[ktta]

PSA

Anyone with commodity routers, repeaters, etc. please check out LEDE project https://lede-project.org. Check if your device has support here - https://lede-project.org/toh/start

LEDE firmware is amazing. You will be able to do a lot more with your router and they have quick security fixes. The recent krack vulnerability was fixed within 2 days after the announcement.

[tambourine_man]

Anyone care to explain the pro/cons of DD-WRT vs Tomato vs OpenWRT vs LEDE vs etc?

[cheald]

LEDE is basically an OpenWRT fork which is being actively developed. The biggest draw is that it's actively developed, and managed in a Linux-style package manager setup, rather than monolithic baked firmwares that you have to flash wholesale. Patching against things like KRACK was as simple as just invoking the package manager.

DD-WRT and Tomato are both old tried-and-true alternatives to vendor firmwares, and they require less tinkering to get into the state that you want, but they both tend to have weird crufty edge cases that never get properly fixed and don't seem to have any clear direction or leadership - they are both a hodgepodge of forks that you have to spend time digging through hundred-page forum threads to find information about. Development schedules are sporadic, and you often end up with dozens of potential builds in varying states of beta and testing which fix this or that but break this or that other thing. When they work, they're great, but my experience with LEDE has been consistently superior than my experience with DD-WRT or Tomato.

[0xcde4c3db]

Just to be clear, OpenWRT isn't 100% abandoned, but it's basically just a handful of sporadic package version bumps and backported bug fixes, which might not ever make it into an official numbered release. If the counts on GitHub are accurate/comparable, LEDE has almost 2000 more commits than OpenWRT. The OpenWRT website also seems to be semi-abandoned (the front page has had a spam post on it for over a month; it looks like it was moved there accidentally by a moderator intending to move it to a "trash" subforum).

[rrauenza]

I naively bought the Linksys WRT 1900AC about when it released because it claimed dd-wrt support at release.

Then the dd-wrt folks mentioned that Linksys never actually gave them hardware ... and if I recall, hadn't really been included in the plans to support it at all.

So then I waited and found whenever I looked for the dd-wrt firmware, it always had lots of caveats and known issues.

I gave up. Shelved it and bought a pfsense box for the internet and use a Ubiquity wifi AP.

[rufugee]

I ran openwrt and then lede on a wrt1900ac v2 for about 1.5 years until last week. Initially, stability was spotty, but the latest Lede images worked generally well. However, while vlans with Lede worked perfectly with my two TP-Link WDR3600s, the Lede ultimately had issues with it. I tried one last thing, probably bricked it, and that was the last straw...ordered three Unifi aps and couldn't be happier.

OpenWRT/LEDE is great assuming your device is well-supported and well-tested. Unfortunately, the wrt1900ac line was never as open as Linksys claimed it was, the LEDE devs didn't get the support they needed from Linksys when they needed it, and so certain things still don't seem to work.

[crypt1d]

I use ddwrt on my wrt1900ac. its quite fine, but I may try LEDE anyway

[jburgess777]

The plan is for the LEDE and OpenWRT projects to "remerge" but the implementation is taking some time:

https://lwn.net/Articles/722135/

http://lists.infradead.org/pipermail/lede-adm/2017-November/...

http://lists.infradead.org/pipermail/lede-dev/2017-December/...

[jimmies]

LEDE has a very active anti-bufferbloat research people working with it.

LEDE has, in general, active, managed, and unified development. You'd have to hunt down a specific Tomato/DD version that works for you. Sometimes the latest version of DD/Tomato works, sometimes it doesn't. LEDE? Just download the latest stable release, done.

[nas]

The big one for me is that LEDE uses a recent kernel. DD-WRT and Tomato use the kernel that was provided by the hardware vendor. They have an easier job to get things running because most hardware vendors have some crazy (perhaps binary only) kernel modules.

When buying hardware, look at the LEDE hardware support list. Recently I have bought a TL-WDR4300 (get right version) and a Buffalo Airstation N600 router. LEDE runs good on these and the router has enough flash and RAM. Running hardware vendor firmware is not good, IMHO.

[creeble]

I love my Tomato router, I'm on my second in about 7 years. Asus N66u I think. The first I bought and configured myself, which was a tiny bit of pain finding the right binary, etc. The router I'm using now I bought from FlashRouters.com at a fairly high margin above what I could buy the router alone, but they're fast and I trust them. I just recently bought a backup router from them too, and preconfigured it for minimal downtime should the current one break.

