Networking
Is it still worth upgrading to a third-party firmware in 2020?
One of the topics we revisit every now and then is third-party router firmware. That is, firmware that replaces the factory software on a router with a new operating system, potentially adding new features and capabilities.
There was a time when third-party firmwares like DD-WRT and Tomato were the bee’s knees, turning cheap off-the-shelf routers into much more capable security routers that would normally retail for hundreds of dollars more.
But are these third-party firmwares still worth upgrading to in 2020? That’s actually a difficult question. Commercial firmware has come a long way and has become much easier to use and configure. At the same time, the third-party firmwares have been somewhat stagnant. DD-WRT doesn’t do much now that it didn’t do ten years ago.
So that gap has closed. But by how much? Is it still worth converting your router to one of these firmwares? Let’s take a look.
Why use third-party firmware?
The main reason you would use a third-party firmware is that it does something that your factory router software does not. As factory firmware has become more capable, the list of extras provided by third-party firmware has narrowed. But some of the common reasons include:
VPN support. This is traditionally the most popular feature of third-party firmware. Although VPN support has become more common in factory firmware, it’s far from a universal feature. You can find it, for example, in Asus routers, many TP-Link and D-Link models, but not in most Netgear or Linksys routers.
Most of the third-party firmwares do have extensive support for VPNs, both as client and server and including top-security protocols like OpenVPN. This lets you configure your router to permanently connect through a VPN provider like NordVPN, ensuring that all your traffic from all your devices goes over the VPN. It also allows you to readily set up your own private VPN without additional software.
Wireless modes. DD-WRT, Tomato and OpenWRT allow extensive control over the routing modes of the device. They can turn them into bridges, client bridges, WDS bridges and more. That means that the device can be used as a range extender or wired-to-wireless bridge very easily.
This is a feature that is now relatively common in most commercial firmware, though not universal. With the wide availability of mesh networks, users also now have much better options for extending their wireless network.
Overclocking. A few third party firmwares (most notably DD-WRT) allow for overclocking the processor on some router models. This can be risky and generally doesn’t provide a notable boost, but some users like living on the edge...
Fine tuning wireless Somewhat related to overclocking – and arguably more useful – several firmwares (including DD-WRT and Tomato) give the option to tweak wireless transmission power. This can help with reception issues in your home, although cranking up the power too high can lead to overheating and wireless noise. Almost no factory firmware has this feature.
Authentication and user management This is another strong argument for a third-party firmware, with many (including DD-WRT) supporting advanced user authentication options such as RADIUS. That allows for individualised wireless passwords that can be easily revoked, for example. This is not a common
feature in consumer routers, and is usually only available on expensive enterprise routers.
Metering. A few third-party firmwares – most notably Gargoyle – allow for extremely detailed usage monitoring. Gargoyle, while generally very simple, allows for a log of websites visited, per user hard bandwidth and usage limits and advanced traffic rules. Some tools like this are available in commercial firmwares (most notably Netgear firmware) but are not widely available across all router models.
Virtual LANs and multiple
SSID Another tool commonly found only on enterprise routers, virtual LANs and multiple SSIDs allow you to virtually segment your network so that devices can only talk to other devices on the same virtual network. So your NAS, for example, could only be made available to certain devices – as opposed to the usual free-for-all where anything can talk to anything on your local network. It also allows one router to service multiple households or businesses by creating virtual networks for each.
Guest and commercial modes. Another feature you won’t commonly find in consumer routers is support for commercial hotspot services like ChilliDog and Sputnik, designed to allow routers operating on commercial locations (like a coffee shop, motel or cafe) to have a customised wireless login page and managed guest access.
Again, this is something you’d normally need to buy a much more expensive business router for. DD-WRT supports these extensively. It even supports ad-based hotspot services like AnchorFree.
Command shell. Most thirdparty firmware also allow something that pretty much no commercial firmwares will allow: command shell access. At the end of the day, all these firmwares are versions of Linux running on a fairly conventional processor, and it’s technically possible to run any application on them as well as issue regular Linux commands – and if you have the skills you can do exactly that. DD-WRT, Tomato and OpenWRT allow you to create startup scripts, cron jobs and executable scripts, and run commands through the management interface, giving you fine control over the router processes if you’ve the nerve to mess with them. Obviously this is only for very advanced users, but if SSH and Telnet aren’t alien terms to you, then you can really go ham.
The cons of third-party firmware
It isn’t all sweetness and light with third-party firmware, however. There are reasons you might not want to install one, including:
Risky setup. You do risk destroying your router if you fail to install the firmware correctly or try to install it on an unsupported router model. You have been warned: read the instructions carefully and follow them to the letter.
No mobile apps. Most commercial firmwares now have super-convenient mobile apps for setup and configuration, which make management much easier (although they can also leave your router more vulnerable, since many require the creation of account that, if hacked, could give an attacker complete control of your router). Tomato, DD-WRT, Open-WRT and Gargoyle have to be configured the old fashioned way, through a web browser.
Weak consumer tools. A lot of factory solutions now come with excellent family and consumer tools – tools we’ve yet to see implemented in third-party firmware. Parental controls, web filtering and anti-virus have been excellent additions to routers from the likes of Netgear, Asus, Ubiquiti and TP-Link, but cannot be found in the same depth in third-party firmwares.
Complex configuration.
Related to point 2 above, third party firmwares are almost universally much harder to configure than factory ones. Part of that is because they do more; but it’s also because the router manufacturers have worked hard at making their products more accessible, while the engineers of third party firmware have not.
No mesh support. If you have a mesh router, then these solutions are not an option.
So that’s it. Are the features offered by a third party firmware worth the downsides to you? Only you can really answer that, but even in 2020 it’s still something that warrants a look.