I am looking for the router that supports OpenWRT & Nodogsplash with best range for this conditions:
A big hall with around 3000 people inside (each with mobile phones/laptops etc. so a lot of frequency interruptions etc.). Me streaming WiFi signal with a hotspot gate (nodogsplash or other).
The most important will be range - so I can fill out with the signal every corner of the hall and stability - something that can easily keep 50-100 people connected at same time doing light browsing.
Price is secondary thing. Would love to have couple of options listed to pick from (varying from most expensive to cheaper).
This is unlikely even if they were the only people in the hall. Basically WiFi doesn't do this. The right solution for a hall with 3000 people is about 100 access points each with very low power output and running on channels that don't overlap their nearest neighbors at that power output. There is no way blanket coverage can work well for 100 people even if they are the only ones. With 3000 others in addition it's a joke. Having even a few APs trying to blanket the hall will ensure absolutely no one can do anything.
Consider the practical limit as something like 30 devices connected to each SSID, and no more than 3 active devices in range of each other sharing any given active channel. So you can blanket a hall with 100 radios using devices with 3 radios built in if you buy 33 of them. You'd do well to have one or two kind of in the middle, and then the rest around the exterior. Around the exterior you'd use 1,6,11,1,6,11 etc on 2.4Ghz and you could use similar schemes for 5ghz.
one thing you wouldn't want is the WRT series of devices like the WRT1900acs or WRT3200 or WRT32X because you can't control their output power.
If I were going to deploy some network like this, I'd use probably TP-Link EAP225v3 devices, they're cheap, and can be configured from a control panel. Then I'd hook them all up using POE switches and carry the signal back to a mini PC acting as a router. I'd try to get 100Mbps fiber, and I'd Post Signs at all the entrances : "Please use our Free WiFi on SSID "MyConference" and reduce interference for everyone!"
The trick for venues like this are indeed many APs (with a wired backhaul!), very low output power, narrow bandwidth (no HT40, VHT80, VHT160) and directional (sector) antennas, to reduce range and interference as far as possible (because a single AP can't serve more than 30-36 concurrent clients due to congestion[1]) - and everything dlakelan mentioned above.
--
[1] even if they're just connected, but don't actively transmit data.
On 5GHz you might get away with HT40 channels, since you can use 36, 44, 149, 157 (with upper side channel for 40Mhz) independently. Definitely don't use 80 or 160 MHz, and don't get confused about upper side channel vs lower side channel, they're not independent.
Also with a large network you would run every user through a main router which is also the captive portal controller, rather than having nodogsplash etc. on each AP.
Good point, but also, seriously, captive portals SUCK. They are terrible. There is no legal reason for them, and their main reason to exist is to monetize a connection. If you're running a conference, just provide an open WiFi. If you want to provide good security, hand out business cards with random enterprise logins on them that look like: (user00244,ea558b7a95122) and have people use WPA2 enterprise to login. Run a RADIUS server with the password database on the single main router.
Now you have secure, free, nonintrusive wifi without interference. On the back of the password card have a QR code to scan to see the terms of service page.
(To expand on the technology issues here, Ideally you get people to use EAP-PWD method, that's available in Android and Linux desktops. Unfortunately it's not available in Windows, MacOS or as far as I know iPhones. So there are some issues related to the client trusting that they're authenticating to the actual conference wifi: https://depthsecurity.com/blog/when-802-1x-peap-eap-ttls-is-worse-than-no-wireless-security The hand-out cards should have sufficient information for the conference users to determine they are connecting to the proper wifi system, either a certificate fingerprint or a link to a public site where they can install the conference certificate authority cert or whatever)
I would agree with that. The assumption has become that eavesdroppers and men in the middle are inevitable, so the only real assurance is end to end encryption by the application -- server layer. And in most cases it isn't a problem to allow access to the WiFi to everyone who has obtained physical admission to the venue.
I have dabbled with WPA Enterprise to segregate users into different groups (i.e. Patron, Vendor, or Staff) with different VLANs having different bandwidth limits. That turned out to be not such a workable idea since ath10k does not support per user VLAN.
I also think the OP's estimate of the number of clients that will clog the APs is wildly low. Every smart phone in the hall will be constantly probing.
I have seen 70 clients connected to the 2 GHz radio in one of my Archer C7, backed by a 6 / 0.75 Mb ADSL line (which was also serving about 30 more on another AP). This is not recommended at all. Though amazingly it did still work for "light browsing."
I always like to hear this kind of hard numbers. Thanks. Still the main points hold. If you try to connect 70 devices to one AP while 3000 devices are in the same room, connecting to other APs and your AP signal strength is enough to blanket the room... It won't work.