A couple years ago, I replaced my Airport Extreme with Ubiquiti gear (Dream Machine - DM). I believe I was seeing ‘buffer bloat’ in the Airport Extreme, and I had a friend who had a lot of success using Ubiquiti in a relatively complex home/home office setup like mine. The initial installation was painful, but when I changed ISPs (from paired DSL to fiber-to-the-house :-) ), the transition was easy. A few DM features were hard to use or were missing, but I’ve been very happy with the level of updates since I deployed the DM. Some of the newer security features in particular have been easy to configure (such as ‘block all Meta IP addresses at the firewall’ and some adaptive DDoS blocking…) I still have one problem with Ubiquiti hardware where a relatively new WiFi extender does not play well with my 3 year old iPad. Other than that, if you can afford it, Ubiquiti has worked for me.
Before I went with Ubiquiti, I did try Eeros, but had problems getting that stuff to work. Several neighbors have Eeros and have been happy, and I helped one neighbor configure an older set of Eeros in his church (including running some ethernet cable where signals were blocked by concrete walls.) He’s been happy with the level of support from Eero and the features there.
I de facto standardized on TP-Link routers re-flashed with OpenWRT. One bonus is that I was trolling a thrift store and found an AC1750, that matched other routers scattered around my place, for $3. It didn’t have a power supply, but I ended up using power over ethernet anyway.
One nice thing about OpenWRT is that I would often end up fighting routers’ built-in user interface to get the functionality I needed, even though I knew that the underlying hardware and lower-level firmware supported it. OpenWRT seems to have support for any of the crazy networking configurations I’ve dreamed up.
There’s a price, unfortunately. While I’ve found that flashing the OpenWRT software is pretty straightforward, getting an initial configuration going is a lot more involved than it is on consumer-grade devices. For example, by default OpenWRT comes up with the radios disabled, so you’re going to have to connect with a cable to even get started with configuration.
… depending on your device. I noticed, for example, that if I would install it on my Linksys MR8300, I need to install an old version, then manually change some of the boot parameters, and then install the latest version. This is because the factory boot partition is too small to hold the current release and you need to make it boot from another flash partition. Failure to do so will brick the device (although you can recover by jumping through a few hoops).
I personally think this is a great idea. Insecure Wi-Fi is a massive vector for attack. Maybe not a concern if you live in a single family home, but could be a problem in an apartment building. By forcing you to only use Ethernet for the initial configuration, they can make sure nobody slips in through the back door before you’ve secured the wireless connection.
I wish the Linksys factory firmware did this - they require you to use a mobile app and Bluetooth for the initial setup.
Keeping a home router up-to-date with respect to security can be more difficult than it should be. The same can be said for selecting a new router for purchase.
As was mentioned in the first post in the thread, it is entirely possible to walk into a store and buy a “new” router with firmware that is a few years out of date. It’s even possible to buy “new” equipment that has reached its “end of support” and will receive no further security patches.
Before buying a router, definitely check the manufacturer’s website to make sure it is still supported. It’s not always predictable by the model number. For example, I have a Netgear RAX15 that is still supported, but models like the RAX35 and RAX45 are no longer receiving security updates. Depending on the manufacturer, look for information about lifecycle, end of service, end of support, or end of life. Complicating matters further, some models will have several different hardware versions, each with their own end-of-support dates and different firmware compatibilities. It is not always obvious from the packaging which version of hardware is in the box.
Buying on Amazon can be particularly tricky. For example, you can buy refurbished RAX35 and RAX45 routers there, but the product pages have no indication that these models no longer receive security updates from Netgear.
Even if a model is still supported by the manufacturer, check to find out when it was first released. My RAX 15 was released in 2020, so I expect it will reach end-of-life soon. I generally wouldn’t recommend buying a router that has been on the market more than two or three years unless you get a spectacular discount.
I really like having the option of using OpenWRT or other types of alternative firmware, but it’s not for everyone. There are installation tutorials on the web, but it’s definitely more complicated than simply downloading an app or loading a web page. Also, not all routers will accept third-party firmware. For example, I neglected to check my RAX15 for compatibility before buying it, and I was disappointed to find out that OpenWRT does not support it. I do have an older Netgear router that is supported, and it is interesting to tinker with it. You also can run into situations where some hardware revisions of a router will work with OpenWRT, while others will not.
I switched to Firewalla, and I couldn’t be happier. They were founded by ex-Cisco employees, initially funded via KickStarter, and they’re continuing to innovate. Performance has been great - I have no complaints.
Prior to this, I used Ubiquiti UniFi for a number of years, and I was reasonably happy with them as well. They’re also continually innovating. I actually switched to Firewalla originally because at the time UniFi didn’t offer a router with dual WAN ports, and I wanted a failover once I started working remotely full time.
