I'm hoping someone can help me, I'm looking for 2 new devices to run OpenWRT, following are my prerequisites
Version I want to run: The latest stable.
How fast is your internet connection: Maximum expected speed is 100-250Mbps.
Form factor: Preferably small, something which would be rather lightweight and easy to fit in a backpack on the go. Such as the Xiaomi Mi Router 4A, GL-MT300N-V2 / Mango, NanoPI M4...
Do you need Wi-Fi?: Yes, dual band with preferably detachable antennas and IPEX to RPA-SMA cables inside.
Do you need Gigabit Ethernet?: Yes.
Do you need USB ports? How many? USB 2.0 or 3.0?: Two suffice, USB 3.0.
How many family members/devices must the router support?: Just me I'm single as a pringle.
What other services do you want?: OpenVPN and adblock.
Price: > 30$ Ideally.
Your desired WAN speed pushes you out of the "cheap" range of devices discussed in this thread, towards the enthusiast range of devices and into RPi4/ r4s/ x86_64 territory.
IMHO, the price range with all the goodies needed is not easy top find something.
what i would propose is a GL, Mi 4A, tplink router but you have to sacrifice a few things from your list. Unless you change the price.
IMHO, the price range with all the goodies needed is not easy top find something.
I'm fine sacrificing a couple of things especially for the price range. I'm mainly going to use it via WiFi and very seldomly via Ethernet so speed isn't the biggest priority.
what i would propose is a GL, Mi 4A, tplink router but you have to sacrifice a few things from your list. Unless you change the price.
Is the MI 4A still a great choice in 2022? Any models in particular which you could recommend?
Is there anything on this list not worth getting? Are there more or better options? What about AX (WiFi 6 / WiFi 6E) routers?
Most MediaTek AX chipsets have already been mainlined into the Linux kernel, which is great since most modern routers tend to opt for MediaTek chipsets. Although I noticed OpenWRT doesn't have support for these devices yet, understandably so since it after all is an open source project.
Can someone give me a rundown on how supported AX chipsets are yet? And what about X86 OpenWRT + M.2 / Mini PCIe wireless cards is there any AX support there?
Some MT7621AT SoC can be had for ~$30 (e.g., Mi 4A Giogabit), but MT7621AT devices aren't going to give you more than ~20 Mbps OpenVPN. If you can use Wireguard VPN instead, MT7621AT will get you in your desired 100-250 Mbps VPN range.
That way I can loosen the requirements on how many Ethernet ports I require. However I'm wondering whether that'd be secure. Do unmanaged switches have any firmware? Is there any open source firmware for managed switches?
I would recommend that you DO NOT do this ^. Instead, put any WIFi AP's behind the security of your router firewall, as you've shown in your other option.
Yes. OpenWrt supports several Realtek SoC managed switches. I'm running OpenWrt on a Netgear GS308T managed switch behind a NanoPi R4S gateway router, with an AP on each floor of our home plugged into the GS308T via wired back haul.
If you are going to buy a switch, spend just a little more to get a managed switch. Any switch will have firewall security behind your firewall router. However, a managed switch is needed to segregate VLAN sub-networks provided by your router. VLANs allow you to segregate many local networks sharing the same wires for added security by separation: a hacked IOT device on an IOT VLAN sub-net cannot access devices on a home or security VLAN sub-net (and vice-versa) for example.
I would recommend that you DO NOT do this ^. Instead, put any WIFi AP's behind the security of your router firewall, as you've shown in your other option.
What's the reasoning behind this? I don't need to cover a large area.
Yes. OpenWrt supports several Realtek SoC managed switches. I'm running OpenWrt on a Netgear GS308T managed switch behind a NanoPi R4S gateway router, with an AP on each floor of our home plugged into the GS308T via wired back haul.
If you are going to buy a switch, spend just a little more to get a managed switch. Any switch will have firewall security behind your firewall router. However, a managed switch is needed to segregate VLAN sub-networks provided by your router. VLANs allow you to segregate many local networks sharing the same wires for added security by separation: a hacked IOT device on an IOT VLAN sub-net cannot access devices on a home or security VLAN sub-net (and vice-versa) for example.
Thanks, in that case I'll get a managed switch and pair it with a GL-AR300M-Ext or NanoPI R4S.
I would guess (not being @eginnc all I can do is guess) that applies mostly if multiple devices connect to the modem via WiFi, if this is a dedicated WiFi link just between modem and router the security aspect becomes less important. However, generally fixed wired ethernet connections tend to be more robust and reliable than wireless links of any kind, so I personally would also at least try to go wired here (but not for security reasons). Also if you want to use traffic shaping to keep bufferbloat under control all internet traffic should traverse your router, so this is incompatible with WiFI for all devices served from the modem (but that is not likely one of your goals, just mentioning it for completeness).
If you do not need VLANs an unmanaged switch will be just as fine, it is just a managed switch offers more options for a slightly higher price and appears to be more future proof. Depending on what devices you use, you might want to look at a power-over-erhernet (POE) switch that can allow to power some remote devices directly over the ethernet cable (should work for say a raspberry pi or IP cameras, voip base stations...)
My reasoning for keeping your WiFi AP behind your router is exactly as moeller0 guessed.
He also makes a good point to consider a PoE capable switch now if your future needs may want that (the GS308T is not).
If you have IOT devices connecting to your network, I personally would consider VLANs a security necessity to keep them out of the rest of your network. But then again, I'm one of those tin foil hat types that only connects an employer owned laptop to the guest network