However, no evidence is presented that "business class" routers, as the author calls them, are any better.
And the "Consumer Router Alternatives" section [1] of the site is entirely non-helpful. Just 20 random bullets of different brands with unhelpful notes like "I have no experience with them", "I have heard good things", and "build your own router". The first bullet that recommends the "Peplink" router justifies it solely with... Peplink's own product page. Which is the furthest you can get from an unbiased third-party evaluation.
Don't the same companies make enterprise routers and consumer routers? Don't they presumably employ the same engineers to write software across them?
All of the arguments against consumer routers seems like they could apply against enterprise routers too, unless there's real evidence otherwise. But this post, unfortunately, seems to be quite evidence-free. :(
> Don't the same companies make enterprise routers and consumer routers?
Kinda but not really (the consumer routers are usually made by subsidiaries, e.g. linksys -> Cisco)
> Don't they presumably employ the same engineers to write software across them?
For the most part no, but much more importantly the margins are much worse on consumer gear. Race-to-the-bottom pricing means race-to-the-bottom quality and race-to-the-bottom patch cycles (the last one is probably the most important). Add in that there is a deliberate effort to not make low-margin consumer gear not cannibalize high-margin business/enterprise gear.
A noted exception to this is NetGate, whose pfSense hardware runs the same OS with the same engineering up and down the stack. Probably not the best idea for a normal consumer to buy, though.
I want to add that there is an ongoing effort to stabilize SELinux on OpenWRT[1] as well. Security on OpenWRT has been shaping up very nicely for a while now.
I did a Networking BSc and so for the longest time, used aftermarket / open source routers. The last one being a Linksys running openWRT (ACS1900, or something).
I spent countless hours messing with that thing trying to get decent performance out of it, and simply couldn't.
The router provided for free by my ISP is superior in real world usage.
I get the principles in play here with privacy and security and open source etc., but in practice it's a fight I'm done with. Just give me internet that works well out of the box so I can forget about it.
First I tried the tp-link TL-WDR4300, which was very well supported at the time.
I then moved to the tp-link Archer C7.
Along the way I went from a "regular install" of openwrt, to build the LEDE fork myself, then back to building openwrt.
It's actually quite straightforward after you get over the hump.
$ git clone https://git.openwrt.org/openwrt/openwrt.git
$ cd openwrt
$ ./scripts/feeds update -a
$ ./scripts/feeds install -a
$ make menuconfig
$ make -j $(nproc)
I got away from the GUI and now do most configuration via the config files in /etc/config.
my current router is a wrt-1900acs, which took a while to get stable. I sit it on the shelf for a good year.
Because I learned how to build openwrt, I also have two mikrotik rb3011uias-rm 10x gbe switches. I wish the touchscreen worked.
It's not in the main tree but I followed this thread:
It's a community build, but it is stable and works well.
If you want to play with openwrt, it's a little saner to have two routers. Have one that works, and one that you can break without having to stay up all night to get online.
For those thinking of trying this, you may have trouble with throughput on certain chipsets. I'm extremely happy using OpenWRT on my rPi v4 with 2 UE300 USB-to-ethernet adapters and gigabit Internet.
It's also a bit cheaper to do this than buy high-end consumer equipment as nimbius mentioned.
> Actually, consumer router running openWRT is quite good
Really? Can the *WRT releases finally run at full speed? Can they ping from the wired to the wireless? Can they actually do MIMO?
As much as I love open source, the *WRT developers have a bad hand and it's not their fault. There are a zillion router variants that change with zero notice, no documentation from anybody, and not enough people.
This really is a spot where an actual open source hardware design is probably the only real solution.
consumer routers that can actually run the latest version of either of these cost around $200, which in my opinion is better spent on something more powerful and hacker friendly like Alix https://www.pcengines.ch/alix.htm
I run a combination USB 2.4ghz AP and 5ghz pci-e from one. In addition, it runs a podman rootless pihole container and handles wireguard.
Problem with all alternative firmwares is that you don't know whether your relatively new product will be supported or not. Sometimes it's matter of product revision.
