An OpenWrt Beginner's Guide

Installing and Using OpenWrt
1

Preface

A first encounter with the OpenWrt Project might be overwhelming so I created this post to jumpstart newcomers. Realize that an OpenWrt Journey is not a walk in the park and may consume countless hours of learning and trial-and-error - even when tech experienced.

Planning

Decide, based on floor layout and #wired connections, which topology suits best, i.e.
*Wifi (All-In-One) Router
*Wifi (All-In-One) Router + Access Point(s)
*Wired (Core) Router + Switch + Access Point(s)

Draw a network diagram ie. with draw.io

2023.drawio
2023.drawio643×153 13.3 KB

Buyer tips

For new hardware check below devices - the listed order is in SoC cpu capacity
ps: lookup forum topics about user experience
ps2: for all supported devices see Table of Hardware

Wired (Core) Router
SoC Device Price Notes
Core i5 Lenovo M920q 8500T + 10GbE RJ45 / SFP+ NIC $150 (2nd hand) + $40 10 GbE, coreboot
n100 CWWK $200 2.5 GbE, SFP+
bcm2712 RPi RPI5-2GB + Mcuzone Dual 2.5G HAT or Radxa Dual 2.5G HAT $50 + $60 2.5 GbE
rk3588 NanoPi R6S $150 2.5 GbE
rk3399 NanoPi R4S 4Gb $100 1.0 GbE
88f7040 Mikrotik RB5009UPr+S+IN $250 1.0 GbE, SFP+, PoE, pending
bcm2711 RPi CM4002000 + Routerboard $35 + $45 1.0 GbE
rk3568 NanoPi R5C $80 2.5 GbE
rk3566 NanoPi R3S $50 1.0 GbE
mt7981 GL.iNet GL-MT2500A $55 1.0 GbE, note
Managed Switch (OEM firmware)

Consider if basic vlan support is good enough or whether you need advanced protocols like MSTP, Multicast Management (IPV4 IGMP Snooping, IPV6 MLD Snooping, GMRP), LACP, SNMP, syslog, LLDP, static MACs, port security, management over IPv6, CRC error counters, Loop Prevention/Detection, QoS, port Mirroring, port Stats

Device Price Notes
Netgear GS308EP $60 1.0 GbE, PoE
Netgear MS108EUP $250 2.5 GbE, PoE
TP-Link SG2210XMP-M2 $350 2.5 GbE, SFP+, PoE
Ubiquiti USW-Pro-Max-16-PoE $400 2.5 GbE, SFP+, PoE, Etherlighting
Zyxel GS1915-8EP $115 1.0 GbE, PoE
Zyxel XMG1915-10EP $250 2.5 GbE, SFP+, PoE
Managed Switch (OpenWrt firmware)

A managed switch with OpenWrt firmware provides benefits like a unified (configuration) experience, no cloud vendor lock-in and options to export metrics to i.e. Grafana
See also openwrt_on_switches_faq

SoC Device Price Notes
rtl930x ZyXEL XGS1210-12 $150 1.0 GbE, 2.5 GbE, SFP+, pending
rtl930x ZyXEL XGS1250-12 $200 1.0 GbE, 10 GbE, SFP+
rtl838x Netgaear GS310TP 2nd hand 1.0 GbE, SFP, PoE
rtl838x TP-Link TL-SG2210P $115 1.0 GbE, SFP, PoE
rtl838x ZyXEL GS1900-10HP $120 1.0 GbE, SFP, PoE
Access Point indoor

Plan your Wi-Fi Access Point placement.

SoC Device Price Notes
mt7986 Netgear WAX220 $200 2.5 GbE, PoE
mt7981 Cudy AP3000 $100 2.5 GbE, PoE
mt7981 Ubiquiti UniFi U6+ $120 1.0 GbE, PoE
mt7981 Zyxel NWA50AX Pro $110 2.5 GbE, PoE
ipq8072 TP-Link EAP660 HD $150 2.5 GbE, PoE
mt7621 Cudy M1300 v2 $40 1.0 GbE
mt7621 TP-Link EAP613 / EAP615 $80 / $85 1.0 GbE, PoE
ath79 TP-Link EAP225 / EAP245 2nd hand 1.0 Gbe, PoE
Access Point PoE outdoor
SoC Device Price Notes
mt7981 Cudy AP3000 Outdoor $120 1.0 GbE, PoE
mt7621 Zyxel NWA55AXE $110 1.0 GbE, PoE
ipq6018 TP-Link EAP625-Outdoor HD $150 1.0 GbE, PoE
ipq6018 TP-Link EAP610-Outdoor $120 1.0 GbE, PoE
Wifi (All-In-One) Router

Combined router and wireless access point.

