New router time: stock firmware? DD-WRT? Tomato? OpenWRT?
November 30, 2019 4:23 AM   Subscribe

Looking for a new router for a shared house, including two home offices. I could go with one of the picks from The Wirecutter, but should I? Or do you recommend a router that's compatible with DD-WRT/Tomato/OpenWRT (which one)? Specific models and firmware versions welcome. I've used Tomato for the past few years. Aside from wifi: need at least four ethernet ports, one of which will connect to another router (which still works) for a different wifi network in a different room.

Normally I'd spend time beanplating this - without the luxury of time I now turn to MeFites for advice.

Been having some issues with an Asus RT-N16 router that's otherwise been pretty solid on one version or another of Tomato. If I can revive it, I might use it as a back up, but it's old enough (almost 7 years) that I'd prefer to replace it for daily use. I've temporarily replaced it with another really old Asus router that had been in use before this one.

Ultimately the goal is security and having flexibility with config options/connecting via VPN. I've liked Tomato just fine but haven't tried out any of the other custom firmwares.

Bonus if I can buy from somewhere that's not Amazon. I'm in the U.S.

Budget: I see that the Wirecutter's router recs run from $60 to $200. I'd rather spend closer to $100 but I'm willing to save up and buy something that will be reliable and last for a long time.

posted by rangefinder 1.4 to Computers & Internet (14 answers total) 11 users marked this as a favorite
If you're happy with Tomato, stick with Tomato. The main consideration with router firmware is avoiding vendor lock-in, because the proprietary firmware supplied with consumer-grade routers is pretty much never as flexible as the open-source stuff.

If you need more Ethernet ports than an otherwise satisfactory router gives you, they're easy to add with a cheap desktop-grade Ethernet switch. I've had consistently good results with the bottom-end gigabit Ethernet offerings from D-Link and TP-Link.

The main thing that differentiates consumer-grade routers is RAM. You want as much of it as you can possibly get, especially if you're at all interested in running BitTorrent. There is no sound reason in 2019 why a home router should not be able to maintain thousands of active TCP/IP connections, but many of them are so RAM-poor that they fall over below 100.

When you set up that extra wifi router in the other room, you'll probably have fewer networking issues if you turn its routing brains off and configure it as a plain wireless access point (networking bridge).

Also, if the issues you're having with the RT-N16 are wireless-related and its Ethernet ports are still solid, you might want to look into turning its inbuilt wifi off and deploying one or more low-end professional-grade wireless access points like these UniFi devices from Ubiquiti.

UniFi WAPs are designed to work together to hand wireless clients off cleanly to each other as they move around a campus, something that consumer-grade WAPs are generally quite poor at; they also support multiple SSIDs, so you could use the WAP in your other room to extend your main wireless network as well as providing a second one for that that room only.

These are a pure WAP - the only routing-like functionality they offer is optional per-SSID station-to-station isolation, which if you turn it on means that wireless clients associated with that SSID can communicate only with the WAP itself and devices upstream of it, rather than being able to talk amongst themselves. Not good for Chromecasts and the like, but handy for e.g. setting up a snooping-resistant AirBnB guest network.
posted by flabdablet at 5:59 AM on November 30, 2019 [7 favorites]

Quick answer: the Wirecutter $58 option (the TP-Link AC1750) looks fine to me. I believe the stock firmware even supports serving VPN connections.

After years of advocating for third party firmware I gave up on it. The stock firmware in consumer routers like those recommended by Wirecutter is pretty good these days.

If you do want to level up I also suggest looking at Ubiquiti equipment. I have a Ubiquiti EdgeMAX router with a couple of UniFi access points. If I were doing it again I'd get the UniFi router instead (called the "Security Gateway"). This isn't cheap though, it's about $250 for a router + an access point.

If you're upgrading from an 802.11n device you're in for a treat with the wifi. 802.11ac is a major improvement and the TP-Link AC1750 will feel much better. I haven't used one or read reviews, but for $110 you might want to research the TP-Link AC2600. I believe that's a less expensive version of the $200 Wirecutter recommendation. The MU-MIMO it offers makes a significant improvement in WiFi.
posted by Nelson at 6:58 AM on November 30, 2019 [5 favorites]

I've had the Synology RT2600ac (Wirecutter's runner up) for almost two years now and I absolutely love it . The stock firmware is excellent and frequently updated (see release notes here). I've had so few problems with it that I don't even remember the last time I had to unplug it or force a reboot (maybe never?) and it works so well that I pretty much forget it even exists (it automatically updates itself, so I don't even need to worry about that).
posted by noneuclidean at 12:11 PM on November 30, 2019 [1 favorite]

If you want a router, buy a router. There are some really nice ones for $75-$150. If you already understand basic IP networking like how routing works, what DHCP is, etc, Ubiquiti and Mikrotik both make excellent stuff for very reasonable prices.

