"Much finer grained QoS, packet filtering, OpenVPN support, local storage (SMB or FTP shares) from USB, better stability, control over WiFi power amplifier Tx power,"
Industry and users need EASIER qos not HARDER
Packet filtering - fw should have a decent SPI that doesnt need tinkering with
THose who need VPN will know what to buy anyway modems and routers support NTFS shares out of the box now
better stabilily. What. If not the OSS are worse
WiFI power boosting is a long in the tooth internet expert debate topic thats myth and hyped
"Ultimately the tech-savvy home networker will buy a router for the platform and features (eg. CPU speed, RAM, WiFi options like 2.4/5 GHz or number of spatial streams), and choose a firmware to run atop that platform."
Unforuntly many firmware users simply want something for nothing - to 'upgrade' their hardware for free, or follow the hype.
How many users actually NEED pie charts ?
While some features of tomato or whatever else do have merit, these are still built on top of the reference fw, of which many do not believe or realise
The developers themselves have said they cant add or mod feature X because its not in the sauce code
"newer 802.11n/GigE routers that are still compatible with the popular open source firmware distros all vying for the now somewhat aging WRT54G/GS/GL's crown. "
Contrary to popular belief, the original revisions of WRT54G are no longer supported with updates by many projects. Users of these will not get the newest updates and are better off buying new hw. The newer and later GS/GLs, ASUS and so on are fine.
Some beta updates may claim support for the older revisions but these will either be unstable or brick, untested.
Besides these have slow CPUs even compared to other gateways at the time
The Newer revisions are still supported, mainly due user bases buying a new model and seeing 'something on the internet' about boosting them, and it doesnt help that some models eg the -TM were OEM customised.
THese projects are maintained by VERY small teams. Some haver 1-2 developers who can not maintain code on all hardware types.
For new types because they dont have the hw to validate against and these are WIP. You canno't please everyone with open source firmwares.
The number one issue from all projects I have seen wether broadocm projects or non broadcom projects is manpower. Too many gimme pigs and not enough guinea pigs to beta test or risk thei hw. Even if they do, they may not report feedback.
Its just too expensive. Say you donate $20 to a project. Yes you may get benefit, but new hardware starts at $30.
For users who brick their hw and cant soft recover it, spend of $20+ is needed on terminal or JTAG hardware, again same price of new hw. For $200 hw it might be viable however
Yes I have scarificed hardware for the 'greater good' and really at the end of the day npot much gained from routers.
THe bigger issue is DSL GATEWAY makers blocking out certain features from GPL sources, which is harder for community groups to patch due to properitary nature of DSL drivers
I was one of the two developers of Tomato/MLPPP, a fork of Tomato that added support for bonding multiple broadband connections together with MLPPP (layer 2 bonding over PPPoE, real bonding and not just link aggregation).
Ultimately, we fell into the same situation. We based our fork on mainline Tomato, which doesn't support much beyond the WRT54GL, Unfortunately, as the years rolled by, and broadband speeds increased the WRT54GL became less and less appropriate.
I personally started out bonding two 5 meg down 0.8 meg up ADSL lines together, and the WRT54GL coped just fine with that. The aggregate bonded throughput was about 12 Mbps. It was, in fact, the speed at which most of our users were bonding too.
Today, I'm bonding two 25 meg down 7 meg up VDSL2 lines, an aggregate bonded throughput of about 64 Mbps, and a WRT54GL doesn't have anywhere near the power to handle that.
I ended up switching from our own Tomato/MLPPP to OpenWRT/MLPPP, which runs on a much wider array of hardware. In a funny twist of fate, it's a fork (by a small IPS) of one of our own projects, Linux/MLPPP, which was a port of Tomato/MLPPP to run on generic Debian or Ubuntu boxes :P
Sadly, touching on another point that you mention, we don't have the time to maintain Tomato/MLPPP or Linux/MLPPP anymore, and will be selling them to the ISP that maintains OpenWRT/MLPPP, where we hope they will be kept more active before eventually being merged into one better supported project.
I run Tomato, and while I've been meaning to play around with some others (and to also do some experimenting with finer-grained QoS in Tomato), the lack of in-depth comparisons/reviews was definitely annoying. I'd love an article with specific recommendations in it. I'm going to go look up what the Victek mod does now..
My previous router was an asus G with Tomato. Loved the features, I set it up for auto reboot weekly, mostly because I was paranoid =P. Loved the stability and feature set coupled with a great UI. When I moved to the WNDR3700, I did so knowing that it had DDWRT support (aside from the then top-tier hardware, which is still top-tier IMO). However I never flashed it in fears of some documented wireless issues. Regardless, the stock firmware does what I need it to, and it's been 100% stable for me. No resets needed for months.
So these days I wouldn't hesitate to give stock firmware a try. I would love some comparisons, stock vs. Open source.
I purchased a WRT54GL a few years ago and I looked into trying to flash custom firmware for it.
Now understand, I'm hobbiest techie sort of guy. Hardware is more my forte.... Software, on the other hand.....well I'm not a programmer. I will never learn how to compile source code. I've tried Linux on more than a half dozen occasions in the past and they have all been unmitigated failures. Whether it be the installer, or a Laptop's Wifi card, or video drivers or trying to get a network share to work, something has always gone wrong. Hundreds of hours of my life down the drain trying to follow flawed step by step guild on some God forsaken forum somewhere.
To get back to the topic at hand, I looked into flashing something like DD-WRT or something else on my router. But the choices were dizzying. Point being, the process was far from simple for a neophite like me. And, rather than risking bricking my router I decided that these programmers can keep on programming for programmers.
If the process of finding the custom firmware isn't fairly simple, then there isn't much point as it is going to be useless for the average Joe anyhow.
I use dd-wrt and it is miles ahead of the stock firmware on this linksys router. more secure as well(no WPS). i would like to use Toastman's Tomato mod mainly because of its traffic monitoring capabilities(pretty graphs :)) but this Linksys E1000 does not support it. oh well. dd-wrt is still awesome.
One thing that turned me off of the WRT54G and some Netgear models was stability issues. Even running DD-WRT, they needed to be reset weekly (good thing DD-WRT has scheduled jobs) in order to keep the wifi working properly. At least for the vertical-standing Netgear devices, I found out it was due to the WiFi chip overheating (which a case-mod and 40mm fan would fix).
Personally, I'm using the Buffalo WZR-HP series devices now (the High Power ones), such as the WZR-HP-G450H (since I don't have any devices capable of 5GHz band yet).
Currently using DD-WRT on a Linksys, but I've been strongly considering an upgrade and it's been a real struggle to find any remotely up-to-date round up and comparison of the various major open source solutions on more powerful and modern router hardware. It would be extremely useful (and enjoyable from a tech perspective) if AT did an article on this.
I bought my TPlink TL-WR1043ND specifically for OpenWRT. I used their site (openwrt.org) to crosscheck price vs. flash size, and this was one of the cheapest (around 50$) with the 2nd largest flash size (8MB) and gigabit LAN.
The most notable new functionality for me is being able to route my queries (configure) to my DSL modem (the dhcp address is not the only one assigned to WAN). No stock firmware offers this. Also I can use bind for DNS server and use directly the root servers instead of the 2 provided by ISP.
My previous router was DLink DIR-655, which I used for almost 3 years before venturing into custom fw (which I did not find for DIR-655).
A few years ago now when my cable operator started rolling out DOCSIS 3.0 I got myself a 200Mbps connection. Turns out non of these home routers can do those kinds of speeds. I ended up throwing together a pfSense box of spare parts. Even then I had problems. Turns out those ancient 3Com Gigabit NICs I had lying around couldn't handle it either, so I ended up buying a couple of Intel Gigabit NICs.
While something smaller than ATX box would be nice for a router, I have not been able to find anything that can keep up performance wise.
