Preface
A first encounter with the OpenWrt Project might be overwhelming so I created this post to jumpstart newcomers. Realize that an OpenWrt Journey is not a walk in the park and may consume countless hours of learning and trial-and-error - even when tech experienced.
Planning
Setup your Network Topology based on Home layout and required wired connections.
Plan your Wi-Fi Access Point placement. Two examples:
*All-in-one: Wifi Router (small area, <=4 wired connections)
*Modular: Core Router + Switch + Access Points (large area, >4 wired connections)
Draw a network diagram ie. with draw.io with desired Topology
Buyer tips
When looking for new hardware check following popular devices
note: do lookup forum topics about user experience
Router without WiFi
2.5 GbE - BananaPi BPi-R3 mini
2.5 GbE - CWWK
2.5 GbE - NanoPi R5C / R5S / R6S
2.5 GbE - Raspberry Pi 5 + Dual 2.5 Gbps HAT
1.0 GbE - BananaPi BPi-R4 (SFP+ for 10GbE)
1.0 GbE - GL.iNet GL-MT2500A
1.0 GbE - Mikrotik RB5009UG+S+IN (SFP+) / RB5009UPr+S+IN (SFP+, PoE, pending support)
1.0 GbE - NanoPi R2S / R3S / R4S 4Gb
1.0 GbE - Raspberry Pi CM4 + DFRobot Routerboard
*2nd hand
10 GbE - Lenovo M920q + dual 10GbE NIC
1.0 GbE - Dell Edge (SFP+)
Managed Switch (OEM firmware)
Decide for yourself if basic vlan support is good enough or whether you need advanced protocols like MSTP, Multicast Management (IPV4 IGMP Snooping, IPV6 MLD Snooping, GMRP), LACP, SNMP, syslog, LLDP, static MACs, port security, management over IPv6, CRC error counters, Loop Prevention/Detection, QoS, port Mirroring, port Stats
Netgear GS308EP (1.0 GbE, PoE)
Netgear MS108EUP (2.5 GbE, PoE)
TP-Link SG2210XMP-M2 (2.5 GbE, SFP+, PoE)
Ubiquiti USW-Pro-Max-16-PoE (2.5 GbE, SFP+, PoE, Etherlighting)
Zyxel GS1915-8EP (1.0 GbE, PoE)
Zyxel XMG1915-10EP (2.5 GbE, SFP+, PoE)
Zyxel XGS1210-12 (1.0 GbE, 2.5 GbE, SFP+)
Managed Switch (OpenWrt firmware)
rtl838x - Netgaear GS310TP (1.0 GbE, PoE)
rtl838x - TP-Link TL-SG2210P (1.0 GbE, SFP, PoE)
rtl930x - ZyXEL XGS1250-12 (1.0 GbE, 10 GbE, SFP+)
Access Point PoE indoor
mt7986 - Netgear WAX220 (2.5 GbE)
mt7981 - Cudy AP3000 indoor (pending support)
mt7981 - Ubiquiti UniFi U6+
mt7981 - Zyxel NWA50AX Pro (2.5 GbE)
ipq807x - Netgear WAX218
ipq807x - TP-Link EAP660 HD (2.5 GbE)
mt7621 - TP-Link EAP613 / TP-Link EAP615
mt7621 - Ubiquiti UniFi 6 Lite
mt7621 - Zyxel NWA50AX
*2nd hand
ath79 - TP-Link EAP225 / EAP245
Access Point PoE outdoor
mt7981 - Cudy AP3000 Outdoor
mt7621 - Cudy AP1300 Outdoor (pending support)
mt7621 - Zyxel NWA55AXE
ipq6018 - TP-Link EAP610-Outdoor (pending support)
*2nd hand
ath79 - TP-Link EAP225 Outdoor
Router with Wifi
mt7988 - BananaPi BPi-R4
mt7986 - Asus TUF-AX4200 / Asus RT-AX59U
mt7986 - BananaPi BPi-R3 mini
mt7986 - GL.iNet GL-MT6000
mt7981 - Cudy WR3000 / Cudy M3000
mt7981 - D-Link M30 Aquila Pro AI
mt7981 - OpenWrt One
ipq807x - Dynalink DL-WRX36
ipq807x - Linksys MX4300 / LN1301 (pending support)
*2nd hand
mt7622 - Netgear WAX206
Travel Router (auxiliary package travelmate)
mt7981 - Cudy TR3000
mt7981 - GL.iNet GL-MT3000
mt7628 - Cudy TR1200
mt7628 - GL.iNet GL-MT300N V2
Router with 4G / LTE / 5G (auxiliary package luci-app-modemband)
mt7988 - BananaPi BPI-R4 + M.2 4G/5G Module
mt7981 - GL.iNet X3000
ipq807x - TP-Link X80-5G (pending support)
mt7621 - TP-Link MR600
mt7621 - Asus 4G-AX56 (pending support)
ipq4019 - Netgear LBR20
SFP+
SFP+ ports allow 10G connections over Fiber Optic- or Copper modules
*short distance use SFP+ DAC Patchkabel (with modules integrated)
*long distance use module BIDI-LC-Single-mode + cable OS1 indoor / OS2 outdoor
see topic and Ubiquity examples
Other
*Wifi Router Tri-band: here
*PCIe NIC adapter: 2.5G Realtek RTL8125B(G) | 10G Intel X550-T2 / Marvell AQC107/AQC113C
*USB NIC adapter: 2.5G Realtek RTL8156A+ RTL8156B(S)(G) | 1.0G Realtek RTL8153C+
*USB Wi-Fi adapter: here - see also this post
*USB Chargers: lygte-info and chargerlab
*USB Serial: CP2102 USB to TTL Converter - connect TX, RX and GND (don't connect VCC)
*Range extender: Cudy RE3000
Installation
Lookup OpenWrt device for instructions, read Starter FAQ and Quick start guide
You can find some external guides in here as well
- flash factory image
- connect OpenWrt device lan-port with PC and goto 192.168.1.1 in browser
router without Wifi: in Network > Interfaces verify if wan interface is available - if not add wan with DHCP client on ie. eth1 (follow device instructions)
router with Wifi: follow this
accesspoint: in Network > interfaces edit lan and set protocol to DHCP client; enable Wi-Fi network in Network > Wireless and set country code. With multiple APs set different channel per AP, ie. ch1 on AP1 and ch11 on AP2 for 2.4 Ghz. See Dump Access Point - Save & Apply (keep settings) - when device does not come up after 5min powercycle it