As someone who has worked on firmware for network devices, including the UI/presentation aspect, I feel obliged to point out that there are people working in that part of the industry who take security seriously, and likewise there are people working in that part of the industry who take the presentation of both hardware and UIs seriously.
At the same time, I can’t really disagree with the general sentiment that a lot of firmware in embedded devices, router or otherwise, is very poor. The thing I’d add is that it’s not just consumer-grade products with this problem, there are plenty of supposedly professional-grade devices where the firmware is junk too. The worst products I have ever had in my typical small-office work environments were the Cisco-branded “small business” range, which in specs and appearance did look like they were being pitched at that market, yet which never performed accordingly and mostly failed after an unreasonably short amount of time for equipment in this class.
To be blunt, a big part of the problem is money. Think about the kind of developer who has gained a few years of experience and has the skills and interest to do a good job solving challenging technical problems. Look at what that person can earn working for a FAANG or a financial services firm, or the potential upside for them at a startup if they get in early and there is a big exit. Look at the work environments they have in those roles. Now look at what a whole team of those people would earn collectively for writing router firmware and tell me which number is bigger, and look at their work environment and tell me where you’d rather be spending a significant fraction of your waking hours. In short, the people you find working in this area with real ability tend to be those who enjoy this kind of work enough to give up a lot of other benefits to do it. Obviously that restricts your talent pool and then manufacturers have to fill the gaps with whoever else they can find.
It comes down to the age-old reality that many customers prefer to buy junk as long as it’s cheap. Sadly, I doubt this will change any time soon, whether we’re talking about consumer routers or TVs or whatever IoT device someone decided would make their home smarter this week. Maybe if something really bad happens, the market will shift and/or governments will step in and regulate to try to force better standards for things like security and updates. In those cases, I would expect to see both significant consolidation in the consumer devices market and significant price increases follow quickly afterwards.
>The thing I’d add is that it’s not just consumer-grade products with this problem, there are plenty of supposedly professional-grade devices where the firmware is junk too.
There are $5000 security cameras placed in very sensitive areas with security just as poor as the $50 trash you can buy from Office Depot (or at least it was the case 8 years ago).
I mostly agree with your post. However, I must point out that some people get paid _very_ well to write router firmware. Just maybe not consumer grade router firmware. Where the margins are high on the hardware, typically the salaries are as well.
I have a rule of thumb, which didn't fail me yet - don't buy fancy looking networking gear. Buy the ones which look like ugly military tech (not fancy military tech) or something you could see in a factory. I have two failed fancy wifi routers, two failed good-looking switches, but one wrt54-gl still working and two metal-cased 5/8 port switches which are older but still working. With fancy looking gear, while it worked, there were always stability problems.
Ubiquiti Unifi is exactly in that spot. Looking Apple like good and considered business/professional (at least in this article .. we all know they have their problems).
Generally, I completely agree with you. The high-end products do not look fancy normally.
Agree with this especially with switches and stuff that is usually going to be mounted on the back of a cabinet or somewhere else where it will never be seen.
Personally, I would never buy SoHo networking hardware that does not have decent OpenWrt support - the platform is supremely flexible, hackable, and secure.
PCEngines APUs are great router devices to put whatever you want on, including OpenWRT. Proper Intel NICs (Realtek is not great for routers) for cheap.
I'd also strongly suggest to have router and access points as separate physical devices.
A great step up for someone with an AIO consumer router/WiFi AP would be to get something like that as a router, flash OpenWRT on the old router and transform it into a "dumb" access point.
I'm using a 7 years old TP-Link router wifi, the last official firmware available is from 2018. I disabled features like remote administration and file-sharing. I also setup WPA2, disabled WPS and have a strong password on the admin. What is the real risk for me? I get that it is always preferable to have an up to date device for security but I also wish to not create more electronic waste (and I unfortunately have stability issues with OpenWRT). From my understanding cracking a WPA2 passphrase isn't as easy as it used to be with WPA1 or WEP, and not having the admin interface exposed to the outside world limit the risk of someone breaking in. So realistically, assuming I'm not targeted by some APT group, would breaking into my router be that easy?
What if my space at home doesn't allow for a half rack of equipment and required cabling?