When I first purchased my router it was really unstable, and would constantly drop connections. I was about to replace it when I stumbled across DD-WRT. Honestly I was kind of surprised that an open-source firmware would be more compatible with my hardware than the proprietary firmware that linksys installed. But to this day the thing is solid with DD-WRT.
Anyway, I would definitely be interested in hearing about other firmware distros. Squeezing the value out of all of our technology is definitely interesting.
Consumer-grade router platforms are a joke, IMHO. I use them as APs, and it annoys me when manufacturers refuse to put in a simple "disable all the DHCP and NAT and act like a wireless AP" toggle.
I've been using x86-compatible hardware (Soekris embedded platforms) running pfSense from flash memory since version 1.1 or 1.2 IIRC.
It's a fantastic platform for both business and home usage, thanks primarily to the inclusion of UPnP (it's one of the few open source routing systems that does UPnP so your gaming works correctly).
Been using WRT54G routers since 2005. Ran DD-WRT for a long time, but switched to Tomato recently since it seems a little more efficient. I'm absolutely interested in learning about OSS-compatible N routers beyond the N16, which is what I've been looking into.
This is a very interesting subject. At home I'm using a TP-Link TL-WR1043ND with DD-WRT. I own a NetGear WNDR3700v2 (with original firmware, but supported by DD-WRT if I ever need it) In the past years I've used both m0n0wall and pfSense on a virtualPC, doing routing & nat for the DSL connection handled by a zyxel 660HW configured as a "network modem" (routing/nat disabled )
It would be interesting to compare the feature of different open source firmware, and compare the performance of the original firmware vs opensource firmware. Does the opensource firware WiFi is as fast as the original firmware WiFi?is it stable? is the USB faster or slower? does the latency improve?
I'm running a WRT54GL since 2007 (5 years have passed, wow...) with the excellent Tomato firmware and the router is rock solid, which wasn't the case with the original firmware. I would be interested to hear some news about the state of the open source art with newer models!
Gargoyle router doesn't get nearly enough love from the community. It's a real easy to set up solution for the problems of the average connected multi-computer home: who used all the download quota? Who is hogging all the bandwidth right now, and how do I slow them down? Lock out everyone except me between these hours of the day. Force all the devices on the network to use OpenDNS. And so on.
Not that you can't do these things on other software but it's usually much harder to set up and monitor, and you often end up having to load up lots of extra modules, edit config files, etc.
Currently running a few Ubiquiti Routerstations (ships with OpenWrt preinstalled from the factory, but you'll need to upgrade to get the most out of it). MIPS 680 MHz, 128 MB ram, USB 2.0, SD card for expandable storage, 4 gigabit ports and up to 3 minipci cards. Put a Mikrotik R52Hn 2x2 abgn hi-power card (or more than one!) in there and you're good to go.
It's obviously not for everyone, but if you're confortable with a command line (and the lack of a case) it's probabily the most versatile small router you can find. One of mine is currently running trunk with ~100 days uptime, with absolutely no stability issues as 2x2 5ghz AP.
If you're going to review cheap consumer hardware, give a try to a TP-Link TL-WR1043nd and install an OpenWrt image from their /snapshots repo. They've got a pretty good graphical interface nowadays, but still have all the customizability you can ever need if you're willing to SSH into the box. They're surprisingly versatile and reliable for their price, I've a seen a few around with almost ~365 days uptime.
Yes, I always was disappointed by all my purchases, I never found a router that is able to run without issue for weeks, serving 4 or 5 PC with LAN streaming and WAN P2P. I'm afraid to pay a premium price when I'm not sure the router will be stable for weeks.
For now I'm using one of the cheapest routers, the DIR-601. With the stock firmware, I installed an electric timer to cut the power for 1 minute everyday. Then, DD-WRT came compatible with the router, I installed it right away and many problems went away, but I still needed to reboot sometimes. So I enabled auto-reboot each day. Since that, I rarely have to touch the router, it just works.
I'm looking to get more wireless speed and I would love to see a review of the different open source firmwares, to see if the wireless speed changes a lot when using them instead of the stock firmware.
I have been using WRT54G since mid 2006 and DD-WRT almost as long (I really do not remember when I switched to DD-WRT, but it should be within a month or two). The latest stable "enough" build is rather old (from Aug 2010) but the last time I rebooted this router was about 7.5 months ago.
I am interested in getting a new router (wireless-n with gigabit support) and would prefer one which has good custom firmware support (in case the stock is crap) as I am probably switching to fibre once my current contract is up. Any good sites with reviews on such stuff?
Many of the models are integrated solutions, so it might not be worth paying extra for hardware you can't use (Draytek still has some interesting models which is not tied to DSL or cable).
I would love to be able to build my own wifi router. I figure this is possible with a small-form factor computer that has a few PCIe 1x lanes. Stuff those with mini-PCIe wifi cards and load up openBSD or linux. The security at the very least would be more trustworthy.
My problem with current solutions is that by the time the open-source firmware community supports 3x3 5Ghz on my off-the-shelf wifi router, a new technology like 802.11ac comes out. I want to be able to drop in new mini PCIe cards to upgrade my router as new technology comes out.
If you separate your AP from your firewall, you can just get the AP with the features you want, and plug the NIC port from the AP into an Ethernet card in your firewall. Put wireless on another VLAN so you can filter it accordingly. You can even use dot1q on some models so you can have multiple SSIDs with different networks. You'll still have the security from the firewall but you also gain the ability to position your APs in a better location.
I seriously would suggest to anyone who wants to take their router to next level convert their existing "all in one router" into your Access Point for your new network. It's really easy to do, just turn off DHCP and plug one of the lan ports on it into a lan port on your new firewall. Wireless works exactly like before but now you can build a new pc running a much more powerful firewall.
A great choice is definitely PFSense. I would use the setup I described in the first paragraph. Connect your AP specifically to it's own network card on your firewall so it's on it's own network. So you'll have WAN, LAN, and OPT1(connection to AP). Turn on a feature called Captive portal. What this will do is present a splash screen for any computer trying to access another network from your wireless network. That person must put in a user / pass combo to be let through the firewall. This adds another layer of security that's even harder to bypass since they can't just try to brute force or decrypt your wireless key. Also, now you have the advantage of setting up a rule that might only allow them access to the internet, and no access to your LAN. This would allow you to have a guest network that is easy to setup and use without worrying about your friends virus infested pc being on your network.
I love playing around with new firmware and getting new life out of old devices, but sometimes I just can't afford the time
So I've upgraded to a Draytek Vigor 2850n. My main reason was actually the VPN endpoint, but it also has better performance than most wireless routers and a ton of customization options. It's technically a business router, but is a great choice as a performance home router (if you don't mind the boring styling).
There's not much time investment involved. For a lot of these older routers, like the WRT54G series, installing a custom firmware is the same process as you'd install an update from Linksys, and some of the third party firmwares like Tomato have an easier to use and simpler to configure interface than the stock firmware.
The problem is that you end up hitting hardware limitations with these older routers. A WRT54GL worked fine when we were all using 5-10 meg internet connections in Ontario/Quebec, but now that we're using 30-60 meg internet connections, it can't handle that sort of throughput. The 200MHz CPU, among other things, just doesn't cut it anymore.
I do agree with some of the user comments that a comparison of "Easy of Use" as well as "Indepth Features" needs to be separated.
Though, I think a large comparison between all of the options with a focus on "This one is easy for new guys to use, while being better than the stock firmware" and "This one offers you the most features and abilities as a user" need to be made so that folks can definitely find a happy medium for themselves.
I originally used DD-WRT on a linksys WRT54GS, then moved to Tomato on Netgear hardware to get 802.11N and pretty graphs.
Now I'm back using DD-WRT on my Linksys WRT400N and it works great. DD-WRT v24-sp2 gives me the traffic logs/graphs to easily watch my usage, and the userbase/documentation made it easy to use powerline networking to bridge to a second WRT400N set up as an access point for a flat network space (and less spouse agro for WiFi dead-zones).