Upgrade
Upgrading is recommended when a new OpenWrt release is out (check release notes beforehand)
- for major upgrade (ie 23.x to 24.x) flash a sysupgrade image
- for minor upgrade (ie 23.05.1 to 23.05.2) use luci-app-attendedsysupgrade
- from 24.x onward: see https://openwrt.org/docs/guide-user/installation/sysupgrade.owut
Packages
There is a huge Package Library (Update lists in System > Software). Favored for a Router
- advertisement blocking - options
- malicious host blocking - luci-app-banip
- port info - luci-app-lldpd
- traffic shaping - luci-app-sqm; variable bandwidth: cake-autorate
- traffic limiter - luci-app-nft-qos
Privacy/Security
To secure devices and guard privacy
- change DNS resolver - in Network > Interfaces > wan uncheck 'Use DNS servers advertised by peer' and add DNS server 1.1.1.1 and 1.0.0.1
- encrypt DNS traffic - see DNS Encryption
- isolate wireless devices - see Guest WLAN (needs dnsmasq+firewall)
- isolate logical grouped devices - setup 802.1q VLAN to isolate guest, iot, home etc devices case1, case2, case3. Tip: check also wifi-vlan feature
- secure Internet connection and mask IP address with Wireguard client
- secure remote access to home network with Wireguard server
- perform local vulnerability scan with Nessus Essentials
- perform local portscan with nmap
- perform remote portscan with port-scanner
Monitoring
An army of Monitoring options are available with collect-mod plugins
- Router monitoring - luci-app-statistics collectd-mod-sensors collectd-mod-thermal collectd-mod-ping collectd-mod-sqm collectd-mod-irq
- Traffic monitoring - luci-app-nlbwmon (extra settings are needed)
- Stats export to Grafana - prometheus-node-exporter-ucode / collectd_exporter / nlbw2collectd
Troubleshooting
- keep it simple, stick to defaults
- view Status > System Log
- familiarize yourself with terminal commands (see Appendix)
- in case of issues search the forum and/or create a topic with your config (see Appendix)
Appendix: Collect config
Connect to your OpenWrt device using ssh, copy output of below commands and post it using the preformatted text button (redact passwords, MAC- and public IP addresses)
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Appendix: Terminal Commands
cpu memory: htop (press F2 and enable detailed cputime)
network: ifconfig, iftop, mtr -ezb4 --report 1.1.1.1, netstat, nslookup, route, traceroute
hardware: ethtool, iwinfo, iw phy0 info, iw list
text view/edit: cat, grep, logread, nano
ps: when a command is not available then install it in System > Software
ps2: see also
https://openwrt.org/docs/guide-user/base-system/user.beginner.cli
https://openwrt.org/docs/guide-user/network/wifi/wireless-tool/wireless.utilities
Appendix: Benchmark
Cloudflare speedtest
Ookia speedtest
Bufferfloat test
iperf3 performance
Wireguard performance
Power consumption
Crusader Network Tester
Flent Network Tester
Appendix: External Resources
Embedded Hardware News https://www.cnx-software.com/
Linux (Kernel) News https://www.phoronix.com/
OpenWrt user Blog https://giuliomagnifico.blog/
OpenWrt Wifi chip info Crowd-sourcing the Wi-Fi Chip info - #2 by richb-hanover-priv
Networking Fundamentals https://book.systemsapproach.org/
Networking Fundamentals https://www.geeksforgeeks.org/computer-network-tutorials/
OpenWisp https://openwisp.org/demo.html
OpenWrt Configurator https://github.com/jasrusable/openwrt-configurator
OpenWrt recent commits https://git.openwrt.org/?p=openwrt/openwrt.git;a=summary or https://github.com/openwrt/openwrt/commits/openwrt-23.05
OpenWrt Stats https://sysupgrade.openwrt.org/stats
Starlink latency story https://api.starlink.com/public-files/StarlinkLatency.pdf
Wifi Survey https://github.com/jantman/python-wifi-survey-heatmap or https://www.netspotapp.com/gettrial.html or using a Robot Vacuum https://github.com/ccoors/Valeronoi
Wifi SNR https://interline.pl/Information-and-Tips/Minimum-802.11-SNR-Sensitivity
Appendix: Used processor in popular ARM/MIPS SoCs
ath79 MIPS 4Kc
bcm2711 quad-core A72
bcm2712 quad-core A76
mt7621 MIPS1004Kc
mt7622 dual-core A53
mt7628 MIPS24KEc
mt7981 dual-core A53 (filogic 820)
mt7986 quad-core A53 (filogic 830)
mt7988 quad-core A73 (filogic 880) WiFi 7
ipq53xx quad-core A53
ipq60xx quad-core A53
ipq807x quad-core A53
ipq957x quad-core A73
RK3399 dual-core A72 + quad-core A53
RK3566 quad-core A55
RK3568 quad-core A55
RK3588 quad-core A76 + quad-core A55
ps: support the OpenWrt Project by making a small donation