I used to have an old router that I assumed was useless since my ISP stopped providing security updates for it. However, after some research, I discovered it was a TP-Link Archer C7 v2. I decided to flash it with OpenWrt, and to this day, it’s still part of my network, performing exceptionally well. I absolutely love OpenWrt!
Archer C7's are absolute workhorses with OpenWRT!! I have 3 C7v5's and an A7v5.8 (the Amazon-customized model) all running OpenWRT in my network, 3 functioning as APs and the 4th a wireless-to-ethernet bridge. My main router is a C7v4 with the stock firmware, but once I swap that for a different unit, it's gonna be flashed as well to be an IoT router, because the v4 has swappable antennas while the v5 doesn't.
It's been a super reliable model for me! converted one to a wireless bridge for rare cases of needing "wired" connectivity in a room where my monitor is to set up proxmox machines, before moving them to a proper wired location as headless devices.
Tip: If your router doesn't have enough storage for installing packages, there is still hope, if the router has a USB port, you can simply add a a cheap 8 gb flash, and with a github script, the openwrt will recognise it as storage
Wouldn't another useful option for storage-less router be as a Unmanaged Switch too? (I presume that a Managed Switch would require some internal storage/memory?)
Run OPNsense as your main router, then use old wifi openWRT routers as a bridge with multiple vlans /ssids trunked back to your OPNsense router. OpenWRT rocks and makes it pretty easy to setup different wifi vlans for IOT, guest, work, mgmt, etc. but as your main router? Only if you don’t have a lot going on.
What's the point of all that in a home network? Protecting your cheap Chinese made cameras from the company that built them from spying on you? That seems to be about it: being able to run devices you shouldn't and don't actually trust.
@ when you gain more experience you will get a better understanding of the reasons. You really shouldn’t trust any devices or software period, first of all. The other major reasons for network segmentation is simple organization. It’s easier to track, monitor, and manage. Some of us have a lot going on in our homelabs, some of us run hundreds if not thousands of devices, VMs, containers, etc. some of us are using our home networks to learn how to do things at the enterprise level. Hope this helps you broaden your perspective.
I've been running OpenWRT since the WRT54G, and it does what I need it to do and it's good to see it getting some positive press. It replaced an AST Pentium Pro 200 desktop running openbsd in my closet which was loud and power hungry (relative to the WRT54G anyway.) I have been contemplating buying an N200 system to replace my aging router (it's not still the 54g, it died a long time ago.) I appreciate your bravery, tackling topics your not 100% an expert in!
Went with a N100 System. Been very stable and set it, forget it. Every now and then, I run updates. Installed Proxmox as base OS with Opnsense, Home Assistant (including Zigbee & Zwave), Vaultwarden, Nginx Proxy Manager, AdAway. Been completely satisfied for about a year now.
Certainly glad this project exists but after migrating over to an x86 mini PC with OPNsense and a cheap used business WiFi 6 WAP, I'm never going back to an all in one router. Having the router separately from the WiFi wap frees one to be able to swap out their WiFi portion without having to rebuild your whole network. When corporations upgrade their waps every few years the prices as used devices plummets when they all hit the market at once. I'll keep my rather expensive N100 mini PC router and just upgrade the system software now and then buy them incan swap out my WAP easily when I want to upgrade to the next thing the corporations have left behind. Yes, I'm always WiFi standard behind the latest and greatest but I get high end business network hardware on the cheap. And I get to do it without a ton of work since the router stays the same.
100% this. Best to run both unless you are a minimalist. Case in point, I added wifi 6E to my location while keeping the old wifi in place, no devices to reconfig, no change to existing setup.. easy to add and remove, expanding or contracting my network with ease.
Whenever I need to upgrade my Wi-Fi I just get a newer router with OpenWrt and transfer over the same configuration. No need to build your network from scratch.
Finally, someone covering OpenWrt, the only modern and as much upstream as possible router OS. It also supports SQM, AQL, FQ_Codel by default, so QoS is better than *any* vendor router software.
The way I run OpenWRT is as an LXC container, which means memory used basically 0, it runs alongside everything else running on my passively cooled NUC.
I bought 4 used Netgear routers all the same model, flashed them to OpenWRT, now I have managed Access Points and I use them as managed APs with SSIDs connected to various VLANs.
Which Is Better? It really depends on your use case: OPNsense is ideal for users who need a full-featured firewall with advanced security, are willing to work with higher resource requirements, and prefer a user-friendly interface for enterprise-level or heavy-duty home network setups. OpenWRT is perfect for those who need flexibility and customization and are running low-power hardware (or older routers), or if you want to experiment with Wi-Fi management and wireless networks. It’s great for home use, DIYers, and those comfortable with manual configuration. If you’re looking for a powerful firewall, OPNsense is likely the better choice, but if you want a lightweight, customizable solution that works across a wide range of devices, OpenWRT is a solid pick.
I love the fact you're learning and digging into the bones of everything as you go along on your channel. OpenWRT is internationally saving e-waste! Capabilities do change from device to device, you do need to pre-configure a bit before you hit a GUI/WI, this kit becomes low maintenence too.
Your reasoning is sound, thanks for sharing the alternative and what it looks like. I just did it using pfsense and had the same experience, kept needing more and more knick knacks
One note that if you're getting slow speeds, turn off IPv6 if it's enabled. It may have just been me but I have a 2Gig network and noticed my speeds nearly halved when IPv6 was enabled. While IPv6 is good, not enough places are using it to make it worthwhile.
Just know wireless drivers with most routers won't be as good or up to date with reference to blobs with OpenWRT/OpnSense/etc. Use a seperate wifi router in conjuction as an AP only connected to your OpenWRT/*Sense, etc.
I run OpenWrt on proxmox with bunches of other containers and such and it routes 10 Gb fiber just fine and it's been solid AF for several years. Recycled some old retired desktop parts for hardware.
