As a linux user, do you know about/use openwrt?

mFat@lemdro.id to Linux@lemmy.ml – 148 points –

I have many nerdy friends who have been Linux users for ages. But most of them don't know such a thing as Openwrt exists or have never bothered to give it a try. It's a very fun piece of software to play with and can be extremely useful for routing traffic. Wondering why it isn't more popular/widely used.

123

I was actually the lead engineer on an Openwrt router. I hadn't heard of it before that, but at one point I pretty much knew it inside and out. It's been a few years since I left that company, so I'm a bit rusty at this point.

We made tons of custom features for our router. I did the backend and implemented UIs for most of them. The biggest feature I did though was a full REST API to be able to configure the router from a smart home controller, which was the company's main product. I did both the router side (server) and the smart home controller side (client/caller), including the UI on the smart home controller. I spent almost a year on just that feature. But I was damn proud of it by the end.

I've been using OpenWRT as a hobbyist for over 15 years, and as a professional for over 6 years. Extremely underrated OS.

A vanilla install beats any stock router firmware by leaps and bounds. From there you can add pretty much any functionality you desire.

I currently use a Turris Omnia router made by CZ.NIC, who also maintains their own OpenWRT based distro called Turris OS.

I've been using it for years and now I basically can't live without it. I consider OpenWrt compatibility in all of my router purchases. Currently using a Netgear R7800 and a Belkin RT3200, both are going strong.

It isn't as widely used because it can be finicky to flash sometimes, and that's if it's even compatible in the first place. Even if it works, you may experience a drop in performance unless OpenWrt supports using the routers hardware acceleration features. If there's no support, OpenWrt basically uses the onboard CPU to do routing and they're usually not all that powerful.

I'm also running a few R7800 with OpenWrt units and they're really nice.

Past Linux user here, not only do I use openwrt, but I base my routers choice on openwrt support, it's weird to me there are long term Linux users who don't know what openwrt is

TIL there are Linux people that don't use OpenWRT. I always assumed everyone in the Linux community used it. It's great.

Works great with mt7621 based routers if anyone ends up looking for something compatible.

I run a proxmox and run PFsense on it. They are both pretty similar but there were more tutorials for PFsense at the time.

It's a joy to use on x86 hardware though. You can run as many services as you want.

IMO, I'd run pf/opnsense on an x86 box, but openwrt on a low powered device...

Did that years ago with a pfSense firewall connected to the DSL modem, with OpenWrt APs around the house...until the hardware couldn't support the next version of OpenWrt... (not enough RAM?)

I use dd-wrt a little bit, then tomato and variant (usb, toastman, fresh) then Merlin for maybe 5 years now.

Broadcom routers are mostly not openwrt compatible

Yup. Running it on my home router, right now. It is awesome. A tiny, stripped down OS that you can install minimal packages on. Like a VPN client, or ad-blockers. If your router is compatible, I cannot suggest it enough.

Also, my router's manufacturer had the gall to ask (force) me to sign up and get an ID with them in order to get to the back-end of my own router. Jesus Christ, privacy red flag much?

I could not install OpenWRT fast enough.

I use OpenWRT on my Linksys WRT3200ACM because I used to have a cable connection that suffered from bufferbloat. The SQM feature made a huge improvement. I eventually switched to a fiber connection from a different ISP which does not suffer from bufferbloat, but I kept OpenWRT on my router.

I've used OpenWrt, DD-WRT, and Tomato firmware on the various routers I've had. I don't think I've ever kept the stock firmware on any router I've owned.

I use pfSense at home now, but I've been considering switching to OPNsense. I still run OpenWrt on a portable router that I use when I'm traveling though. I won't ever buy a router that I can't run open source firmware on.

OPNsense is solid too, better than pfsense.

A portable router when youโ€™re traveling?

A lot of places will restrict the number of devices you can connect. If I connect my router to the hotel WiFi, I can connect as many devices as I want. I also like having a firewall between my devices and the public WiFi. I can run a VPN on the router and have all of my devices go through it if necessary as well.

Installed OpenWRT on my NetGear router like 2 years back, and it didn't give me any trouble since then. BTW, the amount of configuration options it offer is mindbogglingly.

Just the capacity for network monitoring for troubleshooting makes it worthwhile. Not being able to SSH into Netgear's firmware, let alone having access to tcpdump is an advantage right there.

Fine on limited hardware like a router but if you're going to use a full box for your router (or a VM), you'd probably want OPNsense for the ease of management and the fact that it's targetted for hardware like that.