[stordoff]

FWIW, it can be worth checking beyond whether or not your device is _supported_. I had DD-WRT running on an ASUS RT-AC68U for a while, and ended up switching back to a fork of the official firmware (Asuswrt-Merlin) for better performance once I upgraded to a >100Mbps WAN connection (IIRC it was something to do with hardware-accelerated NAT).

[philjohn]

There's a patch to enable Qualcomm FastPath in LEDE, this offloads simpler TCP and UDP traffic from the Kernel stack and gets me 960Mbps LAN to WAN on a Netgear R7800.

[robert_foss]

Why isn't the patch upstreamed?

[philjohn]

Because stuff is only upstreamed when it's totally stable and known to work on a wide range of devices, it's still a tad experimental (albeit many people are using it successfully)

You can get dissent1's pull request here: https://github.com/lede-project/source/pull/1269

[theandrewbailey]

Thanks for the tip; I'll have to check this out! My router's OpenWRT wiki page has had an ominous warning about reduced NAT throughput for some time. Turns out that my router should be supported (Atheros AR9344 MIPS 74Kc based).

[philjohn]

Here's the pull request, I think you'll have more luck with this than gwlim's builds: https://github.com/lede-project/source/pull/1269

[sondr3]

Where can I find this patch? I'm on one of the ASUS routers but want to try out LEDE, but don't want reduced throughput.

[theandrewbailey]

I think these are it:

https://forum.lede-project.org/t/qualcomm-fast-path-for-lede...

https://github.com/gwlim/Fast-Path-LEDE-OpenWRT

[philjohn]

GWLim's patch is the fastpath patch and a whole lot of micro-optimizations, so unless you're on a MIPS arch it's going to be hell to get working.

The cleaner patch, taken from QSDK upstream is here: https://github.com/lede-project/source/pull/1269

[vlan0]

I like it when you talk dirty like that...

[bubblethink]

>You will be able to do a lot more with your router and they have quick security fixes

Just a counter point to this. Lede on its own doesn't have a very smooth in place upgrade system. If you are in the loop, sure you can do upgrades, but most people would never log in to their routers after setting it up. I think something like google wifi is not a bad solution either, with the obvious privacy tradeoff. It runs chromium os, and will update reliably on its own.

[ktta]

I realize people's opinions differ on this, but having Google's wifi router is one of the most privacy compromising things one can do.

Security wise, sure, great idea. But there's so much data to collect at the router level. From wireless MAC addresses (which it already does), and to every single IP address visited by every device in the household.

I might sound paranoid, but with continuous news of Google's privacy intrusive choices on Android, iOS etc. I will not trust them with that data, ever.

[taneq]

This is one of those things where the language is being deliberately twisted. "Secure" means "only people you authorise can see the data", but now it's assumed that you authorise Google (or other provider) implicitly.

[ksec]

Apple Airport is probably the best router I have ever owned. Not the fastest, but extremely Stable, based on NetBSD and from a company that makes money on my hardware rather then my Data.

I really hope they will have an 802.11ax version once they iron out all the crap that is going on in there.

[mort96]

My biggest issue with Apple routers is that you _need_ an Apple device to do anything with them.

I have an AirPort Extreme, and while I'm not opposed to having Apple devices, I also don't exclusively buy from them, but rather what I deem to be the best product for my purposes at the time of purchase. That currently means an iPhone, an iPad, and a Dell laptop running Linux, but has in the past included both Apple laptops and Android phones and tablets. Because of my choice of router, I need to make sure that I always have at least one Apple device, preferably as a main device for convenience (because running a server means I need to mess with ports now and then).

A simple web interface would've solved this. They could still have their own app to make it just as user friendly for people who don't have an Apple device immediately at hand.

I will likely never buy a Mac again becauss I absolutely need Linux, and they're making their Macs worse and worse for Linux. I plan to eventually replace my need for a tablet with one of those Dell XPS convertible machines with a touch screen. That means there will come a time when I need to choose between letting the router be a factor in what phone I buy, or get a new, non-Apple router, and that kinda sucks.

[johnbellone]

I can’t attest to how well it works, but the Airport Utility is available on Windows. This obviously doesn’t help you if you are looking to manage using an Android or Chrome device.

[mort96]

I have used that a tiny bit in the past (many years ago), and while not great, it works. However, it's abandoned, with the most recent version being released in 2012, and only officially supports Windows 7.

