OpenWRT compatible Router for 2024 in India

[variablevector]

This is the exact reason why I shifted to x86 router.
Those consumer grade routers can't do SQM beyond 100-150Mbps. The CPU power ain't enough.
And SQM is helpful in load scenarios where your ping shoots up and causes bufferbloat.

Yeah, even the ARM chip on the RPi4 is enough for 1 gbps, I guess. But I already get an A grade on the waveform bufferbloat test, with only 14ms of additional latency. So since I'm not playing any competitive fps games *while* fully saturating my connection with downloads, I don't think it matters. And even then 14ms is not that bad.

 

[guest_999]

I want to put my ISP's existing ont+router in bridge mode because their firmware is most probably dogshit in terms of security and use this as my router instead.

Putting ONT in bridge mode comes with its own set of issues unique to each service provider. Tbh, almost all such routers have poor security but it doesn't matter to a typical home connection as nobody is going to DDoS a home connection & nobody would do network intrusion either when there are equally less unsecure but much more financially rewarding small business networks out there. Tplink itself is known to stop providing firmware updates after 3-4 versions/2-3 years depending on the model's popularity/selling targets. Of course the ISP ONT router is typically poor performing so just connect your good router to ONT via ethernet & place it in DMZ zone of ONT & then turn off wifi of ISP ONT & connect all your devices to your own router wifi & use its features like NAT/port forwarding etc.

 

[babhishek]

i use a few mikrotiks works well with openwrt

 

[variablevector]

Putting ONT in bridge mode comes with its own set of issues unique to each service provider. Tbh, almost all such routers have poor security but it doesn't matter to a typical home connection as nobody is going to DDoS a home connection & nobody would do network intrusion either when there are equally less unsecure but much more financially rewarding small business networks out there. Tplink itself is known to stop providing firmware updates after 3-4 versions/2-3 years depending on the model's popularity/selling targets. Of course the ISP ONT router is typically poor performing so just connect your good router to ONT via ethernet & place it in DMZ zone of ONT & then turn off wifi of ISP ONT & connect all your devices to your own router wifi & use its features like NAT/port forwarding etc.

That risk calculation is not at all that simple. I've been hacked before and I work in a field where it can be very lucrative to target me. I had it happen that my Google accounts were compromised, despite using a 32 character password. Still not sure how that happened. I was travelling internationally, staying in hotels. So maybe I made a mistake while there. Though it seems unlikely I would fall for a MIM fake web portal attack, since I was using https and even a vpn most of the time. But I later found out that my dad's laptop was infected, and it was just there on my home network. So that seems the most likely cause.

Either way, I've ditched Google and now keep everything important either self-hosted or on pen and paper. As a result of that, I need to harden my home network too. Openwrt also lets me do things like isolate my wifi devices from devices on my ethernet LAN, or create a seperate VLAN etc. All of this is very important from my perspective of preventing another attack.

I did have to do the DMZ thing because the bridge mode wasn't working with my ISP. But I'm going to give it another try here soon.

 

[Futureized]

I will as well check, Openwrt forums or small net builder forum for suggestions .

 

[guest_999]

I've been hacked before and I work in a field where it can be very lucrative to target me.

That already exclude you from the definition of "typical home user".

I had it happen that my Google accounts were compromised, despite using a 32 character password.

More than password length, what matters is which 2FA you used because without that even a 64 character password might not help.

Though it seems unlikely I would fall for a MIM fake web portal attack, since I was using https and even a vpn most of the time. But I later found out that my dad's laptop was infected, and it was just there on my home network. So that seems the most likely cause.

I hope it wasn't some free/Chinese vpn. Also, nowadays win 10/11 default security updates are quite good enough & assuming you follow the standard security guidelines on your pc in the network then someone who could bypass those from your father's laptop would also be very likely capable enough to bypass whatever router security you use in any typical consumer grade hardware available.

 

[enthusiast29]

More than password length, what matters is which 2FA you used because without that even a 64 character password might not help.

2FA is good to have but that's not fool-proof.
You don't even need to crack passwords or 2FA when you can just steal authentication/access tokens by some malicious browser extension.

That is probably how @variablevector's google accounts were compromised.

 

[variablevector]

That already exclude you from the definition of "typical home user".


More than password length, what matters is which 2FA you used because without that even a 64 character password might not help.


I hope it wasn't some free/Chinese vpn. Also, nowadays win 10/11 default security updates are quite good enough & assuming you follow the standard security guidelines on your pc in the network then someone who could bypass those from your father's laptop would also be very likely capable enough to bypass whatever router security you use in any typical consumer grade hardware available.

I had 2FA with Google Auth turned on for all of my accounts. Password length matters in the context of how long someone running hashcat on a GPU cluster will take to crack it, but that obviously wasn't the vector they used to get me.

As for vpn, no, it was mullvad. Believing Windows Defender was 'good enough' is what got me into that mess. His laptop was fully updated and it still got infected. I later learned that he had possibly clicked on a spam email attachment. Obviously someone on this forum is unlikely to do that but for the average person who can make a mistake like that once in a while, you need more aggressive heuristic based detection and monitoring of network traffic, which defender doesn't do. I have Bitdefender installed on my dad's laptop now because that was the AV that finally detected it.

And no, it doesn't follow that just because someone was able to infect my dad's PC, they would therefore also be able to compromise my router. Look into the Swiss Cheese Model Of Security. Someone having access to an exploit that compromises one part of your network does not mean they have exploits for the others. Also, Openwrt has thousands of eyes looking over its source code, which in turn uses the Linux kernal, which possibly has tens of thousands of eyes on it. That is why it is *secure* for all the intents and purposes I care about.

