In the past I have set up routers using the Tomato firmware for many relatives who have no idea what a router is and call Wifi the internet. It has been a set it and forget it for all instances and for many years now.
Most of the devices are older and I'd like to upgrade everyone to a new device (lets say a Belkin RT3200). I'd like to switch over to OpenWRT and wondering if an out of the box set up is as simple and reliable as Tomato has been for them?
I know I've read OpenWRT is more for tinkerers and advanced users, but what is the thought on a simple set it and forget it** set up?
**The vulnerability of not updating aside.... because these people would never upgrade their stock firmware, let alone even know how to.
This is why I direct even family members (in another city) to more commercial solutions with automatic updates or update notifications, like:
OpenWrt based:
turris omnia
evenroute IQrouter
proprietary:
AVM Fritzbox (over here they offer DSL, DOCSIS, and FTTH models)
My point is, for me it seems more important for my family to be reasonably secure even if that means foregoing some of OpenWrt's really nice/cool features. Anybody willing to put in some time however I would be happy to support with OpenWrt.
If they never login to the router then what are you worried about? Just get a well supported OpenWrt router, buy them all the same make/model, configure them identical and back up the config so you have all of them. That way if you ever even had to troubleshoot it's easy.
RT3200 / E8450 is an obvious choice, or maybe the DL-WRX36. OpenWrt 23.05.
Thank you @phinn. I am not worried, I just wanted to get others feedback on simple setups like this. The reliability with a simple Tomato deployment has been great and was looking to see if anyone else does this as well with OpenWRT.
Thank you for the DL-WRX36 recommendation as well.
OpenWrt is Linux based and reliability is excellent. I had a 55 day uptime on 23.05-rc on my WRT32X with not a single crash or hiccup. This being is a heavily used device, not just for basic routing. We're talking all the included features like Nftables, DSA, being used, but also tons of added packages SQM cake for no bufferbloat, Adblock-Fast for network wide adblocking, Samab4 with USB3 for file sharing to PC and Shield TV, advanced-reboot, attendedsysupgrade, SSH, reporting, etc. Everything is secure and rock solid.
Yes OpenWrt interface is more advanced by default than something like Tomato, but setup a config and back it up and you wil be happy. If you want set a once per week reboot at 2am or something if you're worried about something being unstable, but don't think you would need that.
One thing to note with the DL-WRX36 is the initial install has a bit more steps because you need to enable SSH and flash a intermediate image before flashing OpenWrt, just follow the guide on docs page it's easy enough.
For core family members I go with OpenWrt, but I configure a Wireguard VPN to have secure remote management ability. Yes, I maintain them, so I just did a remote attended sysupgrade to 23.05 - and it went fine in all cases (I carefully selected the packages, changed wolfssl to mbedtls, all devices were already on DSA).
For the others, I usually do the same as @moeller0 and recommend a Fritz!Box or similar device.
Yeah, code instability has been a non-issue for me with 5-6 routers at various locations around the globe. My APU edge router was just rebooted a couple days ago because I had upgraded 22.03.5 to 23.05, which was its previous reboot.
Here's an RT3200 on 22.03 at my sister's place, she says it's working fine. Getting ready for the 23.05 upgrade...
Haha, nice! My Ubuntu server was up to 236 days last Monday, with like 30 pending kernel patches (it runs our family IRC server, so I like to keep it up 24/7/365), but I decided it was time...
Mmh, I try to update computers/routers in a more timely fashion... Only my bridged dsl modem is well above 120 days uptime, but that is outside my firewall and contains nothing really exploitable, assuming an attacker could somehow break out of the bridge...
You can use openwrt on well supported router. I am using cudy WR3000. Don't worry about security if this is simple setup you just close access from wan side completely or put ssh on high port like 30052 or sth.
Also you can configure vpn to have remote management.
Security holes are mostly found in services not in simple nat/routing device with all wan port set to drop incoming traffic.