Ask HN: Best current model routers for OpenWRT, DD-WRT, Tomato, etc.?

The first thing you need to know is that the OpenWRT project is basically dead and that 95+% of the developers went over to the LEDE Project. However, LEDE has not yet published a stable release yet. You can get nightly builds that are in pretty good shape though.

I would highly recommend an ipq806x-based system, if you can afford it. Almost always matched with qca9880 radios. These are modern 802.11ac wave2 systems.

ipq806x is a Qualcomm-Atheros SoC. Go to wikidevi for specifications on the chips and all of the devices I mention below.

Check camelcamelcamel for recent pricing info if buying in the USA.

The list would be:

Linksys EA8500

TP-Link Archer C2600 (Not recommended due to TP-Link going anti-OSS. Modern versions require signed firmware and other DRM junk)

Trendnet TEW827DRU (Not yet accepted into LEDE, but could be any day now)

Netgear R7800 (Has a slightly faster CPU, but more expensive)

Netgear R7500v2 (Avoid the V1)

ZyXEL NBG6817 (Has the same slightly faster CPU as the R7800, but it's storage flash is goofy and I'm not 100% sure it's fully working. Ask the lede-dev mailing list first.)

The top issue that all of these devices have is that the 802.11 radio LEDs don't work yet because the driver is missing support for it. However, if you can live without blinking lights, these models are the way to go. This feature will almost certainly get fixed in the future.

I would tell you to go with the Linksys EA8500 if price/value is your concern. Otherwise the Netgear R7800 has a very active dev and probably has the best support. The ZyXEL NBG6817 looks really interesting to me, but I don't have one yet.

If $140-$200 USD is too much for you, look to some older 802.11ac devices. Like I said above, avoid TP-Link as they have started locking down their devices by removing serial ports and requiring signed firmware/DRM etc.

Your list here in comments is pretty good, though I'd avoid the TP-Link unless you can get one that is older (before TP-Link became anti-OSS.)

Good luck

I have the Asus RT-AC68U/TM-AC1900. I bought it from T-Mobile for $60 and flashed it to stock and then put Asuswrt-Merlin on it (but you can use Tomato or DD-WRT). It does take a little work to flash it to stock (like Telnet'ing into the router), but it wasn't bad and for $60 I ended up with a wonderful router. There are guides online for flashing it back to stock.

If you're looking for information, I suggest SmallNetBuilder. They have very thorough reviews: http://www.smallnetbuilder.com/tools/rankers/router/view. It looks like the RT-AC68U is their #1 pick for AC1900 router now. It used to be their #2 pick under their previous testing methodology (after the R7000 Nighthawk from Netgear). That's slipped to #3 under the new testing and the Asus has taken the top slot.

Asuswrt-Merlin isn't such a radical departure from stock, but it has some nice features and allows me to do things like edit the etc/hosts to block certain things.

The Asus RT-AC68U is probably one of the top 2 AC1900 routers out there and T-Mobile is selling it for a song (even if you're not a T-Mobile customer). It's a little work to re-flash it so read a guide and see if you're comfortable with that. Or you could buy a stock RT-AC68U and get SmallNetBuilders #1 AC1900 router overall, for 2.4GHz avg throughput, 2.4GHz max throughput, 2.4GHz range, 5GHz avg throughput, and 5GHz range.

I know others have recommended this already, but I would also say that your best bet is to buy some Ubiquiti hardware. An EdgeRouter X + UniFI Pro dual-band AP is on the order of $200 from Amazon and has way, way better functionality than SOHO hardware of same price point, with the principal issue that it is enterprise hardware, and is very much not point-and-click to set up. I think the tradeoff in functionality and build quality is worth it, though.

I recently replaced my PC router running pfSense with an EdgeRouter X - at ~$50 the power savings alone will probably pay for it in less than a year, and the only thing I can't do with it that I could do with pfSense is create a standalone OpenVPN endpoint - so I'm moving that functionality to a server that was running anyway.