I actually took some older now somewhat defunct google wifi pucks and got them all set up on openwrt not too long ago. Really enjoy having them on something with a dedicated web UI and perfectly nerdy

I've used it and dd-wrt back in the day on cheap crashy routers. Also Tomato.

Haven't tried it in a long time, but have an EAP225 v2 and v3 I've been considering slapping openwrt on.

Interesting. I have heard of it but so far I didnt bother since my router is quite versatile.

My biggest fear is that it borks itself and I sit there at 10 pm on movie night without a network or internet to troubleshoot.

If if I chose to use it I would need to have the current router as a fallback either running 24/7 or on a dead man switch.

been running it for years now, no weird sudden stability problems whatsoever.

Some routers have dual partition setup.

Active and backup. When flashing firmware, it is flashed to the backup partition. If the router boots successfully, the newly flashed backup partition becomes active and vice versa. If things screw up, nothing happens.

Thanks for the info. Thats not exactly what I meant. Iโ€˜m not afraid of the router itself breaking at installation but freezing for example and not being able to reboot. I usually dont tinker with mission critical stuff.

I know you likely have moved on but it would be interesting to actually figure out the cause. What steps would someone need to take to reproduce the issue?

The same thing can happen to manufacturer firmware. Only you'd have much less capability to troubleshoot, let alone fix it.

True but manufacturers are in big trouble if stuff like this breaks where I live so they are very eager to provide such service and additionally, the brand my router is from is generally considered rather good.

That's exactly what I do. You can keep your ISP router and hook up your openwrt router to one of its lan ports and have two wifi networks.

My biggest fear is that it borks itself and I sit there at 10 pm on movie night without a network or internet to troubleshoot.

If you pick decent hardware eg. Netgear R7800 you won't have issues. I've units of those running OpenWrt at home and a few small offices running for years with a lot of clients and traffic and they're rock solid.

It is not normal for it to just stop working

I mean, what does one have to do to replace an ISP owned router and what are the benefits? How much does one have to know in order to setup a connection? How does one get connection details from the ISP owned router? How much does a replacement router cost?

My ISP owned router allows me to configure NAT forwarding, replace the DNS, setup a DMZ, assign static IPs to MACs, turn off the internet at specific times (e.g at night), configure parental controls (allows websites, internet access) per device, and probably a few other things I haven't discovered yet.

CC BY-NC-SA 4.0

If you mean a DSL modem or cable DOCSIS, I don't think those are easily replaceable. But you can definitely put an OpenWRT device right behind it and use that. It's pretty straightforward (plug in the upstream side, wait for it to get an address, done).

As for how much you need to know... okay. That's a tricky question because, the most you mess with OpenWRT, the more some stuff becomes automatic, and that makes it easy to forget things. That's not on you, that's on me.

That said, thinking about it a little, the defaults are pretty workable right after installation. You'll have to set an admin password on the OpenWRT box (it nags you until you do these days), which should be familiar. Turning up wifi is a little tricky at first. I would recommend reading through the quickstart guide once or twice before digging into OpenWRT configuration because it lays out all of the basics that you need to get going. It's about as well written and useful as the manuals for access points were way back when.

One thing I would recommend is, if you build an OpenWRT box, setting it up before you plug it in and use it as your network gateway. It's much easier to poke at it without having "When is my network going to come back up?" rattling around in the back of your mind.

For my ISP it's actually cheaper to not use their modem+WiFi router as they charge a monthly lease on the equipment. I declined it and they provided me with a modem for free. All I have to do is plug the modem to my own router and that's it!

The features you listed seems pretty standard to all routers these days.

Most the things you mentioned are barely doable on some of the modern all in one modems where I live.

On mine I've got separate wi-fi networks for inside and guest, I run zenarmor for ads and malicious junk, I run a proxy, I do my DNS on it for all my internal docker instances, and more. I realize I am doing more than your average person, though.

You can run a VPN like wire guard, ad blockers such as Adguard Home or pihole or even media servers on your openwrt router.

I see. Well, I have a homeserver for that, which runs all my services, so an openwrt router wouldn't be an upgrade.

But probably without a homeserver, an openwrt router would make sense and use less energy.

CC BY-NC-SA 4.0

I've always set the CPE modem to full bridge and put a router inside that I can control fully. Then you can swap equipment at will if you need to.

No, for home I've only ever used pfsense or opnsense.

As a person with hands, do you know about flamenco?

I've known about it for years, but my router is loaned from the ISP so I can't install any custom OS on it (although I've considered buying my own for a while because I can't even do proper DNS for my internal network on it). A while back I used to have a router, but the default OS was enough for my needs so I also never considered installing anything different.

