[AndrewL733]

Hi,

Please take this note as "constructive criticism".

I am a big believer in open source software. I built a whole successful software company that leveraged open source software. Our engineers contributed valuable code to many of those projects. We also used open source software to power the backend of the company -- asterisk, vtiger crm, open office, and much more. So, I'm on your side!

That said, to make a long story short, my recent experience with DD-WRT was absolutely horrible. Not with the community, but with the product. While several folks in the forum were very generous with their time and answered my questions as they came up, at least with the hardware I was using, and DD-WRT versions installed on it, DD-WRT ended up being a complete bust. Nothing worked as expected. The details are below.

A couple of weeks ago, I set out to create a bi-directional VPN between two houses (one that could offer at least some broadcast traffic flowing between the two sides to get the benefit of things like Apple TimeMachine and media devices that require being on a single network). I would have been happy to purchase hundreds of dollars of new equipment if this is what it would take to get something that worked, but frankly I couldn't find any off-the-shelf product that would do the trick. By the way, I looked at Ubiquity's Dream Machine but it was unclear whether there was any way to get broadcast traffic to travel between sites when you set up a site-to-site VPN with their cloud configurator. And with the recent revelations about Ubiquity having a backdoor username/password on all their routers was very worrisome. So I decided I would probably have to set something up myself.

To get started, I got Wireguard set up on Ubuntu servers on each side. That worked as advertised, so next I decided to replace the Ubuntu servers with DD-WRT running on physical router devices. I like the idea of running open source firmware on routers, because frankly the manufacturer's stop updating their own firmware much too soon, and who wants to have router firmware with security holes?

I already had a very capable Asus RT-AC86U running at home but the native firmware doesn't run Wireguard, and the router cannot run either DD-WRT or OpenWRT -- so I purchased a new Linksys WRT 3200ACS to use at home. For the remote end, I already had an older Asus RT-AC66U (v A1). I put the most recent builds of DD-WRT on each device (on the WRT 3200ACS a version from Nov 2020, on the ASUS a version from 2021).

First the good news. I got Wireguard running and working bidirectionally on DD-WRT. I was able to transfer big files, and browse web pages from one side to the other. I added Entware and local USB storage to each router. I created a second tunnel for ethernet traffic and I installed AVAHI to do my broadcast reflections. The whole setup seemed like it was going perfectly!

But then I noticed how poorly the Linksys WRT 3200ACS was behaving on my home network compared to when I first tested out that router using the stock Linksys firmware. With DD-WRT on it:

* My home security system refused to stay connected to the guest WIFI
* VOIP phone calls would often get disconnected
* It was impossible to use Spotify Connect with my Audio Receiver -- my iPhone Spotify app just couldn't see the receiver as a Spotify Connect device (on and off it would see a Roku device, but playback kept dropping)
* My ARLO 4K security cameras refused to stream 4K video to my iPhone -- something that normally works when both the iPhone and the cameras are on the same local network. Instead, I could only stream HD.
* Every time I made ANY configuration change to the DD-WRT software on the Linksys router, I would lose the public IP address from my ISP and randomly either I would never get a new address from the ISP, or I would sometimes get a non-public address such as 192.168.100.235. This never happened in the past with any home router. (To avoid issues with the ISP, I had already cloned the MAC address from the previous router I was using at home, so that the ISP wouldn't know I had switched to Linksys). Some googling revealed that this issue of "losing the public IP address from a cable modem" has been reported with DD-WRT many times since I think 2010! The suggestion to "reboot the router" after making any changes was the only thing that worked. But as I'm planning to be at one end or the other of the VPN for extended periods of time, it is really worrisome that the router can lose its IP address. Once that happens, there's no way to reboot the router again remotely. You have to be physically present!

Thinking that Wireguard and the AVAHI service running on the DD-WRT routers might be interfering the router's proper operation, I disabled the Entware AVAHI service and removed all the tunnels and rebooted the routers (with the Wireguard VPN now gone of course) and the home network still had the same issues. So, DD-WRT on the Linksys WRT 3200ACS was a near total failure. DD-WRT running on the older/less-powerful ASUS RT-AC66U seemed much more stable.

So, now I went back to using my original ASUS RT-AC86U at home (stock ASUS firmware). I enabled an OpenVPN server on the home router to try that with DD-WRT running on the remote router (ASUS RT-AC66U). Because I needed broadcast traffic to flow between the two sides, I chose to use TAP rather than TUN for OpenVPN. Yes, I was making a layer 2 bridge.

I exported an ovpn client configuration file from the home router and imported it onto the remote DD-WRT router. The two routers connected fine, but no traffic was passing between them. I checked "brctl show" on both routers to see if the TAP devices were included in the main router bridge (br0). It was there in br0 on the home router running stock ASUS firmware, but there wasn't any TAP device listed in the bridge on the DD-WRT remote router. A little investigation revealed that DD-WRT hadn't even created a TAP device when I enabled the OpenVPN client. I rebooted the remote router and still no TAP device. I tried disabling and re-enabling the VPN configuration a few times, but never any TAP device (Sorry, I didn't try TUN to see if the same thing would happen).