I use two devices to handle usual definition of the router:

  1. Mini PC[1] running as a router (pfSense);
  2. eero to handle the wifi.

Why? I've tried many times to use dd-wrt, openwrt and tomato firmwares on my routers, but every time I failed miserably: it's either something stops working, or I need to schedule routers reboots and so. So I gave up. Since that time, mini pc [1] is the third system which routes my traffic, acts as VPN gateway, proxy server and so on on my home network and I've never been happier. With eero I've got even better coverage comparing to the previous Airport Express.

[1]: https://www.aliexpress.com/item/Latest-windows-8-mini-pc-min...

For now, by my research the best candidates are

- TP-Link Archer C7 (supported by both DD-WRT and OpenWRT, and recommended by the latter)

- Linksys WRT1200AC/1900AC (supported by both DD-WRT and OpenWRT)

- Ubiquiti UAP-AC-LITE/LR/PRO (OpenWRT, diffrent models depending how much speed/range do you need. No routing here, just access points.)

For any models discussed, please keep in mind that depending on the hardware version, the firmware support is different.

I highly recommend just building a Thin-ITX router. I have a post of how I built mine here:

http://penguindreams.org/blog/building-a-thin-itx-router/

I paid too much for parts. You can easily construct one of these for under $200. I'm sick of ARM and needing a different image per device.

AVOID the ClearFog and BPI-R1:

http://penguindreams.org/blog/review-clearfog-pro/

http://penguindreams.org/blog/banana-pi-bpi-r1-fails-into-an...

I cannot recommend either of them (although if I had to, the BPI-R1 is better than the ClearFog. Just don't expect it to be stable)

I bought the Buffalo N300 not long ago:

https://www.amazon.com/gp/product/B00IB8IVDQ/ref=oh_aui_deta...

I've been extremely happy with this purchase, admittedly I'm a bit of a high-demand user (I host a number of minor services for myself and friends including TeamSpeak, minecraft, as well as operating two Xbox Ones) so I needed something with good port forwarding support and UPNP. Rock solid, straight DD-WRT interface with minor branding, shell access, and monitoring support. This router's been an absolute champ and I'd recommend it to anyone.

I used to run a modified advanced tomato (advancedtomato.com) on a few Asus routers. But the build process is terrible and I got sick of maintaining it. Looked at openwrt and lede, but still a pain to maintain.

I recently decided on the ubiquiti edge router x ($49), ac-lr access point($90), and pihole($50) on a raspberry pi for DNS. The pi also runs DNS crypt. But now everything gets regular updates and the firewall config and stats on the edge router are great.

If all you need is a wireless network the UniFi AP-AC series is great. I don't have any reason to put OpenWRT on it.

In the past two years, I've bought...

- TP-Link Archer C7. This supports our office of ~30 ppl and has been bullet-proof since day 1.

- TP-Link N600. Cheaper but still 5GHz. Also super stable, I use it as a wifi bridge daily.

- I just bought a Netgear R6300v2 which will go in my home. Have not used it much yet but for the price it's an ARM core with a lot of Flash & RAM so I'm excited.

Caveats: I don't know if in practical terms new-ish TP-Links (later than Q2 '16) are harder to flash due to them supposedly cracking down on third-party firmware. At the time they were super easy, I just downloaded the latest from ftp://ftp.dd-wrt.com/betas/ and followed standard instructions.

Caveat #2: For Broadcom/ARM builds you probably don't want to use builds from ftp.dd-wrt. Intead you want KONG's build, see: http://www.desipro.de/ddwrt-ren/K3-AC-Arm/Readme and search the forums for latest KONG builds.

Finally, reading Amazon reviews for any supported model helps as well, you'll find a few ppl who relate their experience putting ddwrt on it.

EDIT: if your budget is $100+ I've also read good things about the Netgear R6400 and ASUS AC66 and AC68 but don't have any direct experience there.

This is not quite what you ask for and a little more expensive that some options, but I use a PC Engines APU2 running Alpine as my router+wifi access. Great little machine that is much more functional than typical home router hardware, and it boots using coreboot. A good option if you like setting up everything by hand.

More about APU2 at http://www.pcengines.ch/apu2b4.htm

A router has nothing to do with providing WiFi. You should have a separate router and WAP.

