An OpenWrt Beginner's Guide

Preface

A first encounter with the OpenWrt Project might be overwhelming so I created this post to jumpstart newcomers. Note that an OpenWrt Journey is not a walk in the park and may consume countless hours of learning and setup while harvesting information - even when tech experienced.

Planning

Setup your Network Topology based on Home layout and required wired connections.
Plan your Wi-Fi Access Point placement. Two examples:

• All-in-one: Wifi Router (small area, <=4 wired connections)
• Modular: Core Router + Switch + Access Points (large area, >4 wired connections)

Draw a network diagram ie. with draw.io with your desired Topology

Buyer tips

When looking for new hardware you can check following popular devices
note: look into forum threads about experience from others beforehand!

Core Router

SFP+/2.5 GbE - CWWK N100 SFP
SFP+/1.0 GbE - BananaPi BPi-R4 (see here)
SFP+/1.0 GbE - BananaPi BPi-R3
SFP+/1.0 GbE - Mikrotik RB5009
SFP/1.0 GbE - MikroTik RB760iGS
2.5 GbE - BananaPi BPi-R3 mini
2.5 GbE - CWWK N100 mini, see also here and here
2.5 GbE - LattePanda Mu N100 (select Full-Function Carrier)
2.5 GbE - NanoPi R6S (pending official support)
2.5 GbE - Raspberry Pi 5 with Dual 2.5 Gbps HAT
2.5 GbE - TLSense N100L4
1.0 GbE - GL.iNet GL-MT2500
1.0 GbE - NanoPi R4S 4Gb
1.0 GbE - Raspberry Pi CM4 with DFRobot Routerboard

*2nd hand options
10 GbE - Lenovo M920q with dual 10GbE NIC

Managed Switch PoE

SFP+/2.5 GbE - TP-Link SG2210XMP-M2
SFP+/2.5 GbE - Ubiquiti USW-Enterprise-8-PoE / USW-Pro-Max-24-PoE with Etherlighting
SFP+/2.5 GbE - Zyxel XMG1915-10EP
2.5 GbE - Netgear MS108EUP
1.0 GbE - Netgear GS308EP / GS316EP (SFP)
1.0 GbE - TP-Link TL-SG108PE / TL-SG1210MPE / TL-SG2210P (SFP)
1.0 GbE - Zyxel GS1915-8EP / GS1920-8HPv2
*Switch running OpenWrt: Netgear GS108T or GS310TP (metrics export to Grafana)

Access Point PoE

mt7986 - Netgear WAX220 2.5 GbE
mt7986 - TP-Link EAP683-LR pending support and here
mt7981 - Ubiquiti UniFi U6+
mt7981 - Zyxel NWA50AX Pro 2.5 GbE
ipq807x - Netgear WAX218

*2nd hand options
ath79 - TP-Link EAP225
ath79 - TP-Link EAP245
mt7621 - TP-Link EAP613
mt7621 - TP-Link EAP615 see review
mt7621 - Ubiquiti UniFi 6 Lite
mt7621 - Zyxel NWA50AX

*outdoor
ath79 - TP-Link EAP225 Outdoor
mt7621 - Zyxel NWA55AXE
ipq60xx - TP-Link EAP610-Outdoor (pending support)

Wifi Router

mt7988 - BananaPi BPi-R4 (see here)
mt7986 - Asus TUF-AX4200 / Asus RT-AX59U with instructions
mt7986 - BananaPi BPi-R3 / BananaPi BPi-R3 mini
mt7986 - GL.iNet GL-MT6000
mt7981 - ASUS RT-AX52 (pending support)
mt7981 - Cudy WR3000
mt7981 - D-Link M30 Aquila Pro AI
ipq807x - Dynalink DL-WRX36

*2nd hand options (read forum about possible issues)
mt7622 - Belkin RT3200 / Linksys E8450
mt7622 - Netgear WAX206

Travel Router with Travelmate

mt7981 - Cudy TR3000 pending support
mt7981 - GL.iNet GL-MT3000
mt7628 - GL.iNet GL-MT300N V2

Fiber

When your devices support SFP you can connect them with Fiber Optic- instead of UTP Copper cables. Besides being cool to have, this is beneficial for long distance connections (>90m)
*module: opt for BIDI - LC - Single-mode with either SFP (1.25Gbps - i.e. Ubiquity UACC-OM-SM-1G-S-2) or SFP+ (10Gbps) - see also here for devices
*cable: select OS1 for indoor or OS2 for outdoor

