Just like the operating system on your computer & cell phone, you can change the software running on your router.

  • TheDevil@lemmy.world
    link
    fedilink
    English
    arrow-up
    37
    ·
    1 year ago

    I would take these projects over stock firmware on traditional home routers any day. And I have done where I’ve been unable to rig a more permanent solution. They have an honourable mission in a section of hardware filled with absolute junk.

    But the trouble is the sheer number of hardware targets and meagre resources on these devices combined with the contempt of third party firmware from most manufacturers make them hard to flash and leave them rarely updated, if you’re lucky enough to have a supported device. Even then they are prone to quirks and bugs. Some devices do receive and are capable of receiving updates but they often cost more than the equivalent low TDP general purpose computer.

    Just imagine: the developers of DD-WRT have to target not just each individual router model but every single revision as the manufacturers have a habit of switching major components or even entire chipsets between product revisions. On top of that the documentation for the components used might be sparse or non existent. I’m impressed that these router distributions can make it work at all but that doesn’t make it any more practical or sustainable.

    At this point you may as well flip the router into modem mode and run OPNsense or PFSense and get a fully fledged operating system running on far more resources than any of these SoCs. Assuming you have the power budget you’ll get assured updates and far more flexibility with fewer compatibility issues and quirks. My passively cooled N5105 box with 8GB of ram and a 128GB HDD happily routes a 1gb/s WAN while simultaneously hosting a busy home assistant instance. The resources aren’t even maxed out.

    Following my experience I will always opt to run dedicated APs. DD-WRT WiFi support is amazing considering what they have to work with, but there are only so many wifi chipsets they can support and because they try to support as much as they can there are always problems with something. I really don’t have time to constantly troubleshoot the wifi following cryptic posts from years ago. Ubiquity stuff isn’t flawless either but it’s stable and a lot less prone to hard to trace issues. YMMV.

    DD-WRT and friends I love you, you really saved my ass a few times when all I had was some shitty CPE. You’re still way nicer than Cisco gear. But I find it hard to justify using a gimped out SoC from a couldn’t-care-less manufacturer when I can buy a 5W TDP passively cooled x86 computer for ~100usd.

    • d3Xt3r@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      1 year ago

      I will always opt to run dedicated APs

      Any recommendations for a dedicated Wi-Fi 6+ AP that supports open firmware?

      • TheDevil@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        4
        ·
        edit-2
        1 year ago

        The short answer is no, because it’s a pain in the ass and offers little tangible benefit. But I can speculate.

        If I was going down this path I would look for an x86 box with a wifi card that is supported by OPNsense or PFsense(that’s usually going to be dependant on available *BSD available drivers). I don’t how well they would function but I would expect quirks. You could also check the compatibility lists of the open router distributions to find something that’s well supported. You can check the forums for posts from people with similar goals and check their mileage.

        You might even be able to achieve this with an ESP32.

        But what are you hoping to achieve? Do you mean open radio firmware or do you mean open drivers? Or an open OS talking to a closed radio? What’s the benefit?

        Radios in any device are discrete components running their own show.

        Open drivers should be possible. However I have a feeling that open firmware for wifi access points radio hardware is going to be extremely hard to find. The regulatory agencies really don’t want the larger public to have complete control because of the possibility of causing interference and breaking the rules(for good reason - imagine if your neighbour had bad signal so he ignorantly cranks up the power output, not realising that he can’t do the same with his client devices, rendering his change useless).

        I seem to remember a change in FCC rules some time back that seemed to disallow manufacturers obtaining certification for devices that permitted end users to modify the firmware, much to the concern of open router users at the time. The rule was aimed at radio firmware but the concern was that the distinction would be lost and the rule applied to the entire router by overzealous manufacturers who hate third party firmware at best.

        A fully open radio is basically an SDR. Can you move packets over an SDR? Hell yes, but now you’re in esoteric HAM radio territory. It’s going to be a hell of a fun project and you’re going to learn a lot, but in so far as a practical wifi ap, your results will be limited.

        I use FOSS wherever it’s practical but if you want working wifi just stick to the well tested brand names. For what it’s worth you probably won’t gain any security by going open, if there’s any weakness it’ll probably be baked in at the protocol level which open devices would need to follow anyway. At least a discrete AP can be isolated and has no reason to be given internet access.

        • ridethisbike@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          3
          ·
          1 year ago

          We get it, you’re the smartest man in the room. None of that was helpful for that poor soul who asked you for a recommendation on how to step away from OTS routers.

