I prefer to run higher quality wifi access points (AP) than the all in one type routers. My current router is X86 based running Linux Nftables on bare metal and Bind9 and Kea as well as some other services in Docker on a VM.

My house is reasonably large,single level, so I run 2 wifi APs connected via Ethernet for better overall coverage. The AP Ethernet connection is a technically better simpler solution that so call Mesh wifi, which effectively are wifi repeater solution. The modern mesh solutions tend to use a separate mesh radio band for the interconnection which is more performance than the old fashion in band AP range extenders that were in band. The AP Ethernet solution generally has the best performance in terms of latency and reliability compared to any wifi solution. Ethernet speed is also usually much more reliable and ultimately faster, although this depends upon the equipment. Also this solution was available many years before the “Mesh router solutions” were popularized. The biggest reason the Mesh Wifi routers are popular is they to not need ethernet cables to be run. They can simply be placed and powered from local power connectors.

Wifi performance is generally oversold. For example, a 3200Mb/s connection 5GHz ac connection is the best theoretical band width real life speeds are normally much lower. Also wifi bandwidth is shared between clients, so if you have 2 clients using the 5GHz ac the theoretical 3200Mb/s is more likely to be maximum 1600Mb/s. The wifi speed is also very sensitive to distance between the wifi router and the client and any walls in between. The wifi speed is also very sensitive to radio interference, in particular from other neighboring wifi routers in dense urban areas. I use to turn on my microwave oven and my wifi 2.4GHz connection would drop out! The actual achievable speeds are more complex than this, however the key point is that the advertised speeds are very-very optimistic.

Ultimately, what is important is the actual performance is the wifi system is satisfactory. I have tried to help improve performance by moving as many as reasonably possible services to wired Ethernet, there by reducing bandwidth used on wifi and the use of 2 wireless access points connect upstream via Ethernet, which gives better wifi radio coverage and helps share wifi radio bandwidth.

The current access points are Netgate WAX206. They only went on sale circa 2021 and went end of life early 2025, I am disappointed with Netgear for such a short support period. Strangely the less featureful and powerful WAX202 still seems for sale at Netgear as of writing March 2025. The WAX206 has a dual core aarch64_cortx-A53 running at up to 1350MHz, with 256MB NAND Flash and 512MB RAM. It has 4 x 1Gbit ethernet ports and 1 x 2.5Gbit ethernet port. The WAX206 does not have a USB port. There is a currently supported OpenWRT Techdata: NETGEAR WAX206 operating system solution for this wifi router.

My old wifi access points from 2014 were EX6200 – AC1200 Dual Band WiFi Range Extender gave me good service until I updated in 2022 to the WAX 206 units. The EX6200V1 has has a dual core aarch64_cortx-A53 running at up to 800MHz, with 8MB NAND Flash and 128MB RAM. It has 5 x 1Gbit ethernet ports. It has 1 x USB 3.0 port. Only having 8MB flash capacity reduces the 3rd party opensource operating systems available. openWRT does not have a solution and dd-wrt only has a limited solution.

I always setup my Wifi Routers as Wifi Access Points (AP) using an Ethernet uplink only, also know as “Dump AP” or “Bridged AP”. Effectively the AP becomes an extension of my LAN and all the providing the Wifi functionality, all DNS, DHCP, firewalling, NAT functions occur in the upstream Ethernet wired Router.

802.11r is fast transition from one AP to another in the same mobility domain (i.e. faster authentication when you roam from one AP to another) 802.11k/v is band steering (i.e. help the client device to find a nearby AP that it would consider roaming to or “stimulate” a device to roam if an AP is saturated)

default /etc/config/uhttpd

config uhttpd 'main'
	list listen_http '0.0.0.0:80'
	list listen_http '[::]:80'
	list listen_https '0.0.0.0:443'
	list listen_https '[::]:443'
	option redirect_https '0'
	option home '/www'
	option rfc1918_filter '1'
	option max_requests '3'
	option max_connections '100'
	option cert '/etc/uhttpd.crt'
	option key '/etc/uhttpd.key'
	option cgi_prefix '/cgi-bin'
	list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
	option script_timeout '60'
	option network_timeout '30'
	option http_keepalive '20'
	option tcp_keepalive '1'
	option ubus_prefix '/ubus'

config cert 'defaults'
	option days '397'
	option key_type 'ec'
	option bits '2048'
	option ec_curve 'P-256'
	option country 'ZZ'
	option state 'Somewhere'
	option location 'Unknown'
	option commonname 'OpenWrt'

I copy my main '*.local.kptree.net' cer/crt and key files from LetsEncrypt to the openWRT machines /etc/uhttpd.crt and key files using 'scp' from the machine remote to the openWRT machines. Install sftp-server with opkg update and opkg install openssh-sftp-server.

• scp .config/certificates/'*.local.kptree.net.key' root@wifi-ap1.local.kptree.net:/etc/uhttpd.key to copy across the key
• scp .config/certificates/'*.local.kptree.net.cer' root@wifi-ap1.local.kptree.net:/etc/uhttpd.crt to copy across the certificate

I have a separate script that extracts the various certificates key from Traefik combined certificate file that I need to use on my mail server, that is mentioned elsewhere on my wiki.

• OneMarcFifty, Youtube CHEAP WI-FI MESH ALTERNATIVE with fast roaming OpenWrt Wi-Fi Access points, Github cheatsheets/OpenWrt
• OpenWRT
  • Netgear WAX206
  • https://forum.openwrt.org/t/wax206-newbie-advice/213085
  • Wi-Fi Extender/Repeater with Bridged AP over Ethernet
  • SSH access for newcomers
  • get rid of https certificate warnings

dd-wrt, Transform the NETGEAR EX6200 into a Wi-Fi Router with DD-WRT Flint 2 Wifi 6 Router