I'm in the market for a couple new WiFi routers and would love to get one that is running either OpenWrt or LEDE. Any specific recommendations from the HN crowd on which one to pick up?
The table of hardware[1] on the LEDE site has a ton of info but filtering through 100s of devices manually doesn't seem very doable. Would love if someone would just suggest one or two devices, preferably something they've use themselves. All I really care about are Gigabit LAN and the latest Wi-Fi (5Ghz N?) so no USB storage, NFS, etc.
Archer C7v2 has long been preferred as a nice and stable router. USB is slow and NAT caps out at around ~500mbps but is otherwise very good (there are a few patches around that improve this slightly). The WiFi driver for 802.11ac has improved stability(no crashing after 2 days) in trunk but has not been backported to stable yet. Range is also excellent (in my opinion).
If faster USB is needed, the recommendation is the Linksys WRT series of routers (new ones). Avoid the WRT1900ACv1 (keep rebooting, watchdog driver bug i think). WiFi is pretty stable now. One really nice benefit of these routers is that most of the drivers have been upstreamed in the kernel and thus get love from the kernel community (enhancements and bug fixes). Not so with the other popular routers.
I used to run DD WRT, but got tired of fighting weird issues. Looks like from the comments to your post there are still issues out there. I ended up switching to a ubiquiti AC Pro for WiFi and am about to buy a USG to replace my old router. If all you are looking for is rock solid performance and reliability that is still fairly flexible I’d go with Ubiquiti. If you want to tinker or are really passionate about running open source then obviously LEDE is a decent choice.
I run stock LEDE on Archer C7v2 and have had zero problems with it (I ran OpenWRT before LEDE made a stable release). I could buy a Ubiquiti gateway and AP, but C7v2 is less expensive and gives me an appreciation for embedded device programming. I have had trouble experimenting with advanced features such as band steering, mesh and multi-WAN/load balancing in OpenWRT/LEDE though, so if you plan on using those, I agree Ubiquiti is a great choice.
AIUI the Archer C7 requires some tricks to get around recent FCC enforcement which bans citizens from installing their own router firmware, cf. https://pappp.net/?p=1525
I've been using LEDE on my C7v2 for 6 months now and have not had any issues. I switched firmware because the mac address reservation for dhcp wasn't working in the official firmware.
There are almost no good modem+router combo devices on the market. There also aren't open-source drivers for the modem half of any modern modem+router combo boxes, so they won't be fully functional with OpenWRT.
Just like everyone else, I would also recommend an Archer C7 of whatever revision is the latest stable tested unit. As someone mentioned, the FCC recently clamped down of this, pushing mfgs to include protections against allowing the consumer to easily replace the original firmware. TP-LINK has been locking things down a bit more as off the past few years. Love my C7 w OpenWRT, great choice for a sub $100 device with tons of flexibility.
I've been using Dlink DIR 860L and it's been working flawlessly with LEDE, 1 gigabit LAN (even NAT'ted), AC wifi. The main advantage of this device is the price (I think it was the cheapest router with gigabit LAN on the market), but now it's gotten a bit old.
Afaik, the SoC that is used in this device is the only recent-ish such system on the market with fully open source/free radio firmware (but you need to make sure to get the correct revision, as D-Link changed its innards at least once without renaming the model). I can highly recommend it from my day-to-day experience with it, running Lede 17.01.
I still don't get why no commercial hardware vendor offers products specifically designed for this software. OSS router software for home seems to be far superior then all the proprietary stuff that's out there.
Slightly more then 100 Mbit/s Downlink. But this also makes the 300 Mbit/s for Wlan useless. So maybe for some small stuff it is usable. But then again, it is not very cheap either.
1 gigabit symmetric for €20/mo here in Lithuania. Assuming you like cold winters :-)
Back on topic, what hardware are people with these sort of speeds running? It seems most consumer routers usually top out around 500mbit for NATing. I’m currnetly using a Mikrotik Hex with RouterOS, but prefer OpenWRT/LEDE.
I have an older one of these, and you can get full root on them. They are basically stock IIRC, if they aren't they can at least run stock openwrt. By default they have a simplified second web interface, with an "advanced" button that loads the openwrt luci web interface.