About a million years ago, back in 2007/2008 that is, there was this small company called Hexago that did R&D in IPv6 networking, they were behind the Frenet6 project and created the networking stack and the TSP client that would let you tunnel a /56 IPv6 network over a dynamic IPv4 connection.

One the projects was a tiny hardware router, I honestly forget who made it, but Hexago would buy them, then we would flash each one with WRT+TSP client custom image, the idea was you plug this in your network and you have IPv6 connection in your network without doing any magic configuration.

It worked well until we lost finding.

So yeah, OpenWRT is old and not just for Linksys routers :)

Yes. It saved me from crappy firmware on my expensive router. It's a must if you care about security of your home network and devices.

I used to use it, then wanted more control, power, and functionality so I moved to pfSense, and later on to Opnsense where I am today.

Made the same journey over the years. Rocking a OPNsense DEC740 now and everything works well.

I do know about it, but I don't even have internet at home.
Though I do use DD-WRT on my WRT160NL which I use at school. For me it acts as firewall + setup-free VPN + DNS Ad blocker (NextDNS). I also have separate passwordless guest network on it if someone wants to use my router. Separate subnet, unbridged with net isolation and AP isolation enabled. And also QoS set to "Bulk" while my network is set to "Maximum". And also forced DNS redirection enabled, so that everyone who doesn't use DoT or DoH uses NextDNS.

It cannot run modern versions of OpenWRT.

You really want to either update to a supported release or stop using it entirely. It is very insecure to run network equipment with known security issues

It is still much more secure than to stop using it and let your other devices go naked.

Not necessarily. I would at least keep your eye out for something newer.

As a seven-plus year Linux vet I've known about OpenWRT for some time but only made the switch about 3 months or so myself to breathe some life into an aging Linksys.

I'm very impressed with the kit so far, it runs well (snappy even) and the amount of options provided are a bit overwhelming at first. Eventually I'll move on to prosumer hardware, but this is a nice middle ground in the interim.

I used dd-wrt for a few years, but I realized I didn't need it as my new router have the functionality I want. I also realized my router had much better throughput with the stock firmware.

Yeah I run it on a cheap asus router. Learned stuff like don't run adguard on it if you don't have that much ram

Run it on a cheap fanless x86 box instead.

Yeah of course! Once I went on a buying spree of used WNDR3700. They were so cheap and I won a few too many bids at once.

I gave one to a flatmate when we lived together as students and he took it with when he moved out. Put one in the office room of my current flatmate and still have one or two in reserve. I usually take one with me to LAN-parties.

Before that I once used DD-WRT on a WRT54GL. It also wasn't bad from what I remember.

I used it in the past, and it is great.

Nowadays, I bought a mid price router from a well known brand, and seriously: The router works, has all features I need (even WireGuard OOTB) and for now I see no reason to replace the provided firmware with OpenWRT. YOLO!

Yes, I run my network infrastructure on it (three access points (one of them the network gateway) and an Ethernet-to-wifi bridge).

OpenWrt was relatively popular back in the day when Linksys routers could run Linux. At some point iirc Linksys sadly replaced the default Linux based firmware by a closed source OS, and also decreased the amount of memory for the firmware. A few years ago I saw that there was an option to install OpenWrt in an lxc container, I briefly played with it, nice nostalgia.

There was also some interesting thing from Cisco with their stupid Meraki cloud-managed devices.

I don't know if they still do it, but they used to give out free Meraki APs as "free trial". After that, the license would be deactivated and you'd be left with a paperweight, which meant you'd likely pay to keep using it.
Well, they could run OpenWRT. Free hardware!

Nowadays you can easily run it on a single board computer like the raspberry pi or any x86 mini pcs. You just need to hook up an access point for Wi-Fi which doesn't need to be able to run openwrt.

SBCs aren't routers, while they're great they might not be good for people who actually want to have WAN and LAN and decent networking performance. Routers usually include some switch chip that will do most of the heavy networking operations, handle VLANs and whatnot without adding CPU load.

I bought a router with OpenWRT support but the official firmware works well enough and I can't really be bothered to switch it out for OpenWRT right now lol

it's good to know that I can in the future though, that wasn't an option with my last router

I used it before, but ultimately it comes down to compatibility. Broadcomm is dominating the router space and 3rd party firmwares are a nono for that. So I just got an Asus that is supposed to be supported for a very long time.

I know about it, but I prefer Asuswrt Merlin firmware for my routers, because I mainly use ASUS routers (powerful, modern (WiFi 6E etc) , easy to find second-hand models for cheap) and Merlin firmware is very well integrated with the routers and uses the same UI as the stock firmware, but provides additional features like a package manger etc.