If you want an access point, buy an access point. Rarely is the optimal location for a router and its wires also the optimal location for an access point and its antennas. Also, given that the higher data rates aren't usable through more than one or two walls at best, it's worth considering two cheaper APs over one whizbang 3x3 or 4x4 ac Wave2 job.
posted by wierdo at 12:20 PM on November 30, 2019 [2 favorites]

I have the aforementioned Wirecutter $60 reccomendataion (the TP-Link Archer A7), which I'm running behind a Motorola Surfboard modem. It does, in fact, support inbound OpenVPN and PPTP VPN services. Can't speak to how well they work as I don't use inbound VPN. It does look like it's supported by OpenWRT and/or DD-WRT if you want to go that route (it also seems that it's identical to the C7 but quick Googling was not real clear). Connection speed and reliability out of the wireless has been fine, other than in the kitchen, which is at the opposite corner of my 1000ish sqft apartment. There I get some speed degradation and occasionally drop outs but it is a kitchen and I'm in an old building with thick walls and a bunch of other people with their own wireless networks. It has 4 Gigabit ports that work fine and, more importantly, play fine with my handful of Gigabit switches.

As a point to a thing that shows up in the admin interface, it does support their own brand of mesh networking, so you could theoretically set that up if you wanted to (and had/got compatible devices). Their thing is called OneMesh. Have no idea how well it works - my place is small enough that it's unnecessary.
posted by mrg at 1:28 PM on November 30, 2019 [1 favorite]

If you're at all interested in hopping aboard the Ubiquiti/Unifi train (do it!) the new "Dream Machine" looks like a pretty excellent option:

I couple years ago I inherited some older Unifi gear and replaced a Netgear router
Tomato at home. The Unifi stuff works very well and the software is excellent. If you're the kind of person who changes your home router firmware to get more control and better performance, you'll be very happy with Unifi.
posted by sportbucket at 2:10 PM on November 30, 2019 [2 favorites]

I bought a previous Wirecutter pick, the TP-Link Archer C7, which is the predecessor to the current A7. I bought it specifically because it supported OpenWRT, and I've had to reflash all of my previous access points for them to be even semi-reliable.

But the performance just never got noticeably bad for me to bother reflashing, even after adding a bunch of new always-on devices. I'm even running a full-time guest network for isolation.

I don't know what's changed in the past few years so that consumer-level hardware no longer chokes on stock firmware but I'm happier for it.
posted by meowzilla at 2:32 PM on November 30, 2019 [1 favorite]

I had the Archer C7 based on the Wirecutter recommendation, and I was never really happy with it. We had about a dozen devices connected to it over wifi and ethernet and we were always having to reboot it for one reason or another. I moved to a Unifi setup a few years ago and it's been rock solid, and has better range. That Dream Machine looks pretty sweet.
posted by natabat at 3:17 PM on November 30, 2019 [1 favorite]

The feature I value most using custom firmware is SQM although it appears to be available on some commercial offerings these days.
posted by onya at 9:05 PM on November 30, 2019 [1 favorite]

The Unifi stuff works very well and the software is excellent.

Yes it does and yes it is. And if you ever find a need to set up a point-to-point wireless network link, their AirMax line works similarly excellently for that.

Ubiquiti's prices are also pretty consistently the lowest I've found for gear that works as consistently well as theirs does. I've deployed a fair bit of their stuff and never had reason to regret it.
posted by flabdablet at 1:58 AM on December 1, 2019 [2 favorites]

Thanks for the input, everyone, and for introducing me to Ubiquiti.

> I have a Ubiquiti EdgeMAX router with a couple of UniFi access points. If I were doing it again I'd get the UniFi router instead (called the "Security Gateway").

Nelson, I'm curious about why you'd take a different approach - is it easier to use UniFi line products together, or is it just a preference related to your particular setup?

> If you're the kind of person who changes your home router firmware to get more control and better performance, you'll be very happy with Unifi.

The Ubiquiti products sound really nice. I guess I'm the kind of person who's not averse to learning how to deal with configs etc if I have to, because I like learning new things and like not being locked into manufacturer-provided settings (which is how I happened to learn about custom firmwares like Tomato originally) -- but in this case I'd be glad if I didn't have to, if that makes sense.

