The thing no longer gets updates as of October 2019 and was never particularly well supported, but feels like an absolutely perfect OpenWRT target
I've poked at it on and off with regard to getting Linux running, as it seems to be heavily based off a standard, old Ti SoC "evaluation board" and it /mostly/ works
The problem I've run into though with the upstream kernel is the ethernet NIC's appear to be linked. If you unplug either interface, they both stop responding until they are both reconnected to active devices. I'm not well-versed enough with ARM DeviceTree to figure out what the issue is, nor do I want to buy the Ti hardware SDK to test it with
The old 4.4.3-yocto files Netgate sent me do appear to work with it, and the DeviceTree even works up to 4.19-LTS with minimal modification https://intelminer.com/pflin.zip
It might be, but most people’s experience of mailing lists involves them getting their head blown off for daring to ask a question without three year’s solid experience in the area.
(I have no idea if OpenWRT in particular is like this, but there’s enough out there that people don’t make them their first port of call.)
OpenWRT has communication problems. Sometime ago I tried to report a bug in the build system. It took them about two weeks to recognize that there's indeed a problem and went over like this:
/me: Bug in the build system. This is how to reproduce.
/they: Bug in Linux kernel. Not our problem.
/they: Bug is closed, upstream issue.
/me: No, toolchain bug. Here is proof.
/they: need logs
/me: here's logs
/me: here's a clumsy fix
/they: that's so stupid
/they: and your linux installation is broken
/me: no it's not, see here, working as intended
/they: you don't understand cross-compiling
/me: look here, you are setting up the cross-compilation all wrong
/they: kernel bug, fixed upstream
/me: not that again
/me: here's build logs, cross-compilation issue
/they: you are stupid, your linux installation is broken
/me: linux installation is just fine, but you are relying on a debian-ism
/me: here's patch
/they: ok, send to mailing list for review
/they: IRC says patch stupid
/they: we've merged our patch
They really need to work on being not hostile and clannish. Never had any issue on other mailing lists, and those weren't the Kumbaya-required kind with a code of conduct.
I mirror your experience. People are hostile and always interpret in the worst possible way. It is very difficult to defuse a situation, it's like walking on eggshells while blindfolded with a heavy backpack. I don't like their community at all.
The persistent unwillingness to engage and the inclination to dismiss was remarkable. Rachelbythebay had something somewhere about patches kept private and not submitted because no one wants to put up with an unreasonable or arrogant maintainer. All her observations apply here. Who would put up with the concentrated obnoxiousness?
I keep wondering about alternatives to the gate keeper models of governance.
Maybe something like survival of the fittest (Darwinian). Each build attempt runs the gauntlet. Only variations which survive get promoted.
I recently learned about "Test Into Prod", a seemingly effective methodology for mitigating the PR-based workflow bottlenecks.
So sorry, but I can't quickly refind the conference talks. (New laptop doesn't have my old browser history.) The speaker had previously done a fashion startup. Glib? Gilb? Argh. Sorry.
I feel like the way to do this would be to have (1) digital repro format & (2) auto-exec of submitted issues to verify.
Then have the workflow look more like (1) anon q public submits repro file & issue description, (2) auto-test system runs and validates repro file, (3) issue auto-logged, (4) issue cannot be manually unlogged without fix (if upstream, move to side filter, pending upstream fix)
The human triage stage usually seems the most adversarial. So having an automated system take it to "Yup, this is a bug" would be a good start.
This happened to me, but with a different project.. laughed off the mailing list for a dumb patch only to be included in a near term update. I seriously walked away from large open source projects for almost 6 years because of this attitude.
I have ported three different devices to OpenWRT/LEDE over the years. In the first instance, it was pretty easy and they just accepted it.
In the second case they gave me the runaround and bullshitted until I just said I gave up. I used an alternate email address/alias to get it accepted. They took it with almost no changes just because they thought I was another person. They would have never accepted it had they known.
In the third case I was given a hard time again and just gave up, but never went back to get the device accepted and just don't care.
