Protected by Anubis From Techaro. Made with ❤️ in 🇨🇦.Mascot design by CELPHASE.This website is running Anubis version 1.22.0-dev.
Read the original article
Comments
By CursedSilicon 2025-09-0818:4513 reply I'm a staunch defender of OpenWRT. Having used just about every "router distro" folks care to name (remember SmoothWall?) for the last 20~ years, OpenWRT is built like a tank and just keeps trundling along
I hope their experiments with the "OpenWRT One" keep going. I'd love to see OpenWRT take a (deserved) bite out of the "SMB firewall vendors" like Netgate or OPNsense. Or just undercutting Wi-Fi vendors like Ubiquiti who base their work on OpenWRT anyway
Something I'm excited to try myself in future is running "OpenWISP" [1] to manage a small fleet (three) OpenWRT devices in parallel for a deployment in a shared workshop. This seems to also be something that OpenWRT could be better at integrating, but it's nice to see "a vendor" tackling it
By pseudosavant 2025-09-0819:293 reply Ease of managing multiple OpenWRT devices is still its weakest link. OpenWRT is device centric, but I don't want to managed devices, I want to manage a network.
Modern mesh WiFi systems I've seen do that so well. I know in theory that I could create a VLAN + SSID on my OpenWRT router and APs just for iot devices to only access the internet. But setting that up on a TP-Link mesh was a couple of taps in their app. Doing it on my OpenWRT devices would be quite a bit more hassle.
By pseudosavant 2025-09-0821:361 reply Thinking about this more, I doubt I'll setup any OpenWRT APs on my network going forward. Most of the things I like about OpenWRT, and need it for, are related to being my router. My OpenWRT APs are just "dumb" APs. Wifi is off on the router.
For the APs, I could use a mesh kit like the TP-Link Deco unit I installed for a friend recently. Super easy setup, reasonable price (cheaper than equivalent OpenWRT hardware I'd buy), wired backhaul up to 2.5Gbps.
By elliotf 2025-09-1222:40 To offer a contrasting viewpoint, I don't have openwrt as my router, but only have openwrt APs, because it's the best and cheapest way to have VLAN support in my APs, keeping iot and guest VLANs separate from my main network.
By m463 2025-09-0922:42 There might be a workaround for some people - get a big openwrt switch.
Openwrt supports the zyxel gs1900 switch, which goes up to 48 ports.
At home, I built an OPNsense box to evaluate (using Sophos XG135 Rev 3 hardware, along with an OpenWrt nice Netgear WiFi AP on POE), but then went back to a plastic OpenWrt all-in-one box.
OPNsense (and pfSense) are neat, but I personally don't need an IDS/IPS right now, and I like to be able to run the router fanless.
One thing that OpenWrt could use immediately, for basic home WiFi router functionality, is easier ways to add guest-like VLANs from the Luci Web-based admin UI. (I currently have a guest VLAN config that I partly cargo-culted with numerous steps in Luci years ago, largely based on a blog post, and that would be a pain to reconstruct on a new install.)
For techies whose households include non-techies, a little IDS/IPS could help keep some nasty traffic off your home Internet pipe, and I suppose that could now run alongside OpenWrt on some of the more powerful plastic boxes, or on a PC with the right WiFi devices/APs. (In addition to use of VLANs and routing to minimize damage from all the malware-infested devices, and also thinking "zero trust" for the techie stuff you run.)
>I like to be able to run the router fanless.
You don't need a fan for OPNsense or pfSense? Plenty of folks running protectli boxes without a fan, they're one of the most popular platforms for both OS'
By gonzopancho 2025-09-090:401 reply the entire desktop line from Netgate is fanless.
Netgate are _terrible_ at open source, though — they’re shit at accepting contributions, they’re shit at providing attribution, and they’re shit at providing any support whatsoever to anyone who prefers other hardware (even with their paid software).
So I really can’t say I recommend their hardware…
By gonzopancho 2025-09-095:231 reply I ask that you provide evidence of your assertions:
- they’re shit at accepting contributions
- they’re shit at providing attribution
- they’re shit at providing any support whatsoever to anyone who prefers other hardware (even with their paid software).