I love OpenWRT. I set it up on two identical Asus routers, one as a main router / AP and the other as an AP only. Setup 4 SSIDs and VLAN trunking between them. A bit of a learning curve but it works great. The stock FW was crippled with no VLAN support. It’s nice to take control of your hardware.
Great job on pointing out the feature most routers have, including the ones you ISP provides, of being able to block domains. More parents need to understand that they have the power to limit what websites their children are able to access and not shift that responsibility to others. Now if only MORE people took the time to learn how to use the features of the hardware they already possess.
I have patched xiaomi ax3000t (around 35 USD in my country) for openwrt (snapshot version). And this is the best that u can do with this router))) I have installed amnesia Wireguard on this router and all works good. Now i am waiting normal openwrt version for ax3000t (now i am on snapshot) Also, one week ago I have created LXC container with openwrt for my k3s cluster and it's works great!)
I have this exact device at home with openwrt as an access point (not router), and it's been great for that. at the time I bought it it was one of very few devices around with 4x4 wifi stream support. also using openwrt on an x86 virtual machine as a router.
the real biggest L with redhat based routers is the lack of good open source hardware offloading support, unless you've got like a shit ton of high clock cores
OpenWRT is the only reason my Linksys WRT1900ACS is still my only piece of network equipment. It's at least 8 years old, and Linksys stopped updating the firmware at least 5 years ago. But OpenWRT is keeping it fresh and functional with my 1Gbps f/o connection. I think the best speed I've gotten with Fast over Wi-Fi was about 600-700, which is pretty good for a nearly decade-old Wi-Fi 5 router. Pro Tip: Keep your network gear well-ventilated. Most of this unit's existence has been sitting on laptop coolers to increase hardware longevity and reliability.
Nice. I’ve been using OpenWrt for a while, and it’s been great. For the home, I’d pick a fleet of inexpensive routers running OpenWrt any time over real™️ network gear. I’m not a big fan of letting them do non-router things, though, and compete for limited resources.
upgrading individual packages has two issues: 1) sometimes specific versions are requires as dependency for other packages and when you upgrade it, that dependency is no longer there. and 2) openwrt uses something called overlayfs, which has one read-only "lower" filesystem with default configs and packages, a.k.a the sysupgrade image, and a read-write "upper" filesystem where your config resides. when you reset the router, it simply wipes the upper fs to go to factory settings. same principle is also used by android, but android does not use overlayfs it's a different mechanism with same principle. anyway, when you upgrade a package, the older verison of that default package keeps sitting on the lower filesystem, but it is marked as deleted on the upper, but it still takes space. this can easily break devices by filling up the flash memory, especially on devices with low flash storage, like tplink archer ax23, which has only 16mb of storage. yes, only aroun 8 megs is available for user after openwrt install, and tailscale(7.73 MiB) barely fits for example
This is exactly why I am no longer a fan of OpenWRT personally. Sure you can use cheaper routers to do some useful things, but if your configuration is more advanced involving extra installed packages, then the update process is IMO much more clunky.
@@TheMuso28 it is a good "access point/combo router" OS. not a "enterprise-gear unifi replacement type shit. run your adblock dns server on your pc, because writing constant adguard logs to routers flash memory is probably a very bad idea. you need dpi? cool, get a proper computer. i'll still use both together honestly. like even if its dumb ap it's nice to have some ping statistics running on the ap or being able to scan the spectrum etc. and dump aps really do not need package updates that much
Definitely a nice cheap option for a router with much more capabilities than off the shelf routers or ISP provided routers. You make a good point about the pfsense/opnsense route, I recently built an opnsense router using an Lenovo M720Q paired with an Omada EAP-772 access point and total project cost was around $330.
The reason for the sub gigabit Routing performance is NAT. If you'd have a v6 prefix delegated it would be bang on 1Gbit/s. Also as you correctly said (you just can't say it enough) don't use opkg to update pkgs. It's merely used to update things on ext4 installations of openwrt. Since every other installation uses squashfs alls changes made to the fs, will be layered upon the install. So deleting files will increase the storage usage instead of decresing it as it saves the metadata of the deletion, but does not remove the file. It's the same as with docker container images. This is why custom firmwares should be build to change specific parts about owrt. Anoher remark: you can use adguard, but you'd need to store all it's files on a usb drive though. Also it is a very capable routing platform (bgp, ospf, vxlan, wireguard, vrfs..) and can do everything you'd want, you only need to install the right packages. ;)
Hardware offloading mean that the CPU does not process the packages but there is a dedicated chip doing that task. So it's a must-have feature, moreover, it will be interesting to see some iperf benchmark between two hosts or directly between a laptop and the router to see the real speed of the router. Anyway nice video, you convinced me to buy a router that supports this os to install wireguard there instead of my raspberry!
as an openwrt fan rocking high-available openwrt setup at home, i have to say your point for "needing an poe source and ap for wifi" is just silly at best. any modern router with dhcp and firewall off, and lan connected to lan, can do just fine as an access point. in other words, take one of those all in one boxes and just use the acecss point part. you do not need an enterprise/prosumer grade access point as shown on video
i got an openwrt router, which is way less powerful (and less storage) than the one you got, and i have no issues running adguard home on it, and i stil have plenty of space for anything an average home user needs
Wooooo, I have this exact router and use openwrt on it, the price to specs is crazy for it and ofc openwrt was a requirement for me to buy the router, nice to see this getting the attention it deserves
I remember the excitement when the original WRT54G was "jailbroken", and people started writing addons for it. About the only part of the firmware that wasn't open source was the GUI. A new GUI was soon written, and fully open source firmware was soon available.
