Wireless routers often need frequent firmware updates to keep them secure. They often function as a gateway to your home or small office network so making sure that they are well protected is essential. Most people opt to replace them every few years because news ones supposedly provide “better signal” or more features, especially after the manufacturer abandons the product and stops keeping firmware updates.
Once a network device stops receiving updates, it slowly (or quickly, depending on how you look at it) turns into a security hole inviting hackers to access your local network. Malicious robots often scan whole residential IP blocks to identify outdated products and use them to send spam or invade the local network behind them. Installing a new firmware on a router fixes security holes and adds new features at the same time, essentially supercharging old hardware.
Disclaimer: Remember that these projects are all ran by volunteers and come without any kind of warranty so don’t try this on any network appliance that you’re not prepared to lose.
Open firmware projects
There are a couple of Linux-based open-source firmwares that can be installed on these routers, mitigating most – if not all – security issues and adding new features at the same time. They receive frequent updates and a whole community is working on them to improve their security and reliability.
Many of these firmware products will run happily on any Linksys, Asus or Netgear routers extending the useful life of these products and reducing e-waste at the same time. Most residential installations benefit greatly by having multiple access points or routers at strategic locations (more on this later).
Here is a list of popular open-source firmware projects for wireless routers:
- OpenWRT – https://openwrt.org
- DD-Wrt – https://dd-wrt.com
- Tomato – https://www.polarcloud.com/tomato
Wireless Routers vs. Access Points (APs)
While sometimes these terms are used interchangeably, they are different things. Wireless Routers provide more features than Access Points, most importantly they can act as a gateway to the Internet using NAT (Network Address Translation), while Access Points simply provide a way to connect WIFI clients like your phone or a laptop with wifi connectivity to a wired network.
From a physical perspective, APs generally have one wired connectivity option (one RJ45 plug to connect the network cable) and Routers have a built-in network switch with 4-8 ports for local network connectivity (LAN) and one or sometimes two ports (in case of dual-wan routers) to connect them to the internet.
With the increased demand for high-speed connectivity, it’s better to have gigabit-capable ports on these devices, otherwise connectivity will be limited to 100MBit/s. For comparison, a 4K Netflix stream is using about 25MBit/s so it’s still plenty of bandwidth but copying files and having multiple users on the same network greatly benefit from GBit (1000MBit/s) connectivity.
Hardware support
Different wifi routers have different hardware inside them and manufacturers rarely provide complete technical documentation on their products. The open-source community did a lot to painstakingly reverse engineer hardware and provide support for different wifi products. It’s a good idea to research open-source hardware support before buying a router nowadays – sometimes manufacturers market them by having Linux support and even publish the source code for their firmware, the old venerable Linksys WRT54GL was one of the first ones to feature Linux support and quickly become hit among enthusiasts.
Each one of the open-source firmware providers publishes a supported hardware list that you should consult before picking a firmware. Sometimes support varies between different hardware revisions of the same model, so in addition to the Brand / Model number, the hardware revision should be checked, too.
How to choose which firmware to install
Among the three main firmware projects, each one has different priorities and different supported devices so the first step should be consulting their web-pages for hardware support information.
OpenWRT is the oldest of them all, with endless customization options and great hardware support but complex settings and installation steps may be overly complicated for the casual user. It is very stable and runs reliably for a long time without restarts. Depending on the amount of memory in the router it supports over 3000 extension packages. Its features include Ad-blockers, OpenVPN connectivity, DNS encryption, Guest network support among others. It receives frequent security updates and by default, it’s completely secure without any backdoors, default passwords, or needless services. Each of its standardized modules receives testing by the community, created by the community of volunteers, for free. The supported hardware list can be found at this page: https://openwrt.org/toh/start
DD-WRT is based on OpenWRT and includes most of its features in a simpler package. Its installation and management is a lot simpler and it’s a great choice for someone with less experience in setting up networking gear. Supported devices include routers from hundreds of manufacturers, the complete list is available here: https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices. According to the latest instructions on their page, it’s best to check the latest firmware for up-to-date hardware support information. Each one of the supported brands often has a dedicated forum page where that can be used to get the latest news on firmware support for various devices here: https://forum.dd-wrt.com/phpBB2/index.php
Tomato is a community developed open-source firmware based on the now outdated HyperWRT package that was originally available for the Linksys WRT54G family of routers. It’s very lightweight and known for its capabilities to real-time network monitoring and ease of use. Hardware supported is limited to routers with Broadcom chipsets, including routers from Linksys, Buffalo, and Asus.
Installation
The first step of installing a new firmware is double-checking the router model and hardware version and making sure that the chosen firmware flavour supports it. Then checking it again. Installing the wrong firmware can and will completely brick your router rendering it into a paperweight with limited options for recovery so always proceed with caution. It’s a good idea to factory reset the router before going any further.
It’s best to do firmware upgrades over cable to avoid any possible wifi issues. If it’s the only router that provides internet in your location remember that having backup connectivity to consult forum posts and search for solutions is essential should something go wrong with the upgrade. In some cases (OpenWRT) wifi will be completely disabled for security until keys are set up so a cable connection is essential.
Always read the manual attached to the firmware image and read all the installation steps BEFORE proceeding with the upgrade. Most of the time it’s simply a matter of logging in into the router’s original firmware, finding the firmware upgrade option, and uploading the new – previously downloaded and checked – firmware. In some cases, you should downgrade the original firmware to a previous version due to bugs and there may be different firmware images available depending on the current firmware options on the specific router.
Prepare to go offline until the router upgrade is complete. Have a backup connection and/or download all the possible manuals, recovery images before starting the upgrade.
Upgrading the router firmware will reset network settings. Once the router is rebooted into the new firmware, your computer’s network settings will need to be refreshed by either doing a DHCP release or simply rebooting the computer. After this, the router should be accessible from the browser using its new IP address, possibly something like this: http://192.168.1.1. Only then you’ll be able to complete the network setup, configure your internet settings and start using it.
How to get help if it doesn’t work
There are basic troubleshooting steps if upgrading didn’t work. Some of the routers will go into an emergency mode and can be re-flashed using a TFTP server, some can simply be reset by rebooting and pressing the little reset button on the router itself, some need hardware modifications to fix them. It can also happen that the firmware upgrade simply failed and the router booted into the original firmware.
Consult the manuals and read on the possible recovery procedures in advance, to have some sort of safety net in case of the upgrade going south. If nothing else works, you can also consult the forums and run a search because someone else must have already had a similar problem before.
Issues with firmware upgrades are rare if you properly follow all the installation steps and there is always a chance of successful recovery by consulting the vendor’s website and its forums.