I switched from Linksys WRT devices some time ago. While not open source D-Link DIR-655 was the BEST router I have ever used. I kept it at stock firmware (1.24) as I heard newer firmwares were buggy. This router was rock solid, I never had to reboot it (I'm on DSL), and if I rebooted to make changes, it was fast!
I've since had to upgrade as my friend (negatively tech savvy) needed more range than his WRT54G could provide and was given my rock solid DIR-655. I've since upgraded to a Netgear WNDR3800 (which is open source). Has some great features, easy to use firmware, and also has been very stable (no restarts except when changing settings). While not as fast as the D-Link, this has been a rather painless router.
I regularly use Buffalo WHR-HP-G300N flashed with DD-WRT as Access Points, as the Buffalo Firmware can be iffy.
My Linksys WRT310N v2 with DD-WRT has been a solid performer, but would love to see some options on both the hardware and firmware side, for a potential upgrade.
I have a WRT54G running DD-WRT. The stock firmware was underwhelming, in particular it needed manual resets shortly after purchase (since it was losing connectivity). I got a full year out of it before I needed to start resetting the router running DD-WRT and was able to automate it using the setting that schedules weekly resets.
BTW: I'd also be interested in case mods that add additional cooling to reduce the need for resets. This is my number one gripe with all routers/cable-modems I've ever owned: they get hot and then they eventually start needing resets every freaking day.
Chances are you're running more traffic through the device than it was meant for. If you have a bit of knowledge about computers it is definitely worth a look at some of the software based distros as you can get much better hardware for them. If you have a P4 box laying around you can grab an additional 10/100 NIC and have better throughput since the hardware is much faster. The only downside is the power bill is going to go up.
What I'd suggest is keep your DD-WRT for your Access Point by turning off DHCP on it and plugging a lan port into the lan port on your new firewall. Wireless still works as normal without the need to buy a wireless NIC plus it gets rid of some of the complications trying to get that working on your new box.
I definitely agree that an article covering some of the different firewall packages would be useful to many people. I've personally tested several to decide what one I wanted to use.
Like others have said, it comes down to ease of use versus functionality. DD-WRT is a great platform for low to moderate needs with ease of use and lots of features. Most of the hardware you can install it on will be the least costly solution for both initial price plus operating costs (Power). The only downside to it is that those boxes simply won't have as much customization and scalability that a pc running PFSense could provide. If you want the full IDS suite you'll need something like snort which can't be done on the embedded hardware DD-WRT can run on. Snort is very functional but it's definitely not an entry level feature to get working properly.
I could see doing an article for entry level showcasing DD-WRT, OPEN-WRT, FreeWRT and tomato and all of the advantages they have over stock routers. Then there could be another article showing PFsense, Untangle, IPCop, m0n0wall, endian showing some of the additional things they can do with the ability to add packages into them. I think it would be hard to try to clump all of them into one article simply because they cover many different things. Any of the WRT software would be a much easier solution for a person who doesn't know how to build a pc, since they can goto a website, download a file, and put it onto their router and be up and running. With the second group it might go smoothly, it might not depending upon the hardware you're trying to install it on.
What I need more than anything is best practices guidelines, and really I only care about 1) security 2) performance (if it does not clash with 1).
There is just such an overwhelming amount of options out there it is a research project just to get vaguely ok settings. Never mind actually getting close to optimal. This is true for everything, motherboard bios, firewalls, routers, switches, OS.
A review is nice, but how about also giving us the settings you recommend and updating those based on comments once or twice after publishing the article.
I've played around with DD-WRT and similar in the past, and found that while the extra features were nice wireless performance was abysmal (in some cases producing less than half the bandwidth of stock firmware.)
Maybe things have improved, but if they have I doubt it's by much - the "extra tweaking" options simply aren't worth my time and loss of wireless performance.
Having setup WRT54G's and WNR3500L's using DD-WRT in the not-so-distant past, I think a lot of good could be achieved by just testing the most used features of the most popular 3rd party firmware providers. As other commenters have pointed out, it's quite the task to sift through all of the choices available even when you already have target hardware. Without a target platform in mind, it becomes herculean. I ended up using DD-WRT solely on the basis of incidental prior experience, not because it offered any compelling advantage over Tomato. I simply didn't have time to try both.
Perhaps a reasonable approach would be to pick a small subset of hardware (3-5 across price/performance range) and then do usability/correctness testing with OpenWRT, DD-WRT and Tomato. For performance testing, the most important characteristic for home routers is stability, followed by WAN-LAN throughput and possibly simultaneous connection limits. VPN throughput for routers that can establish tunnels is also useful info.
I would bet that, for most that try open source firmware, a successful experience with one package will generate high brand loyalty. It's just a matter of familiarity, and not wanting to undergo the effort of learning some other arcane ritual to just get the firmware onto the device without bricking it. With that first choice being vitally important, therefore, an article helping guide users to it would be great.
This would be a good article, if even if it's only a survey of what's out there as options.
I used to run a WRAP board with m0n0wall and a WRT54G WAP for years, until the WAP got flaky, as well as the WRAP board. I didn't have time to chase them both down and since I wanted new stuff, I got a WNDR 3700 (N600?) I think. Can't remember since the model on the box and the model on the unit were different. Stupid marketting people.
Anyway, just finding a dual band router with 2.4 and 5Ghz, supported by DD-WRT was a challenge, mostly in terms of figuring out exactly which model to get.
I first tried running the stock firmware, but it couldn't do what I wanted. Now I run DD-WRT but I'm annoyed at the DNS server it has. If I add my own internal entries, the stupid thing doesn't append my internal domain name (foo.home) to hostnames, nor does it allow you to look them up with either name, So either I end up entereing the name twice into the dnsmasq.conf file with both the hostname and the FDQN, which is just stupid.
And I haven't had time to hunt down the reason, because I demand a system that stays up and just runs, I have enough other things to fart around with.
I've been using m0n0wall on a Soekris box for many years. Used to have a 4501 that worked great for many years. Now running a 4801 which has been in place for another another many more years. These things are bulletproof and cheap on power. On another deployment I've had the CF card (don't cheap out on it), and also Soekris shipped a PSU that had a bad coax plug which they replaced w/o issue.
I have had great success with m0n0wall. Before m0n0wall updated to the freebsd kernel that supports wireless AP's, I had a Linksys AP connected to it, now it's all in the same box and works great. Does what I need, don't see much point in changing it. I've only got a 7.5/0.5Mbps connection and I am not saturating the CPU cycles on it. Soekris offers other models that have more processing power that I would look at if I need it.
I've got a PPTP VPN, traffic shaping, etc going on it. Note that it doesn't support uPNP (a plus or a minus depending on who you talk to) and it's definitely geared towards the more networking skills than some of the alternatives out there.
+1 for the comparative look. I love my WRT54G v.2, however it is old and starting to bite the bullet. I have been using Tomato for the last few years and would like to continue doing so (although I'm not afraid to change from one open source firmware to another), but I find that between the different options available for both routers and firmware, it's a daunting task to find what would work best.
Been running PFSense version 1.2.3 and more recently 2.0 for a couple of years now with great success. Originally I had an old PC with a couple of 3Com 3C905C NICs in it.
I decided to move to something smaller and more energy efficient so I purchased a Zotac miniITX board with a Sempron 140 CPU and 2 gigs of RAM. I bought a small ITX case with external power supply and added a PCIe gigabit card to the mix. Nice little box and plenty powerful for my needs.
I have a static IP block on my cable line and it handles the multiple IP addresses flawlessly which is something DD-WRT never seemed to do cleanly. You had to hack at it to add multiple external static IPs.
I can't recommend that Asus RT-N16 router enough. Especially after reading this thread with all these people complaining about how they have to reset their routers ever week. I'm still using the stock firmware (the latest "Russia only" build, don't worry it isn't in Russian and it's ridiculously stable) and I haven't reset it since I installed the firmware update. I'm going on 3-4 months now and not a single problem.
