Asus RT-AC86U vs. Synology RT2600ac

[muckle_dabuckle]

I'm glad I found this forum! I'm totally new to networking so it's interesting and informative!

Currently I have the Netgear R7000 (had it for that past four years) and have almost zero issues with it other than the 5GHz band occasionally freezing. My wife and I just use it for downloading games (OK, I do and not my wife) and streaming media. It does run hot and being on 24/7 for four years I feel like it's time for a new one. I'm not a fan of the Netgear GUI and the little info they provide in the firmware changelogs (usually just stated as "security fixes"). So basically I want to get a new router that is more "transparent" with security updates and one that provides security updates on a regular basis (the Netgear has had about 22 updates in the four years I've had it which isn't terrible at all).

I want a recently released router so I've narrowed my list down to these two:

Asus RT-AC86U - Asus seems to provide a more wordy changelog so I kind of know what they have fixed. I'm also intrigued by the AiProtection.

Synology RT2600ac - really detailed changelogs and averaging one update per month. I'm just wondering if Synology will keep this up for years or just drop the updates if the router isn't very popular.

Both are $200 on Amazon. I only get around 85 Mbps through Comcast so security is my main purchasing point. I'm open to other suggestions for secure consumer routers with stock firmware.

 

[JDB]

Bias answers here of course, but the Asus has a big advantage in that you can run RMerlin’s firmware.
He maintains it in parallel with Asus (using their released source code for each stock version) and simply adds a few more security/routing features to it as well as improved stability.
Thus far I’m yet to see anyone say anything but statements like “More stable that the Asus versions” and “It’s amazing how much you rely on RMerlin’s customisations, I could never go back to stock now”.

Asus are also the most committed to the open source (so transparent) world for home routers so it covers that requirement well too.


Sent from my iPhone using Tapatalk

 

[muckle_dabuckle]

Bias answers here of course, but the Asus has a big advantage in that you can run RMerlin’s firmware.

Is it sad that is took me about two or three days before I realized RMerlin from this forum is the one that does the firmware?

He maintains it in parallel with Asus (using their released source code for each stock version) and simply adds a few more security/routing features to it as well as improved stability.
Thus far I’m yet to see anyone say anything but statements like “More stable that the Asus versions” and “It’s amazing how much you rely on RMerlin’s customisations, I could never go back to stock now”.

Asus are also the most committed to the open source (so transparent) world for home routers so it covers that requirement well

Right now I'm not into custom firmware. It does open up more possibilities in favor of an Asus, but I would use that more as a tie-breaker than deciding factor.

And since I'm basically a newborn when it comes to networking: Asus having open source firmware is a security feature being more people can look at it to find security problems to report to Asus to fix? Are there router manufacturers that don't have open source firmware?

Maybe I'm overthinking everything, but is router firmware security in the same position as Android security where a lot of the security updates and OS updates are held up by hardware manufacturers (like Qualcomm)?

The Asus has Broadcom chips and the Synology has Qualcomm chips. Is one better than the other with providing security updates for their hardware?

 

[JDB]

Other manufacturers have offered open source firmware but most are backing out of it now... D-Link/TP-Link have/had WRT based firmware’s. Many can still run Tomato (on which Asus-WRT was based on) or DD-WRT.

I certainly believe open source breeds better security- a large percentage of Asus bugs are fixed first by RMerlin and they merge them back to their next release (while users on RMerlin firmware already have them some weeks in advance). It can work the other way of course, some areas are closed source and so you are beholden to Asus, but it helps to have RMerlin’s word in their ear for those too! Asus actively support him.

I initially ran RMerlin solely for the DHCP 60/61 option it offers over stock (as it is required by my ISP). Since then I’ve gradually built up a significant set of customisations which aid both my personal and business needs (I work from home).