OpenWRT is no panacea. It generally doesn't support higher throughput modes in wireless radios in said routers and I need these features (thick walls, wifi first devices, etc.).
17 shows the author considers higher end routers, like the ubiquiti unifi routers, are not in this class.
I bought unifi specifically because I wanted some professional features (proper in house roaming, wifi bridge, and VLANs) but live in a rented house where I cannot carve out some decent rack space or channel the walls.
You probably (or at least most people) don't need higher throughput modes in wireless radios. You need good connectivity, which can usually be achieved with a larger number of simpler APs, instead of 8x8 MU-MIMO 3-band 2666Mbit, that only works with manufacturer's firmware.
You can get 3x3MIMO 802.11ac routers with good openwrt compatibility for 60-80$, that should give you gigabit speeds and there are cheaper versions (get at least 2x2 @5GHz). Check for openwrt support before buying. You do not need a rack full of equipment, though you would need to reasonably distribute APs with cables.
APs that are properly distributed, running on minimum TX power, yet close so they use highest rates, will beat every single overpriced AP. May need some adjustment for corner cases.
802.11ac wave2 and especially ax have very useful features, but they are no match for fundamental properties of radio wave propagation.
¹ Close mostly means distance at line-of-reflection for 5GHz channels and line-of-penetration for 2.4GHz.
You should consider something from MikroTik's home-and-office range - I use the hAP ac² which I've been happy with.
The software is worlds apart from any consumer router I've had before. The only downside is the number of settings is intimidatingly large, which might make it a poor choice for gifting to your less tech-savvy loved ones.
> OpenWRT is no panacea. It generally doesn't support higher throughput modes in wireless radios in said routers and I need these features
I doubt this generalization is true. With OpenWRT, you're generally screwed if your router uses Broadcom WiFi, or you get full speed from the other common radio vendors. My Qualcomm-based 802.11ac router running OpenWRT has no trouble maintaining link rates of 866Mbps or higher with several devices in my home (5GHz band, 80MHz channel).
My "rack" consists of three devices wall-mounted above the coatrack in the hallway: a Jetway industrial computer, a PoE switch and a UPS. Of those, only the computer would be essential for your use case. I'm one of those people that prefers to have wired ethernet all across the house, so the switch is mainly to power two additional switches in different locations.
The Jetway computers are similar to NUCs, but geared towards industrial installation rather than home consumer use, so they generally lack 4K HDMI support but include options for multiple serial ports, usb ports or network interfaces, similar to this: http://www.jetwayipc.com/product/hbjc390f841xx34b-series/ . Mine runs OpenBSD right now, but that doesn't support the Wifi card so I'm planning to migrate it back to Debian.
Mikrotik is doing better at offering home router solutions. They now have a quick-setup page and an Android application that makes it much easier to configure.
Just got a new Mikrotik RBwAPG-5HacD2HnD that has a quad core ARM CPU, dual chain, dual band wifi. Highly recommended.
it's an excellent security maintained choice in europe, for combined cable or dsl modem, router, wifi access point, nas device, phone switch and voice mail box.
The majority of the points tend to be based on the facts that the firmware is shit, isn't updated for long, and visibility into the firmware and it's releases is murky and opaque.
So what if you wipe out the firmware and go for openwrt? how does balancing for compatibility with openwrt and consumer router hardware rank on this scale?
It surprises me how many otherwise experienced system administrators consider a home router something you have to buy and get a completly unsuitable plastic throwaway gadget. It’s an internet-connected device, therefore you have to treat like any other server¹. Get a computer, stick a wifi card in it, install your favorite Linux distro, configure the networking (including DNS resolver, DHCP daemon, hostapd, firewall rules, etc.). Keep it updated in whatever way you keep all your other servers updated. Done.
Normal consumer routers are bad for the same reason that just about all IoT devices are bad. This will not change unless the incentives involved change; i.e. don’t hold your breath.
My stock Debian x86 mini-ITX firewall is now 7 years old. It has been upgraded across three stable releases and will go to bullseye sometime this year. It handles stateful firewalling, IPv6 routing, failover DHCP, DNS caching, NTP... and it has lots of available capacity in CPU and RAM.