SoC Device Price Notes
mt7988 Asus ZenWiFi BT8 $280 2x2.5 GbE, Wifi 7
mt7986 Asus TUF-AX4200 / RT-AX59U $120 / $120
mt7986 GL.iNet GL-MT6000 $125 2x2.5 GbE
mt7986 ZyXEL T-56 €50 (EU) 2x2.5 GbE, note
mt7981 Asus RT-AX52 €50 (EU)
mt7981 Cudy WR3000S / WR3000H / M3000 $70 / $80 / $60
mt7981 D-Link M30 Aquila Pro AI $80
mt7981 OpenWrt One $110
ipq8174 Linksys MX4300 $30 (US)
Travel Router

See also travelmate

SoC Device Price Notes
mt7981 Cudy TR3000 $80 1.0 GbE
mt7981 GL.iNet GL-MT3000 $75 2.5 GbE + 1.0 GbE
mt7628 Cudy TR1200 $30 0.1 GbE
mt7628 GL.iNet GL-MT300N V2 $30 0.1 GbE
Cellular Router (4G/LTE/5G)

See also luci-app-modemband)

SoC Device Price Notes
mt7981 GL.iNet X3000 $350
ipq807x TP-Link X80-5G $275
mt7621 TP-Link MR600 $120
mt7621 Asus 4G-AX56 $150
ipq4019 Netgear LBR20 $140
SFP+

SFP+ ports allow 10G connections over Fiber Optic- or Copper modules
*short distance use SFP+ DAC Patchkabel with modules integrated
*long distance use module BIDI-LC-Single-mode + cable OS1 indoor / OS2 outdoor
see topic and Ubiquity examples

Other

*Wifi Point to Point: Ubiquiti Nanostation AC loco or TP-Link CPE710
*Wifi Router White look: here
*Wifi Router Tri-band: here
*PCIe NIC adapter: 2.5G Realtek RTL8125B(G) | 10G Intel X550-T2 / Marvell AQC107/AQC113C
*USB NIC adapter: 2.5G Realtek RTL8156A+ RTL8156B(S)(G) | 1.0G Realtek RTL8153C+
*USB Wi-Fi adapter: here - see also this post
*USB Chargers: lygte-info and chargerlab
*USB Serial: CP2102 USB to TTL Converter - connect TX, RX and GND (don't connect VCC)
*Range extender: Cudy RE3000

Installation

Lookup OpenWrt device for instructions, read Starter FAQ and Quick start guide
You can find some external guides in here as well

  • flash factory image
  • connect OpenWrt device lan-port with PC and open 192.168.1.1 in browser
    router without Wifi: in Network > Interfaces verify if wan interface is available - if not add wan with DHCP client on ie. eth1 (follow device instructions)
    router with Wifi: follow this
    accesspoint: in Network > interfaces edit lan and set protocol to DHCP client; enable Wi-Fi network in Network > Wireless and set country code. With multiple APs set different channel per AP, ie. ch1 on AP1 and ch11 on AP2 for 2.4 Ghz. See Bridged Access Point
  • Save & Apply (keep settings) - when device does not come up after 5min powercycle it

Upgrade

Recommended when a new OpenWrt release is out (check release notes beforehand)
See https://openwrt.org/docs/guide-user/installation/sysupgrade.owut

Packages

There is a huge Package Library (Update lists in System > Software). Favored for a Router

Privacy/Security

To secure devices and guard privacy

  • change DNS resolver - in Network > Interfaces > wan uncheck 'Use DNS servers advertised by peer' and add DNS server 1.1.1.1 and 1.0.0.1
  • encrypt DNS traffic - see DNS Encryption
  • isolate wireless devices - see Guest WLAN (needs dnsmasq+firewall)
  • isolate logical grouped devices - setup 802.1q VLAN to isolate guest, iot, home etc devices case1, case2, case3. Tip: check also wifi-vlan feature
  • secure WiFi WPA2: enable KRACK + 802.11w + use a 12 digit key with a combi of A-Z, a-z and 0-9.
  • secure Internet connection and mask IP address with Wireguard client
  • secure remote access to home network with Wireguard server
  • perform local vulnerability scan with Nessus Essentials
  • perform local portscan with nmap
  • perform remote portscan with port-scanner

