OpenWrt 24.10.0 – First Stable Release
158 comments
·February 6, 2025choobacker
wryun
On most openwrt devices you can compare /rom/etc/config to /etc/config (though this will get you a bunch of automatic changes as well).
choobacker
Tracking config via VCS is great, but the automatic changes is what then makes it tricky to understand what you've actually configured.
choobacker
I had a look more into this. https://www.reddit.com/r/openwrt/comments/114kv0y/weeding_ou... has some people with the problem that I'm trying to avoid.
I see the fresh re-install suggestions probably work but that's tedious and risky.
RGamma
GP missed this basic fact and then moved to NixOS for a router target? What!?
darkwater
I use NixOS, btw
teekert
He was missing a config to compare to previous versions so it makes sense from that perspective.
hagbard_c
On virtual routers there is no content in /rom. What you can easily do is install another copy of the same image on another VM or container and run it through firstboot. Make a backup and compare it with a backup from your running system. Even better is to make a backup just after firstboot, then use the system and compare your current backup with the first one.
Do keep in mind that the OpenWRT backup does not contain information about which extra packages were installed after firstboot. I solved this adding a cron job which runs opkg list-installed > /etc/opkg_installed.txt and adding that last filepath to /etc/sysupgrade.conf so it gets added to backups.
FeistySkink
If you have an overlay, you can do something like this to list user-installed packages only:
ls /overlay/upper/usr/lib/opkg/info/*.list | sed -e 's/.*\///' | sed -e 's/\.list//'yjftsjthsd-h
That's not complete, though, is it? Ex. if I follow https://openwrt.org/docs/guide-user/network/wifi/wifiextende... most of the config is covered, but not the parts that disable daemons.
patrakov
> OpenWRT is pretty great at offering features and security for consumer devices
That's a misconception. Nobody actually cares about security for packages that are not in the default install. For example, the initscript for sstp-client disables certificate validation unconditionally, see https://github.com/openwrt/packages/issues/25212
TheDong
It at least offers more security than the usual alternative on a consumer router of the manufacturer's OS (i.e. something updated once a decade running linux 2.6 with GPL-violating unreleased patches so you can't update it yourself, all written in C by the contractor that bid the lowest).
FeistySkink
If others think this is in jest, there are recent TP-Link routers with 2.6 kernel and Broadcom.
choobacker
Good job on raising that issue. TIL SSTP.
> Nobody actually cares about security for packages that are not in the default install.
Probably an exaggeration, but it's clear there are some packages that are insecure out-the-box.
xrisk
While this sounds good, you could just dump the contents of /etc into git and it would work about the same.
jillyboel
cd /etc
git init
git add .
git commit -m 'default config'
git remote add ...
git push
# modify your configs
git diff HEAD
git commit -m 'yay i changed stuff and i know what i did'
git pushstas2k
Why not both? I also use NixOS as the main router/fw/nat, and OpenWRT in bridge mode as dumb APs.
All updates except semi-recent DSA changes were seamless.
choobacker
Me too. My TP Link EAP605 is an AP running OpenWRT. Works well.
1vuio0pswjnm7
How does the size of OpenWRT compare with the size of NixOS.
https://discourse.nixos.org/t/how-minimal-can-a-nixos-image-...
choobacker
Size is a limiting factor for so.e hardware and architecture too.
NixOS works well for x86-64 and aarch64, but not so much armv7l, as so many consumer routers are.
The PC Engines happens to be x86-64 with decent storage expansion, but for sure if you want to target armv7l, NixOS is not a good choice.
1vuio0pswjnm7
Nice to hear PCEngines is still in business.
The website for the US distributor listed on PCEngines webssite is now selling "BoingFire" products instead of PCEngines.
p3t3
Are there well maintained nixos based router projects?
choobacker
Not that I'm aware of.
systemd-networkd + kea + corerad is the software I use.
eptcyka
Will have to look at kea and corerad. What hardware do you use for the wireless links? Intel has been very hit or miss in my experience. And the misses suuuck, like after enough hosts connect, you get kernel panic on every new client connection, or all but the one device I needed a separate wlan for are compatible with the host. So, NixOS on a router that doesn’t have to be a wifi ap is extremely nice in my experience.
tok1
Running a router built with systemd-networkd and kea myself, and I quite like both, even though I have not integrated them with each other. Would you be willing to share some details on how you use these components? Especially corerad as I am not familiar with it and wonder on the why+how, considering networkd does NDP. Thanks
cesarb
To see what was changed, I use the option to download a backup of the configuration, and compare it with an older copy I had downloaded earlier (it's a set of text files, it can be unpacked and compared with recursive diff).
kalleboo
OpenWrt is great. I recently got 10 Gbit internet at home and had to replace my Ubiquiti USG3, and running OpenWrt on a Lenovo Tiny PC is easy and efficient.