OpenWRT has been the base for some chip and router vendor SDKs for a while now - Qualcomm/Atheros SoCs and Technicolor gateways for example. So your ISP router may already be running OpenWRT underneath.
However, most home level routers usually rely on (proprietary) hardware traffic offload which is why the code doesn't float back upstream.
Could it be that most hardware vendors feel that their value-add is in software? Or they feel offering something like OpenWRT would cannibalize sales of their higher end offerings like VPN routers?
I will not buy a router if I can't flash OpenWRT on it. It's a requirement for me now.
If it has wireless then you enter a minefield of regulatory and approvals pain. I suspect that under the current fcc rules you can't sell hardware that isn't locked to its firmware (because if you did users would be able to freeband).
There already exist some products that pretty much meet the requirement so the niche for pure play OSS is even smaller than you might imagine. e.g. Mikrotik sells a huge line of products running Linux under the hood. If you are familiar with kernel networking you can easily work with their CLI and UI. Very low cost. Does everything Linux does and is fcc approved.
One you get beyond super-low cost (e.g. into 10G NICs and wire-speed 1G routing) customers expect stuff to work, and with an OSS kernel plonked onto someone else's hardware it probably won't 100% work. This again constrains the niche within which pure OSS is viable.
> I suspect that under the current fcc rules you can't sell hardware that isn't locked to its firmware (because if you did users would be able to freeband).
You absolutely can and most companies do not lock their firmware. There are companies that commercially sell routers with DD-WRT and other OSS firmwares by default, like Buffalo. http://www.buffalotech.com/news/dd-wrt-nxt-routers
End users are expected to adhere to FCC rules even if they have the technical ability to violate them.
>End users are expected to adhere to FCC rules even if they have the technical ability to violate them.
The FCC rules changed ~two years ago, you aren't allowed to sell devices capable of violating FCC rules. The original rule just banned third party firmware, but after some outrage it was changed so that the easiest way to comply was blocking third party firmware. They clearly wanted to ban them altogether, wouldn't be surprised if they were working on it right now
I disagree they wanted to ban firmware, they simply want to prevent interference. I doubt they actually CARE about the firmware. Regardless, nothing you mentioned changes what I said.
Yes, under the revised rules [1] manufacturers are required to ensure certain changes can't be made, such as disabling DFS and using non-standard channels. And as I said, the FCC explicitly does not ban third party firmware. The biggest reason is that it's cheaper to make adjustments to the radio chips to prevent certain changes than it is to swear to the FCC no one can hack in new firmware.
And as I stated and you quoted, users are still required to follow FCC rules. You can't hook up an external signal amp to boost transmit power past legal levels, use unapproved channels, etc, even if they find bypasses for the protections required by the FCC. You can't use a signal booster for a TV antenna that causes interference. You can't boost power on your CB radio. Etc.
I wasn't doubting what I quoted was true. You replied to a post about speculated ideas of FCC regulations on selling routers and didn't mention the actual regulation on selling routers. It seemed worth adding.
Their original proposal for the revised rules specifically banned third party firmware, mentioning DD-WRT by name, and the revised version decided not to ban it.
The rule also doesn't hold the company liable if someone manages to hack a third party firmware onto the device. Before selling it,you need an approved application showing either a chip unable to break the rules, or a way of preventing unauthorized code from running on the device. If the FCC approves the application and you've implemented it, you aren't at fault if a workaround is discovered. This makes locking the firmware a cheaper than producing two models or selling a limited model elsewhere.
To me, it seems like they wanted a hard ban on the firmwares, settled for a soft ban, and will likely revisit the issue when there's some political capital justifying a hard ban.
What is "freeband"? Most chips have hardware limitations, so it does not matter what firmware you install. For most chips it is unrealistic that they can eg. use 1 W as output power.
Maybe not quite specifically designed, but http://pcengines.ch has great little boards that I've been running OpenWRT on for years and years. I'd never buy a consumer router again.