There are people like Kresin and Crispin and a few other toxic jerks who will fuck around with you for reasons I don't completely understand. There's a lot of smoke-filled-room bullshit that goes on in IRC channels that nobody ever gets to see in the OpenWRT community and so the decision making is super opaque and you have no idea what the real reason is they won't accept your patch while they pretend there's something else wrong with it on the mailing list (sudden onset application of policy that doesn't exist or they will just ask you to explain something begin and then pretend they don't understand).
It's not all bad over there. jow and Felix Fietkau are awesome, but they either don't have the power or don't care to make the org better.
The whole LEDE/OpenWRT fork thing will tell you a lot about the organization.
Oh yea, I almost forgot. How did OP here know about the new release of OpenWRT? They have no end-user mailing list. They don't have a twitter feed. They don't do facebook. They seem to hate their userbase because they have NO MECHANISM to alert end-users that there's a new release of the operating system. The update the wiki, maybe do a forum post if you are lucky, and that's it. Pure word-of-mouth.
>Oh yea, I almost forgot. How did OP here know about the new release of OpenWRT? They have no end-user mailing list. They don't have a twitter feed. They don't do facebook. They seem to hate their userbase because they have NO MECHANISM to alert end-users that there's a new release of the operating system. The update the wiki, maybe do a forum post if you are lucky, and that's it. Pure word-of-mouth.
dokuwikis RSS feed will list recent changes - and does as of writing not show the 19.07 release post. I'm not intimate with the feed.php if it can be used to list the frontpage with the exact post. I remember I searched for ways to know about new releases in the past and came out to list the top posts of r/openwrt now and then as the forum and openwrt-devel list are high-frequency.
This is not a complaint - the wiki is big, the lede/openwrt division very likely incurred a cost that the project still has to recover from. Actually a openwrt-announce mailinglist exists, but nothing is send there yet. "Announcements" has been one of the topics in a recent meeting - https://openwrt.org/meetings/20191121
RSS/Atom is alive and well, mainly because it's built into every CMS and blog engine by default, but requires some digging through the HEAD of a page to get it into a reader now that most browsers don't treat is as a first class format.
Yeah I blame the browser vendors, mainly Google and Mozilla. Enough resource to do shit like Webassembly, but apparently a XML format is too complex to integrate.
Perhaps dealing with flaky or inconsistent feeds was a problem? Particularly in a "why is your browser broken and unable to read this feed?" situation where it turns out the feed is a mess. If you don't support the feature, you don't get blamed for not handling all the weird edge cases.
I doubt that. HTML itself has the same problem. Browser vendors can't fathom the idea that content is not displayed on the website. Drive for centralisation, especially from Google.
Mozilla corporate BSed their way out of RSS. Their source for their claim that "nobody uses RSS" comes from their telemetry. Not one thought was given to the idea that maybe RSS users simply disable that more often?
At least dd-wrt was like that. No clue whether they are even still around and busy jerking each other off, but as a student I tried to get into porting it to another device that had a SoC that was already well supported. Made a very detailed post about what I discovered, researched, things I tried etc. Immediately got very snarky "rtfm"-like replies by regulars.
A couple more (less intense) experiences like this and bullshit reasons for refusing patches and nowadays whenever I improve or extend some open source stuff I just quietly do so in a fork on github and that's it. Maybe the original maintainers discover it one day. Also saves me the hassle of trying to adhere to any coding guidelines etc. for no reason.
> I just quietly do so in a fork on github and that's it
That is assuming they use GitHub or a moral equivalent and it isn’t instead buried in sourceforge or god help you some dusty SVN repo.
The nice thing about GitHub is it dramatically lowers the barriers to contributing to open source projects. I remember before pull requests you’d have to generate patches using arcane commands you’d copy and paste from some website. Then you’d email the diff to some mailing list and hope for the best.
Pull requests are perhaps the best thing that happened to open source.
Just trying to run it always had the potential of devolving into a nightmare of "read the forums to figure out precisely which numbered build by Brainslayer you need, but don't just go with the most current because a lot of them are broken in some way."
I think it might be you get your head blown, but only if you demand help and start denigrating a project because it should support this and that. I actually found very good behavior in mailing lists to very outright rude or careless questions. To the point that I think such question or remarks in real life would constitute very unnecessary behavior.