Totally frustrated now, I reverted the firmware on the RT-AC66U to ASUS-MERLIN's last version for this router (380.70 from late 2018). Now when I configured the OpenVPN client on the remote router, a TAP device was created as expected, and it was a member of the bridge br0. And traffic flowed fine between the two sides, including broadcast traffic.

The bottom line here is that DD-WRT completely failed to do what it was supposed to do on two different routers from two different brands (Linksys and ASUS).

I get it that DD-WRT is a labor of love and that most of the heavy lifting is done by a very small number of people. The "community" should be very grateful for your efforts (personally speaking, I am) and it's probably unfair to expect too much. But it does make me question whether it's worth it to try to have all these features and to support so many different routers if there is no regular testing to make sure things are working? The warning that "DD-WRT is all beta software" just doesn't cut it for me.

My conclusion at the end of this two week adventure was that I wasted a ton of time trying to use an unstable and unreliable product. It would take a lot to ever get me to try DD-WRT again.

I might give OpenWRT a try, although I fear the situation will be similar. In this case, I couldn't even try it with the RT-AC66U because they don't support that model.

[egc]

I am sorry you have a bad experience with DDWRT.

Unfortunately Marvell routers are no longer recommended, the firmware driver situation is bad and will not get better, so perhaps a less than stellar idea to buy one of those, you are better off with the likes of a Netgear R7800.

I use WireGuard and OpenVPN extensively and have setup and helped many users with it, WireGuard works without a problem also for site-to-site setup.
OpenVPN TUN also works for site-to-site setup without a problem.

I am not sure about TAP has been a long time ago I used it, but it so happens I have a DDWRT TUN setup running so I switched it to TAP and it seems working:

[AndrewL733]

Thanks for the reply, @egc. I think I will take your advice and return the Linksys router.

It seems that most manufacturers are now making routers that don't work very well with open source firmware! If you want a fast, powerful router that supports the latest WIFI standards and that offers exceptional coverage for a large home and outdoor garden, what's the solution?

It kills me to buy a 5-year-old router product.

[Alozaros]

as egc noted, you biggest mistake was to not ask in the forum and got the wrong device...
'Marvell routers are no longer recommended...'
Last couple of years, the most recommended router is R7800...and it will be at least few more years ahead...
To be honest, DDWRT is the 'most stable' and updated firmware on R7800 among all other 3rd party firmware's..well,currently there is a lot of W.I.P.
so, in relation to router use, stability is questioned, ...and most of the time its all about correct settings...

[egc]

Wifi 6 is just marketing, the best value for money Netgear R7800 well supported by DDWRT and OpenWRT (and Voxels if you want)

If you need more CPU horsepower Netgear R9000

The Marvel routers are not bad hardware wise but their drivers suck

[tkoyn]

[atifak]

The R7800 has been the most preferred router for the past couple of years...and it will continue to be for at least another year. To be frank, among all other 3rd party firmware on the R7800, DDWRT is the most robust' and upgraded firmware.

[kernel-panic69]

[AndrewL733]

[Alozaros]

AndrewL733 it seams you are too biased or pre- convinced, as you already made your mistake, to buy the wrong device and now desperately trying to twist the reality in your favor...well many R7800 second hand on Amazon / Ebay...nowadays, mostly everyone gets them second hand and they still serve and do..

Yep, many people like you, blame the others for their own mistakes, its normal...it's DDWRT fault
life goes on...

[egc]

Instead of a R7800 buy a shiny new Netgear XR500 (which is nothing more than a rebadged R7800 with a little more flash which will set you back $100 bucks more)

Granted you get the new DUMA OS almost as good as DDWRT or OpenWRT

[sweatbee]

Granted no one router is best in all areas or is best for every application, but SmallNetBuilder.com still (as of May 12, 2021) gives the r7800 its highest ranking for "Total" router function. However, other units beat it on various other tests.

https://www.smallnetbuilder.com/tools/rankers/router/view

Netgear hit a home run with this unit for the home network when used with dd-wrt.

[chaski]

DD-WRT is developed on donated or project funded hardware after it's released. You're never going to get open-source firmware on bleeding edge hardware unless devs are invited/sponsored to work with it prior to public release and given support.

It brings routers functionality that doesn't exist with OEM firmware otherwise, and vastly extends the useful life of older hardware years after it otherwise might go into the rubbish.

It is released as Beta, no amount of end user expectation changes that unfortunately. Despite that, DD-WRT does work very well in many specific (whether common/popular or not) use cases. When it doesn't, personally I think you have to chalk it up as one of those 'at least I had a chance to try' moments.

[yoyoma2]

[lexridge]

The Linksys EA8500 is a pretty darn good router too, and easily had on ebay for way less than $100. I already have a stock of three of them because I love to experiment with them. However, don't buy one unless you are not afraid of a solder iron to get to the serial pins for a first flash.