Avoid Consumer Routers

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

torstein

Regular Contributor
Thanks Torstein, I see you're a Hario man, I am a Kalita Wave fan. ;)

I think Merlin has a great point, if you are connected you are probably vulnerable and must assume so. I feel comfortable with the philosophy I'm following. For a bit more (ok I splurged) than a AX86U I have a dedicated opensource firewall appliance and consumer router access points behind it, but I don't assume that I'm totally secure. It's been boring reliable. I do miss getting in the weeds with all the scripts and add/ons, but I can find learning opportunities this way too.
I have the Hario V60 for home, and the Kalita wave (1 cup size) at work :) I can't stand what they're drinking at the office :p Life is too short to drink bad coffee.

Also, please don't tempt me down the pfSense-rabbit hole, my wife's gonna kill me if I bring home another home network appliance. I already splurged 290€ on the AX86U, if I buy a >300€ hardware firewall, she might banish me to sleep on the balcony for a couple of weeks.

Speaking of, which Netgate do you have? (I assume it's pfSense Netgate you're referring to?)
 

Centrifuge

Senior Member
I'm running Pfsense on a Protecli 4 port vault, like a mini pc. I have the 2 port version also, when I get time and replenish my patience I'm going to play around with Ipfire and Openwrt.
 

Paliv

Regular Contributor
I have the Hario V60 for home, and the Kalita wave (1 cup size) at work :) I can't stand what they're drinking at the office :p Life is too short to drink bad coffee.

Also, please don't tempt me down the pfSense-rabbit hole, my wife's gonna kill me if I bring home another home network appliance. I already splurged 290€ on the AX86U, if I buy a >300€ hardware firewall, she might banish me to sleep on the balcony for a couple of weeks.

Speaking of, which Netgate do you have? (I assume it's pfSense Netgate you're referring to?)
I just picked up an AX86U and my wife said “didn’t you JUST buy a router?”. I did…in 2018.
 

torstein

Regular Contributor
I just picked up an AX86U and my wife said “didn’t you JUST buy a router?”. I did…in 2018.
She'll never understand, but she sees it makes me happy, and she appreciates that I take care of our network security and keeping us safe, so she doesnt have to worry.

Which router did you come from?
 

Paliv

Regular Contributor
She'll never understand, but she sees it makes me happy, and she appreciates that I take care of our network security and keeping us safe, so she doesnt have to worry.

Which router did you come from?
I had an early AC68P that I liked, but I decided to try out a Gryphon router. They are well built and very stable, but don’t give you much control. And my kids are too young to really worry about the parental controls if I even wanted them. I really missed the ASUS firmware, especially Merlin’s great work. So I had to come back.
 

jdabbs

Super Moderator
My day job is enterprise networking, and it's always interesting to read through these threads to see the consumer/prosumer perspective.

Other people have touched on this, but when we order a firewall from Cisco, we're also buying a software platform. We don't expect the software to be bug free, but we do expect it be actively maintained (vulnerability and stability fixes) through the device lifecycle. A device may be in production for 5 to 7 years, and end of support is telegraphed years in advance so we can plan accordingly.

The article the OP posted isn't really wrong--in comparison, consumer grade hardware falls way short of the mark. Will Asus or Netgear write off the device a year after purchase and cease updating software? What's the average turnaround time to patch vulnerabilities? Better yet, do they even release emergency fixes? When IoT botnets are actively scanning to turn your hardware into a bitcoin mining rig, quarterly updates are an eternity.

I don't keep up with the latest and greatest, but I saw an Asus router on Newegg for 550 dollars. That's crazy high for what's essentially disposable hardware. If you're willing to spend that much every couple years to stay current, pfSense and a discrete AP might be a more cost-effective solution, and better supported.
 

Tech9

Very Senior Member
That's crazy high for what's essentially disposable hardware. If you're willing to spend that much every couple years to stay current, pfSense and a discrete AP might be a more cost-effective solution, and better supported.