          • TheDevil@lemmy.world
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            He asked for a recommendation which I can’t provide because I haven’t gone down the route he wants to know about, hence the first line and my explanation of why I chose not to do that.

            I then speculated how I would do it if I were in his position. Then I broke down his question to help him examine what he really wanted: a completely free(as in open source) appliance, a free operating system and or free drivers.

            Then finally I explained why you’re unlikely to get a truly free radio. I’m sorry if you or others found this unhelpful, I was just trying to condense quite a lot of information into a short post.

            I did just see this posted: https://lemmy.ninja/post/224052

        • phx@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Opnsense and PFsense run on top of BSD underpinnings, so as long as the base OS sports the hardware you should be ok there, but:

          I still don’t really recommend throwing it all on one device. At the minimum, it’s unlikely that a white-box PC with a wifi card is going to be as good for signal etc as a multi-antenna wireless device in hardware designed for such.

          DD-WRT and OpenWRT can both do VLAN’s and per-interface routing, so what I’d recommend instead is having AP’s that run that software connected to port(s) or a VLAN intended for your wireless network, then having that run through your firewall (running PFsense, opnsense or whatever). You can even bind a specific SSID to a VLAN and separate your internal vs guest networks so they can’t talk to each other (or at least, not without rules on the firewall host). That also allows you to run a bit of cable and space out multiple AP’s in such a way that it provides better coverage, while still managing rules/routing/DHCP/etc so the central firewall.

      • redcalcium@lemmy.institute
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        I think Asus routers are about as close as you can get because the stock Asus firmware itself is based on an opensource firmware, which means 3rd party projects such as asuswrt-merlin has an easier time to develop their 3rd party firmware because the stock firmware’s source code is available. They are more expensive than other routers though, which might a be a tough pill to swallow especially when vendors such as TP-Link sells their router for dime a dozen.

    • Aux@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      4
      ·
      1 year ago

      The problem with DIY solutions is that you will be missing out on all advanced hardware features available in prosumer and industrial routers. It’s always better to just buy top of the line ASUS router than going DIY. DIY won’t give you WiFi 7 or even WiFi 6E. DIY won’t give advanced antenna array. The list goes on.

      Another point for ASUS routers is that Merlin firmware is available for most of them. And new routers are added all the time. Simply because Merlin is based on official firmware from ASUS. And it adds a lot of nice features, plus gives you SSH access so you can do whatever you want.

      And last, but not least, ASUS supports old routers for many years, adding new features and fixing bugs. So if you’re not comfortable with flashing custom stuff, you are still better off with ASUS product than with a competitor, as some companies tend to drop support after a measly 9 months since release (looking at you, TP-LINK).

      Basically, always go with hi end ASUS - the best hardware plus really good software and support.

          • Stephen304@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Because then you get the best of both worlds, powerful routing hardware that can easily route and firewall at multi gig speeds, extreme flexibility in software packages to run on your open router platform, and a prosumer AP with best in class wifi performance, antenna configuration, mimo, solid chipset and driver, etc.

            Doing everything on a prosumer router running mips or arm with limited package selection at best and a locked down router is at worst is subpar just as trying to get good modulation rates with a client oriented wifi card running in AP mode with subpar antenna configuration.

            If you want the best wifi and the best routing/firewall/IDs with the widest package selection (and ability to just run any x86 application) then a separate router box running an x86 based os like opnsense,pfsense,whatever paired with a high end AP (business AP is a good choice) will always be the way to go unless you value compact, low power, or simplicity over achieving the best performance.

            • Aux@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              How many devices are you realistically running in parallel that a high end WiFi router is not enough for you? Up to 100 devices is easy. Even with a smart home you’ll be fine.

              • Stephen304@lemmy.ml
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                I’m not sure if you understood my comment fully since none of the benefits I gave have to do with number of devices. Again, the main reasons I listed are that dedicated router boxes on x86 hardware is much more flexible configuration-wise and has many more software packages and addons that can be easily installed compared to consumer routers. You can have plugins like nginx, radius, wireguard, snort (as well as full power to run ids/ips at full speed), etc. For configuration, you have more control over multicast, ways to customize local dns resolution, the full range of local hostname resolution settings, DNS failover, multi wan with the full ability to tune failover metrics, advanced routing rules using hostname aliases that periodically auto-update, advanced dhcp flags and dhcp6/SLAAC settings, virtual IPs (a huge help when doing 0-downtime migrations between hardware or subnets), network bridges, GRE and LAGG, v6 router advertisements, and so so much more.

