Asuswrt-Merlin vs DD-WRT

Last Updated on February 18, 2018 by Dave Farquhar

I’ve been using DD-WRT for years, but a friend convinced me to try Asuswrt-Merlin and now I’m a convert. DD-WRT is still my second favorite solution, but here’s why I favor Asuswrt-Merlin vs DD-WRT.

Security

Asuswrt-Merlin vs DD-WRT
Asuswrt-Merlin only runs on Asus routers but offers some compelling advantages over DD-WRT.

Asuswrt-Merlin releases regular updates with changelogs so you can verify the latest security fixes are present. DD-WRT also gets regular updates, but from what I can tell, those security fixes aren’t necessarily always there.

The other nice thing about Asuswrt-Merlin is there are some insecure options for configuring it that just aren’t there in the user interface. DD-WRT gives you freedom to make bad choices that Merlin doesn’t.

Advantage: Asuswrt-Merlin

Active development

I wouldn’t say DD-WRT is abandoned, but there aren’t as many developers working on it anymore. Merlin is by and large the work of one person, but he’s enhancing work that Asus is doing.

Advantage: Asuswrt-Merlin

Capability

Asuswrt-Merlin doesn’t try to replicate all of DD-WRT’s functionality. It builds on the functionality Asus gives by default but doesn’t have all the capabilities of DD-WRT running on a comparable high-end router. (It has everything DD-WRT has when running on an older router, however.) It has the major functionality, but one example is that DD-WRT has an ad blocker that Merlin lacks. Bandwidth tracking is another, which could get rather important in coming years if data caps become more common.

You probably won’t use everything DD-WRT offers. But there may be one or two things DD-WRT does that Merlin won’t that you’ll value.

Advantage: DD-WRT

Multiple Internet connections

Asuswrt-Merlin does have one capability that DD-WRT lacks. You can configure it to allow you to plug in two ISP uplinks and load balance them or use one for backup. You won’t need this option often, but when you need it, you’ll need it badly.

Advantage: Asuswrt-Merlin

Compatibility

Asuswrt-Merlin runs on nine routers made by Asus: the RT-AC3100, RT-AC3200, RT-AC5300, RT-AC56U, RT-AC66U, RT-AC68U, RT-AC87U, RT-AC88U, and RT-N66U. Supposedly there are some routers made by other companies that are similar enough to Asus that you can coax the right version of Merlin to run on those as well, but some of the proprietary software in Merlin is only licensed for Asus hardware, so you’re breaking the law if you do.

Some people will do that anyway, but information on what runs is going to be harder to find, regardless.

It’s also noteworthy that the Asus routers that Merlin runs on are expensive. The cheapest Merlin-capable router I can find as of this writing is about $80.

DD-WRT doesn’t run on everything, but it does run on hundreds of devices, new and old. And it has no legal encumberances, at least from a copyright standpoint. If it loads and runs, it’s legal. The FCC may or may not have something to say on that, but we’ll have to see. It will depend on whether the post-2016 FCC values deregulation or law and order more highly. Right now that’s impossible to predict.

But anyway, if you don’t have $80, you can probably find a used router for $5 at a thrift store that can run DD-WRT. It might even be capable of 802.11n. And you can have it both ways: Buy a Merlin router to use as your main gateway/firewall, then use one or more cheap DD-WRT boxes as access points to extend the network in dead spaces in your house. You can get a $5 thrift-store router, or get a TP-Link TL-WR841n.

Advantage: DD-WRT

Conclusion

I favor Merlin due to security. DD-WRT’s strengths are worth something, but overall I’m a lot more comfortable plugging something running Merlin into the hostile Internet. That said, I’m perfectly fine with running DD-WRT inside my firewall as an access point. Many Asus routers have multiple antennas, but it will usually be cheaper and more effective to add a DD-WRT access point if you can get an Ethernet cable close to the dead spot and plug it in.

I’ve been using DD-WRT since 2007, but it’s my second favorite now. I love the idea of all those discarded routers in thrift stores seeing second life as DD-WRT access points, but the security guy in me would be even more thrilled to see every home running Merlin as its primary router. That would improve Internet security dramatically.

I have recommended settings for both. My recommended DD-WRT settings page is one of the most popular things I ever wrote. My recommended RT-AC66U settings page also applies to any router running Merlin. Whichever option you choose, I hope you’ll check those pages out.

If you found this post informative or helpful, please share it!

5 thoughts on “Asuswrt-Merlin vs DD-WRT

  • December 19, 2016 at 10:37 am
    Permalink

    One thing I do like DD-WRT for is setting up a guest access point. I use a separate Wi-Fi router for my guest network, and then set Open DNS’ family filtering DNS servers up on it. I then block any outgoing requests for DNS from the LAN to the WAN via a firewall rule. By only allowing access to the DNS socket on the router, I prevent any guest from using a DNS server other than what I want. This might be a bit of an overkill for most, but by using the family filtering DNS servers from Open DNS I can help block a lot of unsafe sites that guest may either accidentally visit or intentionally visit.

  • May 10, 2017 at 11:50 am
    Permalink

    “Asuswrt-Merlin does have one capability that DD-WRT lacks. You can configure it to allow you to plug in two ISP uplinks and load balance them or use one for backup.”

    Technically you can hook up as many ISP uplinks as you have ports, minus one if you actually want to use them — vlans can be set up that separate each physical port into its own vlan (in fact, many WAN interfaces are just the 6th port of the switch, assigned to WAN via a vlan). This will give you vlan{X} interfaces you can manage via SSH (vlan0 to vlan15 I believe), and you can specify iptables rules for forwarding between them. Yes, you can specify dhcpd/dnsmasq options for which interface should have DHCP and DNS listening, etc.

    Routing between them may not be automatic, but you can always write a script which will prioritize one over the other, test conditions, alter the routing table accordingly etc.

    Granted, this isn’t easily exposed via the WebUI.

    • May 25, 2017 at 1:13 pm
      Permalink

      Sorry this comment got caught in a spam trap. Thank you very much for the comment, it’s very helpful.

  • July 17, 2017 at 1:20 pm
    Permalink

    Good review. Thinking about installing it, but I just spend 2 hours configuring home network with default setup, I’m afraid I might have to re-do it if I upgrade to Asuswrt-

    • July 17, 2017 at 2:43 pm
      Permalink

      The settings may carry over but I wouldn’t count on it. I would suggest you go through your existing router configuration and take screenshots of each section, then upgrade and re-enter. Give yourself a little time but I don’t think it will take 2 hours to redo.

Comments are closed.