In addition to pfSense (which is what I think you're criticizing) and all of its open source, we're upstreaming things to FreeBSD and fd.io VPP
Try this on a fresh copy of FreeBSD 'src':
% git log --first-parent --since="1 year" | sed -E 's/\^.*Sponsored.\[Bb\]y:\[\[:space:\]\]*//p' | grep -i Sponsored | sed -E 's/.*\[Ss\]ponsored\ \[Bb\]y://' | awk '{$1=$1};1' | sort | uniq -c | sort -rn | head
or for VPP, look here:
https://www.stackalytics.io/unaffiliated?module=github.com/f...
By akaitea 2025-09-0912:43 > a little IDS/IPS could help keep some nasty traffic off your home Internet pipe
the adblock package does a great job of blocking ads and other nasty stuff, it doesn't have fancy statistics or an interface like Pi-hole but it does its job without complaining
I definitely believe people underestimate the potential of OpenWRT as an app platform. Before getting sidelined with work I did some proof of concept WebRTC SFU on it https://github.com/atomirex/umbrella which worked surprisingly well.
Was also surprised, then not surprised, to learn it's used as the front end on many of the new generation of 3D printers.
By jasonjayr 2025-09-0820:43 I have a bunch of old WD MyBook Live NAS drives (PowerPC CPU) from an older project, and was surprised that OpenWRT was the best way to get a modern linux on them:
https://openwrt.org/toh/western_digital/mybooklive
They're slow, but great for stuff that doesn't need to be fast.
> I hope their experiments with the "OpenWRT One" keep going.
OpenWRT Two is scheduled for late 2025 from GL.iNet and should go for ~$250.
I've been happy with the One, but two Ethernet ports is definitely not ideal for even casual home use.
By trelane 2025-09-1318:09 I need more, but a switch isn't hard to get. In fact, I mainly plan to use these solely for wifi, and have a more advanced, high-bandwidth switch setup.
OpenWISP states in its docs that you should be running at least 20 devices to make it worth it. [1] So it's not supposed to be a easy way to manage a few devices for home users.
> However, OpenWISP may not be the best fit for very small networks (fewer than 20 devices), organizations lacking IT expertise, or enterprises seeking open-source alternatives solely for cost-saving purposes.
It's for exactly that reason I started with OpenSOHO. It is targeted towards the typical home and small office network with less than 20 OpenWRT devices. (although there is no hard limit).
https://github.com/rubenbe/opensoho
It is still a work in progress, but it is easy to deploy (one golang binary based on pocketbase)
By pseudosavant 2025-09-0822:161 reply Very interesting project! I was thinking of something that would fill this gap.
Based on your experience, as OpenSOHO seems to use OpenWISP, what do you wish you knew about OpenWISP before you started this?
Initially I fiddled a bit with full Open wisp stack to try to make a smaller edition. But I quickly stopped that. But I know their two daemons well.
The config one is a neat little piece of software. It will merge UCI configs and check the connectivity. You can adjust virtually any file with it (although not always with merging). My main issue with it is that it can't be easily temporary disabled from the central controller (I currently implement it by not sending the config, but that triggers retries on the AP end)
The monitoring one spits out an amazing amount of data, although it needs some post processing to make it actually useful. Unfortunately that one can't be extented to add custom entries. I'm currently missing an easy way to see which MAC address is connected which LAN port since OpenWRT DSA puts everyone one the "br-lan".
The whole thing is polling based. So it is quite chatty on the network since I use lower polling rates to make the updates fast. (I suspect on a setup with 100+ you will have longer polling times). All in all the existence of these daemons saved me a ton of time handling networking corner cases. Kudos to the Openwisp team.
By CursedSilicon 2025-09-0819:39 This looks a lot closer to what I'm after. Bookmarked the git repo :)
By CursedSilicon 2025-09-0819:12 I saw that. Admittedly I'm only interested in a few of its functions. Namely roaming and guest hotspots
I could wire up all of that manually. But I'm excited for the chance to learn something new
By 1vuio0pswjnm7 2025-09-092:311 reply "Or just undercutting Wi-Fi vendors like Ubiquiti who basse their work on OpenWRT anyway."
