I'm pretty techy, and I've been running custom router firmware on and off for a decade. But I wasn't prepared for all the options in OpenWRT. Here's what I wish I knew.
- Carefully evaluate your connection, CPU needs, and target platform.
By far the most important. I bought my router for a 50 Mbps connection then upgraded to 250. I didn't know the device I bought would top out around 120-140 Mbps down when running SQM. SQM was a big reason I wanted OpenWRT over stock firmware. There's probably other big CPU hogs like VPNs/containers.
I don't think I can naively copy over an entire config to a new device, so all the time you spend configuring is wasted if you change devices. Some of it probably can carry over, but other stuff that's specific to your radios (what makes wifi work) might not. Correct me if I'm wrong.
flow_offloading exists but is off by default
Important config item to be off by default. I believe either SQM or flow offloading should be on for best results.
Why it's off by default:
flow_offloading_hw is apparently for hardware flow offloading:
flow offloading vs. SQM
I still don't know enough about this.
Guest Network setup isn't bad if you do it over ssh/terminal
I dreaded doing this because the GUI looked incredibly complicated. But the terminal commands aren't bad. You can paste a block all at once.
OpenWRT is not maximally secure/private by default
Security is all about tradeoffs with usability. OpenWRT is wired only until you enable wifi (hopefully with a password). But other features or assumed features of commercial firmwares have to be proactively enabled. For example, guest clients can access the main network unless you isolate them. Administration is apparently open to 0.0.0.0 and thus the whole Internet? So set a really secure password until you disable that! The web UI technically adds attack surface, just like it does on commercial firmware. Disable it once you're done setting up stuff, if you know what you're doing.
DNS over HTTPS (DoH) and Cloudflare's 184.108.40.206 (the most private DNS I know of) are not enabled by default either. OpenWRT is more like a blank slate than a preconfigured storebought piece of hardware/firmware.