The fact that there's no wireless in it may make it simpler, but being an eol niche product may mean that there are only single digit potential users. It may all come down to whether an existing generic for the processor family will work on it.
Please note that the popular TP-Link Archer C7 v2 is affected by a bug or two which drops 5Ghz WiFi performance significantly. Some people are reporting the link quality is so bad even SSH is unusable.
As always, back up your config, and make a note of your working firmware before upgrading. I’m going to sit this one out for a bit :).
Life pro tip: make sure you are only paying the ISP for the bandwidth you can actually consume. Don’t pay for 600mbps when you can’t even use that speed.
Comcast was more than happy to charge me for a half gigabit for several years. All the while the modem I was renting from them only supported like 200mbit.
...and also your phone ROMs, if you flash them. And drivers. And everything else you need to operate your devices.
I have a Moto G2 a.k.a. "Titan" (2014), flashed it to LineageOS, bricked it three years ago, got another phone, recently checked it out again, and couldn't download LineageOS for it anymore.
Luckily, MicroG still had a ROM for it, and now it works fine, but I'd've preferred the pure LOS version, as it runs Android 7, on which Google Play Services is not an absolute necessity (with Android 8, you need it to get push notifications).
I believe I can still get the source code for it and compile it myself, but I've never done that for an Android ROM before, and I'm not particularly keen on trying that out now.
My point being: Your devices could, in theory, live forever, but the files for it (ROMs and drivers) may not always be available, and knowing the internet, won't.
In my field (industrial IT), it's not uncommon to still have PCs running on Intel Core2 systems, but more and more vendors are dropping the product pages and driver files for them. Pentium 4s are also still being used, but good luck finding drivers for them.
They switched to ath10k-ct[1], a patched version of the ath10k driver and firmware. If you run into issues I think you can use the package manager to switch back.
There’s a number of hardware revisions of this particular router, and the origin of the bug(s) is not yet identified. Maybe it only affects specific configurations, or specific hardware revisions using certain configurations.
Interesting bug observed in 19.07 by users of some routers: the unit will perpetually boot into failsafe mode despite not being triggered to do so. Recompiling with the failsafe module removed from the build solves the problem, but exposes what is possibly the root cause - configuration changes remain only as long as the router is powered on despite being saved, nothing persists through a reboot of the router, and the unit will always start up with the default config.
I had to test it on my (deprecated) Netgear EX2700 and could confirm the exact same problem. Other than the lack of configuration persistence, 19.07 performs just great and I was pleased with many of the new features and changes. Unfortunately I'll have to stick with 18.06.6 as I have power outtages every now and then.
Sounds like this known issue, mentioned in the release notes:
Images for some device became too big to support a persistent overlay, causing such models to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image.
This sounds like the Flag for the buttons GPIO is wrong (ACTIVE_LOW instead of ACTIVE_HIGH / vice versa). This was unnoticed for a long time until a rewrite of the button handling.
This release brings all devices up to the same (mostly) unpatched Linux kernel, 4.14.
For the popular Tp-link Archer C7 routers (and family?) you finally get soft off-loading with the new ath79 device-tree, meaning the device can now handle routing 600mbps+ where it before would only route 350mbps+. That’s massive!
The new client-side GUI is noticeably snappier on slow routers.
I’ve already upgraded all the 5 units I have in my home network, and I’m feeling it. I’ve kept settings despite recommendations against doing so, and I’ve had zero problems. Super-smooth!
Props to the team and everyone involved. Despite their modesty this was quite a release!
I have an old C7v2 to that was the basis of my household's network until I upgraded to an EdgeRouter + Unifi APs.
The C7 was fine for a while but in the end got extremely unreliable, even in partial roles as only a router (with wifi disabled) and then later as only a an AP (with the DHCP server disabled). Currently it's unplugged because any time it was turned on, devices would roam to it and get stuck there with no connectivity.
I should try upgrading it to the latest OpenWRT and see if things are any better.
How does everyone feel about the security of OpenWRT? vs Tomato?
What about say configuring my own OpenBSD server to act as a router? I am out of my intellectual depth here but I feel like that would be more secure than Linux in general if we are going for max security.