Not sure about today, but this company used to sell hardware whose capabilities were IIRC only "fully enabled" if the buyer used the company's closed source OS. An open source OS might work with the hardware but the buyer would not get the same performance.
At the time, the HN comments continuously supported this company. It appeared that for these commmenters, this was a worthwhile sacrifice. They would just keep recommending Ubiquiti. (Unsolicted recommendations)
By nottorp 2025-09-0821:07 We once delivered a totally not router box running openwrt, just because it was very simple and bastardising openwrt was easier than yocto.
By whalesalad 2025-09-0818:54 Related, I used to love going to the monowall website gallery to see all the labgore. It's still there like a time capsule: https://m0n0.ch/wall/gallery.php
By oso2k 2025-09-095:58 I went smallwall after m0n0wall was shutdown. I recall the smallwall & smoothwall maintainers briefly considered joining forces.
>I'd love to see OpenWRT take a (deserved) bite out of the "SMB firewall vendors" like Netgate or OPNsense. Or just undercutting Wi-Fi vendors like Ubiquiti who base their work on OpenWRT anyway
Why? You don't want competition in the space?
>Or just undercutting Wi-Fi vendors like Ubiquiti who base their work on OpenWRT anyway
Huh? The older edgerouters were based on vyatta. The newer ones on a custom linux distro, neither of which are OpenWRT. They hired the original author of pfsense to build them a firewall based on Debian from scratch when they realized vyatta wasn't going to meet their needs. The UDM kernel is very much not OpenWRT
https://github.com/fabianishere/udm-kernel
Being excited about OpenWRT is great but spreading bad information and for reasons I can't fathom hoping for the downfall of other players in the market, not so much.
By gonzopancho 2025-09-090:39 > They hired the original author of pfsense to build them a firewall based on Debian from scratch when they realized vyatta wasn't going to meet their needs. The UDM kernel is very much not OpenWRT
You're (perhaps unintentionally) also spreading bad information here.
The original 'author' of pfSense was Scott Ullrich, not Chris Buechler. While they were partners in the project, Scott was technical, and Chris did a lot of work back then on documentation, by by his own admission back then, "I am not a developer", and this, even though he was CTO.
http://freesoftwaremagazine.com/articles/interview_with_jeff...
Ubiquiti originally hired two of the devs out of Vyatta to maintain their fork of the Vyatta codebase. These two were known on the Ubiquiti forum as 'stig' and 'An Chen'. Both left in the first half of 2016, and then (and only then) did Ubiquiti hire Chris Buechler, in an attempt to maintain and extend the Ubiquiti firmware. Chris has since left Ubiquiti and is now at Alta Labs.
> vendors like Ubiquiti who base their work on OpenWRT anyway
I thought Ubiquity’s firmwares were all based on Debian. Is this no longer the case?
By bigstrat2003 2025-09-095:251 reply I don't know about newer devices, but the older ones (the Edge* devices) had software based on Vyatta. Not sure if that was in turn based on Debian, though.
By gonzopancho 2025-09-096:14 the routers were based on the Vyatta stack.
The WiFi APs were not
By gonzopancho 2025-09-090:171 reply > I'd love to see OpenWRT take a (deserved) bite out of the "SMB firewall vendors" like Netgate
I'll just leave this here: https://www.netgate.com/blog/pfsense-software-embraces-chang...
OPNsense are unlikely to be able to make this transition, as they can't even reliably work on the FreeBSD kernel.
By CursedSilicon 2025-09-095:411 reply Oh, was that before or after you spent however long spreading FUD by stealing their domain? The one that OPNsense had to go to the WIPO to fix?
https://web.archive.org/web/20160314132836/http://www.opnsen...
By gonzopancho 2025-09-096:101 reply nobody stole anything.
By CursedSilicon 2025-09-096:471 reply Why do you lie about things that are so easily provable?
https://www.wipo.int/amc/en/domains/decisions/text/2017/d201...
By gonzopancho 2025-09-097:051 reply I'm not lying.
