I’ve been running a set of ASUS wifi routers for a few years – RT-AC66U and RT-AC68U – and using the custom firmware via AsusWRTMerlin https://asuswrt.lostrealm.ca/about
The RT-AC66U has moved out of support – so no new firmware or security updates. The dilemma is what to do next?
Run old RT-AC66U units until they fail – i.e. do nothing.
Update old RT-AC66U units to RT-AC68Us and have a consistent set of routers – i.e. standardise on an older hardware platform.
Update all ASUS routers to something newer and current.
I’m tending toward the former right now – running IPsec, firewall and all of the other pieces seems to be pretty ok for now. In terms of attack surface and ease of access there are softer networks just next door. Not the best answer in my security head – but I’ll keep reviewing prices and hardware.