As governments and private equity groups continue to buy out whatever hosting provider, VPN, Registrar, etc they can find...I feel like Open Source is a pretty soft target in the grand scheme of things. I am trying to become somewhat ruthless in analyzing my dependencies when it comes to software.
NOTE: another commenter mentioned a TP-Link product. Those devices are absolutely insecure to the core of their firmware for the time being. 7 days ago I discovered their completely open production Elasticsearch API server for their entire camera and IOT platform in the United States. It has now been remediated but that event puts under suspicion anything else the company deals with via the TP-Link brand out of Shenzhen.
I can recommend building your own OpenBSD router. Installing OpenBSD is easy, and once you have it installed the base system contains everything you need to set up a router along with excellent documentation for everything. OpenBSD people also take security seriously, so if you stick with the base system, you'll be fine. That said, you'd be fine on Linux too, depending on the distribution; it's not like Linux-based systems are somehow fundamentally insecure.
I really can't stress enough how good the documentation is; in the Linux world I'm used to googling and wikis and whatnot because most man pages for the components of a distro are either nonexistent or incomplete, but with OpenBSD, you'll do fine with just man and apropos. It's considered a bug if the documentation is missing something.
OpenBSD is a fantastic OS for learning about all kinds of UNIX and networking stuff if you're not opposed to spending some time reading good quality documentation.
Any recommendations for hardware to run an OpenBSD router on? Support for ARM and MIPS devices seems pretty limited, leaving x86 stuff like Protectli or PC-Engines (which are both pretty expensive for what you get).
The price wasn't my primary concern; I got the APU because I wanted a system that's as close to fully open as you can get. Any x86 machine with decent NICs should work, however.
The non-x86 alternatives I don't have much experience in save for an Ubiquiti EdgeRouter Lite, which works fine, but is a bit of a pain to operate because there's no syspatch support.
If you just want a secure router at a low price, OpenWRT on a well-supported platform probably gets closest to that; I have an old TP-Link router in the closet somewhere that's over 10 years old now and could still run the latest version of OpenWRT.
NetBSD seems similar. You could try [1] https://www.invisible.ca/arm/ to get a feeling for what will be supported by the (soon to be?) next release from there.
I'm unaware of someone having put that together for OpenBSD, but think it should run on similar hardware. If so, then their Website is buggy for listing long obsolete devkits/boards only.
My current home OpenBSD gateway runs on one of the small Atom-based (Z3700-series maybe?) NUC-alikes (I forget who made it) I picked up 2 years ago. I think I spent less than US$200 on Amazon for it. Very low power and I doubt the CPU has ever hit 5% utilization. If you go this way, make sure you can load an alternative OS on it; apparently some of these things refuse to load anything but Windows 10.
I'd imagine its plenty enough for a home internet router, but it stings a bit to pay ~$150 for a system with a 2013 CPU (and a very low end one, at that).
OpenBSD will run fine in this role on sub-US$50 refurb Core 2 PC or a sub-$100 Atom box if power is an issue. Even a P2/P3 can keep up with anything but the highest end broadband.
security of OpenWRT vs Tomato?
OpenWrt has a up-to-date Kernel.
We try and be as safe as we can from first boot.
We make you set your password to get up and running so no crappy passwords from the start.
wifi is turnd off on boot so you don't get a unsafe wifi network with no security.
The firewall is set up with a small rule set to be as safe as it can.
The webinterface can be installed with https
We have lots of packages to be even safer.
BCP38, addblock, banip, dnscrypt, several proxy servers and dns over https.
I would not run Tomato?
on a router in 2020 it runs with old Kernels and old packages.
Disclaimer: I am not a OpenWrt dev I just help out around the place like on Twitter forums
PS if any one needs help pleas come to the forums we will help out as best as we can. Some people think that OpenWrt has devs that are not very tolerant. I can tell you that this is not true. there was a bug in LUCI the webinterface that made it hard to use with my screen reader I asked about it on irc and it was fixt in 3 hours.