I would imagine with installing DD-WRT or Tomato on it for those that like more granular control would be like heaven for many people on this board. Seriously, go out and buy it right now if you're sick of messing with that underpowered Linksys router that everyone keeps buying for some god knows why reason.
I recently bought a WR1043ND and figured I'd try OpenWRT or DD-WRT, both have pretty bad support for L2TP. In the case of OpenWRT the functionality didn't come with the image file and I couldn't connect to the repository because I needed an internet connection to do that. In the case of DD-WRT I'd get disconnected after a while and won't be able to reconnect without restarting the router. On top of that the web interface for DD-WRT doesn't have a log viewer which required screwing around with SSH, symlinks and external software.
So while I'm sure there are features unavailable in the original firmware it doesn't help me when there are problems with such basic functionality.
I have a couple of WNDR3700 and use DD-WRT on them. Although I am satisfied with the features and performance, and I don't in any way tax them, I would like to try OpenWRT / Gargoyle or Tomato, just to see the difference. Unfortunately for me the step from DD-WRT to the others is not for the novice and I have always hesitated. A good, broad based article, with specific suggestions would be most welcome and I'm sure meet the needs of an ever growing community. Stock firmware is definitely basic and lacks frequent upgrades. On the other hand open source firmware seems to always be updated on a regular basis and generally follows the requests and wishes of the community it services. So, go ahead and present an article for the open source masses.
In order to get adequate coverage I have three WRT54G routers in my home running DD-WRT. One is the main gateway and the other two are access points only.
I have used a lot of consumer grade routers over the years myself and on client installs and found them all to be unreliable in the long term. I'd have performance issues and lockups requiring occasional reboots of the routers. Ever since switching to DD-WRT, my home routers have been ROCK stable. They have been running continuously for years without reboots. I also love the logging features.
I would like to upgrade to newer 802.11N routers, but I have no idea what's ideal to run DD-WRT on, so I would love to hear more on this topic.
This has been my setup for.... I don't know, 7 or 8 years now?!
At the time I was running m0n0wall on old PC for a couple of years so instead of investing in a Soekris with m0n0wall, I decided to try out the WRT54G as a basis platform instead. Anyway, started out with an old 2nd hand v1 WRT54G (fabulous kit, still had the NIC mode/activity LEDs on it) and very soon after I tried different firmwares. Eventually I settled for DD-WRT (don't remember the version at the time).
After 2 years the PSU died on me (5v 1A, stupid power rating actually) so I bought another PSU but eventually 2 years down the road the whole thing just died. I could do JTAG recovery but I never did bother so I bought a brand new WRT54GL.
Since then I've been running that WRT54GL + DD-WRT (v24 preSP2 - don't remember which development build, but it was one that addressed UPnP properly, because of my Xbox) and I'm quite happy with it.
I've been thinking about swapping it to a WirelessN+Gigabit router but DD-WRT support on those is a mess, so many tricks in so many models and so many variants e, so I decided to postpone it.
But apart for the slow NIC ports (100Mbps) and the slow Wifi speeds (17/20Mbps is the most realistic figure), I really do love it. It has all the UPnP, Shaping, WOL, VPN, Management and Bandwidth facilities I cater for and all with rock-hard stability. I don't remember when was the last crash or reboot I had on it. As far as I'm concerned it's on for 4 years with no crashes or reboots, apart for reconfiguration (very rare) or power failures.
I actually also want try out Tomato, as when I tried (old release) I didn't really like it, but I hear the WiFi performance is better than the DD-WRT, which is currently an issue for me.
Yes!, I defenitively want to hear more about this topic! Specially in regards to WifiN and OpenWRT/DD-WRT/Tomato/m0n0wall hardware, as these kind of routers seem to be "frozen" in the G-era :)
I work for an ISP with these home routers. I can confirm that most customers could not care less about the router. Stability and ease of use is the only two things they care about. We use an autoconfiguration system so that the customer is not forced to log in to the device. 70% does never log in. 10% change some settings. The settings the customers actualy do is: ESSID & encryption key, port forwarding. Less than 1% changes other settings.
If you do intend to do such an comparrison test, talk to the guys at QA Cafe. See if they will lend you CD Router to do tests with. It will run through a lot of features on the routers, and see if they do follow the standards. And probe for other well known problems.
You will be suprised to se how many ways DHCP can be implemented badly: - Only support broadcast (dont unicast for renew -> allways lose lease) - Never renew, allways end up with lease expire and start over with discover proccess - Leak layer 2 broadcast while doing discover/renew/bootup. (LAN clients ending up with WAN IP) - All routers with a certan firmware uses the same mac address on wan - Does not complete renew if the wan side is renumbered - Dropps or duplicates(!) (bad for multicast IPTV) packets when renewing - Has lower priority on DHCP than P2P traffic, so it will allways fail if you fill up your uplink - Does not respect lease time -> router things it has a valid ip when the lease is lost
And that is just DHCP, a well known protocoll used by all devices since the dawn of the internet.
I used a wrt54g with Tomato for years. I originally did this for the reporting and ability to extend functionality via scripting. Running adblock and automatically updating profiles for example. It was rock solid for years but eventually the need for greater wireless performance needed to be addressed. So I moved up to N wireless and changed my routing strategy entirely.
Now I run untangle on a repurposed Juniper WXC chassis and a TPLink N300 AP. I have another TPLink AP in client mode elsewhere in the house providing a connection back to the network for other wired devices. The TP Link devices were chosen because they were inexpensive and work effectively. I see no need to pay more for home use.
The benefit of this arrangement is increased flexibility and security as untangle provides edge protection, AV, content filtering, spam and spyware protection, and of course ad blocking. And more besides. Use of a pico power supply has cut down on noise, heat and power consumption. Its not as quiet as the wrt54g for example but its quite acceptable. Maybe a bit extreme for home for some but it has proven a very effective solution nonetheless.
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
56 Comments
Back to Article
NitroWare - Tuesday, February 28, 2012 - link
"Much finer grained QoS, packet filtering, OpenVPN support, local storage (SMB or FTP shares) from USB, better stability, control over WiFi power amplifier Tx power,"Industry and users need EASIER qos not HARDER
Packet filtering - fw should have a decent SPI that doesnt need tinkering with
THose who need VPN will know what to buy anyway
modems and routers support NTFS shares out of the box now
better stabilily. What. If not the OSS are worse
WiFI power boosting is a long in the tooth internet expert debate topic thats myth and hyped
NitroWare - Tuesday, February 28, 2012 - link
"Ultimately the tech-savvy home networker will buy a router for the platform and features (eg. CPU speed, RAM, WiFi options like 2.4/5 GHz or number of spatial streams), and choose a firmware to run atop that platform."
Unforuntly many firmware users simply want something for nothing - to 'upgrade' their hardware for free, or follow the hype.
How many users actually NEED pie charts ?
While some features of tomato or whatever else do have merit, these are still built on top of the reference fw, of which many do not believe or realise
The developers themselves have said they cant add or mod feature X because its not in the sauce code
NitroWare - Tuesday, February 28, 2012 - link
"newer 802.11n/GigE routers that are still compatible with the popular open source firmware distros all vying for the now somewhat aging WRT54G/GS/GL's crown. "
Contrary to popular belief, the original revisions of WRT54G are no longer supported with updates by many projects. Users of these will not get the newest updates and are better off buying new hw. The newer and later GS/GLs, ASUS and so on are fine.
Some beta updates may claim support for the older revisions but these will either be unstable or brick, untested.
Besides these have slow CPUs even compared to other gateways at the time
The Newer revisions are still supported, mainly due user bases buying a new model and seeing 'something on the internet' about boosting them, and it doesnt help that some models eg the -TM were OEM customised.
THese projects are maintained by VERY small teams. Some haver 1-2 developers who can not maintain code on all hardware types.
For new types because they dont have the hw to validate against and these are WIP. You canno't please everyone with open source firmwares.