OpenWrt 24 adds support for configuring the ISP's IPIP6 tunnel I need to access IPv4 on my IPv6-native connection - for now I've been manually installing the newer package straight out of the 24 RCs into my OpenWrt 23 install but now I guess I can upgrade the whole install!
I also tried pfSense/opnSense but it seems like the FreeBSD kernel struggles with 10 Gbit network connections without picking very specific hardware, but Linux works perfectly (had a similar experience with TrueNAS CORE vs SCALE)
tw04
Very specific hardware? An Intel NIC (x520 variant) is about it which can be had for cheap off eBay. If you’re trying to do line rate IPS, you’re going to need a modern cpu, but that’s the case regardless of OS.
kalleboo
The NIC is an Intel x520. pfSense/opnSense both maxed out at routing about 5-7 Gbps with about 20% CPU usage (I'm assuming one core maxed) with the default config (so no IPS or QoS or anything configured, just basic NAT)
Tried a bunch of the random tunables people were posting on forums, tried turning on the hardware offload the manual says you shouldn't touch, it made no difference.
tw04
Modern OPNsense shouldn't be single threaded on routing. I guess without knowing the exact CPU it's tough to say, but a xeon-d will easily do 10Gbe routing which is ~1700 single core passmark, 11k for all cores.
https://www.cpubenchmark.net/cpu.php?cpu=Intel+Xeon+D-1541+%...
toast0
Might have to do with the tunnel? If much of the traffic is going through a tunnel, that's probably all hashed to the same rx queue and could overwhelm a less capable cpu?
I've always had good experiences with the Intel x520/x540 10G nics on FreeBSD though, and given the eBay pricing, there's been no reason for me to explore any other offerings. Sadly, my recently installed fiber internet is 1G only, but maybe one day they'll update; but I can't really test if my system can do 10G without a proper upstream.
cassianoleal
> IPIP6
Can this be used to replace NAT64?
manoweb
Excuse me but what do you need 10Gbps internet for? What is the use case? I get the cheapest thing that Comcast provides (50Mbps) and it seems to be enough for the 5 of us at home, everybody always streaming, gaming etc. I have an old asus router I got used in 2015 that I repaired with zip ties otherwise it powers off. At work we have 'infinite' internet (on a class A IP block) and I do not feel any difference in browsing or streaming (obviously I do if I need to transfer a file)
dikei
The use-case is because it's so cheap, why bother with anything less.
Currently, I can get 1Gbps Internet for $15, while the cheapest package is 200Mbps for $5. I expect they'll offer 10Gbps in my area in the next few years for the same cost as the 1Gbps now.
Still, at that speed, the router CPU can actually become the bottleneck, and OpenWRT currently has pretty poor support for hardware accelerated routing.
kalleboo
> at that speed, the router CPU can actually become the bottleneck
I was pretty worried about that, but the machine I got for my OpenWrt router is a Lenovo ThinkCentre Tiny with a Core i3-8100T CPU ($80 used with SSD/RAM etc included), and it's seems like it's way overkill, even at full bore the CPU usage appears to be negligible. Power usage is the same as the ISP router at about 17W idle, 24W routing 10 gbit, and that's with a 10 Gbase-T SFP+.
