Which one of these two routers is likely to lose AsusWRT updates first, and therefore also Merlin updates?

[DNN75]

RT-AC86U or RT_AX56U?

RT-AC86U｜WiFi Routers｜ASUS USA

ASUS has a range of wireless routers suitable for every purpose. Whether it's for your home, for business trips, or for any other need or environment, there's an ASUS router for you.

www.asus.com

RT-AX56U｜WiFi Routers｜ASUS Global

ASUS has a range of wireless routers suitable for every purpose. Whether it's for your home, for business trips, or for any other need or environment, there's an ASUS router for you.

www.asus.com

Also, does AX56U have better security because it's an "AX"?

 

[GSpock]

Also, does AX56U have better security because it's an "AX"?

"AX" means that it has Wifi6 capabilities, nothing related to security, only Wifi performances

 

[DNN75]

"AX" means that it has Wifi6 capabilities, nothing related to security, only Wifi performances

I didn't know that. But I'm mentioning this because in this thread AX routers are noticeably missing from a list with vulnerable routers.

News - Trend Micro: Cyclops Blink Sets Sights on Asus Routers

This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet...

www.snbforums.com

 

[OzarkEdge]

Also, does AX56U have better security because it's an "AX"?

Any new technology may/should be engineered to be more secure... and can also introduce new unknown vulnerabilities.

WiFi6 (ax) introduces WPA3 to improve security.

Buy a current router unless you have your own reason not to.

OE

 

[bbunge]

I didn't know that. But I'm mentioning this because in this thread AX routers are noticeably missing from a list with vulnerable routers.

News - Trend Micro: Cyclops Blink Sets Sights on Asus Routers

This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet...

www.snbforums.com

Most likely as the AX routers were released with 386.xxxx firmware and thus not subject to the cyclops blink vulnerability.

 

[DNN75]

Any new technology may/should be engineered to be more secure... and can also introduce new unknown vulnerabilities.

WiFi6 (ax) introduces WPA3 to improve security.

Buy a current router unless you have your own reason not to.

OE

I don't care about WPA3 because I only use wired LAN, but I can't find a non-wireless router which is cheap, easy to set up, supports OpenVPN and has a fast dual core processor -- and has many years of security updates left. Why buy a wireless router and expose yourself to all those security holes if you never use wireless? The security holes are there even if you turn off the radio due to the increased complexity of the wireless router.

At least with the AC86U it's possible to remove the antennas and it also has a physical WiFi off button. Does that button work with Merlin?

 

[bbunge]

I don't care about WPA3 because I only use wired LAN, but I can't find a non-wireless router which is cheap, easy to set up, supports OpenVPN and has a fast dual core processor -- and has many years of security updates left. Why buy a wireless router and expose yourself to all those security holes if you never use wireless? The security holes are there even if you turn off the radio due to the increased complexity of the wireless router.

At least with the AC86U it's possible to remove the antennas and it also has a physical WiFi off button. Does that button work with Merlin?

There are plenty of non Wi-Fi options out there. Removing external antenna still leaves the internal antenna active.

 

[OzarkEdge]

I don't care about WPA3 because I only use wired LAN, but I can't find a non-wireless router which is cheap, easy to set up, supports OpenVPN and has a fast dual core processor -- and has many years of security updates left. Why buy a wireless router and expose yourself to all those security holes if you never use wireless? The security holes are there even if you turn off the radio due to the increased complexity of the wireless router.

At least with the AC86U it's possible to remove the antennas and it also has a physical WiFi off button. Does that button work with Merlin?

Why compare wireless routers if you don't want a wireless router... sounds like you already have your own reasons.

Asuswrt and Asuswrt-Merlin have settings to disable the WiFi radios... no button required, so one less reason to favor one box over the other.

OE

 

[DNN75]

There are plenty of non Wi-Fi options out there. Removing external antenna still leaves the internal antenna active.

You're right. I forgot about the internal antenna. Sigh!

 

[DNN75]

Why compare wireless routers if you don't want a wireless router... sounds like you already have your own reasons.

Asuswrt and Asuswrt-Merlin have settings to disable the WiFi radios... no button required, so one less reason to favor one box over the other.

OE

I've read in different forums how the WiFi was on even when it indicated it was off. A software glitch? Who knows?

 

[OzarkEdge]

I've read in different forums how the WiFi was on even when it indicated it was off. A software glitch? Who knows?