I actually had a TP-Link before which I bought for its 60/61 stock support - after 6 months I returned it for a full refund as it had nothing but problems (with UPNP and Wi-Fi) and support was useless. I’m not saying Synology would be bad (I use their NAS’s and they are very good), but for me the experience of being in this forum and the RMerlin support community has been fantastic. It is night and day not only from the TP-Link experience but any other networking device support experience I’ve ever had!

Broadcom vs Qualcomm - makes no real odds IMO. They are about to become one anyway!


Sent from my iPhone using Tapatalk

 

[muckle_dabuckle]

I certainly believe open source breeds better security- a large percentage of Asus bugs are fixed first by RMerlin and they merge them back to their next release (while users on RMerlin firmware already have them some weeks in advance). It can work the other way of course, some areas are closed source and so you are beholden to Asus, but it helps to have RMerlin’s word in their ear for those too! Asus actively support him.

I didn't know any of this. Good info!

I’m not saying Synology would be bad (I use their NAS’s and they are very good), but for me the experience of being in this forum and the RMerlin support community has been fantastic. It is night and day not only from the TP-Link experience but any other networking device support experience I’ve ever had!

Yeah, support is the main thing I'm worried about with Synology (I'm hoping to get four years out of my next router). I understand they update their NAS devices for a very long time (seems like they are going all out with their routers too -- don't know if that means they are totally invested in the router market though). Both Asus and Synology have really well thought out and organized Web sites that make it easy to find what you're looking for too.

Broadcom vs Qualcomm - makes no real odds IMO. They are about to become one anyway!

Saw that. I'm just hoping the new wifi chip in the 86u isn't a stop gap that gets limited support.

For some reason this is a really hard decision. Both routers seem to have support currently and both have great UIs (at least compared to Negear). I plan on making a NAS next year and was probably going to go with a Synology. I'm not sure I want all of my eggs in one manufacturer's basket so another plus for Asus. I've had nothing but good luck with their motherboards too.

Does anyone know if Asus allows 2-step verification for admin login like the Synology?

Leaning more towards the Asus now, but this is the Asus forum.... when in Rome....

 

[JDB]

I didn't know any of this. Good info!

Does anyone know if Asus allows 2-step verification for admin login like the Synology?

They don't, but on a home router, locking it down to LAN only and then remote access via OpenVPN if you need it, I've taken the view that this is just fine! It does offer HTTPS with the option of adding your own certificate (which I have done just last night!).

 

[RMerlin]

Asus having open source firmware is a security feature being more people can look at it to find security problems to report to Asus to fix?

Over the years, a number of security issues were found by the community. When Asus fixes them they even often give credits to the original reporter in their changelog. So it does help improve security versus opaque binary blobs.

Are there router manufacturers that don't have open source firmware?

Support level will vary between manufacturers and models. Broadcom-based routers usually get more open-source support from myself, Tomato, DD-WRT, etc... Also, Linksys' E-series no longer support open-source firmwares - you need their WRT series for that. You have to research every specific model if you're looking into determining what level of open source firmware support exist for a given router.

Does anyone know if Asus allows 2-step verification for admin login like the Synology?

No.

 

[muckle_dabuckle]

They don't, but on a home router, locking it down to LAN only and then remote access via OpenVPN if you need it, I've taken the view that this is just fine! It does offer HTTPS with the option of adding your own certificate (which I have done just last night!).

Yeah, I only access my router as an admin when hardwired to my PC and using an incognito browser. I was wondering about the HTTPS option. Good to know. I've never done remote access (don't really see the need based on how I use my router).

No.

In your opinion is 2-step verification a good feature for admin log in or totally unnecessary?

 

[RMerlin]

In your opinion is 2-step verification a good feature for admin log in or totally unnecessary?

Unnecessary for a LAN-facing interface. And these routers should never have their web interface exposed to the WAN, as their custom web servers are nowhere as secure or hardened as for example Apache or nginx.

 

[muckle_dabuckle]

Unnecessary for a LAN-facing interface. And these routers should never have their web interface exposed to the WAN, as their custom web servers are nowhere as secure or hardened as for example Apache or nginx.