The number one issue from all projects I have seen wether broadocm projects or non broadcom projects is manpower. Too many gimme pigs and not enough guinea pigs to beta test or risk thei hw.
Even if they do, they may not report feedback.
Its just too expensive. Say you donate $20 to a project. Yes you may get benefit, but new hardware starts at $30.
For users who brick their hw and cant soft recover it, spend of $20+ is needed on terminal or JTAG hardware, again same price of new hw. For $200 hw it might be viable however
Yes I have scarificed hardware for the 'greater good' and really at the end of the day npot much gained from routers.
THe bigger issue is DSL GATEWAY makers blocking out certain features from GPL sources, which is harder for community groups to patch due to properitary nature of DSL drivers
Guspaz - Wednesday, February 29, 2012 - link
I was one of the two developers of Tomato/MLPPP, a fork of Tomato that added support for bonding multiple broadband connections together with MLPPP (layer 2 bonding over PPPoE, real bonding and not just link aggregation).Ultimately, we fell into the same situation. We based our fork on mainline Tomato, which doesn't support much beyond the WRT54GL, Unfortunately, as the years rolled by, and broadband speeds increased the WRT54GL became less and less appropriate.
I personally started out bonding two 5 meg down 0.8 meg up ADSL lines together, and the WRT54GL coped just fine with that. The aggregate bonded throughput was about 12 Mbps. It was, in fact, the speed at which most of our users were bonding too.
Today, I'm bonding two 25 meg down 7 meg up VDSL2 lines, an aggregate bonded throughput of about 64 Mbps, and a WRT54GL doesn't have anywhere near the power to handle that.
I ended up switching from our own Tomato/MLPPP to OpenWRT/MLPPP, which runs on a much wider array of hardware. In a funny twist of fate, it's a fork (by a small IPS) of one of our own projects, Linux/MLPPP, which was a port of Tomato/MLPPP to run on generic Debian or Ubuntu boxes :P
Sadly, touching on another point that you mention, we don't have the time to maintain Tomato/MLPPP or Linux/MLPPP anymore, and will be selling them to the ISP that maintains OpenWRT/MLPPP, where we hope they will be kept more active before eventually being merged into one better supported project.
Bremen7000 - Tuesday, February 28, 2012 - link
I run Tomato, and while I've been meaning to play around with some others (and to also do some experimenting with finer-grained QoS in Tomato), the lack of in-depth comparisons/reviews was definitely annoying. I'd love an article with specific recommendations in it. I'm going to go look up what the Victek mod does now..EnzoFX - Tuesday, February 28, 2012 - link
My previous router was an asus G with Tomato. Loved the features, I set it up for auto reboot weekly, mostly because I was paranoid =P. Loved the stability and feature set coupled with a great UI. When I moved to the WNDR3700, I did so knowing that it had DDWRT support (aside from the then top-tier hardware, which is still top-tier IMO). However I never flashed it in fears of some documented wireless issues. Regardless, the stock firmware does what I need it to, and it's been 100% stable for me. No resets needed for months.So these days I wouldn't hesitate to give stock firmware a try. I would love some comparisons, stock vs. Open source.
Bull Dog - Tuesday, February 28, 2012 - link
I purchased a WRT54GL a few years ago and I looked into trying to flash custom firmware for it.Now understand, I'm hobbiest techie sort of guy. Hardware is more my forte.... Software, on the other hand.....well I'm not a programmer. I will never learn how to compile source code. I've tried Linux on more than a half dozen occasions in the past and they have all been unmitigated failures. Whether it be the installer, or a Laptop's Wifi card, or video drivers or trying to get a network share to work, something has always gone wrong. Hundreds of hours of my life down the drain trying to follow flawed step by step guild on some God forsaken forum somewhere.
To get back to the topic at hand, I looked into flashing something like DD-WRT or something else on my router. But the choices were dizzying. Point being, the process was far from simple for a neophite like me. And, rather than risking bricking my router I decided that these programmers can keep on programming for programmers.
If the process of finding the custom firmware isn't fairly simple, then there isn't much point as it is going to be useless for the average Joe anyhow.
Mangix - Tuesday, February 28, 2012 - link
I use dd-wrt and it is miles ahead of the stock firmware on this linksys router. more secure as well(no WPS). i would like to use Toastman's Tomato mod mainly because of its traffic monitoring capabilities(pretty graphs :)) but this Linksys E1000 does not support it. oh well. dd-wrt is still awesome.Ammaross - Tuesday, February 28, 2012 - link
One thing that turned me off of the WRT54G and some Netgear models was stability issues. Even running DD-WRT, they needed to be reset weekly (good thing DD-WRT has scheduled jobs) in order to keep the wifi working properly. At least for the vertical-standing Netgear devices, I found out it was due to the WiFi chip overheating (which a case-mod and 40mm fan would fix).Personally, I'm using the Buffalo WZR-HP series devices now (the High Power ones), such as the WZR-HP-G450H (since I don't have any devices capable of 5GHz band yet).
zanon - Tuesday, February 28, 2012 - link
Currently using DD-WRT on a Linksys, but I've been strongly considering an upgrade and it's been a real struggle to find any remotely up-to-date round up and comparison of the various major open source solutions on more powerful and modern router hardware. It would be extremely useful (and enjoyable from a tech perspective) if AT did an article on this.mathew7 - Tuesday, February 28, 2012 - link
I bought my TPlink TL-WR1043ND specifically for OpenWRT. I used their site (openwrt.org) to crosscheck price vs. flash size, and this was one of the cheapest (around 50$) with the 2nd largest flash size (8MB) and gigabit LAN.The most notable new functionality for me is being able to route my queries (configure) to my DSL modem (the dhcp address is not the only one assigned to WAN). No stock firmware offers this. Also I can use bind for DNS server and use directly the root servers instead of the 2 provided by ISP.
My previous router was DLink DIR-655, which I used for almost 3 years before venturing into custom fw (which I did not find for DIR-655).
Mr Alpha - Tuesday, February 28, 2012 - link
A few years ago now when my cable operator started rolling out DOCSIS 3.0 I got myself a 200Mbps connection. Turns out non of these home routers can do those kinds of speeds. I ended up throwing together a pfSense box of spare parts. Even then I had problems. Turns out those ancient 3Com Gigabit NICs I had lying around couldn't handle it either, so I ended up buying a couple of Intel Gigabit NICs.While something smaller than ATX box would be nice for a router, I have not been able to find anything that can keep up performance wise.
Chupathingy220 - Tuesday, February 28, 2012 - link
When I first purchased my router it was really unstable, and would constantly drop connections. I was about to replace it when I stumbled across DD-WRT. Honestly I was kind of surprised that an open-source firmware would be more compatible with my hardware than the proprietary firmware that linksys installed. But to this day the thing is solid with DD-WRT.Anyway, I would definitely be interested in hearing about other firmware distros. Squeezing the value out of all of our technology is definitely interesting.
ZPrime - Tuesday, February 28, 2012 - link
Consumer-grade router platforms are a joke, IMHO. I use them as APs, and it annoys me when manufacturers refuse to put in a simple "disable all the DHCP and NAT and act like a wireless AP" toggle.I've been using x86-compatible hardware (Soekris embedded platforms) running pfSense from flash memory since version 1.1 or 1.2 IIRC.
It's a fantastic platform for both business and home usage, thanks primarily to the inclusion of UPnP (it's one of the few open source routing systems that does UPnP so your gaming works correctly).
thatbox - Tuesday, February 28, 2012 - link
Been using WRT54G routers since 2005. Ran DD-WRT for a long time, but switched to Tomato recently since it seems a little more efficient. I'm absolutely interested in learning about OSS-compatible N routers beyond the N16, which is what I've been looking into.MaxDna - Tuesday, February 28, 2012 - link
This is a very interesting subject.At home I'm using a TP-Link TL-WR1043ND with DD-WRT.