Is the above discussion about using a router in addition to the one usually given by an internet service provider? I ask because that is my situation. Bell Canada is my internet/TV/phone provider. They have given a device to me that they call a Home Hub, which I believe is a modem and router.
As @shamino pointed out, installation can vary depending on device. In the case of my TP-Link Archer A7 routers (that still had working factory firmware installed) the process was to just use the devices’ browser-based firmware update procedure but substitute a downloaded OpenWRT firmware image for the manufacturer’s proprietary file. It’s platform agnostic. I used a Linux machine, but a MacOS or OpenBSD or iOS or Android or even Windows browser would have worked just as well.
When Apple announced they were discontinuing the Airport Extreme in 2018, I immediately bought one and am still using it. Having read about so many Chinese routers with possible back doors built in, I figured the proprietary admin interface in the Apple routers has to be better. At some point we won’t be able to administer them anymore, or my hardware will fail, at which point I guess it’s back to some tomato flavored solution.
I don’t really care about Time Capsules but I really wish Apple would keep making the routers.
Good question. The preceding discussion has been about personally-owned routers.
Assuming compatible hardware, the third party software under discussion can be used to:
maintain the security of routers after the original manufacturer has dropped support for them,
add features to routers that aren’t supported by the original manufacturer, or
provide the owner with more flexible configuration options.
The software we’ve been discussing doesn’t support the modem and telephony features of your ISP-provided equipment. Nonetheless, some people like to use a separate device for routing and/or wireless networking than their modem/telephony device, usually for reasons 2 or 3 above. That’s probably a subject for a different post.
If you use ISP-provided equipment and aren’t interested in maintaining a more complicated environment or buying your own equipment, the key thing is to replace the equipment when your ISP recommends. It’s worth checking your ISP’s support site or app periodically to make sure you aren’t missing any important notifications.
I finally got around to revisiting this topic. From a table at the OpenWRT web site, it appears that OpenWRT does not support my router (which is identified on the box as both tp-link AX3000 and tp-link Archer AX50). However, it also appears that OpenWRT does not support tp-link AC1750, so maybe it’s not important that a model be listed in the table of supported routers. Any guidance?
The web-based configuration page for my router says my hardware is Archer AX50 v1.0. At the OpenWRT web site, there is a warning about devices with only 8 MB flash and 64 MB RAM. I could not find any information about flash memory or random access memory for my router at the tp-link support site. Should I be worried?
If my router is a candidate for OpenWRT and flashing OpenWRT is a good idea, then it sounds like I should connect using an ethernet cable before flashing. Am I understanding that correctly? Thanks.
The Archer AC1750 also goes by the name “Archer C7”, and is listed under that name. There is even another name, I think “Archer A7,” that is identical to the C7 but with Amazon Alexa support added. I would not attempt to implement OpenWRT on a router not on the official list.
As to the AX50 specifically…
Quickly looking through the thread, it appears that support is unlikely even though the router’s stock firmware is based on OpenWRT.
The good news is that I don’t need to spend any time trying to update the firmware.
How do you learn of alternative names? In particular, I also have a GL-iNet AC1200 Wireless Travel Router that I take on trips with me. I did not find that model in the official list. How would I learn if it is the same as a Good Life travel router on the official list?
I don’t have a clean answer. In the case of my routers, the model on the front panel is AC1750 but if you look at the serial number plate on the bottom of the router the model is given as “Archer C7.” When searching for information online, I once saw a mention of (what I recall being called) the Archer A7 as being an Amazon-rebranded C7.
A search of “GL-iNet AC1200 OpenWRT” would likely prove instructive.
I have seen comments in the OpenWRT forums to the effect that commercial routers can be “based on OpenWRT” but not be compatible with OpenWRT firmware as currently released. I assume this to be some combination of “we used OpenWRT but developed some proprietary drivers which we didn’t release as open source” or “we ported an older version of OpenWRT but haven’t kept up with newer versions.”
Ha! My front panel doesn’t say anything (besides GL-iNet), but the back panel says AC1200 in bold, and then says the model number is SFT1200. The GL-iNet web site doesn’t admit to knowing anything about an AC1200, but it does have firmware for the SFT1200. Thanks!
But I’m confused about Sysupgrade vs uboot. A discussion says always to use Sysupgrade. But the download page doesn’t mention Sysupgrade; it has common upgrade and uboot. I suppose I want common upgrade, but I wish I knew what they meant by Sysupgrade.
If it is actually a SFT1200, you should be able to login to router’s admin page. Then click on the “System” button at the bottom of the page. There you will find an “Upgrade Firmware” option to install the latest firmware (currently 4.3.25 updated in March).