It was expensive for a home firewall but not horribly so, and I fully expect it to have a ten or twelve year lifespan with full support. If the NIC fails, I can replace it -- it's a PCIe card. If the storage fails, I can replace it -- SATA SSD. Neither of those have happened yet, but I might replace a fan sometime soon.
These days I would probably buy a tiny NUC-like object with enough gig-e ports.
MikroTik hardware is nice but that company has a serious case of nih syndrome. This manifests as a lot of cryptic, undocumented commands plus the occasional showstopper exploit (eg https://nvd.nist.gov/vuln/detail/CVE-2020-13118). As an added benefit, they have a cult of online followers who are all too happy to deride anyone who points these (and other) flaws out as a clueless nontechnical moron. Fwiw I'm transmitting this through one of their routers.
Still using the hAP ac that I ordered 5 years ago and it works great.
After some time I needed more ports, so I added Mikrotik switch in the mix that gets powered by hAP ac PoE out port.
Great hardware and great software at low prices.
I am loving my Edgerouter 4 + Unifi APs. Home network is rock solid. If only I could figure out why my ISP is dropping 20% of packets to Cloudflare DNS.
Anyone consider the Odroid H2+? It's a relatively fast CPU (for a router) the Intel J4115, relatively low power (10 watt TDP), max ram 32GB (plenty for a router), has two 2.5 Gbit ports, with an option to add 4x2.5 Gbit for $47. Also has a eMMC and M.2 slot for reliable storage, to avoid any ugly USB connected storage for boot.
Seems like it would make a quiet and fast 6 port x 2.5 Gbit router and run well with Linux based OS, unsure of the state of drivers for *bsd.
I did see a thread about getting it to work well with OpenWRT.
When this article says "router" it means "combination router and wireless access point". Which is fine—that's how most people think of these products—but they are available separately.
For my home, using Ubiquiti products has worked well. I have the EdgeRouter Lite and UAP-AC-PRO access points which support POE. It's been nice using products designed for professionals, and it's nice to be able to administer and upgrade the router independently from the access point. These products just work, and there's none of this dodgy "reboot the router" nonsense.
I hear a lot of good things about the many mesh networking setups (often combined routers/APs) now on the market but haven't tried any. They're almost certainly a better fit for a consumer who doesn't want to be a network admin. Ubiquiti has one (the "Alien"), and the Eero (now owned by Amazon) is often recommended.
Another postive note here for Mikrotik - $50 USD buys you the hAP ac lite - enough for a "home" router but with all the features of top end enterprise routers.
Other comments have addressed security concerns - there's lots of CVE's out there because there's lots of Mikrotiks out there. As far as I'm aware, all or nearly all CVE's are patched before they are public; there's always the risk of zerodays but everything has the risk of zerodays.
The state of all network firewalls/routers is appalling. Even high end Cisco, Fortinet, or even Palo Alto gear is riddled with security issues, critically outdated packages, and general poor maintenance.
IMO, the only way to have a reasonably secure device is to build it yourself. That's not going to be a popular opinion where the prevailing motto is "nobody gets fired for buying Cisco", but I don't really see any alternative. OpenWRT/Tomato are decent, but they still expose a web UI which is potentially a greater attack surface than ssh w/ public keys.
I've seen some people have good results with OpenBSD or FreeBSD, others with skinny versions of Debian or CentOS. I took a crack at it last year on Debian (shameless plug: https://nbailey.ca/post/linux-firewall-ids/), and I've been happy with it so far. It is more expensive to build, but I expect this device to last more than a decade, or until I need greater than 1gbps per port.
[+] [-] crazygringo|5 years ago|reply
However, no evidence is presented that "business class" routers, as the author calls them, are any better.
And the "Consumer Router Alternatives" section [1] of the site is entirely non-helpful. Just 20 random bullets of different brands with unhelpful notes like "I have no experience with them", "I have heard good things", and "build your own router". The first bullet that recommends the "Peplink" router justifies it solely with... Peplink's own product page. Which is the furthest you can get from an unbiased third-party evaluation.
Don't the same companies make enterprise routers and consumer routers? Don't they presumably employ the same engineers to write software across them?