Im lucky to get 1.75 mbps. We run multiple devices on it. 500 mbps is straight overkill unless you have massive traffic from a server. Yes, the low bandwidth is noticeable when all devices are active but they still work. My point is that 1.7 will work, 10 is amazing with 10 devices. 500 is redundant and makes you wonder what you’re actually paying for. Should be a able to share that excess bandwidth.
also on another note, some openwrt devices have better wifi driver implementations than others. one way to sort of gauge that is to check resource usage with top command while loading up the wifi interface. also most devices cant use hardware offload features for nat etc. and on the ones that are supported you need to explicitly enable it. that might also be a factor limiting your suboptimal wifi bandwidth.
You can also use openwrt on older NAS devices that are no longer supported. Biggest issue is the upgrade process, I've not attempted to upgrade the version cos I don't want to lose all the backup data and the time it would take to resync cos mine is my backup - backup NAS
One time I embedded a firewall / router inside my computer. I removed TCP/IP from my hardware NIC and routed it directly into Hyper-V and used the virtual NIC as the TCP/IP connection. The only way I could get online is to boot the router / firewall in the VM.
For the majority of routers the installation process is far way easier. Just update the firmware from stock with the provided file, reboot and ready-to-go
I remember starting using openwrt around the time that fon's LaFonera free wifi router was released in oct 2006, openwrt was released january 2007 so guess that was the very first version, 17 years now.
I've had 3 Netgate pfSense Security Appliances. I thought I'd be running pfSense forever. Wrong! When Ubiquiti came out with the UCG-MAX, I bought one to play with. Well, that didn't last long. I've since retired pfSense in favor of UniFi.
I have this router with OpenWRT, unsure if they have fixed the below issue but: #1 - DO NOT UPGRADE CORE PACKAGES VIA PACKAGE MANAGER, it will brick the device, upgrade by downloading the new firmware again from OpenWRT and flashing the new firmware via the Web UI, I imagine tailscale and whatever else should be fine (I use as AP so I dont use packages) #2 - No need to run the last setenv command, if you leave the boot args for usb and keep the usb with that image on it named exactly the same in a drawer somewhere (not plugged in), if you do brick it from #1 (I have) then you can possibly recover from the USB without serial, you would still need to setup from that step again by plugging in the USB and doing the ssh / send the device specific firmware #3 - I also have speed issues with 5GHz, I think AX is supposed to be dual band to get WiFi 6 speed, although I could be wrong about this. Would test speeds with stock firmware and see how they have it setup before flashing OpenWRT
Never used anything else than the ISP provided router. Not sure about before I was doing my own networking stuff, but my current one has all the options I need, fully saturates my 1 Gbit FttH, and gives me up to 800 Mbit over wifi
17:50 I had this problem on a different appliance when I installed OpenWRT. Turned out the device was VERY sensitive as to which RF channels would work with WiFi6. Only about 3 of them, and 2 were already congested with neighbours AP's so yeah, after a few hours of trial and error, I hit a good setup and I'm never touching it again... 😮
I use DD-WRT because at the time I bought my router, it was the only compatible option available. I'm asking you: is there any mesh system compatible with DD-WRT or OpenWRT? I need to expand my WiFi without having to drill into the concrete and Powerline doesn't work for me.
I use pfsense as my router then i have a pair of linksys/belkin ax3200/e8450's as wifi access points with openwrt and it works AWESOME!!! make them into dumb APs without DNS or DHCP or even fiewall as pfsense does all that, the APs aren't stressed at all AND the four ports are still wired sdwitch ports (WAN is also a switch port now but i use that for the incoming kinda like WAN, though you can use any port for any)...best of both worlds and i can expand my wifi or add a vlan for wifi iot devices super easy, just buy another belkin and openwrt it and plug it in
02:20 ace attorney time: Objection. Any BSD/linux firewall distro has... own drivers, but also... OpenWRT has its own "devices" that are compatible. The *only* way to have zero issues for both solutions is have an AP, that can be replaced for better, newer or with more functionality or less power onsumption down the road. Also: one device size fits... some house size or some "volume". With separate devices you can expand the network with more cables/powerline/moca. Does openWRT sucks? Actually no, but is not a silver bullet. One size solution fits... lots of persons, not everyone. Anyway: nowadays the linux firewall distros with a lot of features, modern and well supported are less and less, so that's why BSD distros are roaring the DIY/Homelabs scenarios. And compared to a full fledged firewall distro, OpenWRT is kind like a toy (and some consumer routers kind like a joke) There's no easy-featured-free solution available currently
540MB/s is the limitation of write speed on an SSD. If you want better performance numbers you need a faster storage drive so the actual that can transfer to and from your device at full speed. Otherwise your speeds hit a hardware performance bottle neck.
Do ISP routers have 4 (or more) independently routable ports or are the LAN ports connected as a switch to a single routing interface? If it's the latter then you wouldn't be able to use multiple WAN ports or separate port VLANs on the router. This is quite a limitation compared to the Qotom style x86 devices that mostly have 4 or more independent ports. I expect the ISP routers will use the switch option to keep the price down. Having said that, this type of hardware is still a good option if you don't need multi-WAN or port-VLANs.
I don't think you but openwrt (custom version of openwrt that can still act like the unmodified version) is flashed on all GL.iNet routers. I brought the GL.iNet Mango for $20 and I use it all the time for my projects.
OpenWRT exists for my very old router (Asus RT-N56u) but it does not work properly when I try to bridge WAN to LAN and use it as a simple switch. I need to reflash it after every reboot, which is not fun. However, there is the excellent Padavan firmware which does this well. So OpenWRT is cool and new but can be rough around the edges.
had same speed issues with tplink er605...after enabling software and hw offloading it jumped from 180Mbs to 1.0Gbps(ISP speed). sometimes it went to 1.2-> 1.4 Gbps. after enabling those options I did a reboot. it worked lovely after reboot but not before.