The companies that sell routers are not the companies that design the chips and write the drivers. Even when eg. Linksys wants to make an open-source friendly router, they often have to choose between using the latest chips that don't have mature upstream drivers, or using the older chips that have solid support. They don't have the ability to create good open-source code on their own. But most of the time, they end up going with the cheaper Broadcom chipsets, or switching to them in a later product revision. (Broadcom's WiFi driver situation is about as Linux-unfriendly as NVidia's graphics drivers.)
'wireless routers' usually work fine as an access point + Ethernet switch when you disable dhcpd and don't use the wan port (nice ones let you use the wan port as another lan port). They're usually cheaper than a dedicated access point too.
I think OPs point is that he's already got a router running DHCP on the network, but if you disable all the router-like services on a second device you can use it as a dedicated access point.
Does anyone have experience developing packages for OpenWRT/LEDE... && is willing to offer some time (maybe an hour or two, whenever it's convenient) to a fellow HNer who's getting ready to attempt developing my first OpenWRT package?
I've got pretty entry level ambitions: I plan to created a utility that allow the user to configure a list of scheduled SSID names for automated SSID changes. I use to do a lot of tech support for the bar & restaurant scene, and always wanted to schedule the public WiFi SSID to change daily and broadcast marketing info. (Think restaurant daily specials, retail store popup/promo coupon codes, estimated wait times, deal of the day, etc.)
Or, is anyone aware of this feature existing in a commercially available device&firmware?
> Does anyone have experience developing packages for OpenWRT/LEDE... && is willing to offer some time (maybe an hour or two, whenever it's convenient) to a fellow HNer who's getting ready to attempt developing my first OpenWRT package?
Is your wish to have help in the specifics of packing existing software for OpenWrt/LEDE, or in developing your specific utility?
If you're interested in a guide to building/packaging software for OpenWrt/LEDE, there are already detailed guides describing how to create packages for the OpenWrt/LEDE build system. [1] [2]
> and always wanted to schedule the public WiFi SSID to change daily and broadcast marketing info. (Think restaurant daily specials, retail store popup/promo coupon codes, estimated wait times, deal of the day, etc.)
As a user/customer, that sounds very annoying. Why not have a captive portal on the network instead of abusing the SSID for advertising?
Something like pfSense can easily be configured with a captive portal where you could do this advertising while having a button for users to gain access to the internet. [3]
> schedule the public WiFi SSID to change daily and broadcast marketing info
I actually like this idea, though I would suggest you broadcast two SSIDs, with one staying the same always (so returning customers could connect to it automatically).
Thanks. To me: daily changing SSID is much less hostile than a captive protal.
I've thought about that, if it's only daily changes that recycle weekly it wouldn't be that big of a PITA to returning customers.
e.g.
Never been to Starbucks on a Sunday? You'll have to read (or ignore) the SSID marketing info to connect but after that you're good.
WTF, why diddn'I auto-connect to the Wi-Fi, I come here every Monday? Oh, looks like they have a new special
Why not just keep the SSID the same (more convenient for customers -- "returning" devices would auto-connect) and instead set up a captive portal that redirects to a custom web page that includes all that info?
Yes. But don't monetize public wlan access. It will lead to people not using it. So save yourself the money. Also, by definition you don't provide a public wlan accesss anymore.
I have come across many hotels/restaurants/whatever to tell you that this is cancer. I don't even try to use any public wlan anymore. In my own country I have cell coverage, abroad free roaming (at least in Europe).
The idea came from a client insisting on trying a WiFi marketing cancer known as "TurnStyle". Looking for an altenative to get a simple marketing message across without all the "conect w FB, Google Analytics, ad-laiden captive portal BS" that's out there now.
Fortunately for users, Yelp aquired TurnStyle so it's only uphill from here! /s
I was unaware of the SSDP component of that project, but it seems to require having the Physical Web app installed. Their BTLE beacons work on Android devices without anything special installed on the client. Maybe the SSDP does work on stock android but just takes a bit? This doesn't work if the client has to have a specific app installed to receive it.
Is it still the default suggestion that Open WRT/LEDE are better than stock router software? What about compared to pfsense (or is that not good for wireless)? Every time in the past that I looked at the WTF website (and I'll admit I did not know about LEDE) it looked so dated that I assumed proprietary firmwares on routers were more capable to making use of whatever the new router tech of today is.