All of the arguments against consumer routers seems like they could apply against enterprise routers too, unless there's real evidence otherwise. But this post, unfortunately, seems to be quite evidence-free. :(
[1] https://routersecurity.org/resources.php
[+] [-] Godel_unicode|5 years ago|reply
Kinda but not really (the consumer routers are usually made by subsidiaries, e.g. linksys -> Cisco)
> Don't they presumably employ the same engineers to write software across them?
For the most part no, but much more importantly the margins are much worse on consumer gear. Race-to-the-bottom pricing means race-to-the-bottom quality and race-to-the-bottom patch cycles (the last one is probably the most important). Add in that there is a deliberate effort to not make low-margin consumer gear not cannibalize high-margin business/enterprise gear.
A noted exception to this is NetGate, whose pfSense hardware runs the same OS with the same engineering up and down the stack. Probably not the best idea for a normal consumer to buy, though.
[+] [-] antattack|5 years ago|reply
[1]https://openwrt.org/supported_devices [2]https://www.asuswrt-merlin.net/download
[+] [-] 0xC0ncord|5 years ago|reply
[1] https://aparcar.org/running-openwrt-with-selinux/
[+] [-] benlumen|5 years ago|reply
I spent countless hours messing with that thing trying to get decent performance out of it, and simply couldn't.
The router provided for free by my ISP is superior in real world usage.
I get the principles in play here with privacy and security and open source etc., but in practice it's a fight I'm done with. Just give me internet that works well out of the box so I can forget about it.
[+] [-] m463|5 years ago|reply
First I tried the tp-link TL-WDR4300, which was very well supported at the time.
I then moved to the tp-link Archer C7.
Along the way I went from a "regular install" of openwrt, to build the LEDE fork myself, then back to building openwrt.
It's actually quite straightforward after you get over the hump.
I got away from the GUI and now do most configuration via the config files in /etc/config.my current router is a wrt-1900acs, which took a while to get stable. I sit it on the shelf for a good year.
Because I learned how to build openwrt, I also have two mikrotik rb3011uias-rm 10x gbe switches. I wish the touchscreen worked.
It's not in the main tree but I followed this thread:
https://forum.openwrt.org/t/support-for-mikrotik-rb3011uias-...
It's a community build, but it is stable and works well.
If you want to play with openwrt, it's a little saner to have two routers. Have one that works, and one that you can break without having to stay up all night to get online.
[+] [-] gazby|5 years ago|reply
It's also a bit cheaper to do this than buy high-end consumer equipment as nimbius mentioned.
[+] [-] bsder|5 years ago|reply
Really? Can the *WRT releases finally run at full speed? Can they ping from the wired to the wireless? Can they actually do MIMO?
As much as I love open source, the *WRT developers have a bad hand and it's not their fault. There are a zillion router variants that change with zero notice, no documentation from anybody, and not enough people.
This really is a spot where an actual open source hardware design is probably the only real solution.
[+] [-] nimbius|5 years ago|reply
I run a combination USB 2.4ghz AP and 5ghz pci-e from one. In addition, it runs a podman rootless pihole container and handles wireguard.
[+] [-] HunOL|5 years ago|reply
[+] [-] enlyth|5 years ago|reply
[+] [-] sloshnmosh|5 years ago|reply
Will Merlin flash like a normal firmware update or does it require the Windows based “recovery tool” to force the flashing of Merlin?
Thanks for any response.
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] Tepix|5 years ago|reply
[+] [-] Chris_Newton|5 years ago|reply
At the same time, I can’t really disagree with the general sentiment that a lot of firmware in embedded devices, router or otherwise, is very poor. The thing I’d add is that it’s not just consumer-grade products with this problem, there are plenty of supposedly professional-grade devices where the firmware is junk too. The worst products I have ever had in my typical small-office work environments were the Cisco-branded “small business” range, which in specs and appearance did look like they were being pitched at that market, yet which never performed accordingly and mostly failed after an unreasonably short amount of time for equipment in this class.