Yes, but scp uses sftp for its protocol by default as that was changed some while ago in upstream openssh. You can however use "scp -O ..." to fall back to the old scp protocol.
Back in the day I used dd-wrt however WiFi 6 was unsupported which was a deal-breaker for me as I've been trying to move over to that. I still have that trendnet router somewhere around here.
OpenWRT is a common practice to install on a Proxmox VM on multi-port Mini PC in China, I guess OpenWRT is simpler than the *sense for routers. Sadly many new routers especially those support Wifi 7/6E doesn't support OpenWRT. It'd be crazy if it does, cheap consumer devices with advanced VLAN capability wireless.
One thing to note about returning to stock, on both my Asus and gl.inet routers via the recovery webui, I found I had to use older official firmware otherwise the restore would fail.
OpenWRT is pretty cool, and there is an x86 version if you want to use a minipc while ALSO using its onboard intel AX210/211... something its BSD cousins cant do. Theres even a tutorial for running OpenWRT in bhyve on Opnsense. It doesnt have to be a competition.
The best budget option is the Mikrotik "hEX refresh" for 60 USD, and yes you can flash it with OpenWRT if you want. Has all the power you need for a home or even a small business.
OpenWRT is more often than not worse performance or outright not working hardware feature. The problem is when chip manufacturers refuse to share the code/drivers. You need to choose what hardware using it on carefully.
I wish OpenWRT didn't have a bespoke crazy network config (works great only if you use a gui). I get why it is required (DSA is a nightmare to understand from the Linux kernel anyway). I tried over and over to put my Flint 2 into AP mode with VLANs and gave up. They are moving to Alpine APK which is refreshing. Hoping for more "linux standardization" comes along.
IMHO now with DSA its easier the switch is treated as any other Router where each port can be configured as you want on *Sense you do the same. I used a lot of SWConfig before and now its more in line to what I dormally do on router devices. The downside is if you want to treat the interfaces as switch than it is a bit messy but luci made some progress in that too! Lets see what will it go with the APK change.
One of the reasons I like your channel most....you don't follow the herd and create content thats is the "herd agreed approach". Oh and also unlike the RaidBird you're not pushing TP-link or Ubiquiti from week to week, depending on which vendor just sent him $2k worth of gear to pimp.
I can see how it would be hard to distinguish all the confusing results at the top of a results page after googling/duck duck going/binging openwrt. Such a common name to confuse with all the others... 🙄
@AlistairBrugsch yeah yeah sure... If you try to inform people it's the bare minimum to provide a source or something. But sure blame me for the sloppy job GG. Remember when the top search result of obs was a sponsored ad by scammers and how they hacked a lot of people?
I mean it takes literally 2 seconds to Google openwrt and not click on any that say sponsored (I mean sponsored results have been there for at least a decade so easy to ignore by now). In fact it took you longer to type that comment. But whatever makes you feel better. He did forget to include the link to the argon theme that he did say he'd put in the desc, but again it'll be quicker to JFGI than to waste energy being mad at a content creator for putting in a buttload of work but omitting something that will take literally 5 seconds to rectify (on both sides) Feel free to ask for a refund if you feel so aggrieved
@@AlistairBrugsch 2 seconds for each viewer vs 2 seconds once for the creator. I was not mad, just pointed out what could be improved to don't waste peoples time.
![ARGENTINA vs. PERÚ [1-0] | RESUMEN | ELIMINATORIAS SUDAMERICANAS | FECHA 12](http://i.ytimg.com/vi/xtI25ENDDSY/mqdefault.jpg)
I used to have an old router that I assumed was useless since my ISP stopped providing security updates for it. However, after some research, I discovered it was a TP-Link Archer C7 v2. I decided to flash it with OpenWrt, and to this day, it’s still part of my network, performing exceptionally well. I absolutely love OpenWrt!
I also had an Archer C7 with OpenWRT for years. Only recently upgraded to a newer access point.
Been running OpenWRT through the same Archer v2 as you. Fantastic performance and reliability.
Was it a Ziggo thing?
Archer C7's are absolute workhorses with OpenWRT!! I have 3 C7v5's and an A7v5.8 (the Amazon-customized model) all running OpenWRT in my network, 3 functioning as APs and the 4th a wireless-to-ethernet bridge. My main router is a C7v4 with the stock firmware, but once I swap that for a different unit, it's gonna be flashed as well to be an IoT router, because the v4 has swappable antennas while the v5 doesn't.
It's been a super reliable model for me! converted one to a wireless bridge for rare cases of needing "wired" connectivity in a room where my monitor is to set up proxmox machines, before moving them to a proper wired location as headless devices.
Tip:
If your router doesn't have enough storage for installing packages, there is still hope, if the router has a USB port, you can simply add a a cheap 8 gb flash, and with a github script, the openwrt will recognise it as storage
Wouldn't another useful option for storage-less router be as a Unmanaged Switch too? (I presume that a Managed Switch would require some internal storage/memory?)
Run OPNsense as your main router, then use old wifi openWRT routers as a bridge with multiple vlans /ssids trunked back to your OPNsense router. OpenWRT rocks and makes it pretty easy to setup different wifi vlans for IOT, guest, work, mgmt, etc. but as your main router? Only if you don’t have a lot going on.
Depends what hardware you run it on, they have a build for x86/64.
What's the point of all that in a home network? Protecting your cheap Chinese made cameras from the company that built them from spying on you? That seems to be about it: being able to run devices you shouldn't and don't actually trust.
@ when you gain more experience you will get a better understanding of the reasons. You really shouldn’t trust any devices or software period, first of all. The other major reasons for network segmentation is simple organization. It’s easier to track, monitor, and manage. Some of us have a lot going on in our homelabs, some of us run hundreds if not thousands of devices, VMs, containers, etc. some of us are using our home networks to learn how to do things at the enterprise level. Hope this helps you broaden your perspective.