From the URL
---
The Complainant is the owner of the European Union trademark registration Nos. 012771457 for OPNSENSE (figurative mark), filed on April 8, 2014 and registered on August 20, 2014, for goods in class 9, and 016287716 for OPNSENSE (word mark), filed on January 26, 2017 and registered on May 9, 2017, for goods in class 9.
The Complainant also owns the domain name <opnsense.org>, registered on September 4, 2014, at which it promotes and enables users to download its open-source OPNSENSE firewall.
The disputed domain name <opnsense.com> was registered on April 8, 2014, and is not pointed to an active website.
---
I want you to look closely at the date April 8, 2014, and then I want you to look for anything that occurred before that date, vs. all that occurred after.
I hope OpenWrt doesn't turn too commercial (like Netgate or opnsense) because that leads just to subscriptions, enshittification, feature gates, and drama. It is now in a good place as a solid platform to build upon, I hope it stays that way.
If they had their money from hardware only, would that be the perfect route?
By pseudosavant 2025-09-0822:21 Selling hardware, or consulting services.
OpenWrt is what I use. I picked my routers specifically to be well supported by OpenWrt, immediately wiped whatever the original firmware and installed OpenWrt and that was about ten years ago. Then when I replaced the hardware I also looked for a compatible model with OpenWrt and did the same.
I never had any issue with OpenWrt which I couldn't solve and it just works. Its uptime is pretty much the uptime since when the power goes out due to storms and such.
By drpixie 2025-09-090:47 Same. Been running OpenWrt for years now. I select hardware that runs OpenWrt and never (well, only once, truely) have had to reboot a device due crashing. That old "reboot your router" is just not a thing (touch wood).
I'm sure it helps that all my infrastructure is on a UPS. I've found that even Raspberry Pis can be long-term reliable servers, running ubuntu server and on the UPS.
Another thing that seems to help. I separate function. One box functions only as the router. The wifi boxes only provide wifi endpoints - they do not do routing. And so on.
By gardnr 2025-09-0818:50 I have my fibre ont and the wifi router on a cheap battery backup. It has always continued to work even during extended power outages.
By Viability1936 2025-09-0820:552 reply What hardware did you go with? I was thinking of getting the second most recent glinet to run openwrt, but haven't convinced myself it's worth it since my current tplink is still pretty new and is just be getting it to tinker (I don't currently even run any vlans or anything fancy)
I went with a TP-Link Archer C7 V2. It's quite dated by now, but it's been sitting quietly in the closet and working for all these years and I am still happy with it. My speeds are also not that fast, I only pay for 100Mbps so something faster might overwhelm this hardware. I also don't have anything fancy on it, no vlans just a few wifi networks on 2.4ghz and 5ghz, some wired devices, and two usb drivers which I access via ssh (these do require I install a few extra packages to allow mounting them).
By emeril 2025-09-0823:04 I've had the same for a number of years - mine is even more vanilla than yours
rock solid
By bananaboy 2025-09-0822:22 I run openwrt on an ancient Netgear WNDR3700 which is probably 15 years old by now. I can get around 900Mbps on my gigabit connection (wired). We only have two adults in our home using the Internet (for now until our two kids are older!) and it’s been totally fine for us. openwrt is a great way breath extra life into older routers. A lot of homes don’t really need anything fancy or recent.
By opan 2025-09-0819:37 Seconding all this. Ever since I had weird problems with the vendor firmware on a router, I just pick hardware I can put OpenWrt on right away. Works great.
OpenWRT is such a good os for a router - simple but configurable UI, works reliably, I wish router companies would just ship it by default
But then you get annoying firmware providers like Broadcom who refuse to write OSS drivers for linux and a lot of work is being spent on the reverse engineering
By bcm4702 2025-09-0819:36 The amusing thing about that is that broadcom, not Cisco, was the culprit in the original WRT54G GPL violation. Cisco, of course, were legally liable and should have checked that the code they obtained was not encumbered - although the usual way to do that is to specify contractually that your vendor will do the checking. It was a huge issue for them that they had tripped a customer who provided a significant fraction of their revenue into legal difficulties. I suspect that to this day, a big reason that parts of broadcom are reluctant to open-source stuff is because certain executives are still angry about the experience.
