Asuswrt-Merlin vs DD-WRT

I’ve been using DD-WRT for years, but a friend convinced me to try Asuswrt-Merlin and now I’m a convert. DD-WRT is still my second favorite solution, but here’s why I favor Asuswrt-Merlin vs DD-WRT.

Security

Asuswrt-Merlin releases regular updates with changelogs so you can verify the latest security fixes are present. DD-WRT also gets regular updates, but from what I can tell, those security fixes aren’t necessarily always there.

The other nice thing about Asuswrt-Merlin is there are some insecure options for configuring it that just aren’t there in the user interface. DD-WRT gives you freedom to make bad choices that Merlin doesn’t.

Advantage: Asuswrt-Merlin

Active development

I wouldn’t say DD-WRT is abandoned, but there aren’t as many developers working on it anymore. Merlin is by and large the work of one person, but he’s enhancing work that Asus is doing.

Advantage: Asuswrt-Merlin

Capability

Asuswrt-Merlin doesn’t try to replicate all of DD-WRT’s functionality. It builds on the functionality Asus gives by default but doesn’t have all the capabilities of DD-WRT running on a comparable high-end router. (It has everything DD-WRT has when running on an older router, however.) It has the major functionality, but one example is that DD-WRT has an ad blocker that Merlin lacks. Bandwidth tracking is another, which could get rather important in coming years if data caps become more common.

You probably won’t use everything DD-WRT offers. But there may be one or two things DD-WRT does that Merlin won’t that you’ll value.

Advantage: DD-WRT

Multiple Internet connections

Asuswrt-Merlin does have one capability that DD-WRT lacks. You can configure it to allow you to plug in two ISP uplinks and load balance them or use one for backup. You won’t need this option often, but when you need it, you’ll need it badly.

Advantage: Asuswrt-Merlin

Compatibility

Asuswrt-Merlin runs on nine routers made by Asus: the RT-AC3100, RT-AC3200, RT-AC5300, RT-AC56U, RT-AC66U, RT-AC68U, RT-AC87U, RT-AC88U, and RT-N66U. Supposedly there are some routers made by other companies that are similar enough to Asus that you can coax the right version of Merlin to run on those as well, but some of the proprietary software in Merlin is only licensed for Asus hardware, so you’re breaking the law if you do.

Some people will do that anyway, but information on what runs is going to be harder to find, regardless.

It’s also noteworthy that the Asus routers that Merlin runs on are expensive. The cheapest Merlin-capable router I can find as of this writing is about $80.

DD-WRT doesn’t run on everything, but it does run on hundreds of devices, new and old. And it has no legal encumberances, at least from a copyright standpoint. If it loads and runs, it’s legal. The FCC may or may not have something to say on that, but we’ll have to see. It will depend on whether the post-2016 FCC values deregulation or law and order more highly. Right now that’s impossible to predict.

But anyway, if you don’t have $80, you can probably find a used router for $5 at a thrift store that can run DD-WRT. It might even be capable of 802.11n. And you can have it both ways: Buy a Merlin router to use as your main gateway/firewall, then use one or more cheap DD-WRT boxes as access points to extend the network in dead spaces in your house. You can get a $5 thrift-store router, or get a TP-Link TL-WR841n.

Advantage: DD-WRT

Conclusion

I favor Merlin due to security. DD-WRT’s strengths are worth something, but overall I’m a lot more comfortable plugging something running Merlin into the hostile Internet. That said, I’m perfectly fine with running DD-WRT inside my firewall as an access point. Many Asus routers have multiple antennas, but it will usually be cheaper and more effective to add a DD-WRT access point if you can get an Ethernet cable close to the dead spot and plug it in.

I’ve been using DD-WRT since 2007, but it’s my second favorite now. I love the idea of all those discarded routers in thrift stores seeing second life as DD-WRT access points, but the security guy in me would be even more thrilled to see every home running Merlin as its primary router. That would improve Internet security dramatically.

I have recommended settings for both. My recommended DD-WRT settings page is one of the most popular things I ever wrote. My recommended RT-AC66U settings page also applies to any router running Merlin. Whichever option you choose, I hope you’ll check those pages out.

One thought on “Asuswrt-Merlin vs DD-WRT”

  1. One thing I do like DD-WRT for is setting up a guest access point. I use a separate Wi-Fi router for my guest network, and then set Open DNS’ family filtering DNS servers up on it. I then block any outgoing requests for DNS from the LAN to the WAN via a firewall rule. By only allowing access to the DNS socket on the router, I prevent any guest from using a DNS server other than what I want. This might be a bit of an overkill for most, but by using the family filtering DNS servers from Open DNS I can help block a lot of unsafe sites that guest may either accidentally visit or intentionally visit.

Leave a Reply