For budget reasons at this point I'm leaning toward trying one of the recommended band-steering consumer routers, and seeing if the stock firmware will be sufficient. flabdablet, great point about RAM and I will try to go with one that has more RAM than what the Asus RT-N16 had (128 MB). I'll update this thread with whatever I end up getting.

For down the road I'll definitely keep an eye out on the Ubiquiti products.
posted by rangefinder 1.4 at 1:08 AM on December 9, 2019

Personally I got sick of trying to find a router with enough RAM in it a few years back, acquired a little Beaglebone Black single-board computer, stuck a cheap generic USB to Ethernet adapter on its sole USB socket to give it a second Ethernet port and installed Debian on it. With 512MiB of RAM it doesn't even get close to falling over under the load of an insane number of NATed torrent connections.

Running a totally general-purpose Linux box over ssh with no web-enabled configuration tools and very nearly nothing in the way of application software just so that the kernel can be a router is not everybody's cup of tea, but it's been rock-solid for me. My house is wired with cheap D-Link DGS-1100-08 managed gigabit switches that understand 802.1Q VLANs, as does the Linux kernel in the Beaglebone, and the flexibility I have with this setup is very pleasing.

In fact I was initially running the router on its single Ethernet interface, using 802.1Q to dedicate one of the switch ports in the front room where the ADSL2+ modem was to WAN traffic. Added the USB Ethernet dongle after the National Broadband Network came to my area and bumped my inbound WAN speed up from the 20Mb/s I was getting on ADSL2+. The NBN fixed-wireless gear is also physically located in the cabin out back with the router, making direct connection convenient.

If Australia ever drags itself far enough into the 21st century to offer me WAN speeds of over 100Mb/s, I'll replace the Beaglebone with whatever little SBC is cheap by then and has a genuine gigabit port, USB3 and at least 1GiB RAM. The Raspberry Pi 4 currently fits that bill, but who knows what else is coming? Debian can be made to run on damn near anything, so I should be able to migrate my existing config with very little pain.
posted by flabdablet at 7:28 AM on December 9, 2019 [1 favorite]

I'm not so sure raw RAM on the board is the limiting factor for open connections. Bad old routers had very small statically-sized tables for a few hundred connections, but that's been fixed in modern routers AFAIK.

rangefinder, the reason I suggested the Ubiquiti Security Gateway is I think it's just Ubiquiti's newer product line for routers. The EdgeMAX is old and successful and they still sell a lot of them, but most of their new products seem to fall under the UniFi umbrella and it makes sense to keep up with the direction the company is going in. Specifically Ubiquiti sells a nifty Redundant WAN over LTE product that has to coordinate with the router. It only works with the UniFi gateway, not the older EdgeOS routers.
posted by Nelson at 7:40 AM on December 9, 2019 [1 favorite]

I ended up getting TP-Link Archer C4000, which seemed very similar to the TP-Link Archer A20 (also confusingly called the AC4000), the current top pick from the Wirecutter. From the Wirecutter:
TP-Link sells a variant of the Archer A20 called the Archer C4000. The company confirmed to us that the hardware was "almost identical" but that "the available firmware features on each model may vary." Most people should stick with the Archer A20, since we haven’t tested the C4000.
I got the C4000 because it was on Costco's site -- it was cheaper there (even had free shipping) and my family has a membership. I also saw the C4000 at my local Office Depot store -- at the time they were running a 20% discount if you brought in your old router, but Costco still had a better deal and a better return policy, and I didn't need it right away thankfully.

In setting up the new router, I see what folks said above about stock firmware having improved from years ago. There was one update since the date of manufacture, so I did that and it's been almost a week since it replaced the old temp router. After plugging it into the network, there were no head-scratching problems of "why won't it work?" or needing to reboot it over and over -- either with LAN or WiFi. WiFi range is already better than before, and I haven't noticed anything odd yet.

Found this thread on the DD-WRT forum asking if the C4000 worked with DD-WRT (no definitive answer yet). If the stock firmware turns out to be a problem later then I'll check in the future on DD-WRT, but for now I'll leave it.

Thanks again to everybody here for helping me figure this out, and for your follow-up comments flabdablet and Nelson!
posted by rangefinder 1.4 at 10:51 PM on January 6 [1 favorite]

« Older help me buy less stuff   |   No more 🎶 Here Comes Santa Claus 🎶 Newer »

You are not logged in, either login or create an account to post comments