)

I run Fresh Tomato on my Asus router, and super happy with it. Tons and tons of functionality that didnt exist at all in asus firmware.

It's fast, stable and has a much better user interface than default.

[–] BrightCandle@lemmy.world 6 points 1 year ago* (last edited 1 year ago)

I have run Fresh tomato for years now but I have also run DDWRT before. The original manufacturer gave up security patches long ago for my router and many critical vulnerabilities have been found since, now unpatched on routers with vendor firmware. Tomato is kept up to date and patched and with all the recent features of a much more expensive class of router than what mine came with.

It's superior in features but it's also much more secure. Nowadays I think most should be selecting OpenWRT, it's the biggest project with the most hardware supported and if choosing hardware it's a good idea to select something on their supported list, if nothing else but to get security patches when your vendor stops, typically just a couple of years after you buy it.

[–] wjrii@kbin.social 5 points 1 year ago

I've got some variety of Tomato running on an ancient Netgear thing the previous owner left here. I use it in client mode to be a wifi adapter for my desktop, my server, and my little TV box running Armbian. In years past, we used a DDWRT router to provide a second SSID with always-on VPN.

[–] Water1053@lemmy.world 4 points 1 year ago

I ran DD-WRT and Asus-MerlinWRT for a long time before hopping on the unifi train. They worked a treat and extended the lives of the hardware.

[–] Warre@sopuli.xyz 4 points 1 year ago

I'm using GL.Inet GL-B1300 as my main router which had out-of-the-box OpenWRT-based firmware where the primary control panel is GL.Inet's own design, but from where you can also use advanced login to OpenWrt's own LuCI-interface where it's true potential unleashes. It is also possible to install pure OpenWrt on the router, but I haven't seen no need for that, at least for now, since the router is still supported by GL.Inet itself.

This GL-B1300 is my first OpenWrt based router, but before this I have used few Netgear, Buffalo and Linksys routers since 2009 with DD-WRT, Tomato and FreshTomato firmwares installed on them without any bigger problems. Only minor problems that has occured has been about the wifi speeds vs. original firmwares, which has been about the proprietary hardware wifi drivers being performant than the open source ones.

After all, these third party firmwares has given new or extended life with new features for many old and new routers that has been EoL or otherwise restricted by manufacturers. Not to mention how these 3rd party firmwares has saved money and natural resources preventing me to buy a new one everytime manufacturers dropped the ball about the updates even if the hardware where still valid.

Concerning Asus, I just last week got Asus Blue Cave AC2600 from 2018 on my hands; router which is EoL and it's latest official firmware is from 2021, but I found a ASUSMerlin-WRT based and up-to-date firmware fork for it; fork because there even haven't been any official Merlin support for it. This is probably because ASUS uses not-so standard or otherwise open hardware on some of it's routers instead of well supported Broadcom architecture, in this case this Blue Cave is based on non-usual Intel hardware.

[–] epyon22@sh.itjust.works 3 points 1 year ago

I ran ddwrt for years moved over to a mikrotik hex with router os. Gave me all the features I used in ddwrt and more plus no weird reflashing hardware risks. Rock solid stable and still getting updates years later.

[–] zahel@cosmere.xyz 2 points 1 year ago* (last edited 1 year ago)

Pfsense/opnsense >

[–] Nonononoki@lemmy.world 2 points 1 year ago (1 children)

Unfortunately, no firmware is compatible with my Asus DSL-AC52U.

[–] Aux@lemmy.world 4 points 1 year ago (2 children)

There are no alternative firmwares for any DSL routers from ASUS. What you should do is buy a regular router and plug it into the box supplied by your ISP. You also disable WiFi on ISP box.

load more comments (2 replies)
[–] rambos@lemm.ee 2 points 1 year ago

Still have 2 wrt 54 gl

[–] ArugulaZ@kbin.social 1 points 1 year ago

Yes indeed! It's how I got Streetpass connections from all over the world in the 3DS days! Sure beats going to McDonald's!

load more comments
view more: next ›