Own Your Router with Open-Source Firmware

Earlier this month, the FCC banned all new foreign-made routers. A National Security determination warned that compromised routers "can enable in-depth network surveillance, data exfiltration, botnet attacks, and unauthorized access to U.S. government or American businesses’ networks.".

A little funny considering that most people in the U.S rent routers that behave similarly. Internet service providers encourage customers to use their routers, which are locked down with proprietary firmware. This enables them to monitor your internet usage, open up your network as a public hotspot, or use WiFi sensing to detect who's in your house.

It seems we already have enough to worry about at home, and lots of reasons to own our routers. I had the pleasure of chatting with Daniel — an experienced open‑source networking engineer. Regaled by his deep knowledge of Wi‑Fi firmware, open‑source router projects, and mesh networks I asked him for a short interview. The interview will dive into the future of open‑source networking, practical advice for home‑router users, and the changes he believes are needed to give users more control over their own connectivity.

Hakeem: Could you give a quick overview of your background?

Daniel:
I started out dealing with small IoT devices during university. That was right when the first cheap Linux‑based Wi‑Fi routers became visible as hackable boxes. Before that they ran real‑time OSes and were basically opaque appliances. Seeing them become Linux computers sparked my interest in what else could be done with them – not just networking, but attaching displays, home‑automation, etc. That curiosity led me into the open‑source ecosystems around networking appliances. [1]

Sidenote:

• IoT (Internet of Things): Network‑connected devices (sensors, appliances, etc.) that collect and exchange data. Important because they were the first “smart” devices many engineers tinkered with.

Hakeem: What are the most popular software projects people should look into?

Daniel:
Definitely start with the networking operating systems. Projects like OpenWrt, OpnSense and other Linux- or BSD‑based open-source router operating systems are great learning tools. [1]

Footnote:

• OpenWrt (Linux Based) / OpnSense (BSD Based): Free Open‑source software projects that replace a router’s stock software, giving full control over the device, security updates, and extensibility.

Hakeem: Why would someone replace the vendor’s firmware with something like OpenWrt?

Daniel:
The main reason is longevity. Vendors usually support a router for only a year or two, then stop releasing firmware updates. When a security flaw or a new protocol appears, the unpatched router becomes vulnerable or dysfunctional. The hardware can often run for eight years or more, but the firmware stops being maintained. Open‑source projects keep the firmware alive and secure long after the vendor has moved on. [1]

Footnote:

• Firmware: Low‑level software that runs on hardware (e.g., a router) and controls its basic functions. Updating firmware can fix bugs and add features.

Hakeem: How do open‑source groups manage to provide ongoing updates?

Daniel:
Because they’ve become the industry de‑facto standard. Many manufacturers ship routers that are essentially a modified OpenWrt image with a vendor‑specific UI on top. Chip vendors (Qualcomm, MediaTek etc.) provide OpenWrt‑based SDKs to board designers, so the reference implementation is already there. By the GPL license they must release source code. This is helpful for visibilty, but the sourcecode itself is not used by the OpenWrt community who maintain a single unified source tree instead of individual source trees of two-thousand devices they support. Also the code quality for firmware is typically bad, except for GL.iNet, Teltonika, and ASUSWrt, which are primarily based on OpenWrt.

Footnote:

• GPL (GNU General Public License): A copyleft license requiring that any distributed derivative work also provide its source code. Forces vendors to share code enabling visibility.
• SDK (Software Development Kit): A set of tools and libraries that help developers build software for a specific hardware platform.

Hakeem: What about features like adaptive transmit power?

Daniel:
Those are still largely theoretical. The driver side might have hooks, but the firmware has to actually use them. For older Wi‑Fi standards (e.g., 802.11n), some experimental open source implementations exist, but they’re limited to around 200 Mbps. That’s enough for a single user in a room, but not for dense campus‑scale deployments where you need higher efficiency. [1]

Footnote:

• Adaptive transmit power: Dynamically adjusting a radio’s output power to reduce interference and improve efficiency. Important for large‑scale Wi‑Fi deployments, but rarely exposed in consumer firmware.

Hakeem: What's the history of 2.4 GHz WiFI, did it really come from microwaves and was that on purpose? How can we use WiFi safely at home?

Ghost: The 2.4 GHz band was originally allocated to industrial, scientific and medical (ISM) equipment. When microwave heating became a thing, the American delegation proposed the establishment of the ISM bands at the International Telecommunications Conference of the ITU in Atlantic City in 1947. In the decades after that, regulators supposedly measured the radio‑frequency emissions microwave ovens produced and set a maximum allowable power (500 mW in the US) for unlicensed devices in that band. Because the spectrum was “free” to use without a radio licence, it became an attractive window for low‑cost data radios, giving birth to Bluetooth, Wi‑Fi, garage‑door openers, baby monitors, etc.