Thank you! Makes sense.

Does Asus do any kind of firmware security scans on major releases like this (is this common practice)?

https://www.synology.com/en-us/support/security_scan

Or is it another thing to slap on the box? -- In which case that doesn't really apply to Synology being their products come in plain brown boxes.

Also, does anyone know if Asus and Synology have any kind of scan to validate new firmware before install? In case someone is trying to install fake firmware for nefarious reasons.

I know I'm probably overthinking and showing my ignorance again...just want to try and squeeze out every last "feature" I can find on these two routers before I make my purchase.

 

[RMerlin]

Does Asus do any kind of firmware security scans on major releases like this (is this common practice)?

No idea, they don't divulge their security/validation procedure. All we know is that the FTC made it mandatory for them to go through regular audit for the next 20 years or so.

Also, does anyone know if Asus and Synology have any kind of scan to validate new firmware before install? In case someone is trying to install fake firmware for nefarious reasons.

Manually downloaded firmwares are non-signed, but you can manually check their MD5/SHA256 hash to at least ensure the file isn't corrupted.

In my firmware's case, I store the SHA256 hashes on a completely different server than the downloads, so a hacker would have to compromise both servers to be able to get around it. SHA256 hashes need to be manually verified by users, it's not automated.

Asus's automatic updates support RSA signatures, but I don't know if it's used or not.

 

[muckle_dabuckle]

No idea, they don't divulge their security/validation procedure. All we know is that the FTC made it mandatory for them to go through regular audit for the next 20 years or so.

Ok, cool. I see a lot of "never Asus!" claims online because of the security audit ruling. To me it seems like Asus routers would be safer now. I guess we'll have to wait until the first audit to find out.

Manually downloaded firmwares are non-signed, but you can manually check their MD5/SHA256 hash to at least ensure the file isn't corrupted.

In my firmware's case, I store the SHA256 hashes on a completely different server than the downloads, so a hacker would have to compromise both servers to be able to get around it. SHA256 hashes need to be manually verified by users, it's not automated.

Asus's automatic updates support RSA signatures, but I don't know if it's used or not.

Thank you for the information and your work on the custom firmware! I wish stuff like this discussed in this thread (and elsewhere in this forum) was shared in more router reviews.

One more Asus question: do they allow blocking clients from seeing each other on guest networks? Looks like they allow blocking clients from seeing the LAN network.

 

[RMerlin]

Ok, cool. I see a lot of "never Asus!" claims online because of the security audit ruling.

Funny, cause personally I would rather not use any security product that does NOT go through security audits of some kind.

There are some manufacturers out there that if they ever went through a security audit, the recommendation would be to put the source code on a blank DVD, then put the DVD in the document shredder and start all over again...

Note that these are internal audits, not public ones. The results will probably not be published to the public. The 382 codebase already contains a lot of security improvements throughout the code.

One more Asus question: do they allow blocking clients from seeing each other on guest networks?

Guest mode has an option that will prevent connected client to have any intranet access, limiting them to the Internet only.

 

[JDB]

Note that Guest-A can still see Guest-B (or at least that is what is reported if you search the forum for guest isolation), however one thread I found appeared to have a solution by manually changing some of the NVRAM parameters.


Sent from my iPhone using Tapatalk

 

[muckle_dabuckle]

Funny, cause personally I would rather not use any security product that does NOT go through security audits of some kind.

Exactly.

Note that these are internal audits, not public ones. The results will probably not be published to the public. The 382 codebase already contains a lot of security improvements throughout the code.

Since the audit probably won't be published I guess regular folks like me can at least look at the amount of firmware updates and/or their changelogs to get a little idea. Nice to hear about security improvements in the codebase too.

Note that Guest-A can still see Guest-B (or at least that is what is reported if you search the forum for guest isolation), however one thread I found appeared to have a solution by manually changing some of the NVRAM parameters.