I've been running OpenWRT since the WRT54G, and it does what I need it to do and it's good to see it getting some positive press. It replaced an AST Pentium Pro 200 desktop running openbsd in my closet which was loud and power hungry (relative to the WRT54G anyway.) I have been contemplating buying an N200 system to replace my aging router (it's not still the 54g, it died a long time ago.) I appreciate your bravery, tackling topics your not 100% an expert in!
Went with a N100 System. Been very stable and set it, forget it. Every now and then, I run updates. Installed Proxmox as base OS with Opnsense, Home Assistant (including Zigbee & Zwave), Vaultwarden, Nginx Proxy Manager, AdAway. Been completely satisfied for about a year now.
Oh man the wrt54g days. Takes me back.
Certainly glad this project exists but after migrating over to an x86 mini PC with OPNsense and a cheap used business WiFi 6 WAP, I'm never going back to an all in one router.
Having the router separately from the WiFi wap frees one to be able to swap out their WiFi portion without having to rebuild your whole network. When corporations upgrade their waps every few years the prices as used devices plummets when they all hit the market at once. I'll keep my rather expensive N100 mini PC router and just upgrade the system software now and then buy them incan swap out my WAP easily when I want to upgrade to the next thing the corporations have left behind. Yes, I'm always WiFi standard behind the latest and greatest but I get high end business network hardware on the cheap. And I get to do it without a ton of work since the router stays the same.
100% this. Best to run both unless you are a minimalist. Case in point, I added wifi 6E to my location while keeping the old wifi in place, no devices to reconfig, no change to existing setup.. easy to add and remove, expanding or contracting my network with ease.
@duduoson1306 Great minds think alike.
Whenever I need to upgrade my Wi-Fi I just get a newer router with OpenWrt and transfer over the same configuration. No need to build your network from scratch.
@GabrielSoldani That's a great point and I hadn't thought of that.
Finally, someone covering OpenWrt, the only modern and as much upstream as possible router OS. It also supports SQM, AQL, FQ_Codel by default, so QoS is better than *any* vendor router software.
It was a test-bed for FQ_Codel, etc. in the early days, so it was ahead of everyone else.
The way I run OpenWRT is as an LXC container, which means memory used basically 0, it runs alongside everything else running on my passively cooled NUC.
I bought 4 used Netgear routers all the same model, flashed them to OpenWRT, now I have managed Access Points and I use them as managed APs with SSIDs connected to various VLANs.
Which Is Better?
It really depends on your use case:
OPNsense is ideal for users who need a full-featured firewall with advanced security, are willing to work with higher resource requirements, and prefer a user-friendly interface for enterprise-level or heavy-duty home network setups.
OpenWRT is perfect for those who need flexibility and customization and are running low-power hardware (or older routers), or if you want to experiment with Wi-Fi management and wireless networks. It’s great for home use, DIYers, and those comfortable with manual configuration.
If you’re looking for a powerful firewall, OPNsense is likely the better choice, but if you want a lightweight, customizable solution that works across a wide range of devices, OpenWRT is a solid pick.
OpenWRT is fantastic, I've deployed everywhere from core firewalls to edge WAPs and wireless PtP and PtMP setups. It's never let me down!
Must have lucky hardware. Its hit or miss with most people.
I love the fact you're learning and digging into the bones of everything as you go along on your channel.
OpenWRT is internationally saving e-waste! Capabilities do change from device to device, you do need to pre-configure a bit before you hit a GUI/WI, this kit becomes low maintenence too.
Pro tip: an old router running OpenWrt is the cheapest 5-port managed switch.
I've seen a bunch of switches also listed as OpenWRT capable, I've not tried it, but supposedly that also works.
Your reasoning is sound, thanks for sharing the alternative and what it looks like. I just did it using pfsense and had the same experience, kept needing more and more knick knacks
One note that if you're getting slow speeds, turn off IPv6 if it's enabled. It may have just been me but I have a 2Gig network and noticed my speeds nearly halved when IPv6 was enabled. While IPv6 is good, not enough places are using it to make it worthwhile.
That sounds like a problem with your ISP's IPv6 connection/network ?
Just know wireless drivers with most routers won't be as good or up to date with reference to blobs with OpenWRT/OpnSense/etc. Use a seperate wifi router in conjuction as an AP only connected to your OpenWRT/*Sense, etc.
I've only used OpenWRT once, though I've used DDWRT plenty. It's great for bringing new life to old routers. Thanks!
I run OpenWrt on proxmox with bunches of other containers and such and it routes 10 Gb fiber just fine and it's been solid AF for several years. Recycled some old retired desktop parts for hardware.
I love OpenWRT. I set it up on two identical Asus routers, one as a main router / AP and the other as an AP only. Setup 4 SSIDs and VLAN trunking between them. A bit of a learning curve but it works great. The stock FW was crippled with no VLAN support. It’s nice to take control of your hardware.
Great job on pointing out the feature most routers have, including the ones you ISP provides, of being able to block domains. More parents need to understand that they have the power to limit what websites their children are able to access and not shift that responsibility to others. Now if only MORE people took the time to learn how to use the features of the hardware they already possess.
I have patched xiaomi ax3000t (around 35 USD in my country) for openwrt (snapshot version). And this is the best that u can do with this router))) I have installed amnesia Wireguard on this router and all works good. Now i am waiting normal openwrt version for ax3000t (now i am on snapshot)
Also, one week ago I have created LXC container with openwrt for my k3s cluster and it's works great!)
I have this exact device at home with openwrt as an access point (not router), and it's been great for that. at the time I bought it it was one of very few devices around with 4x4 wifi stream support. also using openwrt on an x86 virtual machine as a router.