For the router, any fanless mini-PC with two ethernet ports. Run OpenBSD or pfSense.

As long as you can do without 802.11ac, make sure you get something supported by the ath9k driver, which IIRC is the only driver that doesn't need a firmware blob. So all the people working on bufferbloat etc. are using that driver for their tests, so you'll get the improvements first.

I have a TP-Link TL-WDR3600 v1 running OpenWRT. It was cheap, and works fine.

Direct from real world experience, a few points of architectural guidance.

1. Use WiFi routers for WiFi.

Avoid firewalling, NAT, authentication protocols, the strongest levels of encryption, or other packet changes/control on the WiFi Router.

Resources are always constrained. Mentioned processes consume resources and the load only appears under real world conditions that you did not anticipate or could not replicate in test.

2. Distribute (as much as possible). A little work/cost up front will save you down the line.

A lot of WiFi routers support multiple radios (IE 2 radios). That gives you three points of failure for every router - one for each radio, and one for the router. Take one dual band router down and everyone in the coverage area loses connectivity in both bands.

Separating these will provide improved redundancy, throughput, offloading, and etc.

What fanless mini PC should I use to run a VPN gateway at line speed? I see a lot of random boxes reccommended on aliexpress, but which one should I buy? Should I just get whatever one, as long as it has the right AES instructions? Or are some of them awful?

mikrotik routerboard with a ubiquiti wap. I've never been happier.

Very interesting question I've asked myself a year ago. I ended up buying an old Netgear WNDR3800 for $15, and put OpenWRT on it. And it works great! It has enough ROM to install most of the services you would probably need need (ssh, iptables, smb, shadowsocks, dnsmasq, time machine, dyndns, are running altogether perfectly well) and enough RAM as well. OpenWRT itself isn't perfect, and I had to setup an package building environment on my machine to install some packages (typically shadowsocks) on the latest stable build (currently 15.05.1). But it works. And it works great. Speed is good, and I don't see anything I would have to complain about that disturb my needs/usage. I like the modularity and I love having a real Linux I can ssh to as router.

I've been quite interested to read about the fact developers from OpenWRT are moving to LEDE. Maybe it could be worth it to wait - as I said, OpenWRT isn't perfect and I'm sure a lot of improvements can be done. I haven't tried LEDE though. But I think, for a small office/home network, just getting an (reasonably)old/cheap yet powerful, compatible hardware and put OpenWRT on it is quite a good solution at the moment.

I've used OpenWRT in different incarnations over the years, and at this point my suggestion is to forget about OpenWRT and buy some Unifi hardware from Ubiquiti. You get almost the same amount of control from Ubiquiti's pro line, plus the hardware is really solid and it all Just Works.

Now that the enterprise-level Ubiquiti stuff is so insanely cheap, there's basically no reason IMO to fool around with open-source router projects.

Among the open source router options, what's the best for multi-WAN and flexible QoS?

I was looking at switching from ASUS on Merlin to Tomato for better QoS and to try out multi-WAN that was added in shibby about a year ago. I really want the internet to be reliable and fail over to a 2nd connection and then back fairly seamlessly.

Am I better off using pfSense (or something else) vs trying one of these integrated router/wireless firmwares?

Years ago I started looking for multi-WAN and got the very disappointing Linksys / Cisco RV042. It worked, but the interface was crap and it lacked a lot of the features that even consumer routers had. For an office of up to 50 people (and 2x devices) we've been using an ASUS RT-AC66R on Merlin and it's worked pretty well in that it's rock solid stable for many months at a time, has a bit of features - now including nice graphs for per-host bandwidth monitoring, and basic QoS and multi-WAN. The biggest issue is that QoS options are limited and it's hard to know if it's even working properly. The multi-WAN auto failover seems buggy and that seems like an area that Merlin hasn't touched.

I recommend buying a simple Access Point (AP) but with enterprisy components, like xclaim xi-3, and treat it as a stupid radio device while running layer 3 services with DHCP, firewall, etc on a separate device (or a vm) with pfSense. This way if you have problems with radio signal, you can just replace or buy a different brand AP without changing anything on your network stack.