For my money, these days, there are two devices/ecosystems that stand head and shoulders above the rest: if you're an open source die-hard/have spare time, the PCEngines APU2 is an excellent AMD+coreboot based router platform that you build yourself. If you're not strict about requiring open source, the Ubiquiti line is amazing. The Ubiquiti Unifi Security Gateway line in particular, for home or small business, is incredible.
For home, I've got an APU2c4 (http://pcengines.ch/apu2b4.htm), running LEDE. It pushes something near a gigabit pretty easily (and has a the bufferbloat patches!), and I've got the time needed to administer it when necessary.
For my folks, I grabbed an Ubiquiti Unifi Security Gateway (https://www.ubnt.com/unifi-routing/usg/) and a separate Ubiquiti AP AC Lite. I fired up a controller in the cloud, and now I can manage it remotely if there's ever a problem. It's pretty awesome :).
I've been wanting to move away from standard consumer networking hardware for ages, because it all seems terrible in lots of different ways.
The Unifi Security Gateway looked interesting until I googled a bit, no IPv6 support in 2018 at £100? That's insane. I mean, apparently you can do it manually, but bleh.
You'll also have to manually configure UPnP if you want to say, connect more than one Xbox One to Xbox Live at a time (learned that the hard way trying to host a LAN party - thank you broken/crippled EdgeRouter PoE UPnP implementation ruining my event).
Besides the router issue, I've become very apprehensive at installing the latest UniFi AP firmware releases because I've experienced one revision absolutely tank WiFi performance (which took me a while to figure out the culprit thanks to the controller auto upgrading firmware) and another make APs periodically crash/bounce like every 20 mins.
So yeah in my experience after using Ubiquiti products for a few years, they are way overhyped. I guess people are willing to overlook a lot if you have a nice sleek industrial design.
From what I can see it does support IPv6 -- https://help.ubnt.com/hc/en-us/articles/115005868927-UniFi-H... is their own help article on the topic; it doesn't look difficult. It may even come standard in newer firmware. The one caveat I have with UBNT gear is that the stuff you get out of the box always seems to be outdated; I fought a friends ER-X for a few hours until I realised it was running old firmware that lacked some stuff I needed. That said, that might just be a quirk of living in New Zealand...
Yeah, I saw you can do it manually, but what's the point of paying for custom hardware with nice interfaces when you have to switch to a config file for really basic functionality? At that point, might as well stick with bodged consumer stuff.
Yeah, the 3 ports is a limitation :(. One's wired up to the ONT (fibre terminal), one's wired up to another switch, and one's wired up to separate wifi endpoint (an old Mikrotik I had sitting around). I'd like to use a miniPCIe wireless card internally, but figured I can wait on that for a while.
And yeah, I grabbed it from nicegear; they're good people :). They also sell AU/NZ power adapters that fit.
I think the difference between OpenWRT and pfSense is that pfSense only runs on PC class hardware, while the kind of device that usually runs OpenWRT is far less powerful.
I used to run OpenWrt on my router ... years ago, and I remember that router had 16 MiB RAM, and a 125 MHz MIPS CPU. If you set up such a machine, say, as an OpenVPN server, this would seriously limit the amount of data I could push through the VPN connection. (Not really, because my Internet connection is not very fast, but that is beside the point.)
Even a Raspberry Pi is far more powerful than the typical OpenWrt router (at least the ones I have handled).
At work, we set up a wifi network using OpenWrt routers, using separate wifi networks as well as different VLANs for employees and guests. To get a vendor-supported solution that can do this, you have to have spend a lot of money.[1]
So in my experience, OpenWrt is a lot better than what most commodity routers/wifi-access points offer. With the exception, maybe, of the Fritz!Box family.
[1] Okay, it depends on your definition of "a lot". In our case, the requirement was to make it as cheap as possible, because strictly speaking we had no budget at all for the wifi.
But my point was that you can run OpenWrt on very small devices[1], but not pfSense. It is true, of course, that today's bandwidth requires more powerful devices.