It helps that with a 10 Gbps pipe you don't need to run any kind of fancy QoS algorithms or anything...
kalleboo
The price is the same as 1 Gbps ($30/mo) and I built the router out of $100 of parts, so it's kind of why not? It's nice when there are 10 GB updates to download, running off-site backups, and I can host whatever stuff I want out of my home instead of paying for a VPS on someone else's machine and worrying if it doesn't have enough RAM or something.
manoweb
How do you connect your PC to the router?
z3t4
With "modern" developing you send whole operation systems images back and forth (docker) or you download AI models, statistics, etc that are many hundred GB. It's nice only having to wait seconds rather then hours. A 10Gbe line usually does not mean dedicated 10Gbe internet exchange, it usually means many people are sharing the same 10Gbe line, so you do not always get the full bandwidth.
fuomag9
I pay 22€ per month for a 10Gbit, so I can definitely afford it. Plus very useful for self hosting
kozak
I always wanted to try OpenWRT but was put off by the necessity of doing hardware modifications to stock routers to gain root access. So naturally, once I found out that they were releasing some official hardware for OpenWRT (the OpenWRT One router), I ordered it as soon as possible. The router is excellent! It solved my bufferbloat issues and much more.
kubik369
You must have had a bad luck/small sample size as majority of consumer routers can be flashed to OpenWRT by selecting the firmware file on the admin page and letting do its thing the exact same way as the original manufacturer update, or by using a TFTP recovery. From the top of my head, I recall only Xiaomi routers needing to be rooted/exploited.
sandreas
Just get a
Banana Pi BPI R4 or
NanoPi R6S
nwwt
Amazing you'd suggest an R4 given it's support is fundamentally broken.
Sinovoip's OEM build is an ancient 21.02 one. Whereas in the official one wifi is completely broken, working SFP is pure luck as "many" modules (all four fiber ones I've got here) on kernel 6.6 either don't show at all or just fail to come up. This was known to OpenWrt's mediatek maintainer who preferred to "spot and fix" it on the go:
https://github.com/openwrt/openwrt/commit/6257ea018a7d5b8d4b...
Meanwhile there are about two kernel devs working on mediatek in their free time who've only begun upstreaming R4 support, eg. Frank W.'s DTS parts… for kernel 6.14. (The other dev is Eric. W.)
To quote Frank W.: "The patches i posted are mainly patches adding basic support,only slightly changed to get accepted for mainline. There is no network part yet,also no sfp. Maybe i add sfps in next round,but without full network part (which is much work) it will not work." ( https://forum.banana-pi.org/t/bpi-r4-and-sfp/16945/330 )
Edit: The R4 also needs a soldering mod for certain SFP modules, and prior board revs have resistors that break SFP if NVMe is present (I'd say: sure to get 1.1, but Sinovoip originally shipped that rev broken as well, and didn't increment to 1.2 for the fixed ones).
sandreas
Didn't know that. Thanks for posting this and taking the time.
kozak
OpenWrt One is based on Banana Pi anyway. And it comes already assembled, with the Luci GUI working out of the box, etc. In other words, it is a nice package for those who DON'T want to any screwdrivers to be involved just to get it actually running in your home.
seb1204
Over the last few years I had several spare routers laying around. Never had I one that I could flash like you described. All had memory or RAM limitations. Maybe the spare routers I had are just too old.
ndsipa_pomu
I don't think the nanopi r6s has an NVMe slot, but the r6c definitely does
sandreas
R5s has one :-)
naasking
> I always wanted to try OpenWRT but was put off by the necessity of doing hardware modifications to stock routers to gain root access.
This is almost never required. They have a long list of supported devices, so unless you're trying to put OpenWRT on a device you already have that requires hardware mods, you should be able to easily find a compatible device that doesn't require this step.
1oooqooq
just go to the wiki and get the most expensive and recent device marked as fully supported.
then install is as easy as flashing a file via the stock ui.
i dont get people going with the free alternative (wich is great for a lot of people on a budget) and then crying its harder then the thousand dollars alternative.
newsre4der
All routers should use OpenWRT as a base
vesinisa
Lots of them seem to in fact do, even if they don't advertise it :)
Ambroos
UniFi access points run OpenWRT. The latest beta releases for the U7 series for example is on OpenWRT 23.05.
jillyboel
Lots of them do, with their own crappy webui that conceals all the useful functionality.
demonshreder
I am sure TPLink already use OpenWRT as base for many routers
sunshine-o
I recently found out I do not need the main Wi-Fi anymore at home so I do not really need my main OpenWrt physical router anymore (I still need a the secondary AP running OpenWrt for IoT devices).