2FA is good to have but that's not fool-proof.
You don't even need to crack passwords or 2FA when you can just steal authentication/access tokens by some malicious browser extension.

That is probably how @variablevector's google accounts were compromised.

This is a very good point, damn. I had probably logged into my gmail account on his laptop weeks ago and never logged out. It also explains how they were able to circumvent the 2FA.

 

[DigitalDude]

This is the exact reason why I shifted to x86 router.

What x86 box are you using for a router?

 

[enthusiast29]

What x86 box are you using for a router?

Any pc from the last 10 years is fine.
I'm using zotac zbox mini which has celeron cpu

 

[guest_999]

Any pc from the last 10 years is fine.
I'm using zotac zbox mini which has celeron cpu

Which OS are you using to run it as a router?

 

[enthusiast29]

Which OS are you using to run it as a router?

Openwrt

 

[alap4m]

This thread started as a query about the MT7621 Netgear R6850 router and then evolved into several branches.
Frankly speaking, given the pace of development of OpenWrt, it would be strongly recommended to get a Mini PC or a Pi with 2GB or 4GB RAM. Storage can be increased by using bigger Micro SD cards. This is because OpenWrt is fast becoming a large OS. And routers with hardware that can support the OS cost a LOT.
Be ready to invest more than $100 for a router with OpenWrt, or Build your own.
Moreover, manufacturers keep making minor revisions, making their devices incompatible with OpenWrt. This makes commercially available routers a risky investment for OpenWrt installation.
*************************************
Returning to the OP, the Netgear R6850 router is a decent router + Wi-Fi AC Access Point (AP).
It is a fairly old router but made by the American company Netgear.
It has a dual core 880mhz CPU with 128MB RAM and 128MB Storage Memory.
As an off-the-shelf router with Netgear's OS, it works reliably well. Netgear has ensured reliability and performance. However, one of the BIGGEST annoyances is Netgear essentially forces users to create a Netgear Account to access the local Admin panel of the router.
Coming to the OpenWrt OS for Netgear, there are Mixed reviews. OpenWrt, especially above v23.05, can struggle with 128MB RAM devices. But this is true for any and all MT7621 routers.
Secondly, for the asking price, the Netgear R6850 is a little expensive for such an old device. There are better routers in terms of performance, but OpenWrt support remains uncertain.
The reliability, performance, and Wi-Fi range of the R6850, however, is quite good, especially, if you plan to set it up and forget about the router. It won't bother you or need attention, especially when using sub 200mbps plans.
However, if using OpenWrt with apps and services on a router with a high-speed plan is a priority, then skip this router. Invest a little more and get a better product with at least 256MB/512MB RAM.

 

[msvsme]

What is the size of flash storage for x23 v1.2 Indian variant? I read in reddit it's only 8mb?

 

[guest_999]

What is the size of flash storage for x23 v1.2 Indian variant? I read in reddit it's only 8mb?

v1 was 16mb & v2 is not officially supported by openwrt so what's the point. As the post mentioned above, if planning on installing openwrt then better get a used mini pc/nuc from here (check dealer's paradise section) which will leave any router far behind in dust.

 

[variablevector]

What is the size of flash storage for x23 v1.2 Indian variant? I read in reddit it's only 8mb?

Yep. It's 8 mb on the AX23 v1.2.

Still works great for me. Probably because I don't run any other services on my router. If you have a homelab server, I don't particularly see the point of having storage on your router.

 

[guest_999]

Still works great for me. Probably because I don't run any other services on my router.

Then what's the point of running openwrt in the first place. Also, I have seen comments regarding routers struggling with openwrt on a 300mbps or higher speeds because of typical low powered dual core processors.

 

[variablevector]

Then what's the point of running openwrt in the first place. Also, I have seen comments regarding routers struggling with openwrt on a 300mbps or higher speeds because of typical low powered dual core processors.

The usual obvious reasons. Open source software. Much better security. More customization/features. No possibility of calling home to China as a typical Chinese router might do.

To me, it is the people running their adblock, wireguard etc on the router that seem a bit weird. Because during an update, you have to backup your configs and reinstall all your previously installed packages. I guess you can script that, but why even bother with all that when you can have them all running separately in VMs/LXCs in proxmox?

I get around 800 mb/s on lan. Software/Hardware offloading turned on. A bit lower than gigabit but I bet the 10m+ of cat6 in my walls doesn't help that. My wan maxes out at 200 mb/s so I can't really test past that. I have my nas connected directly to my pc via a 2.5 gbe card, so the lan speeds don't matter that much to me either. The 300 mbps limit is likely only if you use SQM.

 

[msvsme]

How is the wifi signal on ax23 running openwrt?
Wifi 6 @ 2.4ghz gives good signal from 1st floor to 3rd floor at stock firmware. Wifi 5 at 2.4ghz gives 1 bar of signal strength.

 

[variablevector]

I didn't notice any major degradation between openwrt and the stock firmware regarding signal quality. But I doubt it would be much better with openwrt, simply because it doesn't use the proprietary drivers. Perhaps it would be a bit more stable.

If you have multiple floors, I recommend using a router as AP for each floor. You can get a cheap used one from the classifieds section. I use an AC68U on my second floor. You'll have to either get ethernet to them, or just use them as a wireless extender.