From a safety standpoint, Wi‑Fi signals behave like light: the exposure drops with the square of the distance (doubling the distance reduces exposure to one‑eighth). The main practical safety tip is to keep routers at a reasonable distance from where people sit or sleep and, if possible, lower the transmit power. Most routers ship with the highest power setting enabled by default, even when it isn’t needed, and they broadcast beacons every 50 ms, creating continuous low‑level RF exposure. Reducing power or beacon frequency can meaningfully lessen that exposure while still providing adequate coverage; lower power can sometimes even better result in performance.

Hakeem: If someone wants to get started today with their own Wi‑Fi setup, what equipment or research should they look at?

Daniel:
Start with the OpenWrt supported devices list. Router reviews often focus on brand and high‑level specs, not the actual SoC, radio, RAM, or Ethernet chipset. Use resources like the OpenWrt Wiki, the old WikiDevi (mirrored) and its successor Devi Wiki to see detailed hardware specs. Some vendors (e.g., GL.iNet, ASUS) ship devices with OpenWrt pre‑installed, which makes flashing easy. [1]

Footnote:

• SoC (System on a Chip): Integrated circuit that combines CPU, GPU, memory, and radio components. Determines a router’s performance and capabilities.
• WikiDevi / Devi Wiki: Community‑maintained hardware databases that list detailed specifications of routers and other embedded devices.

Hakeem: Any specific router recommendations?

Daniel:
GL.iNet devices are very user‑friendly; they have a built‑in VPN wizard, unlike vanilla OpenWrt where you have to configure everything manually. Devices based on MediaTek chips tend to have good OpenWrt support. The OpenWrt “One” access point (a compact aluminum unit) is also a solid choice—it runs a minimal MediaTek firmware and supports Wi‑Fi 6 off‑loading for gigabit throughput. [1]

Footnote:

• VPN (Virtual Private Network) wizard: A UI that simplifies setting up a secure tunnel to another network, useful for privacy and remote access.
• Wi‑Fi 6 (802.11ax): The latest Wi‑Fi standard offering higher speeds, better efficiency, and support for more simultaneous devices.

Hakeem: What about running your own DNS resolver?

Daniel:
It’s a great way to boost resilience and privacy. Running something like Unbound on your router lets you bypass ISP DNS filtering and perform local ad‑blocking at the DNS level. Reducing unnecessary traffic also saves power on devices. [1]

Footnote:

• DNS resolver: Software that translates domain names (e.g., www.example.com) into IP addresses. Running your own (e.g., Unbound) gives you control over what queries are answered and can block ads or trackers.

Hakeem: How active are chip vendors in the OpenWrt driver ecosystem?

Daniel:
Very active. You can see their contributions directly in the commit logs (email addresses, patches). That tells you the drivers are well‑maintained, which is crucial for a stable, user‑controlled router. [1]

Footnote:

• Driver: Software that allows the operating system to communicate with hardware components (e.g., Wi‑Fi radios). Up‑to‑date drivers ensure performance and security.

Hakeem: Do you think regional Wi‑Fi mesh networks could replace traditional ISPs as a public utility?

Daniel:
Unlikely now compared to a decade ago. Most homes get a triple‑play bundle where the ISP provides a remotely‑managed router (often with Secure Boot). That hardware is owned and controlled by the ISP, making it hard for citizens to take over in a crisis. Ten years ago, users more often bought their own routers and could flash them freely. Ownership makes a big difference in licensing and control. [1]

Footnote:

• Secure Boot: A firmware feature that only allows signed (trusted) software to run, preventing unauthorized firmware from loading. It can lock users out of installing custom firmware.

Hakeem: What about privacy concerns like Apple or Google collecting MAC addresses of all devices on a Wi‑Fi network?

Daniel:
There’s not much you can do; Wi‑Fi inherently exposes MAC addresses to other devices on the same network. You can randomize your client’s MAC address and periodically change your AP’s MAC and SSID, but the location‑service giants mainly care about the AP’s MAC to triangulate users. Most mainsteam Android ROMs do this on the client side, but otherwise the exposure is baked into the protocol. [1]

Footnote:

• MAC address: A unique hardware identifier for network interfaces. Used by Wi‑Fi devices to identify each other, but can be used for tracking.

Hakeem: Anything else you’d like to share or promote?

Daniel:
Just a reminder that using a router with OpenWrt (or a vendor that ships it ready‑to‑go) is far better than staying with ISP‑provided stock firmware, both for privacy and performance. Education and accessible hardware are the keys to a healthier internet ecosystem. [1]

Conclusion

With countries cracking down on the routers you can use, now is the time to own your router. You can protect all the devices in your home in one go, and you set the stage for future expansion of home-run servers.

Like this article?

Share us with your friends:
https://tbot.substack.com