You're very welcome! I was once in your position a few short years ago and appreciated the support I got back then to bring me up to speed on this new level of networking gear. I pass this on as I can.
Now, First, it is almost impossible (if not outright impossible) to 'brick' an Asus router by just flashing the correct model firmware for it. Even wirelessly (which is the way I've been doing it for years now for customers and myself), it is a bullet-proof system.
Second, all the routers I listed are newer than the now well advanced in age, RT-AC68U. Even if their performance is the same, they are still significant upgrades of that original design.
Thirdly, all that matters is the cost of your purchase today/this week. If you can buy a better router for the same or slightly more cost, why wouldn't you?
The RT-AX86U represents the best you can buy today. Does that mean you shouldn't buy it? Not necessarily, it means if the price drops to something acceptable for you, vs. the other options suggested and their prices at the same time, it would be less than wise to buy the older tech.
Yes, RMerlin firmware is necessary today. Look at the scripts I'm running in my signature below for the reason why. On a 'consumer' router, that's pretty good.
Here's an excerpt of why RMerlin's firmware is 'required', IMO.
Features
With a few rare exceptions, Asuswrt-Merlin retains the features from the original stock Asus firmware. In addition, the following features have been added or enhanced:
System:
- Various bugfixes
- Performance optimizations to some CPU-bound components like OpenVPN
- Some components were updated to their latest versions, for improved stability and security
- User scripts that run on specific events such as firewall restart
- Cron jobs for scheduled tasks
- Customizable config files for router services
- Third party software through Entware, with an easy setup script
- SNMP support (some models)
- Nano text editor (for more user-friendly script editing)
- NTP daemon, which can synchronize your client devices
Disk sharing:
- Optionally use shorter share names (folder name only)
- NFS exporting of USB drives
- Allow or disable WAN access to the FTP server
- TLS support for the FTP server
Networking:
- Act as a SMB Master Browser
- Act as a WINS server
- SSHD support for key-based authentication
- Allows tweaking TCP/UDP connection tracking timeouts
- CIFS client support (for mounting remote SMB share on the router)
- User-defined options for WAN DHCP requests (required by some ISPs)
- Advanced OpenVPN client and server.
- Support for newer OpenVPN features like NCP and LZ4
- Netfilter ipset module, for efficient blacklist implementation
- Wireless site survey page
- DNS-based Filtering, enforcing a specific DNS server, can be applied globally or per client
- Custom DDNS (through a user script)
- TOR support, individual client access control
- Policy-based routing for OpenVPN clients (based on source or destination IPs), sometimes referred to as "selective routing", or "split tunneling")
- DNSSEC validation
- fq_codel queue discipline for QoS
- Full cone NAT support (on some models)
- Detailed wireless troubleshooting information (on some models)
- DNS-over-TLS
- Redirect NTP client queries to the router's own NTP daemon
Web interface:
- Performance improvements
- Optionally save traffic stats to disk (USB or JFFS partition)
- Enhanced traffic monitoring: adding graphical charts, and traffic monitoring per client IP
- Hostname field on the DHCP reservation list and Wireless ACL list
- System info summary page
- Wifi icon reports the state of both radios
- Display the Ethernet port states
- Wireless site survey
- Advanced Wireless client list display, including automated refresh
- Redesigned layout of the various System Log sections
- Editable entries (on some pages)
- User-provided SSL certificate
Some features first debuted in Asuswrt-Merlin and were eventually implemented in the official firmware:
- HTTPS configuration interface
- Persistent JFFS partition
- LED control - put your router in Stealth Mode by turning off all LEDs
- Turning WPS button into a radio on/off toggle
- Clicking on the MAC address of an unidentified client will do a lookup in the OUI database.
- WakeOnLan web interface (with pre-configured targets)
- Display active/tracked network connections
- VPN Status page
- DualWAN and Repeater mode (while it was still under development by Asus)
- Basic OpenVPN (client and server) support
- Configurable IPv6 firewall
- Improved compatibility with 3TB+ and Advanced Format HDDs
- SSH access
- Disk spindown after user-configurable inactivity timeout
- Updated Samba version (3.6), with SMB2.0 support
- TLS 1.3 support for some services (OpenSSL 1.1.1)
- Modern DDNS client (In-a-Dyn), with https support
Look in my signature below for the link to the M&M Config and the Nuclear Reset guides to get a supported Asus router running stable quickly and most effectively, on RMerlin firmware. The other links in my signature may be worth reading for best practices, etc., too.
