My unapologetic opinion on the state of software for current crop of high performance consumer routers (that is, AC capable ones) is that it is a mess. I spent a lot of time researching this before I bought my RT-AC66U, and more time thinking about it since then. I've been in IP networking since the mid-eighties and involved in some open source projects off and on since then as well so I somewhat familiar with the terrain.
Your choices for non-vendor supplied router software boil down to these. I'm currently using all of these except Tomato. Note: in the descriptions below when I say that the development process is open I mean that people are welcome to contribute to it and the how to go about doing so is documented somewhere.
DD-WRT: closed development process, not easily buildable from source, documentation is a soup sandwich, security, performance and stability iffy.
OpenWRT: open development process, easily buildable from source, pretty good documentation, almost no support (or none at all?) for AC routers due to their hardline position on closed source components. Please correct me if I am wrong here. Security is as good as you want to make it.
Tomato: WTF? Everything I said about DD-WRT plus you get to depend on one guy. At least DD-WRT seems to have a couple of guys working on it. Some of the time.
asuswrt-merlin: closed development process (please correct me if I am wrong!), easily buildable from source, great documentation, great support from the developer and this forum, great performance and stability (at least with 376.49). Great response to disclosed vulnerabilities, however, the attack surface of asuswrt is huge (this applies to DD-WRT and Tomato equally though). In fact the RT-AC66U was chosen as the target system for a "pwn to own" contest at a black hat conference because it is such a target rich environment.
Digression on attack surface: back when I was a lad, and the whole idea of network security was just forming, some of the folks around then espoused a philosophy that a firewall should contain only the software necessary to for the device to perform its security function. Clearly this philosophy has disappeared in the din of marketing noise from all the hardware vendors: Its a router! Its a firewall! It downloads random files from random systems all over the internet! It plays music and video! It shares files! Well, OK, but now you have to ensure that every one of those pieces of software are secure. But they are open source you say. I say, can you spell openssl? You say, well, thats fixed. I say, well OK, but I got this in my inbox this morning
Code:
Title: Samba Server Uninitialized Pointer Use Flaw
Description: A critical vulnerability has been disclosed, affecting
certain versions of Samba server. CVE-2015-0240 is a vulnerability
within the Netlogon server implementation in Samba where the service
attempts to perform a free operation on an uninitialized stack pointer.
This could potentially allowing remote attackers to execute arbitrary
code via maliciously crafted packets.
Reference:
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
Are you running Samba on your router? You might want to make sure none of its ports are accessible from your guest network. I'd hope that would be the case but to a marketdroid sharing files with guests is probably a feature.
end digression.
In my perfect world, there would exist something that would incorporate the closed source components required to make the hardware work into the modular structure of OpenWRT. I suspect that there aren't enough people like me to make the effort worthwhile. I'm also unclear whether or not the license of some of the necessary open source components would allow them to be distributed with closed source stuff.
Since its not my perfect world, I'm running RMerlin's software on my Asus router, tweaked to get rid of the most egregious potential security vulnerabilities, OpenWRT on my other modern non-AC routers, and as much as it pains me, I am still running the mini builds of DD-WRT on my routers with 4MB flash.