I'm using DD-WRT at home. I understand that the embedded Linux that it runs can become more of a full featured version by adding and properly formatting a hard drive to the router. I haven't been able to do this yet and I think it would be great if there were an image available that could be written to the disk for this purpose.
I've been using straight OpenBSD as a router/FW for years. It has served well, has been particularly stable & easy to maintain and runs well on relatively modest hardware. A couple of notes:
- It's so much easier if you keep it simple as possible. If it's your router/FW, don't run your web server, file server, streaming media server, etc. on it. I mean, you can, but that's just a lot of things that can go wrong.
- PF, the firewall in OpenBSD, is usually configured via CLI + conf txt files. The syntax is shall we say terse, but it's well documented and there are lots of examples. Yes, I know there are some 'PF GUIs' out there; I've never tried them on OpenBSD and don't know anyone who has. If that's a deal-breaker, then maybe look at pfSense (FreeBSD based).
- Pay close attention to the hardware compatibility list; not all WLAN chipsets are well supported.
- Read the documentation. Seriously. The community is at best 'difficult'; if you drop into their world asking questions that are in the doco expect active hostility. And OpenBSD is not Linux despite the superficial similarities. Don't expect everything to work like it does on Linux.
I have a TP-Link device and am glad to see an alternative to the stock firmware since all of the consumer brands have been found to have gaping security issues over the years - at these price points and because consumers don't know/care about it, security is not a priority for most vendors.
All that said, I'm not sure how misconfigured TP-Link infrastructure would lead one to declare all their device firmware is bad.
I'm curious what attack surface typical "wifi-router" has?
From the internet, nothing should be exposed - or maybe OpenVPN port or ssh?
From outside, usually you would see WPA2-PSK network. I know there are some attacks on WPA2, but I don't know if they're practical. I also know that WPS (that PIN thing) is very insecure, but that is hopefully disabled on most networks.
From inside the network, things get more difficult, because the router has to have a lot of services exposed - DNS, DHCP, whatever the thing that supports UPnP is, the admin web interface, ssh, etc.
This makes me think, that unless the manufacturer sneaks in a backdoor, things should be relatively secure from outside (both internet and physically). Am I missing something?
TP-Link is not alone in this. Pretty much any consumer-grade network equipment is built down to a price, with zero budget remaining for the actual firmware.
If you can't use OpenWrt then buy enterprise-grade equipment. Personally I'm using a combination of a Mikrotik router at the edge and then consumer-grade powerline access points with OpenWrt (not strictly needed for security as they're behind the firewall already, this was more for functionality to support 802.11r for Wi-Fi).
Interesting idea. I briefly searched for Ansible + OpenBSD + router and found some interesting links. Need to look into it. I was thinking to do this with Linux but for this purpose, OpenBSD could be better? But it was very long ago I last used OpenBSD.
Any of the major distributions focused on simplicity and routing that also receive regular security updates should meet your needs.
A Google Wifi setup (with it's automatic updates) is probably better for privacy and security than the TP-Link. Better still would be pfsense, vyatta. Personally, I use an ER-X running a minor vyatta fork and it's rock solid.
On openwrt I like small utils. As ssh is fine: having a look adhoc who is a bandwith hog, I check with iftop and press "t" to cycle to one-line-sent view and "s" to aggregate to the receiver see https://openwrt.org/docs/guide-user/services/network_monitor... - there's no key yet to toggle per item total amount, but this can be had by using "show-totals" in an .iftoprc file:
downside is: iftop as far as I know can't filter multiple interfaces, so you'd need to check them separately with -i eth0 / -i wlan0.
If you're mainly concerned about latency, give the package "sqm-scripts" a try. You're sacrificing a bit of bandwith for active queue management. So a VoIP session is not affected by a download.
Already using sqm (and I love it) but it's for use cases like when a laptop that hasn't been used in a while is started by someone to charge before watching a movie and steam/dropbox/windows on said laptop start hogging everything. In a residential area where we're still depending on ~10 Mbps adsl, identifying the device can be a need.
> downside is: iftop as far as I know can't filter multiple interfaces, so you'd need to check them separately with -i eth0 / -i wlan0.
