Hey guys! I'm looking to buy a new router to install OpenWrt since my current router does not seem to have support(it's also getting pretty old). I have spent hours looking through various recommendations and tutorials, but the suggestions all seem very fragmented. From my research I don't really see like one or two routers that people recommend, probably because everyone has different goals and budgets.
I'm looking for a very fast and secure router for gaming and running some basic home network devices. I'd like something with FOSS firmware as I read about in the Buyers' Guide. I run coreboot on my laptop, I honestly didn't know people used it on routers too, so that would be a really nice addition. I currently have a separate modem+router setup, but I would be interested in replacing it with a two-in-one device as long as it doesn't compromise anything or provide any downsides. I'd prefer to stay away from hardware made in China if possible as I have heard some concerns about potential tampering from their government(not sure if it's true or not, but I don't want to risk it). I would really like if I could get something without hardware security conerns like the Intel Management Engine, AMD Platform Security Processor, but I don't know if such a device even exists. I have never installed OpenWrt before, but I trust my ability to follow directions and I have some friends who have installed it, so I'm not too concerned about the device being easy or hard to set up. My budget is around $500 - $700
I didn't know Chinese routers were so common, I always heard to avoid Chinese networking equipment, but out of fears for privacy/security which is really my main goal.
My ISP speeds are about 250 mbit down 25 mbit up, not amazing. I'd like a few Ethernet ports to connect some of my devices, maybe 2 or 3 would be fine, more is obviously better. I don't think I would need a VPN directly on my router, but wouldn't that be a software feature and not a hardware feature? I need wifi, I don't know the big differences between wifi5/6 so I'm honestly not sure which I need. And I literally have no idea what SQM is, I just recently heard about the term on the forum as I'm a little bit of a noob when it comes to routers.
I appreciate all the help by the way, sorry if I sound like a noob.
Hey, I appreciate the help but it looks like there's 142 routers on there. My main difficulty is filtering down the list to the best options, specifically for privacy/security with FOSS bootloader and good specs for fast speeds.
For that speed just pick one from "ideal" list, check if you need USB, and one more LAN port than you imagine connecting directly in near future.
Say if you can order > gigabit at home maybe go for 2.5gbit, but on the other hand todays gigabit can serve future 2.5gbit as range extender.
But, to the task at hand. I'd get a x86 minipc with an Intel N100 CPU, the 4-6 x 2.5G Intel 226 ones are like $100-150 bare bones. A 64G SSD and a 4G stick of RAM and you've got an unbrickable, super fast router for under $200.
Add on a nice AP for your wireless needs, I like the Zyxel NWA50AX Pro, "Pro" is the one with the 2.5G backhaul, they're currently $85 (and have been for months) on amazon https://www.amazon.com/gp/product/B0C6MRDNQ6.
Both devices run OpenWrt, configure as full router/firewall on the minipc and as a simple access point on the WAP, off you go...
Officially built routers I doubt it.
I guess the hardware with least probability of hardware backdoors is computers like raspberry that ain't supposed to be routers to begin with or old equipment before the surveillance laws came creeping.
But the router ain’t really the problem or the meaningful protection against governments, they are tapping the data traffic through the isp or directly from the smartphones or smartpads or computers inside the network instead.
Openwrt does not change bootloaders, if you are lucky you can examine their recovery function source, you will need a flash programmer to recover from replacing loader.
If you want to go through the extra mile and eliminate bootloader + firmware binary blobs than look into https://librecmc.org/ - this is however badly maintained and not suitable for modern hardware...
Also worth looking at BSD, which support up to wifi4 on even modern ath*k and mt76. Obviously you need a mainstream mini-pc amd64 or arm64 to drive it.
Graphene is still based on AOSP, they actually contribute to AOSP heavily as well. And yeah, I know pihole isn't full-proof as they can do many things like avoid domains entirely or send their telemetry data through the same domain as legitimate traffic needed for their service. Fortunately many services do not do this.
Most of my end devices are already secure and privacy-respecting. I think a good router is my last step for my home network, but from this advice I've been seeing, it seems like the best option would not using a typical router. It seems like it would be much better to use a NUC like s76's meerkat or purism's librem mini as it will allow for secure firmware as well. Sounds like a lot of money and work that I'm not looking forward too though ;( I really wish there was a better option. Maybe the rpi5 would be a good choice if it's compatible.