If your host that runs the virtual machine is Linux, you can also run OpenWRT in an LXC container instead.
the real biggest L with redhat based routers is the lack of good open source hardware offloading support, unless you've got like a shit ton of high clock cores
OpenWRT is the only reason my Linksys WRT1900ACS is still my only piece of network equipment.
It's at least 8 years old, and Linksys stopped updating the firmware at least 5 years ago.
But OpenWRT is keeping it fresh and functional with my 1Gbps f/o connection.
I think the best speed I've gotten with Fast over Wi-Fi was about 600-700, which is pretty good for a nearly decade-old Wi-Fi 5 router.
Pro Tip: Keep your network gear well-ventilated. Most of this unit's existence has been sitting on laptop coolers to increase hardware longevity and reliability.
Nice. I’ve been using OpenWrt for a while, and it’s been great. For the home, I’d pick a fleet of inexpensive routers running OpenWrt any time over real™️ network gear. I’m not a big fan of letting them do non-router things, though, and compete for limited resources.
upgrading individual packages has two issues: 1) sometimes specific versions are requires as dependency for other packages and when you upgrade it, that dependency is no longer there. and 2) openwrt uses something called overlayfs, which has one read-only "lower" filesystem with default configs and packages, a.k.a the sysupgrade image, and a read-write "upper" filesystem where your config resides. when you reset the router, it simply wipes the upper fs to go to factory settings. same principle is also used by android, but android does not use overlayfs it's a different mechanism with same principle. anyway, when you upgrade a package, the older verison of that default package keeps sitting on the lower filesystem, but it is marked as deleted on the upper, but it still takes space. this can easily break devices by filling up the flash memory, especially on devices with low flash storage, like tplink archer ax23, which has only 16mb of storage. yes, only aroun 8 megs is available for user after openwrt install, and tailscale(7.73 MiB) barely fits for example
btw zerotier is only 501kb on openwrt
This is exactly why I am no longer a fan of OpenWRT personally. Sure you can use cheaper routers to do some useful things, but if your configuration is more advanced involving extra installed packages, then the update process is IMO much more clunky.
@@TheMuso28 it is a good "access point/combo router" OS. not a "enterprise-gear unifi replacement type shit. run your adblock dns server on your pc, because writing constant adguard logs to routers flash memory is probably a very bad idea. you need dpi? cool, get a proper computer.
i'll still use both together honestly. like even if its dumb ap it's nice to have some ping statistics running on the ap or being able to scan the spectrum etc.
and dump aps really do not need package updates that much
Definitely a nice cheap option for a router with much more capabilities than off the shelf routers or ISP provided routers. You make a good point about the pfsense/opnsense route, I recently built an opnsense router using an Lenovo M720Q paired with an Omada EAP-772 access point and total project cost was around $330.
The reason for the sub gigabit Routing performance is NAT. If you'd have a v6 prefix delegated it would be bang on 1Gbit/s. Also as you correctly said (you just can't say it enough) don't use opkg to update pkgs. It's merely used to update things on ext4 installations of openwrt. Since every other installation uses squashfs alls changes made to the fs, will be layered upon the install. So deleting files will increase the storage usage instead of decresing it as it saves the metadata of the deletion, but does not remove the file. It's the same as with docker container images. This is why custom firmwares should be build to change specific parts about owrt. Anoher remark: you can use adguard, but you'd need to store all it's files on a usb drive though. Also it is a very capable routing platform (bgp, ospf, vxlan, wireguard, vrfs..) and can do everything you'd want, you only need to install the right packages. ;)
Another IT gateway drug, this time for networking 😂 nicely done! I love how you make this approachable 😊
Hardware offloading mean that the CPU does not process the packages but there is a dedicated chip doing that task. So it's a must-have feature, moreover, it will be interesting to see some iperf benchmark between two hosts or directly between a laptop and the router to see the real speed of the router. Anyway nice video, you convinced me to buy a router that supports this os to install wireguard there instead of my raspberry!
as an openwrt fan rocking high-available openwrt setup at home, i have to say your point for "needing an poe source and ap for wifi" is just silly at best. any modern router with dhcp and firewall off, and lan connected to lan, can do just fine as an access point. in other words, take one of those all in one boxes and just use the acecss point part. you do not need an enterprise/prosumer grade access point as shown on video
i got an openwrt router, which is way less powerful (and less storage) than the one you got, and i have no issues running adguard home on it, and i stil have plenty of space for anything an average home user needs
Wooooo, I have this exact router and use openwrt on it, the price to specs is crazy for it and ofc openwrt was a requirement for me to buy the router, nice to see this getting the attention it deserves
I remember the excitement when the original WRT54G was "jailbroken", and people started writing addons for it. About the only part of the firmware that wasn't open source was the GUI. A new GUI was soon written, and fully open source firmware was soon available.
Im lucky to get 1.75 mbps. We run multiple devices on it. 500 mbps is straight overkill unless you have massive traffic from a server. Yes, the low bandwidth is noticeable when all devices are active but they still work. My point is that 1.7 will work, 10 is amazing with 10 devices. 500 is redundant and makes you wonder what you’re actually paying for. Should be a able to share that excess bandwidth.
also for subnet advertising you can just do server ip /32, if you dont want to expose whole lan to other clients on the tailnet (friends etc)
also on another note, some openwrt devices have better wifi driver implementations than others. one way to sort of gauge that is to check resource usage with top command while loading up the wifi interface. also most devices cant use hardware offload features for nat etc. and on the ones that are supported you need to explicitly enable it. that might also be a factor limiting your suboptimal wifi bandwidth.
nvm. wrote this comment, clicked resume and he literally pulled up the offload menu
Pro tip: Changing the country code to a nation without transmission power regulations allows you to communicate with the International Space Station.
In the very worst case someone might come to your door (very unlikely, but possible in theory).
You can work around the space issue on openwrt, by using an extroot configuration using a USB device as extra storage, even 500mb is lots for openwrt.