To be blunt, a big part of the problem is money. Think about the kind of developer who has gained a few years of experience and has the skills and interest to do a good job solving challenging technical problems. Look at what that person can earn working for a FAANG or a financial services firm, or the potential upside for them at a startup if they get in early and there is a big exit. Look at the work environments they have in those roles. Now look at what a whole team of those people would earn collectively for writing router firmware and tell me which number is bigger, and look at their work environment and tell me where you’d rather be spending a significant fraction of your waking hours. In short, the people you find working in this area with real ability tend to be those who enjoy this kind of work enough to give up a lot of other benefits to do it. Obviously that restricts your talent pool and then manufacturers have to fill the gaps with whoever else they can find.
It comes down to the age-old reality that many customers prefer to buy junk as long as it’s cheap. Sadly, I doubt this will change any time soon, whether we’re talking about consumer routers or TVs or whatever IoT device someone decided would make their home smarter this week. Maybe if something really bad happens, the market will shift and/or governments will step in and regulate to try to force better standards for things like security and updates. In those cases, I would expect to see both significant consolidation in the consumer devices market and significant price increases follow quickly afterwards.
[+] [-] dralley|5 years ago|reply
Absolutely. An example: https://www.youtube.com/watch?v=B8DjTcANBx0
There are $5000 security cameras placed in very sensitive areas with security just as poor as the $50 trash you can buy from Office Depot (or at least it was the case 8 years ago).
[+] [-] AndyMcConachie|5 years ago|reply
[+] [-] yetihehe|5 years ago|reply
[+] [-] oaiey|5 years ago|reply
Generally, I completely agree with you. The high-end products do not look fancy normally.
[+] [-] scrumbledober|5 years ago|reply
[+] [-] c0l0|5 years ago|reply
If you're in the market for a new device, look at https://openwrt.org/toh/views/toh_available_16128 as a first step (and avoid devices with Broadcom's involvement).
[+] [-] 3np|5 years ago|reply
https://pcengines.ch/apu2.htm
I'd also strongly suggest to have router and access points as separate physical devices.
A great step up for someone with an AIO consumer router/WiFi AP would be to get something like that as a router, flash OpenWRT on the old router and transform it into a "dumb" access point.
[+] [-] von_tenia|5 years ago|reply
[+] [-] bayindirh|5 years ago|reply
What if my space at home doesn't allow for a half rack of equipment and required cabling?
OpenWRT is no panacea. It generally doesn't support higher throughput modes in wireless radios in said routers and I need these features (thick walls, wifi first devices, etc.).
[+] [-] Normal_gaussian|5 years ago|reply
I bought unifi specifically because I wanted some professional features (proper in house roaming, wifi bridge, and VLANs) but live in a rented house where I cannot carve out some decent rack space or channel the walls.
[+] [-] labawi|5 years ago|reply
You can get 3x3MIMO 802.11ac routers with good openwrt compatibility for 60-80$, that should give you gigabit speeds and there are cheaper versions (get at least 2x2 @5GHz). Check for openwrt support before buying. You do not need a rack full of equipment, though you would need to reasonably distribute APs with cables.
APs that are properly distributed, running on minimum TX power, yet close so they use highest rates, will beat every single overpriced AP. May need some adjustment for corner cases.
802.11ac wave2 and especially ax have very useful features, but they are no match for fundamental properties of radio wave propagation.
¹ Close mostly means distance at line-of-reflection for 5GHz channels and line-of-penetration for 2.4GHz.
[+] [-] michaelt|5 years ago|reply
The software is worlds apart from any consumer router I've had before. The only downside is the number of settings is intimidatingly large, which might make it a poor choice for gifting to your less tech-savvy loved ones.
[+] [-] wtallis|5 years ago|reply
I doubt this generalization is true. With OpenWRT, you're generally screwed if your router uses Broadcom WiFi, or you get full speed from the other common radio vendors. My Qualcomm-based 802.11ac router running OpenWRT has no trouble maintaining link rates of 866Mbps or higher with several devices in my home (5GHz band, 80MHz channel).