So I am going to now run my OpenWrt router as a VM on one of my home server just to get rid of some cables and clutter.
I really love OpenWrt but was tempted to try something new like pfSense or OPNsense, mainly because I now find PF way less confusing.
I also saw some people just love to build routers with OpenBSD and there are some great guides out there [0]
Any opinion or alternative I should consider?
selykg
Hopefully this is a simple question. I have a busted (seemingly) EdgeRouter from Ubiquiti that needs replacing.
I am currently on an old ASUS that was from the before times and it's "fine" but not updated any longer (even with the 3rd party firmware). So I'm in the market to get something new.
What's a nice all in one unit for OpenWRT? I have a very small 1000sqft house so generally speaking I have zero issues with range and everything is wireless anyway. I just want reliability and set it and forget it, generally speaking.
srmatto
Check out teklager, I suspect they have the best option for you but my research on this was done about 2 years ago so you might want to have a look around. There's cheaper options that come from China but I am paranoid about back doors.
https://teklager.se/en/knowledge-base/which-router-should-i-...
aaronmdjones
Probably won't apply to you but for rackmount I have a Gigabyte GA-IMB410TN + Pentium Gold G6405, in a 1U Logic Case SC-1280, with a quad-port 2.5 GbE Realtek PCIe NIC (r8125) to supplement the motherboard's dual 1 GbE Intel NICs (igb & e1000e).
The motherboard can run off of 12-19V DC input via 5.5mm barrel jack (e.g. any old unused high-power laptop charger), or 12V via a 4-pin CPU EPS power connector (they are commoned together). Since the case comes with a 250W 1U Flex ATX power supply, I'm doing the latter.
This lets me take the PSU's 12V rail out via the barrel jack (edit: with 18 AWG cable, I know) to power the modem and a couple of TP-Link 2.5 GbE network switches which all run on 12V, saving 3 wall warts. Both switches are velcroed to the top lid with 20cm patch cords for 2.5 GbE ports 1 and 4. I have 5 LANs at home, so the 6x wired ethernet ports this gives me are perfect.
OpenWRT runs pretty great on amd64 and I've been running the v24.10 branch (pre-release) for several months on it without issue.
neilv
I've been running an old Netgear R7800, as an all-in-one plastic OpenWrt router+switch+WiFi.
It's been so solid, that I haven't bothered to move to the Netgear RAX120v2 that I bought as an OpenWrt upgrade. (It tested fine with OpenWrt 24-rc, then I put it in storage for a more pressing occasion to upgrade.)
I also got a Netgear WAX220 WiFi AP, which I put OpenWrt 24-rc on, and tested with an OPNsense box (since OPNsense isn't good for WiFi). I decided I preferred OpenWrt for my simple needs for the router, but it's a nice enough OpenWRT WiFi AP that I expect to need it again someday, maybe to hang off a beefy OpenWrt PC-based router that's running IDS/IPS or something.
mastax
I went searching the OpenWRT forums and wiki for recommendations and ended up with the GL.iNet MT-6000. The stock firmware is a gui around a modern OpenWRT and they don’t try to lock it down at all so flashing is easy.
selykg
Thanks, I ended up going with this one. Looks like there's a new Flint 3 coming, but rumors seem to be indicating it is going to be more expensive and is possibly not OpenWRT compatible due to chipset. So, Flint 2 it is for now.
marmarama
Seconded. The MT-6000 is basically the gold standard for OpenWRT at this point in time.
Ecco
I recommend a Dynalink AX3600. Really fast CPU, tons of RAM, great WiFi, and works perfectly with OpenWrt. $59 on Amazon.
M95D
I'm disillusioned by OpenWrt. For a few years I did pull requests adding packages, fixing stuff, improvements. Only the minimal 1-2 lines PRs were accepted and merged, while big important changes that I worked on, tested and keep updated for years were never merged. Most were simply ignored with no feedback.
Instead they seem to focus on getting GPUs and Doom working... and now they even do hardware dev. And it's not even decent hardware, it's crippleware ewaste hardware.
pm2222
APK will have to wait till 25.
saidinesh5
For those who didn't immediately get it, it looks like openwrt is trying to move to the package manager from Alpine Linux: https://openwrt.org/docs/guide-user/additional-software/opkg...
