What's new

what is the best wireless consumer router for security?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Think I just found a good contender. Synology RT-2600-AC Comparable hardware and wireless performance, , puts out security patches frequently, updated to support wpa3 even. Has an in depth firmware slightly more complicated like asus but not nearly as in depth as mikrotik. has a package similar to ai protection with intrusion protection and network threat prevention with a security advisor, you can setup a vpn on it, isolated guest network with password, QOS. And i can mount it upright.

supposedly it runs cooler and more stable then the ac86u. I think i'm gonna get it and compare.


Anybody have any thoughts on this router?

EDIT: Doesn't not have AES-NI and supposedly the VPN performance is mysteriously worse then even the ac68u.... sigh....
 
Last edited:
AFAIK, Synology routers are not available in North America. I also think they tend to suffer from performance issues (at least the original AC1900 one did, as the software stack became too heavy to be handled properly by the used SOC).

If you need both security and performance, nothing right now will beat running your own DIY router with any of the popular software solutions (OPSense, pfsense, Sophos XG, etc...) on an x86 platform, and using a separate AP for wifi duties. Unless you decide to go down the route of business-centric solutions, which are not only more expensive but also far more difficult to manage.
 
AFAIK, Synology routers are not available in North America. I also think they tend to suffer from performance issues (at least the original AC1900 one did, as the software stack became too heavy to be handled properly by the used SOC).

If you need both security and performance, nothing right now will beat running your own DIY router with any of the popular software solutions (OPSense, pfsense, Sophos XG, etc...) on an x86 platform, and using a separate AP for wifi duties. Unless you decide to go down the route of business-centric solutions, which are not only more expensive but also far more difficult to manage.

They sell that synology on amazon. I read about the performance issues on the 1900 that people say were fixed with the 2600. but ya i don't trust it. definitely something suspicious about the poor vpn performance. EVen without the hardware acceleration 1.7ghz should perform better then the results i've been reading. which is basically 30MBs. The ax58u did 50. 30 is more like the ac66u_b1 or ac68u. So i'm a pass on that. lol

And you're probably right. I guess i will just stick with the ac86u and cross my fingers it lasts. I don't think i want to go down the expensive complicated route. I thought about it piecing a system together with pfsense box. But I don't even know what hardware to choose or where i would put it. Or what AP has that range? And I'd probably have to buy two to mesh. I don't know if its all worth the trouble. With all my complaints about Asus, the competition seems to be even worse lmao. I'm just lighting fires for the consumers benefit.

I got AI protection and Qos working without the router crashing or dcd crashes right now at the same time my VPN is running for 2 days now. NO idea how. just a lucky factory reset and immediate jffs format I guess. My only issues is minor things now that I believe are safe to ignore. LIke the blog error, the vpn replay error, and the protocol 0800 is buggy error which are not often enough to flood the router. I think these are all safe to ignore.

Like I said though if not for your firmware I would of ditched this router already. SO thanks for your hard work and don't mind my criticism which is definitely not personal.
 
Last edited:
But I don't even know what hardware to choose or where i would put it.

A very popular option is a Qotom industial PC. They have models ranging from Celerons all the way to i7.

This one has AES-NI acceleration, and is reasonably priced:

https://www.amazon.com/dp/B074XNYHL4/?tag=snbforums-20

Personally I use a Quotom with an i5 for hosting a mini Xen virtualization server.

For AP, you can use pretty much anything, including an Asus router configured in AP mode.
 
A very popular option is a Qotom industial PC. They have models ranging from Celerons all the way to i7.

This one has AES-NI acceleration, and is reasonably priced:

https://www.amazon.com/dp/B074XNYHL4/?tag=snbforums-20

Personally I use a Quotom with an i5 for hosting a mini Xen virtualization server.

For AP, you can use pretty much anything, including an Asus router configured in AP mode.

getting harder for me to post lol. At least i'm not totally banned. Thanks for your reply.
 
Think I just found a good contender. Synology RT-2600-AC Comparable hardware and wireless performance, , puts out security patches frequently, updated to support wpa3 even. Has an in depth firmware slightly more complicated like asus but not nearly as in depth as mikrotik. has a package similar to ai protection with intrusion protection and network threat prevention with a security advisor, you can setup a vpn on it, isolated guest network with password, QOS. And i can mount it upright.

supposedly it runs cooler and more stable then the ac86u. I think i'm gonna get it and compare.


Anybody have any thoughts on this router?

EDIT: Doesn't not have AES-NI and supposedly the VPN performance is mysteriously worse then even the ac68u.... sigh....

Nothing designed in China or a Chinese territory not because of the people, but because their legal system lacks provisions for privacy for consumers or means to push back against government intrusion.
 