Anything is possible although I've seen no such reports here. I think you've answered your own query... if you don't want a wireless router for fear it will broadcast WiFi even when configured not to, then you should not buy a wireless router regardless of the model unless you want to live in fear of it.

OE

 

[DNN75]

Anything is possible although I've seen no such reports here. I think you've answered your own query... if you don't want a wireless router for fear it will broadcast WiFi even when configured not to, then you should not buy a wireless router regardless of the model unless you want to live in fear of it.

OE

I would very much like to find a non-wireless router which cost under $100, is easy to set up for somebody who is not a networking professional, supports OpenVPN client/server and has a 1,5-1,8GHz dual core processor -- and has many years of security updates left.

Any ideas? Because a fast VPN requires a fast processor even if you don’t have wireless. X86 solutions like Sophos, pfSense and Opensense are too complicated. Strange they don’t bother to provide a dumbed-down version.

 

[OzarkEdge]

I would very much like to find a non-wireless router which cost under $100, is easy to set up for somebody who is not a networking professional, supports OpenVPN client/server and has a 1,5-1,8GHz dual core processor -- and has many years of security updates left.

Any ideas? Because a fast VPN requires a fast processor even if you don’t have wireless. X86 solutions like Sophos, pfSense and Opensense are too complicated. Strange they don’t bother to provide a dumbed-down version.

I don't like to tell others what to buy, but if it were me, I would consider a current, reputable ASUS dual-band WiFi6 router supported (endorsed) by Asuswrt-Merlin, configure it per my install notes plus whatever else you want, and then disable the radios and hope for the extended firmware support that is typical of mainstream ASUS consumer routers, i.e. as good as it gets for the money. That would narrow down your options and keep your options open in more ways than one. And if you don't like it, you can sell it on to someone else who will most likely want such a thoughtfully considered wireless router for their home.

Others here will have to suggest a non-wireless consumer option.

OE

 

[DNN75]

I don't like to tell others what to buy, but if it were me, I would consider a current, reputable ASUS dual-band WiFi6 router supported (endorsed) by Asuswrt-Merlin, configure it per my install notes plus whatever else you want, and then disable the radios and hope for the extended firmware support that is typical of mainstream ASUS consumer routers, i.e. as good as it gets for the money. That would narrow down your options and keep your options open in more ways than one. And if you don't like it, you can sell it on to someone else who will most likely want such a thoughtfully considered wireless router for their home.

Others here will have to suggest a non-wireless consumer option.

OE

One of the best non-wireless routers under $100 is maybe TP-Link ER 602 V2. It has 21,7Mbps OpenVPN speed, but they don’t indicate if it’s encrypted traffic or not. Flash 128MB and RAM 256MB, which is half compared to the two wireless Asus routers I mentioned above. Can’t find info on processor speed or how many cores it has…

Omada Gigabit VPN Router

Omada ER605 supports Gigabit Ethernet connections on both WAN and LAN ports and multiple VPN protocols and high-security, high-performance VPN capabilities, making employees’ remote connections to their main offices as secure as if they were in the main office.

www.tp-link.com

I’ve read the AC86U has over 240 Mbps in OpenVPN because it has an AES-NI hardware acceleration chip. This is why I’m looking at wireless routers.

 

[L&LD]

That TP-Link would be a very bad choice, for so many reasons. Security being number one.

Note that for routers, it's AES that is important for OpenVPN speeds (they don't have AES-NI, which is an Intel CPU function).

 

[heysoundude]

I'd bet on the AC86 being dropped first...but it still has plenty of life in it. For comparison, Asus released a firmware update for the old N66 just over 2 years ago

I’ve read the AC86U has over 240 Mbps in OpenVPN because it has an AES-NI hardware acceleration chip. This is why I’m looking at wireless routers.

You've not mentioned what your line speeds are from your ISP, so that point may be irrelevant/moot.

 

[L&LD]

I'd bet the RT-AX56U (a much less competent router than the RT-AC86U).

 

[RMerlin]

It has 21,7Mbps OpenVPN speed, but they don’t indicate if it’s encrypted traffic or not.

Even encrypted, that's VERY slow. Modern Broadcom CPUs can hit over 200 Mbps with AES-256-GCM.

21 Mbps would be what I'd expect from a 10 years old 400-500 MHz MIPS CPU.