                If I had a consumer combo router there’s a good chance I would not have vlans, all my roommates would see each other’s smart devices and it would be pretty annoying. I wouldn’t be able to selectively route only traffic to google servers from only my laptop, phone, and chromecast through the same Germany VPN so that all the non-google traffic would be unVPNed, and I wouldn’t be able to set multiple multi-wan failover modes (let alone gateway groups to group failover WANs) so that for example one vlan fails over from the fiber connection to the copper connection while our neighbors connection fails over from the copper connection to the cable internet connection. I would have no ingress load balancer on my router handling incoming traffic to my homelab, and I would have to use extra media converters to get my SFP+ fiber connection to connect to a consumer router’s 2.5G port (did we even have consumer routers with mgig 4 years ago? That’s around when I got my fiber).

                None of this has to do with number of devices, but total capacity is a bonus of having nicer hardware than consumer crap. This wouldn’t be a benefit to most people, which is why my main points are about configurability and flexibility with third party packages, but it is a benefit to me since I have 4 gig of total wan and a 10G link to my core switch. If any 2 of the 10 people in this apartment decide to download from steam at the same time, they will both get a full gig download with plenty of bandwidth left over for the other 7 people to be streaming or doing whatever. Again nothing to do with number of devices, more to do with how many simultaneous high-bandwidth uses you expect to coincide. Of course I could just have everyone share a single gig connection (or 1.2 gig which is currently the maximum residential plan you can get here), but then I would need to deal with traffic shaping / queues, another thing that opnsense coincidentally excels at, having way more traffic shaping options. You can even do traffic shaping on a per-destination basis - for example you could use an auto updating ASN alias to categorize traffic to steam or netflix, then dynamically apply different traffic shaping rules based on which user is accessing those services.

                TL;DR, consumer routers cannot come close to achieving a fraction of the configuration options that open router platforms have. While you might see benefits in capacity if you invest in a good uplink and high end APs (I have uap u6 pro which is “good for 350 devices”, though really I bought for the higher single device performance and higher modulation rates and better mimo configuration), even people with slow internet and very few devices can benefit from the immense amount of configurability that these OSes provide - you’re practically one step away from running a bare OS with open source packages installed and editing a slew of config files where you can use every obscure configuration option that any of these FOSS contributors ever put into these daemons. In fact many of the opnsense configuration pages have an advanced text box at the bottom where you can put in extra config directives in case the UI doesn’t include a knob for something you need.

                It’s great, 10/10 recommend opnsense or pfsense

                  • Stephen304@lemmy.ml
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    1 year ago

                    No you can’t. You’re being silly. They don’t even support lacp with more than 2 members out of the box. No gateway groups, no unbound with adjustable cache ttl and cache revalidation. I would know I switched away from Asus specifically because of it’s shortcomings, many of which cannot even be fixed by ddwrt such as low system memory for state table, which btw can easily be filled up by torrenting. My opnsense box has a huge state table because I just dropped in 8GB of ram.

                    You only need to look at the Asus router admin interface to see how many more pages of configuration options opnsense has.

      • TheDevil@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        While I agree in general that turnkey solutions for access points (not routers) are largely preferable I must point out that it is at least possible to achieve 802.11ax with DD-WRT: https://openwrt.org/toh/views/toh_available_16128_ax-wifi for example, as I found out from this excellent post: https://lemmy.ninja/post/224052

        That post also does a fantastic job of explaining the inherent issues of dealing with wifi hardware from an open source perspective.

        Features like Mu-MIMO/beam forming that call for arrays of antenna are a part of the respective WiFi specifications, and are baked into the closed firmware of the radios. While manufacturers will fight hard to make you believe they are implementing something special, the fact is that they must abide by the WiFi standards and are just rebranding things built into the radios they buy. Hence even FOSS software can implement them. Check out this thread I found which describes what’s going on:

        https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1215880

        What troubles me about the ap/router combos from Asus and the like is that they they charge so much for so little, and they have a history of being generally shitty: https://www.pcworld.com/article/447083/netgear-accuses-asus-of-submitting-fraudulent-test-results-to-the-fcc.html

        https://www.ftc.gov/news-events/news/press-releases/2016/02/asus-settles-ftc-charges-insecure-home-routers-cloud-services-put-consumers-privacy-risk

        It was these same companies that claimed gigabits of wifi throughput, when they were in fact advertising the combined speed of three antennas over two bands. No one device would ever see the speed they slapped on the package. Heck even if they did, grandma probably can’t appreciate the fact that faster wifi doesn’t mean shit if you have a 20/3 asynchronous dsl connection.