Since I care only about lan <=> wan, doesn't that mean I just need to check on wan ? And all clients would be there, no matter if they're connected to the router through lan or by wifi ?
ntopng. It doesn't run on OpenWrt though. I have tried, but you have troubles compiling it and resource constraints depending on the device. Might be lucky if you have ARM and enough space.
But I have long searched for something similar. The answers were mostly useless e.g. most if not all were for the combined bandwidth.
I now run ntopng on another x86 device and use port mirroring to capture the traffic that goes through the OpenWrt device.
What kind of resource needs are we talking about here ? The router I use at home is a R6220 (OpenWrt description "It comes with a large 128 MB NAND ROM with space for many packages and a single core (dual thread) MIPS CPU powered by 128 MB RAM"), do you reckon there is a chance for it to run there ?
I’ve been disappointed with every consumer grade router out there. Countless bugs from annoying hiccups to a daily reboot. I feel like I’ve replaced my router every couple of years, never spending less than $150, up to $250.
Finally I splurged for a UniFi Dream Machine a couple of months ago and I could not be happier.
Nothing against the OpenWrt folks of course, but the reason these projects exist is the router vendors just suck. I won’t give them any more of my $ (Linksys, Netgear, ASUS in my case.)
That was my thinking with going with MerlinWRT. I splurged and got an Asus ax88u, then spent two weeks trying to get it to work before returning it.
I do think part of the issue is WiFi technology is diverse enough that the latest and greatest are optimized around 5Ghz and newer specs whereas a lot of IOT (which I use) is still old school 2.4.
Anyway I tried OpenWRT for a while but went back to DD-WRT on an Archer C9 which has been just about perfect for my usage.
I generally agree but I'm heading back from a trip to Russia and I was surprised by how good Keenetic's [0] equipment was. It's a brand that apparently only operates in Russia, Ukraine and Turkey.
I was impressed because of how clean and workable the stock web UI is, as well as how many features it has. They have some of the more obscure normal things like IGMP proxying (with a very user-friendly UI for configuring it) but what really impressed me was that it even had WireGuard support as an official installable package.
I'll stick with my UBNT gear at home but still, for a consumer brand Keenetic is pretty nice.
I've just installed openwrt on mikrotik hap ac router. Damn that thing is nice. The UI is way more user friendly and expandable. Built-in pi-hole analog (adblock) works just fine, wpa3 support is also there. And all that is installed in just a few clicks.
Couldn't agree more. Consumer grade routers are all buggy or have some proprietary features that just don't work with Openwrt.
I've been using ASUS based routers for the last ~10 years (with Openwrt) and a few months ago decided to upgrade to something else.
After researching what routers are out there, I ended up getting a Turris Omnia [~320 eur].
It's running a fork of Openwrt. Can probably run vanilla Openwrt without too many issues.
There's also Turris Mox - a modular design from the same people, but I ended up getting Turris Omnia, since they pack 2gb of RAM into that router and it has 3 miniPCIe slots on it.
Consumer grade routers are all buggy or have some proprietary features that just don't work with Openwrt.
Not sure how much it's still the case, but for a long time there were a bunch that worked just fine with OpenWRT as long as it was the forked 3 generation old version that was the official firmware.
I agree that much of the problem is the hardware. I went through several cheap routers before I finally found one that was stable after a year of use. That one worked great for >8 years.
I just upgraded, and went with a device intended to be a commercial AP, but since it has two Ethernet jacks, it makes a great router under Openwrt. So far, it seems pretty good, but I'll be happier if I see uptimes of more than a year.
I must admit I’m a big fan of the UniFi stuff too - for prosumer use it’s excellent, has a tonne of features and for the most part is fairly stable. Just a shame that sometimes they abandon hardware a bit too soon, or promise features that never materialise.
It’s worth noting that OpenWRT doesn’t just run on “embedded”/“dedicated” OEM router hardware: it works great on any x86-based system (often sold as “pfSense” boxes, etc.) as well and offers a lot of great functionality.
I was thinking of trying this out, but I imagine, with VDSL(2), there aren't any significant latency bonuses when doing it. There are way to few VDSL2 PCI-E cards available, if at all.
