I need to replace my home/office router with something far more sophisticated. I was looking at OpenWrt (and the OpenWrt One device) but what I have seen have left me cold. I am a Linux guy and before I had my cheapo SOHO router, I utilized Linux and iptables (now obsoleted to nftables) to manage my home office network. I switched because nobody else here could manage it if I was unavailable. Now I need more sophistication and the choice was some $1K Cisco or OpenWrt, but OpenWrt seems like nothing more than the same Linux I have on one of my old Linux PC's sitting around. I need a justification to implement OpenWrt and even an OpenWrt One instead of a 2Ghz 2Gb Athlon+ with a bunch of NICs with a current bare bones Ubuntu server release, and my own nftables configuration.
A good justification would be GUI management of routing and firewall rules, but I have not been able to find that in the documentation, only command line stuff. CL stuff is OK for me, but not for anyone else in my household nor anyone they might bring in.
Not external support. But what if I am unavailable (or croak) and need something addressed on this network. If nobody knows how to manage CL stuff then the are SOL. They would have to find a consultant or someone who knows how to manage it. At least with GUI config, someone with basic understanding of what is going on has a shot of managing a problem.
I have had a bunch of SOHO (D-Link, Actiontec, Netgear, LinkSys) and the GUI config is easy to do but somewhat lacking in sophistication.
As a further example, I setup a law office network for a family member. In my own home/office, I use a Linux box with RAID 1 disks as a "NAS." For the lawyer I used a Synology NAS box which we all know is just a Linux box with there GUI on top for management. The simple reason is that if I cannot help him, he can find someone who knows Synology and get his issue addressed. If it was a Linux box, finding someone to help him would an order of magnitude greater effort. I am trying to understand if managing an OpenWRT device requires understanding of Linux networking and nftables, or if anybody can get in and at least make superficial changes via a GUI.
OpenWRT has a very full featured config GUI called LuCI. It's built into the default distribution. It abstracts most of the Linux-yness away so it's very approachable. Additionally OpenWRT can run on x86 (or even an LXC container if you're feeling fancy), so your box of NICs will still work. I've used it in professional environments and its very competent. Better than any commercial solution I've used. Additionally, there's a fully featured SSH server built-in, so remote access to the GUI over SSH forwarding is possible. Wireguard support is also a huge plus. It's not gonna be all that different from your nftables box, except that you're expected to perform configuration through OpenWRTs wrappers (which, in all fairness, have been capable of doing everything I've ever needed to do despite the learning curve).
I say give it a shot. It's served me well for 10+ years even in very complex environments.
OpenWrt has the ability to configure the firewall via web GUI. Additionally, there's a GUI method as well to add IP Routes and Rules - and if you prefer, there's also a Policy Based Routing app that can be installed for more fine-grained configurations.
This seems to be what I am looking for. As long as someone like an out-of-the-box-Windows-admin who would be lost on a Linux command line and are easily available in case I am away, sick, dead, in jail, having a hissy fit, etc.
Next question however a little deeper. I know that Linux supports many devices. Are there particular NIC chips which work better than others. I see some of the Realtek cards are inexpensive, but there is also low end Intel cards and then more expensive Intel cards. I am looking for a 4 port 1Gb card and a 1 port 10Gb card. I know RH or UB will support them but I am not sure about an OpenWrt image.
As a side question, does OpenWrt have a repository and well defined package management or do I have to search my brain for my old Slackware 1.0 tarball way of doing things. Sorry about this, I know I could probably find this in the docs somewhere.
Every NIC I've ever tried has worked, most of them without any tinkering. You may have to install a kernel module if it doesn't show up, but it's pretty straightforward to figure out which one you need. The x86 builds include modules for pretty much every common NIC, so you'll likely only need to do this if you're attempting something weird, like USB tethering with RNDIS (which does work once you get the kmod installed).
OpenWRT does have package management. Currently the package manager is opkg, but there are plans to move to apk (from Alpine Linux). IIRC the snapshots have already moved to apk, so you can try both now to get a feel for them. The package repos have pretty much everything you'll need for typical router/firewall usage, so you likely aren't gonna have to break open any tarballs