I own a NetGear WNDR3700v2 (with original firmware, but supported by DD-WRT if I ever need it)
In the past years I've used both m0n0wall and pfSense on a virtualPC, doing routing & nat for the DSL connection handled by a zyxel 660HW configured as a "network modem" (routing/nat disabled )
It would be interesting to compare the feature of different open source firmware, and compare the performance of the original firmware vs opensource firmware.
Does the opensource firware WiFi is as fast as the original firmware WiFi?is it stable? is the USB faster or slower? does the latency improve?
npp - Tuesday, February 28, 2012 - link
I'm running a WRT54GL since 2007 (5 years have passed, wow...) with the excellent Tomato firmware and the router is rock solid, which wasn't the case with the original firmware. I would be interested to hear some news about the state of the open source art with newer models!Romberry - Tuesday, February 28, 2012 - link
I installed DD-WRT on a Linksys WRT54GL in February of 2008 and haven't looked back. Solid as a rock.chocks - Tuesday, February 28, 2012 - link
Gargoyle router doesn't get nearly enough love from the community. It's a real easy to set up solution for the problems of the average connected multi-computer home: who used all the download quota? Who is hogging all the bandwidth right now, and how do I slow them down? Lock out everyone except me between these hours of the day. Force all the devices on the network to use OpenDNS. And so on.Not that you can't do these things on other software but it's usually much harder to set up and monitor, and you often end up having to load up lots of extra modules, edit config files, etc.
the_architect - Tuesday, February 28, 2012 - link
Currently running a few Ubiquiti Routerstations (ships with OpenWrt preinstalled from the factory, but you'll need to upgrade to get the most out of it). MIPS 680 MHz, 128 MB ram, USB 2.0, SD card for expandable storage, 4 gigabit ports and up to 3 minipci cards.Put a Mikrotik R52Hn 2x2 abgn hi-power card (or more than one!) in there and you're good to go.
It's obviously not for everyone, but if you're confortable with a command line (and the lack of a case) it's probabily the most versatile small router you can find. One of mine is currently running trunk with ~100 days uptime, with absolutely no stability issues as 2x2 5ghz AP.
If you're going to review cheap consumer hardware, give a try to a TP-Link TL-WR1043nd and install an OpenWrt image from their /snapshots repo. They've got a pretty good graphical interface nowadays, but still have all the customizability you can ever need if you're willing to SSH into the box. They're surprisingly versatile and reliable for their price, I've a seen a few around with almost ~365 days uptime.
kensiko - Tuesday, February 28, 2012 - link
Yes, I always was disappointed by all my purchases, I never found a router that is able to run without issue for weeks, serving 4 or 5 PC with LAN streaming and WAN P2P. I'm afraid to pay a premium price when I'm not sure the router will be stable for weeks.For now I'm using one of the cheapest routers, the DIR-601. With the stock firmware, I installed an electric timer to cut the power for 1 minute everyday. Then, DD-WRT came compatible with the router, I installed it right away and many problems went away, but I still needed to reboot sometimes. So I enabled auto-reboot each day. Since that, I rarely have to touch the router, it just works.
I'm looking to get more wireless speed and I would love to see a review of the different open source firmwares, to see if the wireless speed changes a lot when using them instead of the stock firmware.
trekker99 - Tuesday, February 28, 2012 - link
I have been using WRT54G since mid 2006 and DD-WRT almost as long (I really do not remember when I switched to DD-WRT, but it should be within a month or two). The latest stable "enough" build is rather old (from Aug 2010) but the last time I rebooted this router was about 7.5 months ago.I am interested in getting a new router (wireless-n with gigabit support) and would prefer one which has good custom firmware support (in case the stock is crap) as I am probably switching to fibre once my current contract is up. Any good sites with reviews on such stuff?
pvdw - Tuesday, February 28, 2012 - link
For high end wireless routers have a look at these models:AVM Fritz!Box
Draytek Vigor
Billion BiPAC
trekker99 - Tuesday, February 28, 2012 - link
Interesting, I will have to check if I can even get them in Singapore. Thanks!trekker99 - Tuesday, February 28, 2012 - link
Many of the models are integrated solutions, so it might not be worth paying extra for hardware you can't use (Draytek still has some interesting models which is not tied to DSL or cable).chrsjav - Tuesday, February 28, 2012 - link
I would love to be able to build my own wifi router. I figure this is possible with a small-form factor computer that has a few PCIe 1x lanes. Stuff those with mini-PCIe wifi cards and load up openBSD or linux. The security at the very least would be more trustworthy.My problem with current solutions is that by the time the open-source firmware community supports 3x3 5Ghz on my off-the-shelf wifi router, a new technology like 802.11ac comes out. I want to be able to drop in new mini PCIe cards to upgrade my router as new technology comes out.
bman212121 - Tuesday, February 28, 2012 - link
If you separate your AP from your firewall, you can just get the AP with the features you want, and plug the NIC port from the AP into an Ethernet card in your firewall. Put wireless on another VLAN so you can filter it accordingly. You can even use dot1q on some models so you can have multiple SSIDs with different networks. You'll still have the security from the firewall but you also gain the ability to position your APs in a better location.I seriously would suggest to anyone who wants to take their router to next level convert their existing "all in one router" into your Access Point for your new network. It's really easy to do, just turn off DHCP and plug one of the lan ports on it into a lan port on your new firewall. Wireless works exactly like before but now you can build a new pc running a much more powerful firewall.
A great choice is definitely PFSense. I would use the setup I described in the first paragraph. Connect your AP specifically to it's own network card on your firewall so it's on it's own network. So you'll have WAN, LAN, and OPT1(connection to AP). Turn on a feature called Captive portal. What this will do is present a splash screen for any computer trying to access another network from your wireless network. That person must put in a user / pass combo to be let through the firewall. This adds another layer of security that's even harder to bypass since they can't just try to brute force or decrypt your wireless key. Also, now you have the advantage of setting up a rule that might only allow them access to the internet, and no access to your LAN. This would allow you to have a guest network that is easy to setup and use without worrying about your friends virus infested pc being on your network.
mfed3 - Tuesday, February 28, 2012 - link
PFSense for the last 3 years. No competition.pvdw - Tuesday, February 28, 2012 - link
I love playing around with new firmware and getting new life out of old devices, but sometimes I just can't afford the timeSo I've upgraded to a Draytek Vigor 2850n. My main reason was actually the VPN endpoint, but it also has better performance than most wireless routers and a ton of customization options. It's technically a business router, but is a great choice as a performance home router (if you don't mind the boring styling).
Guspaz - Wednesday, February 29, 2012 - link
There's not much time investment involved. For a lot of these older routers, like the WRT54G series, installing a custom firmware is the same process as you'd install an update from Linksys, and some of the third party firmwares like Tomato have an easier to use and simpler to configure interface than the stock firmware.The problem is that you end up hitting hardware limitations with these older routers. A WRT54GL worked fine when we were all using 5-10 meg internet connections in Ontario/Quebec, but now that we're using 30-60 meg internet connections, it can't handle that sort of throughput. The 200MHz CPU, among other things, just doesn't cut it anymore.
Tator Tot - Tuesday, February 28, 2012 - link
I do agree with some of the user comments that a comparison of "Easy of Use" as well as "Indepth Features" needs to be separated.Though, I think a large comparison between all of the options with a focus on "This one is easy for new guys to use, while being better than the stock firmware" and "This one offers you the most features and abilities as a user" need to be made so that folks can definitely find a happy medium for themselves.
ron_nelson - Tuesday, February 28, 2012 - link
I originally used DD-WRT on a linksys WRT54GS, then moved to Tomato on Netgear hardware to get 802.11N and pretty graphs.
Now I'm back using DD-WRT on my Linksys WRT400N and it works great. DD-WRT v24-sp2 gives me the traffic logs/graphs to easily watch my usage, and the userbase/documentation made it easy to use powerline networking to bridge to a second WRT400N set up as an access point for a flat network space (and less spouse agro for WiFi dead-zones).