In fact I believe ASUS themselves have started to use some of Merlin's patches in their firmware, which goes to show how professional Merlin is.

(powerful, modern (WiFi 6E etc)

https://wiki.banana-pi.org/Banana_Pi_BPI-R3

Interesting, I had no idea about this. Thanks for sharing! And it looks like there's even an R4 with WiFi-7!

Iโ€™ve been debating buying a cheap aliexpress mini 2.5G router pc and doing something of the sort. But I have been too lazy to look into if I can still use my orbis as access points. Maybe tonightโ€™s the night.

Yes, I love it. My router is an x86 mini PC running Open WRT, then I have two routers acting as WAPs also running OpenWRT.

I personally use it on a protectli with the 2.5G ports. I also replaced my ISP modern with a protectli running OpnSense. Decided to opt into that as my solution to have two different softwares protecting my network and also so I could scope internet facing devices at the OpnSense level instead of internal to the network. Just in case they get compromised, they can't access the rest of the network. Call me paranoid... But I also find it much easier to manage lol.

I remember getting a LinkSyS WRT54G for free and then installing OpenRT and then jumping to Tomato and dd-wrt on and off and finally setting on dd-wrt

I use DD-WRT, it dies everything I need. Is Open-WRT better?

Anecdotal, but I only see OpenWRT out of the two in commercial products which hints to me its better supported (e.g., security patches and feature support).

Years ago I derived a flash with vtun on it. It's so old, now, but vtun still goes and connects. And since it's not systemd, it'll keep hammering at the connection until it succeeds.

So these old routers are still out there, and when a soho site is sick and we can't get in we instruct someone to plug in the blue box and it calls out for help.

It's so ghetto but, in places like the southern states where rural power outages can outlast generator time, it has cut down our time to recovery tremendously.

I know about it. It's pretty popular, so much in fact that you can buy a wide range of routers with it preinstalled.

I only know one company that sells routers with openwrt pre-installed. It's called Gl-inet.

Make that two, Turris also sells them, though technically it's a fork of OpenWrt with some stuff on top. I have one myself (though I'm not running the original OS).

It is fairly easy as for most hardware it is pre configured in a way that makes sense.

Setting it up in a VM is a different story

I am aware of openwrt and used to use when I used router hardware. I have moved to pfsense. I install it on either a 1 liter mini PC or some other older enterprise piece of hardware.

I've long known about it. I don't seriously use it, but I would if only my Wi-Fi router was fully supported. It's an Asus one (that I got for free from T-Mobile a decade ago) so I installed Asuswrt-Merlin on it instead.

Following the recommendation of homelab communities, I got into OpnSense (a BSD-based firewall system for x86 hardware only) last year, still keeping my Wi-Fi router as a dedicated AP. In hindsight I somewhat regret that choice and probably would've been better off buying a new OpenWRT-compatible router and using it to handle firewall/routing/AP all in one device instead of wasting the power draw of another separate N100 system. I like having wireguard and vnstat in my router now, which Merlin didn't offer, but I know OpenWRT has those too and I don't have any other needs that warrant a higher-power router.

In my experience it's because it's finicky as fuck and requires very specific (and often more expensive) router models, and even then it still crashes just as much as a proprietary os router.

You can run it on used hardware from the landfill. As long as it has more than 32mb of ram and no broadcom you are good.

You can find old hardware for free if you go dumpster diving. If that isn't an option you can pickup a device for $100 USD

You can run it on a raspberry pi or an x86 mini pc.

sure, and then you have to make sure you get the correct radio accessories, as the built in pi wifi isn't going to do so hot acting as the hotspot for multiple video streaming devices.

Radios which you also have to vet against the approved hardware list for OpenWRT, and having multiple channels is even more of an issue with the lack of USB ports (depending on model)

Best thing to do is to get a fanless mini PC with multiple ethernet ports and hook up a decent access point to one of those ports.

Then you're still looking at a mess of devices and a relatively power hungry system plus you still have your ISPs modem

I need my Internet for work, so I just replaced my ISPs modem with a FritzBox, which is not ideal, but serves me well, gets updates for quite a while and works pretty much always.

then you should get a commercial router compatible with openwrt

Or, I keep using my Fritzbox, which is a single device and does everything I want.

As far as I know, there is no cable modem/router integrated device.

the option i suggested is also a single device.

most commercial routers can run openwrt. you dont need a specialized device.

I still need a cable modem. And as far as I know, none of the ones that can be used with my provider support any other OS.

thats something you would have to discuss with your cable company, and they would probably tell you to fuck right off.

i wouldnt recommend you to mess with that anyway if you dont want to have a variety of problems.