Besides, the only system I have with Windows is my gaming desktop, and that's only runnin Windows because there's a couple of games I play which don't support Linux. My laptop runs Linux, and while it's not running Overwatch, my gaming desktop is running Linux.

I think a more likely solution is to just keep an iOS device around while router is in use.

[Drisc0]

I've had good luck running the windows airport utility in wine if that's all that's holding you back.

[cesarb]

We've used Apple Airport access points at a previous company, and while they work great, they are a pain to configure: you have to either interrupt a Mac-using coworker and use his machine, or try the more limited Windows version of the software on Wine and hope it works.

[aneidon]

hate to break it to you: https://9to5mac.com/2016/11/21/apple-reportedly-stops-develo...

[ksec]

1. Mark Gurman, ever since he started working in Bloomberg his source or material has been either late or inaccurate.

2. The correct report was Router team folded into Apple TV team. Sounds like Apple TV adding router function to me.

3. Apple is still selling Airport, and stocks level are still very healthy. i.e No signs or discontinue.

[kalleboo]

Apple Airports are also not compatible with all network configurations - it would not work with my fiber connection due to the MTU, and I had to buy a router from another brand.

[gcb0]

good old apple: it just works, for very light and simple amounts of work.

[xyzzy_plugh]

Chromium updates require a reboot to take effect, right? How does Google WiFi reliably update without service interruptions?

[bubblethink]

Kernel updates do need a reboot. That's there for any linux based device. There are some improvements in kernel live patching. Not saying that google wifi, or any router uses them.

[King-Aaron]

I don't use the device so this is purely speculation, though I would assume they'd have configurable setting to push/apply updates at off-peak / night times?

[proctor]

Also, I maintain a page[0] that lists the top routers with support for openWrt and DD-wrt.

http://rooftopbazaar.com/routerfirmware/

[jlgaddis]

Nice referral links on your page. I see from your comment history that you've spammed HN with it several times in the past as well.

---

Edit: To be clear, there's nothing inherently wrong with affiliate links. To me, though, it's the same as someone here mentioning their product or service in a comment without disclosing their affiliation.

It's one thing to tell another person "The FooBar 9000 is a good router.". It's quite another to say, "The FooBar 9000 is the BEST router on the market. Oh, look, here's Joe. He sells those and you can buy one from him right now.", without mentioning you have previously worked out a deal with Joe.

It's not the affiliation that's the issue. It's the lack of transparency about the affiliation. (And, in this case, for me personally, it's that the OP apparently tries to work in a link to his page anywhere he can in HN conversations.)

[Xylakant]

I fail to see the problem with affiliate links in that context. The site openly disclosed that they use affiliate links to amazon. The site provides a value, a ranked list of compatible devices. I might actually use it if I were shopping around for a device. Building and maintaining it probably takes some effort. It deserves to get paid. If you think that all for-profit pages should be banned from mention then this here would be a barren place, devoid of links to useful services.

added after the parent modified his post:

Even after you changed your comment, I fail to see a problem. The poster explicitly says "I maintain", openly disclosing his affiliation with the site. The site does not recommend a specific device as "the best", it provides a list, ranked by a disclosed set of criteria from which you can pick. You can actually change the filters and the sort order - cheapest, graded by performance, ... We can agree or disagree on the specific sort criteria picked or the completeness of the list, but the grandparent actually does sometimes engage into discussions about this, soliciting feedback (and I presume implementing it). It adds value over the device lists that LEDE and OpenWRT provide.

The grandparent does mention the page every time the context makes sense, but alas, when else would he mention it? Would you prefer if the grandparent just posts the link as a reply to each and every post? He built something that adds value, so why not mention it? It's not like it's the only thing the GP ever posts. Seems more like a lurker from the comment history, but come on, the last mention was 141 days ago, it's not like it's spammy.

All in all your comment comes off as being jealous someone built something that provides a little income.

[jlgaddis]

> The site openly disclosed that they use affiliate links to amazon.

Did it? I was on an iPad and only realized they were affiliate links after I clicked on one and it took to Amazon. Immediately, I looked at the URL to see if there was a referral tag in there. I then went back and noticed "DISCLOSURE" at the very bottom, in the footer, but I don't recall seeing any mention of it before that.

> If you think that all for-profit pages should be banned from mention then this here would be a barren place, devoid of links to useful services.

Did I say anything even remotely close to that?