Good to know. Thanks to you and RMerlin. I noticed the Synology router has AP isolation for the guest networks with the additional option to allow access to the LAN. I was reading that some people put IoT devices on the guest network and limit intranet access, but not sure if that is a good idea. I have a few devices that probably won't be seeing any more updates.

Anyway. I'm starting to get the feeling the Synology router is aimed more at businesses with wording like this in their EULA:

"Section 7. Audit.Synology will have the right to audit your compliance with the terms of this EULA. You agree to grant Synology a right to access to your facilities, equipment, books, records and documents and to otherwise reasonably cooperate with Synology in order to facilitate any such audit by Synology or its agent authorized by Synology."

Yes, I read the EULA. Didn't see similar wording for Asus, but maybe I missed it. Synology also has the same/similar EULA for their NAS DSM software.

It really is hard to compare these two routers when each company seems to be focusing on different features on their Web sites (Asus: gaming; Synology: security). I'm having trouble deciding between almost monthly firmware and security updates (Synology) vs. AiProtection which seems more robust than Synology's Beta intrusion prevention.

 

[pepemosca]

I'm on the same dilemma... which one to choose.
I have been a long user from ASUS routers with no much problems. And now I have a Synology NAS and I love it.

ASUS RT-AC86U good:

• Trajectory
• Support from forums like this one
• Merlin custom firmwares
• AiMesh looks promising, https://www.snbforums.com/threads/o...r-rt-ac68u-rt-ac86u-rt-ac5300-rt-ac88u.40745/
• Dual core at 1.8 GHz
• Newer processor
• USB 3.1 (but you need to limit, to not have interference with the 2.4 GHz WiFi)
• My IPTV looks like it's supported
• 3 year warranty

ASUS RT-AC86U bad:

• Same GUI since the 2000
• New processor technolgy
• Slow in updates... For example, Krack still not fixed in all the routers: https://www.asus.com/us/Networking/RT-AC86U/HelpDesk_BIOS/
• 2.4 GHz is just 3x3:3 MU-MIMO
• No support for VPN L2TP
• Not ranked in this community yet
• Manual "DNS Server" setup, https://github.com/RMerl/asuswrt-merlin/wiki/Custom-domains-with-dnsmasq

Synology RT2600ac good:

• Great NAS
• Good GUI, easy to manage and nicer
• Lots of updates, https://www.synology.com/en-global/releaseNote/RT2600ac
• Two step verification is nice to have
• VPN: L2TP supported by default (it's nice to have when you have iOS. You don't need any external app to run the VPN)
• #1 in the ranking at this community
• Lots of flash: 4 GiB
  
• SD slot
• My IPTV looks like it's supported
• "DNS Server" app, https://www.synology.com/en-global/srm/packages

Synology RT2600ac bad:

• Short history making routers
• Don't know for how long will keep having routes... also update the OS
• 5 GHz, bad coverage
• Not the fastest 2.4 and 5 GHz protocols (only 1733+800Mbps)
• Dual core at 1.7 GHz (not that bad, it's almost the same as the ASUS)
• 2 year warranty in my market
• 2016's processor... not that bad either

Hard to choose.

 

[JDB]

On the VPN point, given OpenVPN app integrates with the native iOS VPN settings directly it’s a non issue to me...

Sent from my iPhone using Tapatalk

 

[pepemosca]

On the VPN point, given OpenVPN app integrates with the native iOS VPN settings directly it’s a non issue to me...

Sent from my iPhone using Tapatalk

Thank you for pointing out that! I hadn't tried the app https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8 until you mentioned.

 

[muckle_dabuckle]

I'm on the same dilemma... which one to choose.
I have been a long user from ASUS routers with no much problems. And now I have a Synology NAS and I love it.

