What's new

BUY - Asus RT-AC3200 vs RT-AC86U vs Netgear R8000 - Stock vs Merlin vs Tomato vs DD-WRT vs OpenWRT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here
Hi to all!
This is my first posting, so hello to everyone in this forum!
I don't want to shock you all, but sadly i already need quite a bit of help..

I am sorry for asking this many questions, I am not someone who asks for help easily, but i am lost.. I cant afford to waste this much money on a wrong device, and i am on time pressure to decide and buy..

I am soon about to switch from cable 200/20 to a VDSL2/Vectoring line, and i need to get a router. I don't want the ISPs AVM FritzBox, but a router with a feature rich stock FW, AND support for a stable, even more feature rich custom firmware (That is still manageable and learn-able for an interested and motivated novice).

I have basic knowledge of network tech, with even less linux knowledge. At least i know some Linux + networking + ssh stuff from my QNAP NAS, so i am not totally new to the topic. But i also don't have the time to truly master those topics, so i would need a router + FW that is manageable mostly by web-gui, and not SSH/console.

After dozens of hours of research on routers and the custom firmware ecosystems, i am still a bit confused. But i have learned much, and with the help of the forum, extended googling and the forum buying guides i filtered out most devices and options.

But now I need your help to make a final decision.

What FW concerns, i have pretty much made up my mind, apart from minor questions.

AsusWRT-Merlin and Tomato are my preferences so far. Both seem easy, stable and with all major features i need. DDWRT is said to be outdated AFAIK, and OpenWRT to be much less easy and aimed at professionals etc..

But here are my Questions:
Q1. Does Tomato support as much features as the "Merlin" Mod of the ASUSWRT FW? Especially those "must have" features i listed below?
Q2. VPN Client Speed: I suspect VPN client speed of native ASUS stock FW or Merlin mod would be superior to Tomato and DD-WRT + OpenWRT. Is this true? And will VPN speed benefit from the 2X1,8GHZ in the RT-AC86U?
Q3. AFAIK I need to connect the new VDSL2/Vectoring modem i get from my ISP with the WAN-port in the router; Is this correct?
Q4. Are there any known issues and bugs in the devices and their FWs listed below i need to know of?
Q5. I saw many ppl claiming in some months old threads that Tomato is dead now, and outdated anyway. Is this true, or is some sort of new and promising fork and maintainer on the horizon? So investing in a device with Tomato as primary FW in mind would still make sense?
Q6. Does Merlin support all the must have features i listed below?
Q7. I heard that the Broadcom chips are closed source. What effect does this have on DD-WRT+OpenWRT support for those 2 routers i listed below? Will Wifi work at all? Will it work, but with lower speed? Are the closed source drivers the reason why there is still no official stable and only beta DD-WRT release for the ASUS router?
Q8. Anyone here with the lasted news on DD-WRT and OpenWRT releases for the Asus RT-AC3200?
Q9. I read that OpenWRT is by far the most up to date CFW. But how do stock ASUS/Merlin + Tomato + DD-WRT compare in terms of security fixes, updates of packages and components, etc.?
Q10. Does the Merlin mod work with the ASUS android Remote app, or only with true stock Asus FW?
Q11. How likely is a future release of Tomato/DD-WRT/OpenWRT for the Asus RT-AC86U? OFC no one can say for sure, but what does your gut/experience with other ASUS routers tell you?
Q12. When buying one of the 3 devices in Germany, do i normally watch out for special versions, or are they all flash-able in all versions and revisions?
Has Merlin, normal ASUS WRT with VPN client in stock FW build in, and Tomato as option. Beta builds of DD-WRT, but no stable and no sign of continued development as far as i see.

1. ASUS - RT-AC86U - MERLIN --> Has Merlin, is most up to date (2017 instead of 2014) and 2X1,8GHZ + 256MB ROM + 512MB RAM. VPN Client in stock FW. Seems PERFECT, but no Tomato+DD-WRT or OpenWRT. But I guess VPN speed should benefit from the CPU?

Has Tomato but also the option to upgrade to DD-WRT or OpenWRT later on when i have more experience and time. Sadly no build in VPN client in stock. Those modded stock FWs on the myopenrouter site don't seem to be as cool as the Merlin mod for the ASUS.

So from what i can see, the ASUS routers would be better for me as long as Merlin does provide all needed requirements and features; But am i missing something?

I had also, besides many others, considered the Netgear R7800, but it has no Tomato or AsusWRT-Merlin port. I also checked the Linksys WRT1900ACS, but also no Tomato or Merlin, and i read it even has no proper Wifi in DD-WRT/OpenWRT.. So those options are not for me as far as i see..
Now on to the features i need supported. My Question here:
Q13. Would Merlin provide all must have features, so i don't necessarily need to use something as complex as openWRT? Or is Merlin missing one of the features? The list on the Merlin project website is not clear to me in some aspects, e.g. concerning TOR-routing or the VPN "killswitch" firewall feature, where all traffic is only routed through VPN.