Btw what's the go-to device / vendor for OpenWrt these days? Seems like tplink is lagging behind with my last Archer C7..
fnordahl
As others have mentioned, the OpenWrt One is great. 2.5Gbps WAN port makes it future proof, currently using it as the gateway for the residential 1Gbps fiber.
Next hurdle is to make ISP upgrade their ONU to have a 2.5Gbps port so I can get ACTUAL 1Gbps out of it, but it will likely also mean they need to upgrade the entire string of GPON equipment, so likely have to wait for a bit.
Also have success with OpenWRT on the ultra low cost Mi AX3600, while hardware acceleration is not supported, it is nice to not have to run out of date Chinese firmware.
pbasista
I would suggest checking out their Table of Hardware [0]. You can filter it by various fairly detailed criteria.
From my experience, given the local availability constraints, I often only get a handful of practical options to choose from.
For something like a successor to TP-Link Archer C7 with WiFi 6 support, I have chosen TP-Link Archer AX23 [1] and it seems okay to me so far as a cheap wired-to-wireless edge device.
tepmoc
As previous owner of Archer C7, Archer AX23 barely upgrade if you want to install additional packages as it have same 16/128 flash/memory configuration just like C7.
Personally I upgraded to xiaomi Router AX3200 with 128/256 flash memory configuration and 4:4 MIMO, though it lacks USB and have WAN+3LAN ports compare to usual WAN+4LAN.
bubblethink
For routing, x86 is going to have the best perf for CPU intensive tasks like QoS. For wireless, mediatek is well supported upstream. WiFi is wifi 6 only though. Wifi 6E and 7 are in the works but will take a while to stabilize. My set up is an old lenovo thinkcentre nano IoT box as the router and netgear wax220 as AP, both running openwrt.
zekica
WiFi 6E works fine on OpenWrt, it's just that there are only two routers supported in ToH SmartRG SDG-8733 and SDG-8734. It works out of the box (I tried just as a test) on my MT7922 (RZ616) card in my PC.
dvdbloc
There is also the router made in partnership with OpenWRT, the OpenWRT One. I’m using one right now and it has been very stable just on the RC builds for this release for a few weeks now. This is the first actual release supporting this device. The device itself is pretty nice with a JTAG header on the board so it's pretty clear that it is a hacker-friendly device. Haven’t needed to use that yet though…
ronnier
I just get a small x86 box and then buy stand alone POE access points for wifi.
anotherhue
Same. NixOS with some cheap 2.5G ethernet cards and a ubiquiti AP.
Power draw is pretty low and I don't have to deal with yet another ecosystem.
Don't misunderstand me, I've used OpenWRT on many things including an original WRTgl, but I'd rather something boring these days.
jabl
For Wifi, things with the ath9k was the gold standard for a while, though then Qualcomm bought Atheros, but supposedly the followup ath10k/11k/12k drivers are decent too.
Mediatek MT76xx/79xx (mt76 driver) are also considered very good.
See https://github.com/morrownr/USB-WiFi/blob/main/home/USB_WiFi... (yes this is specifically about USB adapters, but usually the same driver is used for built-in WIFI in access points as well)
https://wireless.docs.kernel.org/en/latest/en/users/drivers....
mrbluecoat
This release also supports the latest Realtek RTL8169 drivers, popular with inexpensive mini PCs. Great job, OpenWrt Team!
xyse53
I replaced my Archers with glinet Flint 2 devices.
mrbigbob
For those that may not be aware if you are interested in the Flint 2 but havent purchased yet Glinet is releasing the Flint 3 soonish (they have a product page up saying coming soon). Not much is known about it other than it will be wifi 7 compatible
buccal
It should be noted that GL-Inet does not support or is affiliated with OpenWRT in any way. More on that: https://news.ycombinator.com/item?id=42285923
kirenida
GL-Inet Flint2, maybe?
Link512
Just got 2 of these a few days ago and am super happy with them. The firmware it comes with is essentially OpenWRT with a fancier UI so that means that you can use an OpenWRT sysupgrade image to flash it to OpenWRT with no issues. WiFi6 and Hardware Flow Offloading (HFO) are super nice features of this particular router. Downside is that it has 4 1G LAN ports and 2 2.5G (1 WAN, 1 WAN/LAN) ports, so you're kind of stuck with gigabit.
saghul
Really looking forward to that one.
gtirloni
I'm a SRE and love to work with infrastructure, tweak things, etc, and have my own home lab. For years (decades?), I have gone the DIY route with networking gear and it's been painful to tell family "oh, just another 15min or maybe 4h and this will work great?" after I was updating things or messing around.