By haukem 2025-09-0823:24 MediaTek chips are well supported by OpenWrt. Broadcom is not good supported. Mainline Linux kernel supports recent MediaTek Wifi chips quite well [1]. MediaTek is also working on these upstream Linux drivers, but they still have a proprietary Linux driver in addition.
Also the rest of the recent MediaTek SoC is supported quite well by upstream Linux and OpenWrt.
You can run OpenWrt on recent MediaTek SoCs with all code running on the main CPU being open source, no closed source code needed inside the Linux kernel address space or in user space. The chips need firmware running directly on the IP cores. It needs a firmware running on the wifi core itself, there are probably one or more CPUs inside the wifi cores doing real time stuff. The Ethernet PHYs also need a firmware which is running on the PHY.
[1]: https://elixir.bootlin.com/linux/v6.17-rc5/source/drivers/ne...
Ok, but this should not be a major limiting factor.
From my experience, there is sufficient amount of routers based on well-supported chips which work okay with OpenWRT.
When I consider to buy a new router, I go to the OpenWRT device support page, filter for features I would like to get and choose one of the supported routers listed there.
By fiddlerwoaroof 2025-09-0818:362 reply I gave up on openwrt when I realized that a lot of the recent WiFi standards seem to be badly supported. I think 802.11ac was significantly faster with vendor firmware than openwrt, for example.
By pbasista 2025-09-0917:48 > 802.11ac was significantly faster with vendor firmware
Yes, I also remember similar issues with TP-Link Archer C7 running earlier versions of OpenWRT. It got better with later versions when they started supporting some kind of flow off-loading.
I am unsure if at the moment the recent OpenWRT WiFi performance of this router is on par with the vendor firmware's WiFi performance.
But yes, your point is valid. However, I do not consider this kind of issues to be deal-breaking. If I remember correctly, a fair amount of devices can achieve the same performance with OpenWRT as with vendor firmware. I would just check for these potential issues in advance and buy only the devices which are confirmed to be working as fast as with the vendor firmware.
The point here is that I rarely have any preferences as to which brand of a router to buy. Many of the marketed features they offer, like proprietary software or mobile apps to control the router, are mostly irrelevant for me. So I choose primarily based on the OpenWRT support level.
Edit: clarification
By rubatuga 2025-09-0821:55 160mhz ax 6ghz working here with a mediatek chipset
Can we accept a pragmatic world where we have OSS + binary blobs?
That's better than a fully commercial world or a fully "pure" world with no functionality.
By haukem 2025-09-0823:27 OpenWrt accepts binary only firmware running outside of the Linux kernel address space on the wifi chip itself. This matches what upstream Linux also accepts. This works well with most recent Wifi drivers. OpenWrt does not accapt binary only kernel modules or binary only userspace applications, they are very hard to maintain if you do not have the source code.
This works well with Mediatek and also Qualcomm and most other vendors.
GPU vendors have come to the realization that the in-kernel driver needs to be open-source, but the userspace portion can be closed-source. There's just really no good reason to accept a design where outdated closed-source drivers could keep you from running a current kernel. WiFi NIC vendors have for generations been moving more complexity into the closed-source firmware blob that runs on the NIC's own processor core(s), so there's no good reason for the kernel driver to remain closed-source.
By zokier 2025-09-0819:18 Broadcom has been doing FullMAC designs for over a decade now, and that is exactly what you describe: moving all the functionality into firmware and having thin opensource kernel driver
By mifydev 2025-09-0818:11 I would love that, but it seems like they are not doing that either
By trelane 2025-09-090:47 > That's better than a fully commercial world or a fully "pure" world with no functionality.
I would prefer a fully open world with full functionality.
By opan 2025-09-0819:39 Give them an inch and they'll take a mile. Things would be even worse if people didn't care about blobs.
By m463 2025-09-0922:47 There are some low-cost routers on amazon that do.
also, I think the linksys wrt1900 supported openwrt when it came out. (not perfectly, but they tried)
