You SSH into it. Then do whatever you need to. There's nothing in the UI that can't be done via CLI as far as I know. Some plugins might not be 100% CLI compliant but at least the Base UI (luci) is completely transparent to the CLI via uci.
Do you have any recommended hardware for OpenWRT? I've been wanting to put in a low powered router/firewall on my home network that isn't controlled by a big vendor.
I haven't done a ton of research in this area, but I'd certainly like to use OpenWRT or OPNSense on my home routers/firewalls.
Side note: I've been trying to figure out a decent way to get rid of Android on my Galaxy S9+, but it appears to be locked.
At the end of the day, I just want to be in control of my bandwidth, my data, and know whats going on. Big companies are making this very complicated with all the tracking.
I recently re-enabled my pi-hole on a virtual machine, and it never ceases to amaze me what is talking to the internet without my permission. After digging into DoH a bit, I'm about to the point where I think I need to put in an outbound proxy, deny all outbound access except via the proxy, and iterate again and again.
I just don't want to have $200 a month in power bills to support my home network to save bandwidth and know what is traversing the net.
WRT3200ACM is what I use. It's one of the most powerful consumer devices with wifi supported by openwrt. It's powerful enough for a router with a little firewalling, VPN (wireguard only if you want speed), DoH and some Ad Filtering but thats pushing it's limits from my experience. If you want more power https://openbsdrouterguide.net/ is your friend.
That being said there is no hardcore prosumer hardware out there for this purpose. The moment you go beyond home user router hardware like the WRT3200acm you are in either CISCO Buisness stuff or custom server builds. Potentially a Raspberry Pi 4 with a PCIE ethernet card is closest to prosumer hardware out there and there's a lot of hacking involved to get that running to the same degree as a openwrt router
This is interesting. I'm going to research it further. I really appreciate the feedback. I'm really starting to hate DoH - and I may just not put any IoT thing on my network that uses it. Maybe that's the way to go.
But I doubt most consumers really care. It's complicated.
For techie home use of OpenWrt, I'm currently using Netgear R7800.
The R7800 is well supported by OpenWrt, has the hardware features I need, some room to gro, and it's affordable used. I paid about $90 for my first one, and about $70 for my backup unit.
For OpenWrt for smaller purposes, for which an R7800 is both overkill and physically bulky, I understand there are a bunch of near options now. I just keep some old WNDR3700 and WNDR3800 units on hand, which used to be my main routers, and actually still could be. (Sometimes they might be a simple WiFi bridge or print server. Other times, they might be an experimental LAN that needs different properties than I have set up for my main router, and with which I don't want to complicate my main router setup.)
I don't know if they specifically fit your bill, but the Turris devices are worth checking out [1]. They come out of the box with TurrisOS, which is an OpenWRT fork with some extra features (e.g. automatic updates, config snapshots) and some changes (e.g. knot resolver for dns). Turris are a bit opinionated about using DNSSEC, and I think historically it was a bit tricky to configure a custom DNS resolver, but it looks like that's now possible through their new UI [2]. By the way, they offer 3 UIs: Foris, reForis and OpenWRT's LuCI, and of course ssh is also available.
If you don't like the fork, at least with the Turris Omnia it looks like you can put on vanilla OpenWRT [3], but as always check the OpenWRT table of hardware for details before buying.
I think the PSU of the Turris Omnia is rated at 40W max, but I don't know what sort of real-world power draw you'd get with your specific use-case. I guess it depends on whether you use WiFi, the SFP port etc.
OpenWRT doesn't pack Python out of the box, so you need to install it, and have enough space for it, if you want to use Ansible. It uses a custom stack for configuration (like VyOS), so builtin ansible tasks won't always be so helpful. Configuration is not stored in a single place, but in several files, and it's easy to lock yourself out while testing changes: there's no commit-timeout, and there's no committing of changes, nor rollback. It's just editing random files, and restarting services.
I think there's a special configuration command that might fix some of the above issues, but I've been using the web interface (which actually does support committing and, to some extent, validation).
How does it stack up against VyOS (which just recently got VRF-lite support)