Edit: ...or does VDSL2 run with the ethernet protocol and just needs a standard nic? The VLAN ID tag makes me think so, but the GDMT993.5 (Vectoring) tells me it could be something more...
VDSL needs its own NIC, as it operates very differently to ethernet. Recently I discovered that my telephone line was operating on one wire, but VDSL was still operating in a degraded fashion. Suffice to say this would totally prevent ethernet from working.
ADSL could only encapsulate ATM frames (hence using PPPoA), VDSL includes a new mode called PTM that can encapsulate ethernet frames. This may be what you were reading about.
I guess? Well, suffice to say, one does need special equipment to communicate over a VDSL line, it's not just applying a different protocol over a standard NIC.
The only PCI-E VDSL2 card I've seen is the Draytek VigorNIC 132. (Which, BTW, should really also have a low-profile backplate. :/ )
I can't deny I'd be curious to play around with it on an x86 OpenWRT system, but at about 200€, it's a bit pricy...
My current setup has a latency of 8ms, of which I'd speculate that at most 2ms are due to the router+modem? Could an x86 "monster" router+modem bring that down to 0ms?
Most of that latency would be VDSL, it was around 20ms RTT extra latency on ADSL though. The encoding has extra overhIf you really want 0ms latency, you'd want to look into fibre services.
You should also look into buffer bloat, and see if that's affecting your latency.
I assume GP is aware of that, and from what I understand, he is pointing out that OpenWRT also happens to run great on various x86 hardware/SBCs sold as "pfsense boxes".
to encourage others.. wpa3 for me was install of one package (opkg install --force-overwrite hostapd-openssl) and changing one config line (encryption = 'sae'). Client had no issue connecting (wpa_supplicant 2.9 on ubuntu 19.10, though only nmcli shows the connection as wpa3). The various dragonblood attacks are mitigated in current hostapd if I'm not mistaken.
If you only have WPA3-capable devices on your network, setting encryption=sae is fine. I have to support WPA3 incapable devices and thus need to use the sae-mixed option (also the wpa_supplicant patch I use requires wpa2-psk support).
There was a time when I had the free time to install dd-wrt on a brand "new" Linksys WRT54G and fiddle with tons of features but today I'm completely satisfied by my FRITZ!Box(1) that requires near zero active maintenance.
I don't get thousand of features, but all the ones I need at home.
I'm honestly curious: why do you guys use OpenWRT, dd-wrt, tomato etc.? Re-using old hardware? Flashing bugged cheap routers that work bad with official firmware (that's never going to be fixed probably)? Need a specific feature not normally available on home net devices? Just enthusiast about the project or simply enjoying the hacking?
(1) I spent a few euros more on it than the typical home network appliances but I gained them back in quality, reliability, active support and development: no crappy hardware, no bugged software and zero issue with my 15+ WiFi devices in my house in a year.
1) The default firmware on the consumer routers I've had failed to support even the most basic features, like VLANs and virtual wifi interfaces. Forget about custom routes, firewall rules, dnsmasq options, dynamic DNS or anything else.
2) It doesn't come with the source, so it fundamentally cannot be trusted. A router that can't be trusted isn't very useful, and so proprietary router firmwares are simply unacceptable on their face.
Though i have to concur they usually do their job, the Fritten annoy me to no end. First i don't like their UI, then i don't like the company AVM for taking a hostile stance
against the opensource/modder community. I don't need their features for integrating their smarthome stuff. Yet i can't disable their broadcasts in my LAN when they try to find other
AVM stuff. AVMs comment to other users who complained about the same: 'Block it in your firewall.' In older versions their IPv6 support was shitty. They disabled Telnet/SSH.
They are a monoculture for users in blissful ignorance.
Their design is ugly. If they come from the ISP they gather which devices are connected internally in regular intervals
and get that wrong. For instance the ethernet of some docking station is recognized as a Playstation from Sony.
They clash with my opinion of how my internal network has to look and operate.
That they are considered as one of the better options just shows how crappy the market in general is.
And therefore alternatives like OpenWrt are needed!
I similarly wanted lower hassle, but went in a different direction of just moving routing back to a full amd64 box running Debian. Now all tinkering is standard configuration, will cleanly carry across upgrades, and lives in git.