        The specialised hardware - ASICS that push packets - are what allow them to include megabytes of RAM and tiny amounts of storage along with extremely anemic CPUs. Very little if any of this is designed in house, they pick components or even an entire SoC, lay out a board, test it and ship it with a nauseating markup. Those ASICS aren’t expensive: they’re in the most basic switches, and the super duper wifi hardware is just a rebadged product from another company. This isn’t really a criticism, it just means that they are efficient and low power but hardly unique. It is though an observation that even the high end router/ap combos are far from bleeding edge tech worthy of the high prices they charge, imho. Why the fuck is 10GbE still so expensive in 2023? There are 10 year old SATA3 drives that can saturate a GigE uplink.

        The software side usually consists of a minimised Linux build often running a myriad of the same open source software running on DIY builds. Back in the bad old days it even took some pressure to get them to abide by the respective OSS licenses and give their code back to the communities they were using to make money.

        They’re charging a premium for very low spec hardware, and not doing a great deal to earn their keep.

        Finally while these companies are now being forced to provide updates, they are still shipping products with security issues:

        https://www.bleepingcomputer.com/news/security/asus-urges-customers-to-patch-critical-router-vulnerabilities/

        One of the most relevant examples from that article being: ‘The other critical patch is for an almost five-year-old CVE-2018-1160 bug caused by an out-of-bounds write Netatalk weakness that can also be exploited to gain arbitrary code execution on unpatched devices.’

        So while I can agree that a DIY Wifi AP will likely cause a certain amount of avoidable grief, I simply can’t abide by the notion that OPNsense or PFsense is unable to offer feature parity with COTS routers.

        As an addendum, if my $100 x86 router can route 1GbE as well as a $300 RGB monstrosity, what are they bringing to the party exactly? Why should we indulge that? Why should we tolerate such gratuitous bullshit?

          • TheDevil@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I can’t even show you a COTS Wifi 7 device, unless I’m missing something the two models Asus have listed aren’t available on Amazon.com - not only that but are there any clients yet? So it doesn’t really support your point.

            Even then… how are you even getting 30gbps into the device - three 10GbE ports in a LAG? And then you’re what… pushing that 30gbps over your home fibre? Looking at the spec Wifi 7 is designed for large scale deployment not home use. Anyway I’m getting off topic.

            I mean you do realise I’m largely in agreement with you when it comes to discrete access points? I was just pointing out a factual flaw in your assertion that so called DIY devices did not support 802.11ax. My strong disagreement was with the state of COTS routers.

            I think you kind of missed my point. The WiFi 7 magic, or any magic really that you’re ascribing to Asus or any consumer facing manufacturer doesn’t even come from them - they buy that shit in, slap on a load of marketing drivel and try to con your grandma or some gaming kid out of a few hundred bucks and call it a day. At best they’re gonna be sending it out for emissions testing because they have to, to get it certified. Maybe they test the antenna placement but given some of the testing I’ve seen it’s clear they don’t even always do that.

            If any of those guys do anything considerably different to anyone else it wouldn’t be a standard right? The clients would only work with matching routers! In fact years back you used to see this, I think 802.11n some manufacturers had some superfast bullshit that only worked when you had a matching pair.

            The whole point of standards like 802.11be is to make sure everything works together and does more or less the same thing, and the whole point of their marketing department is to convince you that their special brand of bullshit does something super special and unique when by definition it cannot without breaking standards, rendering it unable to use the term wifi.

            Home routers have been dog shit for years, and behind the marketing they largely all still are. Don’t allow that shit. Don’t forgive them. I literally linked you to a laundry list of vulnerabilities in Asus routers patched last month, some of which had been known for years

            Sorry my dude. I know this is a bit of a ranty winding post, but holy shit I’m guessing you haven’t been around for the last 20 years of bullshit that these companies have been pulling.

            NONE of them deserve your loyalty and they definitely don’t know the meaning of the word kindness. They have proven time and time again that they would sell their own granny for a few pennies.

            Don’t accept that shit.

    • fouloleron@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Great comment. I ran dd-wrt for years, but finally picked up a used Ubiquiti router and purchased the Eero Pros for wifi. Software does the security now.