[1] A friend of mine works in embedded systems, and to him 16 MiB of RAM would be ginormous.
And strangely enough, my Wemos are also having trouble today, and Belkin (wemo) is blaming the issue[2] on security patches regarding the Intel meltdown bug. Everything is interconnected these days...
I've always used custom firmware (openwrt on Asus 500gP/Linksys WRT54g, Tomato and then LEDE on Netgear WNR3500L) and I've been happier with them than stock stuff. For a long time the stock firmware (still true for the cheaper stuff) was really crappy in features compared to custom firmware missing basic stuff. These days the more premium stuff seems to have somewhat feature parity (I care about USB, IPv6, OpenVPN) so that's better especially since some of them seem to be forked from the open source projects (ex. AsusWRT).
One of the benefits of the stock firmware is taking advantage of hardware accelerated NAT and Wifi encryption (WPA) but when I installed LEDE a few months ago on the old Netgear WNR3500L it did give me the option to install a Wifi server that does use hardware acceleration so I can still get that nice high performance.
Note that all of those routers listed above are generally well supported by custom firmware because that's how I made my buying decision. My current main router (Asus AC66U) I left it with stock firmware as it has all the features I want and it's still getting updates often enough.
Yes, double check before purchasing any TP-Link routers as they were previously recommended for LEDE/OpenWRT but now actively block firmware flashing (of any kind I believe).
"Won" seems like totally the wrong word to use, but this reads like LEDE "Won". Their code base going forwards, just rebranded to OpenWrt, and everyone all together again as one big happy family?
Who, other than you, said anything about winning? I think ever one wins when there is a climate where good code is appreciated. I always welcome improvements by others to things I make. You shouldn't waste time on people/projects who don't.
I have been planning for a while to put in a OpenWRT router as replacement for my generic ADSL from BT, and then add in things like netflow so I can responsibly monitor home internet usage as the kids get older and discuss whatever pops out. also probably do some ad blocking or something.
I am assuming projects like this exist already - focused on the dad segment, but if not it's on my 2018 list. Anyone know of any?
What I really wanted when I was a kid was for my father to find out what porn I liked looking at and come to discuss it with me!
Cut your kids a break. If you are going to monitor their usage, at the very least tell them about it first.
I get the urge - when your kids are very young you have to protect them and do everything for them. At some point you have to accept they are people, however young and inexperienced, and you have to teach them to look after themselves, not invade their privacy.
Or maybe I've misunderstood you and you meant older as in, they are 6 or something. Even then, I'd argue that you should be up-front about the fact you monitor it. Hiding it is just going to feel like entrapment.
There never was any intention to hide this - this is a show everyone on a web page and discuss it idea. and the porn issue ... fair enough i guess i have a handful of years yet however before they hit puberty.
but my main point still stands - we live in a surveillance society that works against us, so i want to use it to start working for us. and that to my mind means starting with metrics.
will it help to know daddy spends x hours a day on HN? will it be harder to complain about my kids watching cartoons if i spend 12 hours a day on netflix?
Yeah, but there are still going to be things your children are insecure about, embarrassed about, and want to find out about without you knowing.
In my experience, ignorance is responsible for a lot more harm than "seeing too much". Going off hear-say, or just remaining ignorant is not a good thing. Having some room for privacy is important for development as people and for learning.
Yes, there is room for insight and lessons from data, but without an opt-out switch, it'll also be something that limits them. It's not just porn, there is a lot of stuff I'd want to learn about that I wouldn't want my family to know I'm learning about, if I was a child all over again.
I was fortunate in that I got to look up that stuff without fear of being discovered, and otherwise I know I'd have gone around believing playground rumours and the like.
It's easy to say "but I want them to be able to talk to me about that stuff" - it's easy to say that, but it's harder for it to be true, especially from the point of view of your child. You can't pre-empt every fear, question and insecurity, and some things will just always be embarrassing enough they'll stay ignorant rather than ask you.
I had a friend who didn't know basic (important) things about her own anatomy that caused health issues during university just because she was too embarrassed to ask her (non-judgemental, lovely) parents about it as a child. She didn't have a computer in her home then, but I'm sure if she had, knowing she couldn't have privacy would have stopped her as well.
