Router to go with Ubiquiti AP

juupio · March 22, 2022, 11:15am

Hey Folks,

I am new to OpenWRT, having finally gotten round to wanting to take more control over my network after moving out of an apartment where the wifi was included. I have lots of experience in tech/networking and enjoy tinkering, so I am looking forward to jumping in.

I'm looking for a router to replace by BT (UK) FTTP Smart Hub 2. The connection speed is 500mbps (don't worry, I've seen the thread about 500mbps-1g connections and my expectations have been appropriately set, I don't mind losing a bit of raw speed for better overall performance and security). This requires PPPoE support. There is an existing ONT that I will plug into from the device WAN port.

I understand that some of the routers that seem 'old' are still very much relevant, but that there isn't yet that next-gen of hardware at the same price point to cater for substantially faster connections; again I am OK with this.

I have no requirement for the home phone service, which I know mandates the use of the ISP router.

My requirements are not super complicated, albeit they do surpass anything I can do with my ISP device:

VLAN support is essential (I want private/iot/guest VLANs)
Stateful firewall
Wireguard with policy based routing to send certain VLANs over the VPN exclusively would be a nice to have
I will likely combine with NextDNS, so I don't need too much on the box in the way of traffic filtering, etc.
Wifi6 is also a nice to have, however, I have a Ubiquti WiFi 6 Pro, so again there is some heavy lifting that can be offloaded, and I can do things like client isolation via that unit
I'm new to SQM but it looks like this would be good for me as I work from home and play games, so low latency is important (I get 14-16ms on average as it is though, which is pretty solid)
5ghz support/good performance is essential

I'm trying to ascertain what is the best option that would be suited to this, while being able to take advantage of most of my connection speed and being realistic with expectations.

I keep coming back to the Linksys WRT3200ACM, though this is the most expensive of the devices I've been looking at (£200 here in the UK, but this is acceptable if its actually deemed worth it over other devices)

I've been keeping an eye on eBay for a Nighthawk 7800 as they can be had for a pretty good price (if you can get one..) but I've also seen the Belkin RT3200 coming up here on the forums. The reviews for this device are not particularly good though - however getting some real-world feedback in the OpenWRT context would be helpful.

There don't seem to be too many options standing out that go beyond the WRT3200ACM, presumably relating to the extra requirements around those faster connections, SQM, and so forth - but I would still be keen to understand if any such options exist.

Many Thanks

trendy · March 22, 2022, 11:20am

Have you considered any small boards, like RPi, RockPi, etc? Their wifi is not that good, but if you have that covered already you don't care so much.

juupio · March 22, 2022, 11:25am

Thanks for your reply! I was actually just editing to say, that while I've read about the common combo of a Raspberry Pi 4 + Adapters + Switch, I'd ideally prefer off-the-shelf hardware that's all in one.

For instance, I could get a Pi 4 (actually, I have one lying round somewhere) but then if I get a basic switch, I'd lose the 802.1q functionality (however if I am mistaken/there is a cost effective way to solve that, I am open to hearing!)

trendy · March 22, 2022, 11:27am

You can get the full combo of Pi-SD-Case-PSU-USB2Eth for less than 100€ and a managed switch for home use is less than 30€, if that intrigues you.

juupio · March 22, 2022, 11:35am

It's certainly not something that I've ruled out - though as with so many things at the moment, getting hold of all the components is tricky with the current stock situations.

As a matter of interest; since this comes up a lot - what I am getting for that £130-ish spend over what I'd get from any of the routers I noted? I see comments about better performance but I've not seen anything side by side to fully appreciate any difference there

trendy · March 22, 2022, 12:14pm

juupio · March 22, 2022, 4:02pm

Thanks for sharing those. I had seen similar and I guess one thing as a newcomer to this is the sheer volume of information can be tricky to cut through, plus typically conversations are CPU/Arch centric vs model centric

The throughput thread was very interesting and again draws me back to the WRT3200ACM, plus does shed some light on why it still carries a higher price tag. Certainly seems the Marvell 88W8964 CPU appears to be suitable for my requirements...so it's still sat at the top of the list!

Thanks for the assistance

mercygroundabyss · March 22, 2022, 4:11pm

NanoPi R4S - NanoPi R4S rk3399 4G is a great new OpenWrt device

I host my ubiquiti docker from it and it handles my routing. I have a switch for my Lan connections and a AC-Lite for my wifi. (edit - I ideally want a POE Ubiquiti switch in future but a basic one does for now. Damn supply chain issues. Also a decent switch is far better for managing VLANS)

It is snapshot or use https://github.com/anaelorlinski/OpenWrt-NanoPi-R2S-R4S-Builds as it is not in release builds yet (It just missed out on 21.02) Oh and get the 4gb version as OpenWrt only supports that as the upstream patches from FriendlyArm havent been pushed to uboot yet. The 1gb version uses ddr3 not ddr4.

flygarn12 · March 22, 2022, 4:54pm

If you thinking about a switch, take a note about the progress of the realtek based switches that we now have OpenWRT support for.

If you want OpenWRT on the switch also?

jaredoconnor · March 22, 2022, 6:48pm

You probably won't get routing and a "proper" VLAN capable switch, all in one unit. Basically all routers support VLANs, on their inbuilt switch. However, the boot loader usually configures the switch to be completely open, before the OS loads. Untrusted wired devices will see your trusted wired devices, until the OS boots and reconfigures the switch.

