Common security practices are to keep a router for as long as it’s receiving security patches. Once it’s EOL, then replace it.
I have a Gl.iNet router using the latest firmware that just released recently. However, the router is based on OpenWRT and is running v21.02 when the latest OpenWRT official version is 24.10.3. On OpenWRT’s website v21.02 is considered EOL.
So should this router be considered EOL? Should the whole company not be worth buying from since everything sold is immediately EOL? I don’t understand enough about cyber security to know how significant the jump is from v21.02 to v24.10.3.
PS. I know these routers can be flashed with straight OpenWRT but this is for the sake of my thought experiment.
Okay, that makes sense. I do have another router with OpenWRT that I’m learning. Once comfortable enough I’ll switch it over.
some router have some features that are not in openwrt. like (hard) speed limits per device and some other management apps. they are not magic apps married to hardware and if someone wanted he is free too create them in openwrt himself.
but if you don’t need any of those niche apps(features) then going to openwrt (if your device is officially supported) makes a lot of sense.
if you use premade images from openwrt (I make images with their image builder) there is not much of learning curse besides some jargon (sysupdate, binray, repo).
in last years I used openwrt and then added the apps that I usually install on it after an upgraede and just make an image and upload that to device. but that is in the future and is not noob way to do it (it is not hard but it is not just click-and-done)
one of the reason that I went that way was because the default image didn’t include webui (you heard that right) because of size constraints and wifi was disabled by default (for security so that user had to enable it and add custom password).
now those steps are included in official image.