Lots more coming in 19.07 — the first release candidate was published last week. Mostly security updates, bug fixes, newer kernel, some improved device support. Also WPA3 support.
OPEN-WRT is a fork of DD-WRT. Lede was a fork of OPEN-WRT, but has remerged with OPEN-WRT. OPEN-WRT is the best firmware for home routers/access points in my opinion.
dd-wrt is willing to include closed binaries from router MFGs so they tend to support a larger list of hardware than OpenWRT and on certain models have far better performance. OpenWRT has a massive community supporting it so, in general I'd say they're progressing faster/adding more features.
If you have the luxury of buying new hardware, I would go the OpenWRT route but just make sure you read EVERYTHING on the hardware support page before pulling the trigger. If you're trying to convert an existing router, definitely do research on both, there are advantages to each. Personally if I had a router supported fully by both, I'd go OpenWRT at this point.
> What is the best alternative router firmware these days
I don't know that there is one.
My experience these days when I install a new wifi router is wading through pages and pages of forum posts to try and identify the firmware (or particular build thereof) that will work best on the particular hardware I am configuring that day.
Usually, after a few hours of digging, I sort of "converge" on a particular firmware and a particular release.
Then it's on to experimenting if the thing actually works. If it doesn't, rinse and repeat.
This is very frustrating, and for a number of reasons:
- From a security perspective, you end up installing a random unvetted piece of binary software on what is basically the gate holding the fort secure.
- You operate on hearsay (forum posts)
- There is no guarantee the process will converge.
That's the old way of doing things. And I've been there. Do I want Tomato Shibby.. or will this other weird ROM work better? Hmm, the home page isn't in English on this one. And this other fork was last released March 2011..
No more of that. Today, buy a router OpenWrt supports and just install the official images and get on with your life.
1. OpenWRT for the most flexibility but you have to edit config files for the more obscure stuff. Tends to take more memory/CPU than others and tends not to run well on older hardware. An entire platform.
2. DD-WRT for the most features available from the web interface. Older versions are suggested for older hardware but that might have security implications.
3. Tomato for the easiest and nicest web configuration interface. Does not support as wide a range of hardware as the others. Might also have issues with older hardware for more obscure features.
Just install a low power CPU. You can get one on eBay delivered for a little more than USPS 1st class shipping. Most of my devices, including my NAS, consume 25-35w, so up to 15w additional consumption, as checked with Kill-A-Watt.
Ever do a tiny load of laundry to get one shirt clean? You've just used something like a year of computer running.
Do you run your air conditioning while your refrigerator exhausts into your kitchen? I call that a kitchen heater. You're heating a cooled space.
I find for whatever reason, tech people all worry about the energy consumed by tiny devices.
There are other power usage concerns beyond cost. For example, if a small room can't have air conditioning you might want only very low power devices to keep from heating it up.
~35 watts isn't actually all that much heat load, and that's what you get from the likes of a business-class Core i5 at the loads routing packets would put on it (i.e. basically idle). Something like Atom or AMD Bobcat is <15 watts.
Another thing to keep in mind if you're worried about power/heat is that 3.5" spinning rust can pull >5 watts per spindle. I've seen 15K drives pull close to 20. But an SSD is close to nothing and so are most 2.5" laptop spindles.
I'll concede that a small closet can get pretty warm from even lower power devices. However, as long as the CPU isn't overheating and the space is clean and dry, it doesn't matter.
Not an expert here, anyway for not too weak x86 hardware (port to ARM is in progress though) I found OpnSense to be a wonderful choice, while for repurposed home routers where the different architecture, memory size and CPU capabilities would make it impossible, I believe the only currently supported one is OpenWRT which I like a lot less, although I concur many of its limitations would probably affect OpnSense too if it was forced to run under the same hardware constraints.
I run for several years a PFsense home router, before it was forked to OpnSense, on a PCengines board: https://pcengines.ch/
It worked flawlessly for years, and when a problematic migration from one ISP to a different one forced me out of the Internet for a few months (yup, months!) All I had to do was setting up the WiFi card as WAN and some rules to use it as such, connect a higher gain antenna then find an open spot (there were a lot back then) in my area and bingo: instant connection to the whole house, even much faster than the one I had before.
All this perfectly doable with OpenWRT too, but the OpnSense interface at least to me is much much more clear to operate and helps me to understand what I'm doing. Last time I used OpenWRT was to convert one of those micro tp-link "3G" routers so that it connected my LAN only printer to the house WiFi network; in the end all went ok, and it works like charm, though honestly if I had to replicate what I did, I would surely have to read the howtos thoroughly and fail another dozen times again because an extremely simple operation was split into so many others in different pages that I've completely forgotten what I did. OpenWRT is great, potentially even better than OpnSense and other BSD based ones, due to the huge availability of drivers and supported hardware Linux can count on, but it badly needs some good improvements in usability.
Does this end up including OWE in the end? It seemed like WPA3 ended up being standardised without all the features we actually wanted as requirements.
OWE = Opportunistic Wireless Encryption, previously if your WiFi has no password everybody can passively snoop all the packets, so it makes sense to use a password even if you tell everybody what it is, like FreeWiFiHere - so that an active attack would be needed to steal data and you've some chance to detect it. OWE says wait, why not use ephemeral keys even if there's no password and then you only set a password if you actually wanted to deny access to people who don't know the shared password.
As an AdGuard and Pi-hole user I want to like NextDNS but when I tried it there wasn’t an easy way to temporarily disable blocking. Is that still right? I think that would make it a nonstarter for most of my friends and family.
As family, just share the web admin login, easy to toggle things. Make it a home screen icon.
With the common ‘social-graph trackers’ apps list tab, toggling WhatsApp if you have to text with a European or Instagram if you want to post is easy, for instance.
Or, leverage the NextDNS app, and use the giant toggle button.
Interesting. So far I've been using it since I discovered it on HN and I like it. Their support is quite responsive too, and it's easy to whitelist a domain if something breaks.
It's good to see DoH going where it ought to be here -- the place where it gets used by everything automatically, keeps your ISP out of your DNS queries, and doesn't require everybody to manually configure every separate application on every separate device in order to set which resolver they want to use.
I would've hated it if my parents could monitor my internet access when I was 15 in the early 2000s. I've been in some weird places by pure chance and curiosity, though the Geocities era of the Internet was much different that today's.
My OpenWRT uses in-memory blacklist in dnsmasq on Omnia Turris that's faster than rpi.
I would imagine the performance of settings it on pihole would be unnoticeable, as it also stores blacklist in memory. The only latency difference would be in network request likely.
Also on Turris with knot-resolver and adblock... is there a reason to outsource blocking really? Why trust nextdns? Isn’t going to be a subscription based service once out of beta?
I can’t speak to the comparison but as someone who was skeptical of the pihole-on-rpi setup I am now a believer. I can’t live without it now.
I should definitely do some benchmarks though. There are occasional times where I feel like DNS lookups take significantly longer than normal but that’s once in a blue moon.
Same. Although I did end up migrating to a DO droplet so I could use it outside of home and share with family/friends. Absolutely can't live without it now.
Does this add a lot of much needed wireless support? I tried this on my wrt3200acm and lost quite a few wireless features and was forced to switch back.
Release notes: https://forum.openwrt.org/t/openwrt-19-07-0-first-release-ca...