Exactly my view and my solution. Don't expect likes here. I'm installing RGB lights on my Netgate appliance over the weekend.
 

Tech9

Very Senior Member
I only want to compete with this one. Nothing too flashy.


Untitled_39.png
 

jdabbs

Super Moderator
^^What Asus wants you to see: Heroic Routers

What your family sees:
spider router.jpg
 

torstein

Regular Contributor
pfSense and a discrete AP might be a more cost-effective solution, and better supported.
I wonder which is more secre and gets more frequent updates and if it matters for consumers. Asus with Merlin or pfSense and Netgate? I checked out some Netgate routers, but they were very expensive and had worse hardware than Asus.
 

Tech9

Very Senior Member
I checked out some Netgate routers, but they were very expensive and had worse hardware than Asus.

Only the entry-level models compared to high-end Asus routers. The price is for hardware + pfSense Plus license. The more frequent Asus firmware fixes lately were mostly Wi-Fi (Kr00k, FragAttack), dnsmasq (DNSpooq) and AiMesh related. None of them apply to pfSense firewalls.
 

jdabbs

Super Moderator
I wonder which is more secre and gets more frequent updates and if it matters for consumers. Asus with Merlin or pfSense and Netgate? I checked out some Netgate routers, but they were very expensive and had worse hardware than Asus.

MSRP for the Netgate 2100 is $299. Of course, the cost for the AP is on top of that, but that's really the advantage. A wireless router is an embedded PC with a radio bolted on. If you get a new phone and want a radio with 802.11ax support, you're throwing out your router to get a new one. When that radio is tied to a high-end router, it'll cost you. Separating the AP from the router avoids that bundled cost, or forgoes the cost completely if you don't really care for wireless. If you're not outgrowing your router throughput, as long as it's stable and actively maintained, there's not much reason to replace it. There are people that trade in their BMW for a new one every couple years, and there are those that hold on to a pickup for twenty years. As you can guess, I'm coming from a pickup perspective, but if people are dropping significant money on having "the best," it'd be unfair not to mention that "best" isn't clearcut.

The thing with performance and hardware specs is this--once you get beyond "sufficient," there isn't a benefit. If Router A can handle 2 Gbps throughput and Router B does 2.5 Gbps throughput, Router B is the better choice, right? Well, if your ISP is serving up 200 Mbps, that extra headroom doesn't make a difference. Performance is effectively equal--save your money. Estimate what's needed performance wise for the next few years, and buy based on that.
 

L&LD

Part of the Furniture
Hardware specs do not always equal performance.

The RT-AX88U vs. the superior RT-AX86U is a good example of that today. On effectively 'identical' hardware.

Or when pfSense on overkill hardware was slower than an Asus router (RT-AC86U, if I'm remembering correctly).

The idea of discrete components is ideal, but it is not cheaper in the long run when top wireless performance is also needed.
 

jdabbs

Super Moderator
Hardware specs do not always equal performance.

The RT-AX88U vs. the superior RT-AX86U is a good example of that today. On effectively 'identical' hardware.

Or when pfSense on overkill hardware was slower than an Asus router (RT-AC86U, if I'm remembering correctly).

The idea of discrete components is ideal, but it is not cheaper in the long run when top wireless performance is also needed.
Sure, there's potential performance differences with ASICs vs general purpose CPU, but what magnitude? A 10x difference sounds significant, but something like between 1ms and .1ms wouldn't be noticeable.

For cheaper, what exactly are you comparing? An AP comes in a lot cheaper than a $550 "high-end" router. And when WiFi 7 or whatever comes out, you're not replacing your router, just the AP.
 

netware5

Very Senior Member
Rule No.1: Do not expose ANY service to the WAN side. The ONLY port open to the WAN shall be the port a VPN (preferably OpenVPN) server listens on.
Rule No.2: Use only frequently updated Open Source firmware. For Asus routers in particular that means to use latest Merlin's FW or latest John's fork FW in case of older Asus routers.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top