Nothing designed in China or a Chinese territory not because of the people, but because their legal system lacks provisions for privacy for consumers or means to push back against government intrusion.

i think they are from taiwan, home of CIH and the guy who wrote it went to work for gigabyte lol. but to be honest man i think it is a problem all over the world, including our country. i sometimes think the apple vs fbi confrontations is all stageshow. but rather then focus on the country focus on the developers and manufacturers themselves. Joanna Rutkowska is an expert on such things, she founded invisible things labs and Qubes-os and I don't think shes ever been too hopeful of totally avoiding such things. I wonder if there is some sort of 'libre' router board out there.
 
Last edited:
You're not going to be running much on this router beside just pure routing with only 128 MB of RAM. 16 MB of flash is also quite limited in terms of future upgradability.

Also Atheros for 5 GHz wifi ain't gonna break any record, and no mention of the CPU used.

Sounds like a lot of low to mid-range hardware. Expect pretty lackluster VPN performance (provided it even supports OpenVPN with such low specs). You'd be better with building your own x86 router IMHO.
 
If you need both security and performance, nothing right now will beat running your own DIY router with any of the popular software solutions (OPSense, pfsense, Sophos XG, etc...) on an x86 platform, and using a separate AP for wifi duties. Unless you decide to go down the route of business-centric solutions, which are not only more expensive but also far more difficult to manage.

This is the route I eventually went. So far I am vary happy with my setup.
 
hard to beat the quotom i3/i5 devices for compatibility, headroom and bang for the buck... waiting for delivery on two of them (i5s)... or throw a bit more money at netgate's hardware if you need hand-holding...
 
Last edited:
You're not going to be running much on this router beside just pure routing with only 128 MB of RAM. 16 MB of flash is also quite limited in terms of future upgradability.

Also Atheros for 5 GHz wifi ain't gonna break any record, and no mention of the CPU used.

Sounds like a lot of low to mid-range hardware. Expect pretty lackluster VPN performance (provided it even supports OpenVPN with such low specs). You'd be better with building your own x86 router IMHO.

ya i would expect as much lol. and probably hella expensive i bet. thats how the libre stuff usually is. i wouldn't be surprised if its already dead in the water.
 
hard to beat the quotom i3/i5 devices for compatibility, headroom and bang for the buck... waiting for delivery on two of them (i5s)... or throw a bit more money at netgate's hardware if you need hand-holding...

ya those netgates are way more money. is it just because they are officially supported come with pfsense preinstalled or something?
 
ya those netgates are way more money. is it just because they are officially supported come with pfsense preinstalled or something?

no... it's consistency of hardware from bios to kernels to drivers to low-level config/naming conventions across a wide range of hardware skus that support small to large i/o demands... also as a portal, they fulfill support plans bundled for commercial users that demand a one-stop shop/support experience... it's a modern business model for leveraging open-source software that (in this case running bsd under the hood) has rather particular hardware conformity issues...
 
Last edited:
no... it's consistency of hardware from bios to kernels to drivers to low-level config/naming conventions across a wide range of hardware skus that support small to large i/o demands... also as a portal, they fulfill support plans bundled for commercial users that demand a one-stop shop/support experience... it's a modern business model for leveraging open-source software...

so when you say hand holding you mean customer support. specifically for pfsense i'm sure and a better warranty on the hardware probably. also looking at specs pfsense is pre-installed and its got this Microchip® CryptoAuthentication Device which provides assurance your system is running authentic, unaltered pfSense software. ineresting. also runs on arm which is more low powered. but i'm assuming this won't run the 3rd party vpn as well.
 
Last edited:
so when you say hand holding you mean customer support. specifically for pfsense i'm sure and a better warranty on he hardware probably.

more accurately, pfsense config support, as well as stocking hardware that won't endure a lag time failure-replacement (other than overnight shipping) like the 'tinkering' hardware I suggested above...
 
also looking at specs pfsense is pre-installed and its got this Microchip® CryptoAuthentication Device which provides assurance your system is running authentic, unaltered pfSense software. ineresting. also runs on arm which is more low powered. but i'm assuming this won't run the 3rd party vpn as well.
no - that's erroneous info (re: crpto-chip) - that's on only one model (their entry level) - and wasn't migrated to the rest of the appliance product line... hardware for pfsense and adding additional stuff (like snort and more) imo, requires at minimum an intel cpu - and a xeon if your proc demands justify it...
 
Last edited:
no - that's erroneous info (re: crpto-chip) - that's on only one model (their entry level) - and wasn't migrated to the rest of the appliance product line... hardware for pfsense and adding additional stuff (like snort and more) imo, requires at minimum an intel cpu - and a xeon if your proc demands justify it...

ah interesting. and wow i remember snort. 'fly piggy fly' lol. haven't used that in years.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top