You can also use openwrt on older NAS devices that are no longer supported. Biggest issue is the upgrade process, I've not attempted to upgrade the version cos I don't want to lose all the backup data and the time it would take to resync cos mine is my backup - backup NAS
I never do RUclips wrong. Because I watch Hardware Haven.
You beat me to it… shut up and take my like and a heart when it inevitably comes!
@@tdrg_ Hehe. But he hasn't engaged recently with comments last few videos. I hope everything's OK.
Thank you for all, what you're doing from the East Europe :)
One time I embedded a firewall / router inside my computer. I removed TCP/IP from my hardware NIC and routed it directly into Hyper-V and used the virtual NIC as the TCP/IP connection.
The only way I could get online is to boot the router / firewall in the VM.
For the majority of routers the installation process is far way easier.
Just update the firmware from stock with the provided file, reboot and ready-to-go
I remember starting using openwrt around the time that fon's LaFonera free wifi router was released in oct 2006, openwrt was released january 2007 so guess that was the very first version, 17 years now.
I've had 3 Netgate pfSense Security Appliances. I thought I'd be running pfSense forever. Wrong! When Ubiquiti came out with the UCG-MAX, I bought one to play with. Well, that didn't last long. I've since retired pfSense in favor of UniFi.
I have this router with OpenWRT, unsure if they have fixed the below issue but:
#1 - DO NOT UPGRADE CORE PACKAGES VIA PACKAGE MANAGER, it will brick the device, upgrade by downloading the new firmware again from OpenWRT and flashing the new firmware via the Web UI, I imagine tailscale and whatever else should be fine (I use as AP so I dont use packages)
#2 - No need to run the last setenv command, if you leave the boot args for usb and keep the usb with that image on it named exactly the same in a drawer somewhere (not plugged in), if you do brick it from #1 (I have) then you can possibly recover from the USB without serial, you would still need to setup from that step again by plugging in the USB and doing the ssh / send the device specific firmware
#3 - I also have speed issues with 5GHz, I think AX is supposed to be dual band to get WiFi 6 speed, although I could be wrong about this. Would test speeds with stock firmware and see how they have it setup before flashing OpenWRT
Never used anything else than the ISP provided router. Not sure about before I was doing my own networking stuff, but my current one has all the options I need, fully saturates my 1 Gbit FttH, and gives me up to 800 Mbit over wifi
Have you looked into VyOS?
You're doing routers wrong... Use OpenWRT instead! - Nope, use Mikrotik Router os ...
This is crazy timing.. i just installed openwrt on a router 2 days ago... looking to expand with 802.11r and some more APs soon
I'd never consider anything for my parents' house that isn't unifi. I went into this video wondering if I wasted my money... nah. It's night and day.
17:50 I had this problem on a different appliance when I installed OpenWRT. Turned out the device was VERY sensitive as to which RF channels would work with WiFi6. Only about 3 of them, and 2 were already congested with neighbours AP's so yeah, after a few hours of trial and error, I hit a good setup and I'm never touching it again... 😮
I use DD-WRT because at the time I bought my router, it was the only compatible option available. I'm asking you: is there any mesh system compatible with DD-WRT or OpenWRT? I need to expand my WiFi without having to drill into the concrete and Powerline doesn't work for me.
I use pfsense as my router then i have a pair of linksys/belkin ax3200/e8450's as wifi access points with openwrt and it works AWESOME!!! make them into dumb APs without DNS or DHCP or even fiewall as pfsense does all that, the APs aren't stressed at all AND the four ports are still wired sdwitch ports (WAN is also a switch port now but i use that for the incoming kinda like WAN, though you can use any port for any)...best of both worlds and i can expand my wifi or add a vlan for wifi iot devices super easy, just buy another belkin and openwrt it and plug it in
Thanks it was a great idea! I'm gonna check my old router, whether it can be used with openwrt after your video! :)
02:20 ace attorney time: Objection.
Any BSD/linux firewall distro has... own drivers, but also... OpenWRT has its own "devices" that are compatible. The *only* way to have zero issues for both solutions is have an AP, that can be replaced for better, newer or with more functionality or less power onsumption down the road.
Also: one device size fits... some house size or some "volume". With separate devices you can expand the network with more cables/powerline/moca.
Does openWRT sucks? Actually no, but is not a silver bullet.
One size solution fits... lots of persons, not everyone.
Anyway: nowadays the linux firewall distros with a lot of features, modern and well supported are less and less, so that's why BSD distros are roaring the DIY/Homelabs scenarios.
And compared to a full fledged firewall distro, OpenWRT is kind like a toy (and some consumer routers kind like a joke)
There's no easy-featured-free solution available currently
Can’t you do it in an ARM mini PC instead of a router that may draw similar amount of power? I don’t think I’d be comfortable doing it on a router
My main router is a Nanopi R2S (sbc with 2x 1Gb ports and 1xUSB2.0) - it uses micro SD card so lots of storage. So yes you absolutely can.
540MB/s is the limitation of write speed on an SSD. If you want better performance numbers you need a faster storage drive so the actual that can transfer to and from your device at full speed. Otherwise your speeds hit a hardware performance bottle neck.
Do ISP routers have 4 (or more) independently routable ports or are the LAN ports connected as a switch to a single routing interface? If it's the latter then you wouldn't be able to use multiple WAN ports or separate port VLANs on the router. This is quite a limitation compared to the Qotom style x86 devices that mostly have 4 or more independent ports. I expect the ISP routers will use the switch option to keep the price down. Having said that, this type of hardware is still a good option if you don't need multi-WAN or port-VLANs.
And dont forget to check for uart, before flashing ;)
I’d love to see the same test but with a Wi-Fi 7 router!