-VPN Client with good performance
-VPN "Killswitch" firewall possible (via IPTables?) so Torrent traffic gets routed through VPN only
-"Selective routing" or "split tunneling" so i can set some devices to go through VPN and some not
-DDNS so i can connect to my Home Network when i am not at home from 4G Phone networks or other Dual Stack VDSL2 connections. Primary for accessing my NAS SMB Shares, Plex Server, Nextcloud Server on NAS, etc.
-Does not interfere or mess up: Plex+Emby Server on NAS/NUC/ShieldTV / Nextcloud on NAS / Torrenting on NAS+NUC+Router where ever VPN+Killswitch via IPtables firewall is possible / SMB network shares-Android Remote/Companion App like most stock FW routers now offer
-Torrent client

-Tor instead of VPN or VPN+Tor combined

I know those are MANY questions, but i am totally overwhelmed by this topic, and hope you can understand.

I appreciate every help, no matter how big or tiny!

Kind regards,


PS: Check the infos below for my Setup!

ISP: 1+1 / United Internet - Telekom Reseller
CONNECTION TYPE: VDSL2/Vectoring 50/10 with upgrade to 100/40 in the future.
DUAL STACK: Dual Stack Lite as default / But with option to get "normal" Dual Stack with full IPV4 instead of DSLite

DEVICES - WIRED - 1Gb/S: TV - LG 4K HDR 2017 LCD WebOS 3.5
DEVICES - WIRED - 1Gb/S: PC - Desktop Windows 10

DEVICES - WIFI N: Printer Canon Pixma MX725
DEVICES - WIFI N: Smart Home - Lights - Xiaomi Yeelight RGB Bulb V1
DEVICES - WIFI N: Smart Home - Lights - Xiaomi Yeelight RGB Bulb V1
DEVICES - WIFI N: Smart Home - Lights - Xiaomi Yeelight Smart Desk Lamp

DEVICES - WIFI AC: Phone Android - LG V20
DEVICES - WIFI AC: Phone Android - Xiaomi Mi4 LineageOS 14.1
Stele77, greetings. You'll probably receive plenty of replies, but you're requesting a large quantity of data on many points. Just have time just to give you a few points that touch on what you wrote in general terms. We've had our RT-AC3200 for a year and a half, and many other Asus models before this one. The 3200 has served us extremely well, and we use only Merlin FW. There's nothing wrong with other models, FW or different brands, we've used them all over many years. We also use a PfSense firewall/router box and when we do, the 3200 makes a great switch and wireless AC/AP or secondary router on the LAN. For out needs Asus stock FW hasn't provided the level of usefulness Merlin offers; that said Asus has adopted much of what Merlin has built into his fork. Some call Merlin a 'mod' but it's more advanced, yet uses the same interface as Asus; it's also the well-loved firmware that should be on a higher-end Asus box. There are a couple of illegitimate FW versions of FW that aren't tolerated by Asus. We won't touch and don't recommend trying to use them an Asus box, unless you're prepared to risk bricking it without any chance of recovery.. Many don't need the features in Merlin but it's very secure. We don't recommend using the Asus apps or Asus name server due to serious security issues. Merlin has fixed almost everything Asus hasn't or wouldn't over the years.

The 3200 should be able to handle everything you listed, as long as you're capable of configuring it. If you're into scripting, there's a lot other things you can do. You can use the 4- 1Gb wired ports for video or workstations which frees up bandwidth for other devices. The 5Gbit WI-fi has handled everything we throw at it. We seldom have a need for the 2.4 Gb band but when configured correctly it's a great tri-band AC box. Any router is only as good as the time you invest; the same is true for DD-WRT, Tomoato, etc. If you don't know how, or don't configure it correctly, the router/FW will cause you endless distress, and some given up trying because they weren't aware of what they're getting into. The more you learn, the easier it all becomes; that's what the forums can help with. Everything you want to know has been asked/answered many times..

This is just personal preference, some don't agree; others don't know or don't believe it's a serious security issue; we don't run -any- smart-home items through the 3200. A separate AP is what we've recommended in the past, but be careful, whatever you do. As you're probably aware, if you use TOR (or like to torrent things) without the benefit of doing so through a VPN provider, there are entities and ISPs that don't care for it. The ISPs see and know which IP you're connected to, even if the traffic is encrypted. Certain VPN providers make allowances for it, so due-diligence applies.

You can run several concurrent OpenVPN configs/tunnels (at the same time) with the RT-AC3200. Depending what types and amount of traffic make make your head and memory use spike; some use active cooling. Configuring the kill switch etc is done in the OpenVPN client section of the router. We recommend assigning all your devices to their own IP in the LAN section, directed to the tunnel of your config, or to drop to WAN if desired. All of this is in the Merlin Forums and the Wiki. Your search-fu will help you find what you need faster than posting on different threads. As long as you do your research and are prepared to be you're own Admin, configuring any advanced router such as this is a never-ending job/adventure. The other FW and brands have their supporters so go with what you think is best for the work you want to pour into it. Good luck.
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online