[lovelearning]

I wanted to ignore this since I don't enjoy subjective arguments, but since you seem to be virtue signalling about disclosures, I'd like to point out that your own page with Amazon affiliate links [http://evilrouters.net/bookshelf/] does not disclose your affiliation to Amazon (which is itself a violation of section 5 of the Amazon affiliate program agreement), nor does your DISCLOSURE page (whose link is also at the very bottom right of your page). The other commentator's disclosure page (http://rooftopbazaar.com/disclosure/) comes across as a proper honest disclosure to me. Sorry, your comments seem like hypocrisy to me.

[jlgaddis]

Thanks for pointing that out. With the exception of a couple spontaneous, hastily written blog posts, that blog has been pretty neglected for about the last ~5 years. I've been meaning to remove the Adsense ads and add HTTPS for a long while too, but I haven't got around to doing either. Before just now, it's probably been several months since I even looked at that site.

Anyways, the "disclosures" page has no references to Amazon because I removed them several years ago when I quit being a part of the Amazon Affiliate program. I thought I had removed the affiliate tags as well but apparently not. They were still there but they haven't been valid for at least three or four years now (and, thus, not generating any commissions).

Here's a screenshot showing that the account was closed: https://imgur.com/c3rmZ5F

Regardless, I have removed them from the page. The page is cached and I don't remember the magic incantation to force varnish to purge the cached version but rest assured it'll get refreshed in the near future.

I'm sorry you had to spend your time searching through my web sites to try to find something that made me look hypocritical. Also, I'll point out that I don't go around posting links to that "bookshelf" page on HN comments. That is what would have made my statements hypocritical, not the fact that I had affiliate links on some random web page somewhere.

[Xylakant]

> Did it?

It says first thing on the top that links go to amazon. There's a link at the bottom to the full discussion. What's the issue if the links to amazon are affiliate links? It's not like they're forcing you to buy or that the value you get from the site is reduced by that. They don't hype a specific device either.

> Did I say anything even remotely close to that?

I very much understood your complaint about "spammy, since he links to a page that he's affiliated with" to go in the direction that nobody should link to a monetized service he's somehow affiliated with, yes.

[megaman22]

I'm of the oppinion that all links to amazon, for example, should be affiliate links. Somebody should be getting that cut.

[mikeash]

It talks a lot about Amazon, but there's no mention of using affiliate links.

The issue is that there's a conflict of interest when a page that gives you advice on what to buy uses affiliate links. If they get a cut of my purchase, then they're incentivized to get me to buy the most expensive alternative rather than the best one, and to buy something rather than stick with what I have if what I have is adequate.

This is not an insurmountable problem, but disclosure is important so I know what's going on.

[alsetmusic]

> All in all your comment comes off as being jealous someone built something that provides a little income.

I don’t consider the comment as a display of jealousy. It appears (to me) that it originates from a dislike of self-promotion.

Note: I am not taking a position on the matter of self-promotion, but on the conclusion of jealousy.

[Xylakant]

I count single digit mentions in 1669 days that procotor is registered on HN. That would be lousy self promotion. I believe that proctor genuinely believes he built something useful and wants to share it. The snark in jlgaddis post rubs me the wrong way.

[dspillett]

> That would be lousy self promotion.

But still self-promotion if people want to be dogmatic about it. Some people, and some discussion forums, have an absolutely zero tolerance attitude to self-promotion.

I have no issue with it if:

* It isn't almost all that the account is for (caveat: personally I don't care enough in this case to have checked the account's comment history), i.e. the person contributes usefully to discussions noticably beyond what is needed for the self-promotion.

* The posts are at least relevant to the discussion at hand (which it appears to be here)

* The page/post/other is sufficiently honest about the affiliate links, because otherwise they could represent a conflict of interests (recommending what makes most out of affiliate relations rather than what is actually best by a good objective measure). This last part can be quite subjective, and again I've not looked at this particular case myself yet.

[alsetmusic]

> I count single digit mentions in 1669 days that procotor is registered on HN. That would be lousy self promotion.

Lousy of not, it’s still self-promotion. This is true whether it occurs once or many times.

> I believe that proctor genuinely believes he built something useful and wants to share it.

I agree.

> The snark in jlgaddis post rubs me the wrong way.

Clearly. However, you aren’t defending your accusation of jealousy. Jealousy was the key word that I was addressing.

[stordoff]

I agree that the use of affiliate links isn't a huge issue, but I'm not sure I'd agree that the site _openly_ discloses the use of Amazon affiliate links. To learn that information, you have to notice "Disclosure" in the footer (which doesn't indicate what sort of disclosure it is), and even then the resultant page doesn't have a straight-forward statement along the lines of "This site makes use of Amazon affiliate links".