Other

*budgettips: Netgear GS308E / Zyxel WSM20
*Tri-band devices: here
*PCIe NIC adapter: 2.5G - Realtek RTL8125B(G) | 10G - Intel X550-T2 / Marvell AQC107/AQC113C
*USB Wi-Fi adapter: here - see also this post
*USB Ethernet adapter: 1.0G - Realtek RTL8153C+ | 2.5G Realtek RTL8156A+
*USB Chargers: lygte-info and chargerlab
*Range extender: Cudy RE3000

Installation

Lookup your OpenWrt device for instructions, read the Starter FAQ and Quick start guide

• flash factory image
• connect OpenWrt device lan-port with PC (wifi turned off) and goto 192.168.1.1 in your browser
  router: in Network > interfaces add wan with DHCP client on eth1; edit lan and set IPv4 to 192.168.0.1
  accesspoint: in Network > interfaces edit lan and set protocol to DHCP client; enable Wi-Fi network in Network > Wireless and set country code. When having multiple APs set different channel per AP, ie. ch1 on AP1 and ch11 on AP2 for 2.4 Ghz. See Dump Access Point
• Save & Apply (keep settings) - when device does not come back after 5 minutes powercycle it
  
  

Upgrade

Upgrading is recommended when a new OpenWrt release is out (check release notes beforehand)

• for major upgrade (ie 23.x to 24.x) flash a sysupgrade image
• for minor upgrade (ie 23.05.1 to 23.05.2) you can use luci-app-attendedsysupgrade
  
  

Packages

There is a huge Package Library (hit Update lists in System > Software). Favored for a Router are i.e.

• advertisement blocking - options
• malicious host blocking - luci-app-banip (select feeds like debl, feodo, firehol1, firehol2, greensnow, iblockspy, proxy, sslbl, threat, tor,cinscore, etcompromised, talos, bruteforce)
• traffic shaping - luci-app-sqm; DOCSIS: use this; variable bandwidth: use cake-autorate
• show detailed port info - luci-app-lldpd
  
  

Privacy/Security

To secure devices and guard privacy

• to use a different DNS resolver than the one provided by your ISP - in Network > Interfaces > wan, uncheck 'Use DNS servers advertised by peer' and add DNS server 1.1.1.1 and 1.0.0.1
• to encrypt DNS traffic use DoH or DNSCrypt - see comparison
• to enforce Network isolation for wireless devices - see Guest WLAN (needs dnsmasq+firewall)
• to enforce Network isolation for logical grouped devices - setup 802.1q VLAN to isolate guest, iot, home etc devices case1, case2, case3. Tip: check also this wifi-vlan feature
• to secure Internet connection and mask your IP address install Wireguard client
• to secure remote access to your home network install Wireguard server
• to perform a local vulnerability scan use Nessus Essentials
• to perform a local portscan use nmap
• to perform a remote portscan use port-scanner
  
  

Monitoring

An army of Monitoring options are available with collect-mod plugins

• Accesspoint monitoring - luci-app-statistics collectd-mod-sensors
• Router monitoring - luci-app-statistics collectd-mod-sensors collectd-mod-thermal collectd-mod-ping collectd-mod-sqm collectd-mod-irq
• Router traffic monitoring - luci-app-nlbwmon (extra settings are needed)
• Export stats to Grafana - prometheus-node-exporter-ucode or collectd_exporter
  
  

Troubleshooting

• keep it simple and stick to defaults if possible
• look in Status > System Log
• familiarize yourself with terminal commands (see Appendix)
• in case of issues search the forum and/or create a topic with your config (see Appendix)
  
  

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

ath79    MIPS 4Kc
bcm2711  quad-core A72
bcm2712  quad-core A76
mt7621   MIPS1004Kc
mt7622   dual-core A53
mt7628   MIPS24KEc
mt7981   dual-core A53 (filogic 820)
mt7986   quad-core A53 (filogic 830)
mtxxxx   triple-core A73 (filogic 860) WiFi 7
mt7988   quad-core A73 (filogic 880) WiFi 7
ipq53xx  quad-core A53
ipq60xx  quad-core A53
ipq807x  quad-core A53
ipq957x  quad-core A73
RK3399   dual-core A72 + quad-core A53
RK3588S  quad-core A76 + quad-core A55

ps: support the OpenWrt Project by making a small donation

For a Wifi Router advice: are ipq807x and filogic the best performing devices for 2023/2024 ?
Do you have 2.5Gbps / 1.0Gbps device recommendations for these?

edit: I digged some time into topics and found following
ipq807x - Dynalink DL-WRX36 looks cool but currently lacks DSA support
filogic - contains a growing number of devices but many are not easily flashed.

I'm not sure why you added this question to your existing thread... but look at this section:

Read and search first, if you don't find answers to your questions, that is a good place to start a new thread regarding OpenWrt + hardware questions