Paazel - Tuesday, February 28, 2012 - link
I switched from Linksys WRT devices some time ago. While not open source D-Link DIR-655 was the BEST router I have ever used. I kept it at stock firmware (1.24) as I heard newer firmwares were buggy. This router was rock solid, I never had to reboot it (I'm on DSL), and if I rebooted to make changes, it was fast!I've since had to upgrade as my friend (negatively tech savvy) needed more range than his WRT54G could provide and was given my rock solid DIR-655. I've since upgraded to a Netgear WNDR3800 (which is open source). Has some great features, easy to use firmware, and also has been very stable (no restarts except when changing settings). While not as fast as the D-Link, this has been a rather painless router.
I regularly use Buffalo WHR-HP-G300N flashed with DD-WRT as Access Points, as the Buffalo Firmware can be iffy.
Kostazu - Tuesday, February 28, 2012 - link
My Linksys WRT310N v2 with DD-WRT has been a solid performer, but would love to see some options on both the hardware and firmware side, for a potential upgrade.Denkkar - Tuesday, February 28, 2012 - link
I have a WRT54G running DD-WRT. The stock firmware was underwhelming, in particular it needed manual resets shortly after purchase (since it was losing connectivity). I got a full year out of it before I needed to start resetting the router running DD-WRT and was able to automate it using the setting that schedules weekly resets.BTW: I'd also be interested in case mods that add additional cooling to reduce the need for resets. This is my number one gripe with all routers/cable-modems I've ever owned: they get hot and then they eventually start needing resets every freaking day.
bman212121 - Tuesday, February 28, 2012 - link
Chances are you're running more traffic through the device than it was meant for. If you have a bit of knowledge about computers it is definitely worth a look at some of the software based distros as you can get much better hardware for them. If you have a P4 box laying around you can grab an additional 10/100 NIC and have better throughput since the hardware is much faster. The only downside is the power bill is going to go up.What I'd suggest is keep your DD-WRT for your Access Point by turning off DHCP on it and plugging a lan port into the lan port on your new firewall. Wireless still works as normal without the need to buy a wireless NIC plus it gets rid of some of the complications trying to get that working on your new box.
Zds - Tuesday, February 28, 2012 - link
Not running one ATM, but would love an overview article about the options.bman212121 - Tuesday, February 28, 2012 - link
I definitely agree that an article covering some of the different firewall packages would be useful to many people. I've personally tested several to decide what one I wanted to use.Like others have said, it comes down to ease of use versus functionality. DD-WRT is a great platform for low to moderate needs with ease of use and lots of features. Most of the hardware you can install it on will be the least costly solution for both initial price plus operating costs (Power). The only downside to it is that those boxes simply won't have as much customization and scalability that a pc running PFSense could provide. If you want the full IDS suite you'll need something like snort which can't be done on the embedded hardware DD-WRT can run on. Snort is very functional but it's definitely not an entry level feature to get working properly.
I could see doing an article for entry level showcasing DD-WRT, OPEN-WRT, FreeWRT and tomato and all of the advantages they have over stock routers. Then there could be another article showing PFsense, Untangle, IPCop, m0n0wall, endian showing some of the additional things they can do with the ability to add packages into them. I think it would be hard to try to clump all of them into one article simply because they cover many different things. Any of the WRT software would be a much easier solution for a person who doesn't know how to build a pc, since they can goto a website, download a file, and put it onto their router and be up and running. With the second group it might go smoothly, it might not depending upon the hardware you're trying to install it on.
WebFooL - Tuesday, February 28, 2012 - link
I my self are running a Netgear 3500L with Tomato with a Site to SIte tunnel to my Office to a Untangle UTM firewall.I am a long time user of OpenVPN and when i found Untangle a few years a go (2009) I fall for it.
It is the easiest firewall out there to configure OpenVPN with.
NIce and easy gui and ju just love there "Distrubution" system.
//WebFooL Untangle Evangelist
Conficio - Tuesday, February 28, 2012 - link
to control buffer bloat - http://www.bufferbloat.net/Azethoth - Tuesday, February 28, 2012 - link
DD-WRT user on a Buffalo.What I need more than anything is best practices guidelines, and really I only care about 1) security 2) performance (if it does not clash with 1).
There is just such an overwhelming amount of options out there it is a research project just to get vaguely ok settings. Never mind actually getting close to optimal. This is true for everything, motherboard bios, firewalls, routers, switches, OS.
A review is nice, but how about also giving us the settings you recommend and updating those based on comments once or twice after publishing the article.
GeorgeH - Tuesday, February 28, 2012 - link
I've played around with DD-WRT and similar in the past, and found that while the extra features were nice wireless performance was abysmal (in some cases producing less than half the bandwidth of stock firmware.)Maybe things have improved, but if they have I doubt it's by much - the "extra tweaking" options simply aren't worth my time and loss of wireless performance.
angstrom60 - Tuesday, February 28, 2012 - link
Having setup WRT54G's and WNR3500L's using DD-WRT in the not-so-distant past, I think a lot of good could be achieved by just testing the most used features of the most popular 3rd party firmware providers. As other commenters have pointed out, it's quite the task to sift through all of the choices available even when you already have target hardware. Without a target platform in mind, it becomes herculean. I ended up using DD-WRT solely on the basis of incidental prior experience, not because it offered any compelling advantage over Tomato. I simply didn't have time to try both.Perhaps a reasonable approach would be to pick a small subset of hardware (3-5 across price/performance range) and then do usability/correctness testing with OpenWRT, DD-WRT and Tomato. For performance testing, the most important characteristic for home routers is stability, followed by WAN-LAN throughput and possibly simultaneous connection limits. VPN throughput for routers that can establish tunnels is also useful info.
I would bet that, for most that try open source firmware, a successful experience with one package will generate high brand loyalty. It's just a matter of familiarity, and not wanting to undergo the effort of learning some other arcane ritual to just get the firmware onto the device without bricking it. With that first choice being vitally important, therefore, an article helping guide users to it would be great.
l8gravely - Tuesday, February 28, 2012 - link
This would be a good article, if even if it's only a survey of what's out there as options.I used to run a WRAP board with m0n0wall and a WRT54G WAP for years, until the WAP got flaky, as well as the WRAP board. I didn't have time to chase them both down and since I wanted new stuff, I got a WNDR 3700 (N600?) I think. Can't remember since the model on the box and the model on the unit were different. Stupid marketting people.
Anyway, just finding a dual band router with 2.4 and 5Ghz, supported by DD-WRT was a challenge, mostly in terms of figuring out exactly which model to get.
I first tried running the stock firmware, but it couldn't do what I wanted. Now I run DD-WRT but I'm annoyed at the DNS server it has. If I add my own internal entries, the stupid thing doesn't append my internal domain name (foo.home) to hostnames, nor does it allow you to look them up with either name, So either I end up entereing the name twice into the dnsmasq.conf file with both the hostname and the FDQN, which is just stupid.
And I haven't had time to hunt down the reason, because I demand a system that stays up and just runs, I have enough other things to fart around with.
John
turb0chrg - Tuesday, February 28, 2012 - link
I've been using m0n0wall on a Soekris box for many years. Used to have a 4501 that worked great for many years. Now running a 4801 which has been in place for another another many more years. These things are bulletproof and cheap on power. On another deployment I've had the CF card (don't cheap out on it), and also Soekris shipped a PSU that had a bad coax plug which they replaced w/o issue.I have had great success with m0n0wall. Before m0n0wall updated to the freebsd kernel that supports wireless AP's, I had a Linksys AP connected to it, now it's all in the same box and works great. Does what I need, don't see much point in changing it. I've only got a 7.5/0.5Mbps connection and I am not saturating the CPU cycles on it. Soekris offers other models that have more processing power that I would look at if I need it.
I've got a PPTP VPN, traffic shaping, etc going on it. Note that it doesn't support uPNP (a plus or a minus depending on who you talk to) and it's definitely geared towards the more networking skills than some of the alternatives out there.