ASUS RT-AC86U good:

• Trajectory
• Support from forums like this one
• Merlin custom firmwares
• AiMesh looks promising, https://www.snbforums.com/threads/o...r-rt-ac68u-rt-ac86u-rt-ac5300-rt-ac88u.40745/
• Dual core at 1.8 GHz
• Newer processor
• USB 3.1 (but you need to limit, to not have interference with the 2.4 GHz WiFi)
• My IPTV looks like it's supported
• 3 year warranty

ASUS RT-AC86U bad:

• Same GUI since the 2000
• New processor technolgy
• Slow in updates... For example, Krack still not fixed in all the routers: https://www.asus.com/us/Networking/RT-AC86U/HelpDesk_BIOS/
• 2.4 GHz is just 3x3:3 MU-MIMO
• No support for VPN L2TP

Not ranked in this community yet

I really struggled with my decision for a few weeks (obsessing for hours and hours). I decided on the Asus. I even went as far as looking at the internal teardown pictures from the FCC. The Asus looks like it had a little more thought put into it and I figure they probably made the PCB and Asus makes high-quality, reliable motherboards (I guess if Synology had their PCB made by Asus the joke is on me). I've never tried an Asus router and I've always been interested in them. Not to mention there are over 20,000 discussions in the Asus forums on this site...way more than the other discussions by far.

Security was my biggest purchase point so I felt the AiProtection (but with fewer firmware updates -- most likely) was the better bet in case Synology decides it isn't a big enough money maker to continue support. I'd be more confident if they release a third router next year. It seems like Apple fans have latched onto the Synology router as a replacement to their Apple routers so I'm hoping it has been a big seller. I really love Synology's constant security patches though and I hope Asus continues to patch the 86U on a regular basis. It is only one of a handful of their routers with a patch for KRACK.

I'm still a little on edge being the Asus hasn't had many major reviews yet. Most things seems to be working great so far though. I experienced the same bug others have reported where the WAN LED turns red, but the Internet still works. I just turned the LED button on/off on the back and it has stayed white ever since. Hopefully it's just a firmware bug. It doesn't seem to play nice with my Wii U either. It kind of freezes the Internet connection screen on the gamepad. Also, I deleted the Asus router app from my phone being it doesn't censor the SSID passwords. I couldn't find an option to not show them.

*UPDATE 11/11/17: I found out you can lock the Asus router app with your fingerprint and 4-digit passcode on iOS. Probably only news to me.

BTW, my 86U box says it's a two-year warranty.

Synology RT2600ac good:

• Great NAS
• Good GUI, easy to manage and nicer
• Lots of updates, https://www.synology.com/en-global/releaseNote/RT2600ac
• Two step verification is nice to have
• VPN: L2TP supported by default (it's nice to have when you have iOS. You don't need any external app to run the VPN)
• #1 in the ranking at this community
• Lots of flash: 4 GiB
  
• SD slot
• My IPTV looks like it's supported

Synology RT2600ac bad:

• Short history making routers
• Don't know for how long will keep having routes... also update the OS
• 5 GHz, bad coverage
• Not the fastest 2.4 and 5 GHz protocols (only 1733+800Mbps)
• Dual core at 1.7 GHz (not that bad, it's almost the same as the ASUS)
• 2 year warranty in my market
• 2016's processor... not that bad either

Hard to choose.

Still so curious about the Synology. I figured it would cost me $20 more than the Asus because I don't have any extra SD cards lying around and would have to buy one. I also have no idea how they handle warranties or customer service. If my Asus acts up during the return period I will return it for the Synology and take the chance.

 

[pepemosca]

So @muckle_dabuckle, you bought the ASUS but still thinking about the Synology! Haha! just like me.
I have the ASUS but still have time to return it... Until February 28, 2018! Amazon here has this option because Christmas shopping.

Let's be honest... This routers are not the cost of a house or a car. So, let's enjoy and don't waste more time thinking (That's what I say to myself).
I know we are between thinking, maximising our investment, learning, and having fun in the process of buying.

The 3 year warranty for the ASUS is in Europe.

Also, I just figure out I need to add something to my list "DNS Server".