It's not the worst thing in the world or anything, but I think many parents don't start giving their children privacy early enough. I get it's scary and hard to judge when it's perfect, but I think it's important.
On a side note, I just watched the ultimate "turned up to 11" version of this in Black Mirror S04E02 - ArkAngel, where a parent gets a monitoring device implanted in their child after a scare with them getting lost. Good series about the potential dangers of tech as it evolves, if you haven't already seen it.
Everyone I've ever worked with who has an 11 year old son, comes into work one day complaining about finding a bunch of porn on the family PC.
11 is the magic age.
I'm a dad myself. When my kids are old enough to own their own devices, I will seriously expand our router config. However, monitoring is not my focus. I want to disable social media at night, for example. That would even be good for us adults.
Pfsense supports this, as does "Merlin" on Asus ( an Asus specific build of openwrt). I usually turn off the internet for problem children at night. I don't really do monitoring other then bandwidth usage.
For monitoring of site's and ad blocking, you should check out pi-hole, https://pi-hole.net/.
It's good to make kids getting used to being under constant surveillance, keeps them from acting up against it when the government introduces it for everyone when they are adults. /s
Actually it is good. They are already under constant surveillance - just not from someone with their best interests at heart.
Actually this idea is far lower down my priority tree than say working out how to monitor how much TV we watch, how much time on social media (or HN) - and then to compare to things we would prefer to do like walking the dog or playing board games.
Just inventorying our lives will be a huge step towards getting conscious control over the mass distraction world we live in.
Further ranting:
No one thinks having a comprehensive view on my monetary spend is a bad idea - websites, apps and even EU directives are trying to help. but there is nought for my time spend - apart from stupid things like please enter how much time you just spent on an activity.
So as a starting list i want
- To know what the TV was showing when.
- What netflix was showing on what device
- what youtube was showing
- for my phone - what podcasts, what youtube etc,
- same for social media (HN counts for me)
- The Nintendo Switch kinda sorta gets it - there is a parent app that lets one set time limits on daily usage. but hahahahha it assumes you only have one child (per switch)
- then use my GPS tag to show where was I and can I correspond that with an activity - gym, commute, walking across fields
- I am fairly sure there is value in Alexa / similar voice monitoring working out what is happening in the house (it takes you on average 34 minutes from the first "get dressed for school" till the door finally bangs)
Don't get me started on MOOPs
And none of which has an API i know about. All because they don't want me to stop watching.
> "just not from someone with their best interests at hear"
Oh dear...I really wish your kids have the best parents in the world. I really do, my parents probably believed that too, but unfortunately they were not - surprise!
But I'm really happy that I was born at least two decades too early for that shit. I hope kids can still outsmart their parents today. If not, we've lost.
I think you should cut the guy some slack here. He is talking about working to keep his kids safe online. That sounds like responsible parenting to me.
The internet is full of crazy awful stuff, and yeah sure I get that at some point you have to let them be independent and trust them, but we don't know how old his kids are, at younger ages there is certainly some protection required. And as they grow up and learn you can gradually give then more trust and freedom.
Not a DIY project, but one solution I’ve been looking at is Circle [1]. It comes as a stand-alone device or baked into some higher end Netgear models. And they have a subscription that allows you to monitor remote usage as well (I’m assuming it works as a VPN).
As much as I’d like to tinker myself, the little I’ve seen of the Circle app looks like a really slick way to monitor and manage usage in a low maintenance and least-intrusive manner.
I guess I'll be waiting until that major release and then flashing my router with it for use as a Wifi bridge.
Does anyone know of a concise guide to configuring your router for this type of use? I tried going off of what's available on the LEDE site but couldn't get it to work for whatever reason.
The table of hardware[1] on the LEDE site has a ton of info but filtering through 100s of devices manually doesn't seem very doable. Would love if someone would just suggest one or two devices, preferably something they've use themselves. All I really care about are Gigabit LAN and the latest Wi-Fi (5Ghz N?) so no USB storage, NFS, etc.
[1]: https://lede-project.org/toh/start