Joel.
korkwin - Tuesday, February 28, 2012 - link
+1 for the comparative look. I love my WRT54G v.2, however it is old and starting to bite the bullet. I have been using Tomato for the last few years and would like to continue doing so (although I'm not afraid to change from one open source firmware to another), but I find that between the different options available for both routers and firmware, it's a daunting task to find what would work best.EvilWobbles - Tuesday, February 28, 2012 - link
Been running PFSense version 1.2.3 and more recently 2.0 for a couple of years now with great success. Originally I had an old PC with a couple of 3Com 3C905C NICs in it.I decided to move to something smaller and more energy efficient so I purchased a Zotac miniITX board with a Sempron 140 CPU and 2 gigs of RAM. I bought a small ITX case with external power supply and added a PCIe gigabit card to the mix. Nice little box and plenty powerful for my needs.
I have a static IP block on my cable line and it handles the multiple IP addresses flawlessly which is something DD-WRT never seemed to do cleanly. You had to hack at it to add multiple external static IPs.
Solidstate89 - Tuesday, February 28, 2012 - link
I can't recommend that Asus RT-N16 router enough. Especially after reading this thread with all these people complaining about how they have to reset their routers ever week. I'm still using the stock firmware (the latest "Russia only" build, don't worry it isn't in Russian and it's ridiculously stable) and I haven't reset it since I installed the firmware update. I'm going on 3-4 months now and not a single problem.I would imagine with installing DD-WRT or Tomato on it for those that like more granular control would be like heaven for many people on this board. Seriously, go out and buy it right now if you're sick of messing with that underpowered Linksys router that everyone keeps buying for some god knows why reason.
EnsilZah - Tuesday, February 28, 2012 - link
I recently bought a WR1043ND and figured I'd try OpenWRT or DD-WRT, both have pretty bad support for L2TP.In the case of OpenWRT the functionality didn't come with the image file and I couldn't connect to the repository because I needed an internet connection to do that.
In the case of DD-WRT I'd get disconnected after a while and won't be able to reconnect without restarting the router.
On top of that the web interface for DD-WRT doesn't have a log viewer which required screwing around with SSH, symlinks and external software.
So while I'm sure there are features unavailable in the original firmware it doesn't help me when there are problems with such basic functionality.
steveswin - Tuesday, February 28, 2012 - link
I have a couple of WNDR3700 and use DD-WRT on them. Although I am satisfied with the features and performance, and I don't in any way tax them, I would like to try OpenWRT / Gargoyle or Tomato, just to see the difference. Unfortunately for me the step from DD-WRT to the others is not for the novice and I have always hesitated.A good, broad based article, with specific suggestions would be most welcome and I'm sure meet the needs of an ever growing community.
Stock firmware is definitely basic and lacks frequent upgrades. On the other hand open source firmware seems to always be updated on a regular basis and generally follows the requests and wishes of the community it services.
So, go ahead and present an article for the open source masses.
FlyingPenguin - Wednesday, February 29, 2012 - link
In order to get adequate coverage I have three WRT54G routers in my home running DD-WRT. One is the main gateway and the other two are access points only.I have used a lot of consumer grade routers over the years myself and on client installs and found them all to be unreliable in the long term. I'd have performance issues and lockups requiring occasional reboots of the routers. Ever since switching to DD-WRT, my home routers have been ROCK stable. They have been running continuously for years without reboots. I also love the logging features.
I would like to upgrade to newer 802.11N routers, but I have no idea what's ideal to run DD-WRT on, so I would love to hear more on this topic.
Thx!
PedroMenezes - Thursday, March 1, 2012 - link
This has been my setup for.... I don't know, 7 or 8 years now?!At the time I was running m0n0wall on old PC for a couple of years so instead of investing in a Soekris with m0n0wall, I decided to try out the WRT54G as a basis platform instead.
Anyway, started out with an old 2nd hand v1 WRT54G (fabulous kit, still had the NIC mode/activity LEDs on it) and very soon after I tried different firmwares.
Eventually I settled for DD-WRT (don't remember the version at the time).
After 2 years the PSU died on me (5v 1A, stupid power rating actually) so I bought another PSU but eventually 2 years down the road the whole thing just died. I could do JTAG recovery but I never did bother so I bought a brand new WRT54GL.
Since then I've been running that WRT54GL + DD-WRT (v24 preSP2 - don't remember which development build, but it was one that addressed UPnP properly, because of my Xbox) and I'm quite happy with it.
I've been thinking about swapping it to a WirelessN+Gigabit router but DD-WRT support on those is a mess, so many tricks in so many models and so many variants e, so I decided to postpone it.
But apart for the slow NIC ports (100Mbps) and the slow Wifi speeds (17/20Mbps is the most realistic figure), I really do love it. It has all the UPnP, Shaping, WOL, VPN, Management and Bandwidth facilities I cater for and all with rock-hard stability. I don't remember when was the last crash or reboot I had on it.
As far as I'm concerned it's on for 4 years with no crashes or reboots, apart for reconfiguration (very rare) or power failures.
I actually also want try out Tomato, as when I tried (old release) I didn't really like it, but I hear the WiFi performance is better than the DD-WRT, which is currently an issue for me.
PedroMenezes - Thursday, March 1, 2012 - link
And... I forgot why I started writing my comment.Yes!, I defenitively want to hear more about this topic! Specially in regards to WifiN and OpenWRT/DD-WRT/Tomato/m0n0wall hardware, as these kind of routers seem to be "frozen" in the G-era :)
maglito - Thursday, March 1, 2012 - link
Most WISPs use mikrotik, runs on PPC, X86, mips. Cheap custom hardware solutions are available at www.routerboard.com ... I run a RB750G in my home.eriktar - Monday, March 26, 2012 - link
I work for an ISP with these home routers. I can confirm that most customers could not care less about the router. Stability and ease of use is the only two things they care about. We use an autoconfiguration system so that the customer is not forced to log in to the device. 70% does never log in. 10% change some settings. The settings the customers actualy do is: ESSID & encryption key, port forwarding. Less than 1% changes other settings.If you do intend to do such an comparrison test, talk to the guys at QA Cafe. See if they will lend you CD Router to do tests with. It will run through a lot of features on the routers, and see if they do follow the standards. And probe for other well known problems.
You will be suprised to se how many ways DHCP can be implemented badly:
- Only support broadcast (dont unicast for renew -> allways lose lease)
- Never renew, allways end up with lease expire and start over with discover proccess
- Leak layer 2 broadcast while doing discover/renew/bootup. (LAN clients ending up with WAN IP)
- All routers with a certan firmware uses the same mac address on wan
- Does not complete renew if the wan side is renumbered
- Dropps or duplicates(!) (bad for multicast IPTV) packets when renewing
- Has lower priority on DHCP than P2P traffic, so it will allways fail if you fill up your uplink
- Does not respect lease time -> router things it has a valid ip when the lease is lost
And that is just DHCP, a well known protocoll used by all devices since the dawn of the internet.
keith_h - Tuesday, November 20, 2012 - link
I used a wrt54g with Tomato for years. I originally did this for the reporting and ability to extend functionality via scripting. Running adblock and automatically updating profiles for example. It was rock solid for years but eventually the need for greater wireless performance needed to be addressed. So I moved up to N wireless and changed my routing strategy entirely.Now I run untangle on a repurposed Juniper WXC chassis and a TPLink N300 AP. I have another TPLink AP in client mode elsewhere in the house providing a connection back to the network for other wired devices. The TP Link devices were chosen because they were inexpensive and work effectively. I see no need to pay more for home use.
The benefit of this arrangement is increased flexibility and security as untangle provides edge protection, AV, content filtering, spam and spyware protection, and of course ad blocking. And more besides. Use of a pico power supply has cut down on noise, heat and power consumption. Its not as quiet as the wrt54g for example but its quite acceptable. Maybe a bit extreme for home for some but it has proven a very effective solution nonetheless.