I don't think you but openwrt (custom version of openwrt that can still act like the unmodified version) is flashed on all GL.iNet routers. I brought the GL.iNet Mango for $20 and I use it all the time for my projects.
OpenWRT exists for my very old router (Asus RT-N56u) but it does not work properly when I try to bridge WAN to LAN and use it as a simple switch. I need to reflash it after every reboot, which is not fun. However, there is the excellent Padavan firmware which does this well. So OpenWRT is cool and new but can be rough around the edges.
had same speed issues with tplink er605...after enabling software and hw offloading it jumped from 180Mbs to 1.0Gbps(ISP speed). sometimes it went to 1.2-> 1.4 Gbps. after enabling those options I did a reboot. it worked lovely after reboot but not before.
SCP is built into powershell now!
Yes, but scp uses sftp for its protocol by default as that was changed some while ago in upstream openssh. You can however use "scp -O ..." to fall back to the old scp protocol.
@MrFlashful oh didn't know that, thanks!
Back in the day I used dd-wrt however WiFi 6 was unsupported which was a deal-breaker for me as I've been trying to move over to that. I still have that trendnet router somewhere around here.
OpenWRT is a common practice to install on a Proxmox VM on multi-port Mini PC in China, I guess OpenWRT is simpler than the *sense for routers. Sadly many new routers especially those support Wifi 7/6E doesn't support OpenWRT. It'd be crazy if it does, cheap consumer devices with advanced VLAN capability wireless.
FYI some routers run openwrt natively! I think glinet does this
One thing to note about returning to stock, on both my Asus and gl.inet routers via the recovery webui, I found I had to use older official firmware otherwise the restore would fail.
What are those thin ethernet cables?
There is no such thing as the best. There is a good choice for each use case.
I had a router that had only access point burn out evening else worked fine, now I will never run a all-in-one device ever again.
A gl-inet flint2 isn’t a bad aio and their stock firmware is openwrt based (although older branch)
I want to see if it's possible to use Ethernet cable for extending hdmi and usb port to use my xbox in 4 different TV
OpenWRT is pretty cool, and there is an x86 version if you want to use a minipc while ALSO using its onboard intel AX210/211... something its BSD cousins cant do. Theres even a tutorial for running OpenWRT in bhyve on Opnsense. It doesnt have to be a competition.
I run opnsense as router, openwrt for WAP. Really need to get around to upgrading my wireless though...
would've loved an explanation why you had to delete the hostkey.
this makes me miss my old wrt54g is there a good spiritual successor?
I was able to revert to original in my router using a TFTP server and with a set ip with the correct image.
30:06 There is no need to install the *adblock* package because it is installed automatically when you install *luci-app-adblock*
I’m gettin 2g fiber up and down next month :)
I just use a linux box with some iptables rules.
10:40 that router is already running (a crippled) installation of openwrt lol
You were wrong about routers, and nothing has changed.
ok
The best budget option is the Mikrotik "hEX refresh" for 60 USD, and yes you can flash it with OpenWRT if you want. Has all the power you need for a home or even a small business.
OpenWRT is more often than not worse performance or outright not working hardware feature. The problem is when chip manufacturers refuse to share the code/drivers. You need to choose what hardware using it on carefully.
That is why you always need to consult the TOH.
I wish OpenWRT didn't have a bespoke crazy network config (works great only if you use a gui). I get why it is required (DSA is a nightmare to understand from the Linux kernel anyway). I tried over and over to put my Flint 2 into AP mode with VLANs and gave up.
They are moving to Alpine APK which is refreshing. Hoping for more "linux standardization" comes along.
IMHO now with DSA its easier the switch is treated as any other Router where each port can be configured as you want on *Sense you do the same.
I used a lot of SWConfig before and now its more in line to what I dormally do on router devices.
The downside is if you want to treat the interfaces as switch than it is a bit messy but luci made some progress in that too!
Lets see what will it go with the APK change.
good content, good topic
also when you install luci-app-adblock it autoinstalls the adblock package
Try Mikrotik. :D
Why do you complicate your life by doing the entire installation from a Windows system?
One of the reasons I like your channel most....you don't follow the herd and create content thats is the "herd agreed approach". Oh and also unlike the RaidBird you're not pushing TP-link or Ubiquiti from week to week, depending on which vendor just sent him $2k worth of gear to pimp.
I want to do this but I'm afraid my cheap ass tp-link will not support openwrt
but 4 gigabit+ fiber using PPPoE is not going to happen with many standard routers
ty for new video!
Cool and all but not a single link to OpenWRT in the description man...
I can see how it would be hard to distinguish all the confusing results at the top of a results page after googling/duck duck going/binging openwrt. Such a common name to confuse with all the others... 🙄
@AlistairBrugsch yeah yeah sure...
If you try to inform people it's the bare minimum to provide a source or something. But sure blame me for the sloppy job GG.
Remember when the top search result of obs was a sponsored ad by scammers and how they hacked a lot of people?
I mean it takes literally 2 seconds to Google openwrt and not click on any that say sponsored (I mean sponsored results have been there for at least a decade so easy to ignore by now). In fact it took you longer to type that comment. But whatever makes you feel better.
He did forget to include the link to the argon theme that he did say he'd put in the desc, but again it'll be quicker to JFGI than to waste energy being mad at a content creator for putting in a buttload of work but omitting something that will take literally 5 seconds to rectify (on both sides)
Feel free to ask for a refund if you feel so aggrieved
@@AlistairBrugsch 2 seconds for each viewer vs 2 seconds once for the creator.
I was not mad, just pointed out what could be improved to don't waste peoples time.
I have a small problem my Internet work over the LTE/ 5G Mobil network.
So I need a device that can use the mobile network with a SIM card.
But what if I am already using openwrt?
I'm jealous lol best internet I can get is 45Mb
tried aloot of this software.. and in the end stuck on Mikrotik. If it works dont try to fix...