[+] [-] tremon|5 years ago|reply
The Jetway computers are similar to NUCs, but geared towards industrial installation rather than home consumer use, so they generally lack 4K HDMI support but include options for multiple serial ports, usb ports or network interfaces, similar to this: http://www.jetwayipc.com/product/hbjc390f841xx34b-series/ . Mine runs OpenBSD right now, but that doesn't support the Wifi card so I'm planning to migrate it back to Debian.
[+] [-] moistbar|5 years ago|reply
[+] [-] kardianos|5 years ago|reply
Just got a new Mikrotik RBwAPG-5HacD2HnD that has a quad core ARM CPU, dual chain, dual band wifi. Highly recommended.
[+] [-] froh|5 years ago|reply
it's an excellent security maintained choice in europe, for combined cable or dsl modem, router, wifi access point, nas device, phone switch and voice mail box.
[+] [-] rkachowski|5 years ago|reply
So what if you wipe out the firmware and go for openwrt? how does balancing for compatibility with openwrt and consumer router hardware rank on this scale?
[+] [-] teddyh|5 years ago|reply
Normal consumer routers are bad for the same reason that just about all IoT devices are bad. This will not change unless the incentives involved change; i.e. don’t hold your breath.
1) https://news.ycombinator.com/item?id=18019343
[+] [-] ruph123|5 years ago|reply
Does it hold up to their claims and is it playing nice with American ISPs like charter?
[0]: https://www.turris.com/en/omnia/overview/
[+] [-] dsr_|5 years ago|reply
It was expensive for a home firewall but not horribly so, and I fully expect it to have a ten or twelve year lifespan with full support. If the NIC fails, I can replace it -- it's a PCIe card. If the storage fails, I can replace it -- SATA SSD. Neither of those have happened yet, but I might replace a fan sometime soon.
These days I would probably buy a tiny NUC-like object with enough gig-e ports.
[+] [-] joerandom|5 years ago|reply
[+] [-] hyperbovine|5 years ago|reply
[+] [-] Jnr|5 years ago|reply
[+] [-] glogla|5 years ago|reply
[+] [-] TreeInBuxton|5 years ago|reply
[+] [-] whalesalad|5 years ago|reply
[+] [-] sliken|5 years ago|reply
Seems like it would make a quiet and fast 6 port x 2.5 Gbit router and run well with Linux based OS, unsure of the state of drivers for *bsd.
I did see a thread about getting it to work well with OpenWRT.
[+] [-] pettycashstash2|5 years ago|reply
[+] [-] Poiesis|5 years ago|reply
For my home, using Ubiquiti products has worked well. I have the EdgeRouter Lite and UAP-AC-PRO access points which support POE. It's been nice using products designed for professionals, and it's nice to be able to administer and upgrade the router independently from the access point. These products just work, and there's none of this dodgy "reboot the router" nonsense.
I hear a lot of good things about the many mesh networking setups (often combined routers/APs) now on the market but haven't tried any. They're almost certainly a better fit for a consumer who doesn't want to be a network admin. Ubiquiti has one (the "Alien"), and the Eero (now owned by Amazon) is often recommended.
[+] [-] tyingq|5 years ago|reply
https://www.michaelhorowitz.com/second.router.for.wfh.php
and here:
https://routersecurity.org/checklist.php
[+] [-] amelius|5 years ago|reply
[+] [-] second--shift|5 years ago|reply
Other comments have addressed security concerns - there's lots of CVE's out there because there's lots of Mikrotiks out there. As far as I'm aware, all or nearly all CVE's are patched before they are public; there's always the risk of zerodays but everything has the risk of zerodays.
[+] [-] yabones|5 years ago|reply
IMO, the only way to have a reasonably secure device is to build it yourself. That's not going to be a popular opinion where the prevailing motto is "nobody gets fired for buying Cisco", but I don't really see any alternative. OpenWRT/Tomato are decent, but they still expose a web UI which is potentially a greater attack surface than ssh w/ public keys.
I've seen some people have good results with OpenBSD or FreeBSD, others with skinny versions of Debian or CentOS. I took a crack at it last year on Debian (shameless plug: https://nbailey.ca/post/linux-firewall-ids/), and I've been happy with it so far. It is more expensive to build, but I expect this device to last more than a decade, or until I need greater than 1gbps per port.