I still use OpenWRT/DD-WRT on a few standalone access points, because I'd rather have a standard webui than dealing with manufacturer idiosyncrasies. Although when it's upgrade time I'll be tempted to move further in the amd64/hostapd direction.
I'd read about any caveats first. The EdgeRouter, for example, has Cavium hardware offload that requires a proprietary kernel module. It's much slower without that.
Although their hardware is good I find their software to be a bug filled mess. The EdgeOS 2 series in particular has been disappointing. Impactful bugs that have been extremely slow to address and loss of functionally on some devices which was promised to be resolved but still hasn't. I still can't get IPv6 to work on my Verizon FiOS connection because EdgeOS doesn't support the required options despite years of customers requesting the options being supported.
At the same time as this they have attempted to slip a call home function in unnoticed and stopped living up to their obligation to provide source code under the GPL.
Edit: I checked after posting this comment and Ubiquity is once again making the GPL source archive available. It had disappeared for quite a while and there was a bit of an outcry regarding it.
Run OpenWRT on some Edgerouter Xs in my house and for me it’s consistency of the interface/configuration between all of my network devices and also full control. Runs OpenWRT quite well.
I am considering doing the same. What kind of performance are you seeing running OpenWRT? I know with EdgeOS performance is lackluster without using the NAT offloading module.
Nothing is very clear, but I get the impression that:
- targets labeled "ar71xx" can only use the old driver, and will probably not be supported in future releases. Consider replacing such equipment.
- targets labeled "ath79" have already been ported (or started out?) with the new driver, and owners may ignore the whole topic.
- targets labeled "ar71xx-to-ath79" have a commitment for support for the new driver, so that all future releases should work with this hardware (even though this latest release still uses the old driver).
Can somebody confirm whether this is an accurate understanding?
I have tp-link AC1750v5 routers, identified with the third bullet above. Can I ignore this, or do I have to do something to switch it to the new driver?
OK, so it appears that changing to the new "driver configuration" mainly affects what names the devices have in /dev and /sys, which would make your current router configuration not work, without some active translation, first.
So, when you install the new boot image, you choose which, and if you choose the ath79 one, then when you restore the configuration, something runs to translate it for the new names. Presumably, then, if everything seems to work, you make a new backup with the new settings, and everybody can forget the old names.
I just installed this today and have been struggling with the WPA3 on my Linksys all evening. I finally gave up for the evening, and opened HN, to find these release notes at the top of the front page.
Some of my specific issues were addressed, if I had simply bothered to read the release notes carefully. Instead, I found my update file, and updated. When WPA3 didn’t show up, I poked around forums for workarounds and finally found some answers that helped. Now my other clients couldn’t connect/stay connected, even to the WPA2. These notes clearly mention this, as well as the libup issue I solved via - -force-upgrading
I really appreciate the effort the OpenWRT folks have put in to collecting useful snippets of documentation for odd cases and uses. Sure it might could be better organized but it's there at least.
Sooo... if I want to move my VPN (WireGuard) termination from my Raspbian to a more dedicated device like a royter, what are the option at a reasonable price (say, 100$ or €, as I am european) and reasonable power? Better if with integrated wifi controller and antennae. And which distribution besides OpenWRT?
Thanks!
I have an End-Of-Life'd SG-1000 from PFsense developer NetGate https://www.netgate.com/solutions/pfsense/sg-1000.html
The thing no longer gets updates as of October 2019 and was never particularly well supported, but feels like an absolutely perfect OpenWRT target
I've poked at it on and off with regard to getting Linux running, as it seems to be heavily based off a standard, old Ti SoC "evaluation board" and it /mostly/ works
The problem I've run into though with the upstream kernel is the ethernet NIC's appear to be linked. If you unplug either interface, they both stop responding until they are both reconnected to active devices. I'm not well-versed enough with ARM DeviceTree to figure out what the issue is, nor do I want to buy the Ti hardware SDK to test it with
The old 4.4.3-yocto files Netgate sent me do appear to work with it, and the DeviceTree even works up to 4.19-LTS with minimal modification https://intelminer.com/pflin.zip