←back to thread

OpenWrt: A Linux OS targeting embedded devices

(openwrt.org)
271 points pykello | 4 comments | 08 Sep 25 16:13 UTC | HN request time: 0s | source
Show context
CursedSilicon ◴[08 Sep 25 18:45 UTC] No.45172165[source]
I'm a staunch defender of OpenWRT. Having used just about every "router distro" folks care to name (remember SmoothWall?) for the last 20~ years, OpenWRT is built like a tank and just keeps trundling along

I hope their experiments with the "OpenWRT One" keep going. I'd love to see OpenWRT take a (deserved) bite out of the "SMB firewall vendors" like Netgate or OPNsense. Or just undercutting Wi-Fi vendors like Ubiquiti who base their work on OpenWRT anyway

Something I'm excited to try myself in future is running "OpenWISP" [1] to manage a small fleet (three) OpenWRT devices in parallel for a deployment in a shared workshop. This seems to also be something that OpenWRT could be better at integrating, but it's nice to see "a vendor" tackling it

[1] https://openwisp.org/

replies(13): >>45172279 #>>45172309 #>>45172531 #>>45172754 #>>45172784 #>>45173737 #>>45174002 #>>45174350 #>>45175850 #>>45175928 #>>45176717 #>>45177390 #>>45177963 #
neilv ◴[08 Sep 25 20:44 UTC] No.45173737[source]
At home, I built an OPNsense box to evaluate (using Sophos XG135 Rev 3 hardware, along with an OpenWrt nice Netgear WiFi AP on POE), but then went back to a plastic OpenWrt all-in-one box.

OPNsense (and pfSense) are neat, but I personally don't need an IDS/IPS right now, and I like to be able to run the router fanless.

One thing that OpenWrt could use immediately, for basic home WiFi router functionality, is easier ways to add guest-like VLANs from the Luci Web-based admin UI. (I currently have a guest VLAN config that I partly cargo-culted with numerous steps in Luci years ago, largely based on a blog post, and that would be a pain to reconstruct on a new install.)

For techies whose households include non-techies, a little IDS/IPS could help keep some nasty traffic off your home Internet pipe, and I suppose that could now run alongside OpenWrt on some of the more powerful plastic boxes, or on a PC with the right WiFi devices/APs. (In addition to use of VLANs and routing to minimize damage from all the malware-infested devices, and also thinking "zero trust" for the techie stuff you run.)

replies(2): >>45175949 #>>45181177 #
tw04 ◴[09 Sep 25 00:30 UTC] No.45175949[source]
>I like to be able to run the router fanless.

You don't need a fan for OPNsense or pfSense? Plenty of folks running protectli boxes without a fan, they're one of the most popular platforms for both OS'

replies(1): >>45176039 #
gonzopancho ◴[09 Sep 25 00:40 UTC] No.45176039[source]
the entire desktop line from Netgate is fanless.
replies(1): >>45177406 #
brirec ◴[09 Sep 25 04:28 UTC] No.45177406[source]
Netgate are _terrible_ at open source, though — they’re shit at accepting contributions, they’re shit at providing attribution, and they’re shit at providing any support whatsoever to anyone who prefers other hardware (even with their paid software).

So I really can’t say I recommend their hardware…

replies(1): >>45177717 #
gonzopancho ◴[09 Sep 25 05:23 UTC] No.45177717[source]
I ask that you provide evidence of your assertions:

- they’re shit at accepting contributions

- they’re shit at providing attribution

- they’re shit at providing any support whatsoever to anyone who prefers other hardware (even with their paid software).

In addition to pfSense (which is what I think you're criticizing) and all of its open source, we're upstreaming things to FreeBSD and fd.io VPP

Try this on a fresh copy of FreeBSD 'src':

% git log --first-parent --since="1 year" | sed -E 's/\^.*Sponsored.\[Bb\]y:\[\[:space:\]\]*//p' | grep -i Sponsored | sed -E 's/.*\[Ss\]ponsored\ \[Bb\]y://' | awk '{$1=$1};1' | sort | uniq -c | sort -rn | head

or for VPP, look here:

https://www.stackalytics.io/unaffiliated?module=github.com/f...

replies(1): >>45177806 #
CursedSilicon ◴[09 Sep 25 05:36 UTC] No.45177806[source]
Well there was that time you guys paid that absolute nutjob to write a 60,000 line of code disaster Wireguard client. Which you then shipped to customers and tried to force-commit to the FreeBSD project because you wanted a marketing advantage

https://arstechnica.com/gadgets/2021/03/buffer-overruns-lice...

replies(1): >>45177823 #
gonzopancho[dead post] ◴[09 Sep 25 05:40 UTC] No.45177823[source]
[flagged]
CursedSilicon ◴[09 Sep 25 05:57 UTC] No.45177956[source]
Weird flex of a comment after y'all got dragged (deservedly) for hiring Matthew Macy. But I guess we'll just have to agree to disagree
replies(1): >>45178021 #
gonzopancho ◴[09 Sep 25 06:06 UTC] No.45178021[source]
yes, I contracted with Matt Macy, and I'd do it again, but he's well-employed now.

Funny how you didn't complain about his current employment at AWS, or his previous work at iX Systems (trueNAS, primarily responsible for the port of ZFS on Linux to FreeBSD) or the fact that the whole epoch based reclamation in the FreeBSD kernel is based on his work.

replies(1): >>45178046 #
1. CursedSilicon ◴[09 Sep 25 06:11 UTC] No.45178046[source]
I'm sure the LKML will enjoy his commits just as much as FreeBSD did
replies(1): >>45178105 #
2. gonzopancho ◴[09 Sep 25 06:20 UTC] No.45178105[source]
yes, I'm sure that FreeBSD actually does enjoy all of his work on OpenZFS and epoch-based reclamation.
replies(1): >>45178183 #
3. CursedSilicon ◴[09 Sep 25 06:28 UTC] No.45178183[source]
No wonder y'all are pivoting to Linux I suppose :)

Also you should stop editing your comments after they're replied to. It makes it awfully confusing

replies(1): >>45178492 #
4. gonzopancho ◴[09 Sep 25 07:03 UTC] No.45178492{3}[source]
We already have a linux-based product (TNSR).

Bringing that tech stack to a firewall is a logical move.