This year I decided to replace all networking equipment with Ubiquiti (gateway, APs, switches). It's really expensive and it makes me feel like a sell out but I have had zero issues (it's been 6 months now).
I'm really happy that OpenWrt has a stable release and others continue to make progress. I'll probably be deploying some _spare_ devices that won't break my main network, try patches, submit bugreports, etc. But I'm enjoying the peace of mind now.
Not contributing much to the discussion about OpenWrt, sorry.
timschmidt
My experience has been the opposite. I've had OpenWRT gear running rock solid for more than a decade, and a box full of Ubiquiti gear that no longer gets updates, doesn't work with recent management software, and some that's even been resuscitated back to usefulness by flashing with OpenWRT.
cbm-vic-20
It's not selling out when you're running a critical production system for a small number of users (the people in your house). You made the right choice.
eduction
I looked into Amplifi based on your comment and it looks like they haven’t updated the line since 2022 and people are speculating they may exit the home market. Did you worry about this?
gtirloni
I didn't know that, thanks. However, I didn't buy anything from the Amplifi line. I'm using the UCG-Ultra gateway, U7/U6+ access points and their standard switches.
eduction
Thanks for the details! Interesting.
eduction
Actually ubiquiti doesn’t have any more to sell and the product is being bid up past 2x on Amazon. I guess we’ll find out if the line has a future soon.
AlgebraFox
Just upgraded. All customization were automatically applied with no issues so far. Amazing work OpenWrt team.
jabl
I've generally had success with openwrt upgrades, however when reading the release notes it seems my target has now converted from swconfig to DSA which means all configuration has to be done from scratch. Oh well, I didn't have that extensive configuration anyway.
blackeyeblitzar
Is there a recommended hardware and step by step guide for those new to this? Can you do mesh networks?
kurlberg
Based on reddit [1] and other some other recommendations I got an asus ax4200 and put openwrt on it. I'm fairly happy, but some people have run into connection dropping (possibly due to ISP power saving resulting in link dropping down to 10 mbs, and something then goes wrong.) With forum help [2] I found a workaround: either turn off auto negotiation (works) or using a lan port as a wan port (have not tried).
1:
https://www.reddit.com/r/openwrt/comments/1cr1lvp/is_the_asu...
2:
https://github.com/openwrt/openwrt/issues/14192#issuecomment...
hkwerf
> Is there a recommended hardware and step by step guide for those new to this?
What exactly are you planning to do? OpenWrt is quite flexible. There's this https://openwrt.org/toh/buyerguide.
> Can you do mesh networks?
Yes. Note also https://openwisp.org/ if you want to do a whole fleet of OpenWrt routers.
rubenbe
I've always found openwisp to be tailored to massive fleets of OpenWrt routers (100+). Not really for a home setup where you have a handful of devices (5-10). Alternatives are welcome since I haven't found anything yet.
Piraty
this non-official version (uses upstream TOH data though) is much more responsive and has better filters: https://soif.github.io/OpenWrtTOH/
Wiki has you covered for beginners guide
simonmales
This is a great resource. Should part of the official project.
akaitea
Been using OpenWRT on a Ubiquity EdgeRouter X for years and it runs great, using adblock directly on it as well, granted there are no nice statistics for adblock like on PiHole but the important thing is that it does the job. Have a separate dumb AP also running OpenWRT which needs upgrading and the next router must support OpenWRT it has practically become a required feature
OpenWRT is pretty great at offering features and security for consumer devices. Glad to see a release!
I used it for a while, but after I've had it for a few months, and want to improve/diagnose something, I can't easily tell which config I've changed from defaults, and so can't easily diagnose how I might have screwed it up, or predict how changes will impact the rest of the system.
I moved my router to NixOS, where I can now see the ~250 config that covers the custom setup needed for my ISP/LAN.
If asked, I'd still recommend OpenWRT for most techies, since it's easier to get started.