I suggest using separate devices. In my experience, it works out better in the long run. Below are some of the devices that I am using and they work well.

Router: NanoPi R4S
Switch: Netgear GS308T

Not sure why you need WiFi, on the router, given that you're using a Ubiquiti AP. If you need more coverage, you should just get another Ubiquiti AP. You're much more likely to have fast roaming work well, that way.

juupio · March 23, 2022, 9:21am

Thanks all for the insight and replies, good to hear different experiences and suggestions!

I had been looking at some of the 2 port router types (eg Firewalla) - I'd not seen the R4S - however a quick dig suggests the same old supply issues at the moment here in the UK. I did find a few on Amazon but the same pictures all claiming to be different brands. The UK distys for regular Pi's are all sold out. I think this is a very solid future direction, though.

One thing I'd like is to start with a smaller footprint, and expand as I hit limitiations and/or want more control. Managing a router, switch and AP all independently is a bit undesirable just now, but as I get more familiar with the platform that will change.

That is a very interesting point about the VLAN leaks - I guess that is at Layer 2 though since the L3 interfaces on the router to send traffic between them would be down? I can see why that would be a concern in some scenarios, but in my case it's not the biggest deal.

I really appreciate the conversation and insight - for now, mostly for rapid availability and a speedy deployment, I've gone with the WRT3200ACM to sort an immediate matter, but this thread was super useful and will prove a valuable resource for when I come to upgrade.

slh · March 23, 2022, 9:26am

The wrt3200acm is a capable wired router, but its wireless side is very buggy and abandoned by its manufacturer, leaving gaping bugs open (802.11w/ wpa3, device interoperability (esp8266/ esp32), ...), I wouldn't consider that to be an option with wireless in mind.

juupio · March 23, 2022, 9:32am

Thanks, yeah I had seen that was quite common feedback - I will pair with my Ubiquiti WiFi 6 Pro, and that will give me a solid option for the time being..or so I hope

the wrt3200acm's seem to resell on pretty easily too, so shouldn't really cost me an awful lot when I decide to change things up

juupio · March 23, 2022, 12:33pm

Well, having ordered late last night it's already arrived. Flashing OpenWRT was very easy. Actually the WiFi performance - at least thus far - is only slightly worse than my BT router (and about on par than my previous testing with the Ubiquiti). For now it's handy to use just for my own laptop with the WAN interface set to DHCP so I can run side by side without impacting the rest of my household..then later I can switch to PPPoE.

The packages aspect is interesting and powerful. At first when I logged in my first thought was...wait...where's the rest! But of course, that's what the packages are for.

A couple of questions if I may:

Is there a better quick start guide than this one? https://openwrt.org/docs/guide-quick-start/start - It doesn't cover an awful lot beyond WiFi setup, which was pretty intuitive on it's own. Perhaps the key things I want to cover are beyond basic quick start but I'd like to understand the following topics better:

Zones
Default firewall config (eg, I can see it appears to allow things like ICMP and DHCP to the WAN..are there any rules that I should be disabling?)
VLAN Creation and how to tie in DHCP, DNS
Bridge config

If I wanted to have LAN Port 4 isolated with its own vlan/dhcp, would I just remove that from the bridge?

Thanks!

mbo2o · March 23, 2022, 12:54pm

Try

mercygroundabyss · March 23, 2022, 5:28pm

I got my R4S from here https://www.aliexpress.com/item/1005001831487845.html Got the 4gb version with metal case and its been wonderful. So much more powerful than the old bt hub5 i had. If you in the states friendlyarm also sell it.

Cheddoleum · March 23, 2022, 7:01pm

Remember, if you buy a router device with an integral switch, all the traffic which routes across VLANs on that switch are sharing at best a single gigabit. This is fine for internet-centric use, but if you have bandwidth-intensive local resources such as IP cameras or an NAS, it's nice to have a full gigabit bandwidth across the router per VLAN. For this you want a device which has multiple interfaces, not just a switch.

I've had good experiences using a Mini-ITX board with an inexpensive (ebay) PCIe quad-NIC card, and I presently use a Sophos SG-115 with 4 onboard Intel i211 NICs. This way I get full simultaneous gigabit throughput on three VLANs plus WAN.

(Edit: but you'll still need at least one switch to connect all this. I need three just to distribute all this throughout the house. Mostly because of my rule that only mobile devices use WiFi: fixed devices are wired, always.)

glyndon · March 26, 2022, 11:53pm

Have you considered the Ubiquiti EdgeRouter Lite?
It's a sub$100 3-port device (so you can have a DMZ without doing VLANs), intended for light commercial and SOHO use.
IMO its best feature when it comes to OpenWrt is that the firmware lives on a short-but-otherwise-plain USB thumbdrive inside the case. That means you can't brick the device!
It also means you can do what I do and use a USB-to-MicroSD adapter as the thumbdrive.
You can (with router powered off) pull the SDcard out, clone it, put the clone in, update OpenWrt, and if anything goes wrong you just put the previous card back in while you figure out the problem. Hardly any downtime.
Peace of mind at an affordable price.