I also feel like the following is possibly _slightly_ misleading, or at least intended to induce the use of the provided links:

> By using any link on this site – affiliate or not – you will get a better deal by purchasing a corresponding product through that link than you would by going directly through the linked company’s site

[jeroen]

The previous comment mentioning the site is 141 days old, and the one before that 451 days. A bit much to call that spamming.

[faeyanpiraat]

What’s wrong with monetizing your stuff if you provide value? (Haven’t checked out the linked page, this is more like a generic question)

[falsedan]

Nothing wrong with monetization, it's how you do it that's important.

[linkmotif]

I put openwrt on my $20 tp-link router that couldn’t even handle a single torrent and now it functions like a beast. Installation was so easy. I just downloaded the openwrt firmware file and uploaded it using the tp-link web ui like an official update.

Software!

[skeleton]

I'm interested in installing a different firmware on my home router, but there are many offerings. Is there any reason you recommend LEDE over the others? (e.g. Tomato)

[bubblethink]

Maybe the name LEDE is not familiar to you, but LEDE is an openwrt fork, which is essentially going to get named to openwrt again through a merge since that's where most of the openwrt work is happening. From the various open or semi-open firmware, LEDE is the most active and open I think. Various other firmware will still be quite tied to vendor binary drivers.

[ktta]

Tomato, DD-WRT, etc. try to be extremely user friendly. Not that LEDE doesn't, but people who have some technical expertise tend to benefit a lot more from LEDE with all their packages. Especially if you can compile an image yourself (it is pretty easy on linux), then you can have all the features tailored to your preference.

[jlgaddis]

OpenWRT/LEDE firmware is nice. I think I first used it with the (original) WRT54G.

The future of the project is uncertain, however. They may or may not be around much longer.

[jml7c5]

>The future of the project is uncertain, however. They may or may not be around much longer.

Can you elaborate on this?

[jlgaddis]

In a nutshell: OpenWRT existed. They kinda sorta pretty much stopped doing anything. LEDE sprang up as a fork, with several of the OpenWRT folks. Then they all decided to work together and joined back up. Now it's anybody's guess what will happen next, if anything, as nothing has really happened since.

[bipson]

That is not true in my experience, the LEDE site is quite active, spewing out builds very frequently, even fixing KRACK almost immediately. Don't know what you consider as "nothing has really happened"

[jimmies]

OpenWRT is dying, but LEDE is alive and kicking hard.

[JetSpiegel]

The mailing lists mention LEDE will merge back to the OpenWRT branding, but that was months ago, and the OpenWRT site is funky.

[muxator]

On LEDE, it seems that there is always an hardcoded DNS fallback to 8.8.8.8. I see it in my logs, even if none of my configuration files mentions it.

[craftyguy]

Wow, that's unfortunate. Are you sure no clients on your network aren't configured to use Google dns servers?

[muxator]

Yes. The message is in the system logs of the router.

[acidburnNSA]

Thanks! I have been running DD-WRT for a while and was displeased that their updates were unofficial builds served over HTTP, ugh. LEDE looked right up my alley and this evening I went ahead and installed it from the SSH window of my DD-WRT install. After a few hours I had the OpenVPN server in "road-warrior" mode with all firewall rules functioning and now I just finished up getting my USB drive mounted on it. It's really slick, thanks a ton for the suggestion!!

[philjohn]

This. I've got a TPLink Repeater (RE450) and a Netgear R7800 router, both are running LEDE and have given me a slew of great features out of the box, and many more that can be installed after the fact using the packaging system.

There's also a third router, an old TP-Link 1043ND running as a wireless bridge to connect devices in my AV setup, once again running LEDE.

[nerdponx]

FWIW this only affects repeaters, not routers.

[philjohn]

And repeaters are also supported by Lede, the TPLink RE450 being one such (I should know, I run a totally LEDE stack at home, and have an RE450 to get the signal better upstairs).

[guftagu]

It seems like they support every model but exactly mine. I'm running TP-LINK TL-WR845N

[konart]

Is there any reason to switch from OpenWrt yet?

[gsich]

OpenWrt was basically dead after devs switched to LEDE.

But they are remerging again, it just takes some time, so use LEDE if you install something now.

[lmns]

Security patches. OpenWRT hasn't had any in the past year.

[adminadminadmin]

Why LEDE over Merlin for ASUS?