Monitoring

An army of Monitoring options are available with collect-mod plugins

  • Router monitoring - luci-app-statistics collectd-mod-sensors collectd-mod-thermal collectd-mod-ping collectd-mod-sqm collectd-mod-irq
  • Traffic monitoring - luci-app-nlbwmon (extra settings are needed)
  • Stats export to Grafana - see here

Troubleshooting

  • keep it simple, stick to defaults
  • view Status > System Log
  • familiarize yourself with terminal commands (see Appendix)
  • in case of issues search the forum and/or create a topic with your config (see Appendix)

Appendix: Collect config

Connect to your OpenWrt device using ssh, copy output of below commands and post it using the preformatted text button (redact passwords, MAC- and public IP addresses)
Screenshot from 2024-03-26 16-57-00

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Appendix: Terminal Commands

cpu memory: htop (press F2 and enable detailed cputime)
network: ifconfig, iftop, mtr -ezb4 --report 1.1.1.1, netstat, nslookup, route, traceroute
hardware: ethtool, iwinfo, iw phy0 info, iw list
text view/edit: cat, grep, logread, nano
ps: when a command is not available then install it in System > Software
ps2: see also
https://openwrt.org/docs/guide-user/base-system/user.beginner.cli
https://openwrt.org/docs/guide-user/network/wifi/wireless-tool/wireless.utilities

Appendix: Benchmark

Cloudflare speedtest
Ookia speedtest
Bufferfloat test
iperf3 performance
Wireguard performance
Power consumption
Crusader Network Tester
Flent Network Tester

Appendix: External Resources

Embedded Hardware News https://www.cnx-software.com/
Linux (Kernel) News https://www.phoronix.com
Networking Fundamentals https://book.systemsapproach.org/
Networking Fundamentals https://www.geeksforgeeks.org/computer-network-tutorials/
OpenWisp https://openwisp.org/demo.html
OpenWrt Configurator https://github.com/jasrusable/openwrt-configurator
OpenWrt Wifi info Crowd-sourcing the Wi-Fi Chip info - #2 by richb-hanover-priv
OpenWrt recent commits https://git.openwrt.org/?p=openwrt/openwrt.git;a=summary
Starlink latency story https://api.starlink.com/public-files/StarlinkLatency.pdf
Table of Hardware https://toh.openwrt.org/
Wifi planning tool https://design.ui.com
Wifi Survey https://github.com/jantman/python-wifi-survey-heatmap or https://www.netspotapp.com/gettrial.html or Robot Vacuum https://github.com/ccoors/Valeronoi
Wifi SNR https://interline.pl/Information-and-Tips/Minimum-802.11-SNR-Sensitivity

Appendix: ARM/MIPS SoCs 
88f7040 quad-core A72 (Marvell ARMADA 7040)
ath79    MIPS 4Kc
bcm2711  quad-core A72
bcm2712  quad-core A76
mt7621   MIPS1004Kc
mt7622   dual-core A53
mt7628   MIPS24KEc
mt7981   dual-core A53 (filogic 820)
mt7986   quad-core A53 (filogic 830)
mt7988   quad-core A73 (filogic 880) WiFi 7
ipq53xx  quad-core A53
ipq60xx  quad-core A53
ipq807x  quad-core A53
ipq957x  quad-core A73
88F7040  quad-core A72 
RK3399   dual-core A72 + quad-core A53
RK3566   quad-core A55
RK3568   quad-core A55
RK3588   quad-core A76 + quad-core A55

ps: support the OpenWrt Project by making a small donation

16 Likes
2

For a Wifi Router advice: are ipq807x and filogic the best performing devices for 2023/2024 ?
Do you have 2.5Gbps / 1.0Gbps device recommendations for these?

edit: I digged some time into topics and found following
ipq807x - Dynalink DL-WRX36 looks cool but currently lacks DSA support
filogic - contains a growing number of devices but many are not easily flashed.

3

I'm not sure why you added this question to your existing thread... but look at this section:

Read and search first, if you don't find answers to your questions, that is a good place to start a new thread regarding OpenWrt + hardware questions

4

Seller claims they're new, photos appear to back the statement up.
No warranty from Dell though, these devices have been EOLed.

Btw, the link's b0rked, I changed the topic, it changes the URL too, not changing it again, but EU eBay new Dell Edge 680 16 core C3958, 32GB RAM 240GB SSD 6x1GbE 2xSFP+ ~200€ might be better.

As for used Dell Edges, you might want to use Dell Edge E42W VEP1400 620/640/680 HW discovery.

5

Thanks for pointing this out - the link is now referring to your generic Dell Edge topic

1 Like