
Turris Omnia - pjf
https://omnia.turris.cz/en/
======
shimo5037
I have one and I'm not using it anymore. It's quite possible that the software
is more mature and usable now, but unfortunately it just wasn't good enough at
the time. There were severe issues with DNS, with most requests taking a few
seconds to complete, making simple tasks like browsing the internet quite
infuriating. By default, there was no support for resolving local hostnames
either, but it was possible to make that work by modifying some of the config-
generating scripts to add a forward to another local DNS resolver. I don't
recall the details exactly but there were at least two local DNS resolvers
running due to missing DNSSEC support in one, and it may have been possible to
enable a third resolver as well. Quite confusing.

I'm also not sure why they bothered adding their basic UI in addition to the
OpenWRT side, it barely exposes anything and it was common to receive error
responses. Maybe they just felt like they had to add more funding goal
rewards.

The antennas were a bit loose but the case is quite easy to open, so they were
easily tightened.

I now have Ubiquiti gear and the DNS delays and other issues are completely
gone. While I in principle fully support the project, it turns out that I just
wasn't willing to spend days customizing the thing to get it to work at a
reasonable level, especially when my own daily internet use relied on it.

If someone feels like the current retail price is a bit steep but wants to
give it a go, I've got my silver 2GB RAM model available for a more reasonable
price :) It has the potential to be great in the hands of the right person.

~~~
INTPenis
I also have one of the first backer editions and I had no issues. DNS being
slow sounds like a resolver problem. Like it's timing out for some reason. To
be honest, I'd suspect your network rather than the omnia.

The thing that worries me the most with the Omnia is how well it's going to be
maintained.

I had no idea it used OpenWRT at all, my impression was that they made their
own OS based on Linux.

So that's essentially like its own distro. Hence my worry that it's not going
to be well maintained with patches for the far future.

But so far it's been great.

~~~
shimo5037
It's good to hear that at least some others have not had any issues :) It is
certainly possible that the ISP modem may have been doing something special,
but I've now been through at least 4 different routers of various grades over
the years and sadly Omnia was the only one to ever exhibit that issue here. Or
it may have had something to do with IPv6 or PPPoE. Hardwiring DNS to 8.8.8.8
did not help either. In the end I deemed it not worth it to waste any more
time attempting to fix it.

------
gjem97
OK, I know it's the worst to show a product and have the first thing out of
the audience be a feature request. So I guess first: this looks awesome.
Second: what I really want from a SOHO router is a decent remote
administration workflow. Our network admin is remote/part-time, and frequently
uses remote-desktop apps to be "present" on our network to administer our
firewall.

Here's what I'm thinking. Build an OTP display into the router that is
necessary as a second factor for remote administration. Then, instead of
allowing the remote administrator to make changes immediately, require me (on
the local network) to approve the changes.

Regardless of the actual implementation, it seems like remote administration
is a neglected featureset of the SOHO networking world. In my experience,
though, it is very common to need someone outside the network to make changes
(remote employee, family member, IT consulting shop, etc).

~~~
ogig
SOHO routers already have ways of remote administration. You just need to be
brave enough to expose it's web panel or telnet cli to the internet.

~~~
gjem97
Right, and so that was my point about an second factor built in to the device.

~~~
zokier
Why not just use TOTP if you want 2FA?

~~~
gjem97
I'm just imagining that the average homeowner isn't going to want to keep
track of a second device, even if that's part of their iPhone. People
switch/lose phones. I think it's better if its built into the hardware.

------
ThePhysicist
This is a great project and a very good approach to IT security, but the price
point is really a bit high at over 300 €. Currently I run OpenWrt on a TP-Link
Archer C7, which costs only one fourth of the price of the Omnia. Of course it
has much lower specs with just 16 MB of flash and 128 MB of RAM, but for most
small business or home use cases this is more than enough (anyway you don't
want to use your flash as a HDD as it cannot be rewritten very often).

In my opinion it would make more sense for them to focus on the software side
of things, as stock OpenWrt leaves much to desire in terms of usability, so
having a nicely polished and user-friendly interface on top of it would be
something that I'd be willing to pay for (but please let me use it with my own
hardware).

~~~
slau
They don't target the same user segment. The C7 will start having a lot of
trouble as soon as you try to run a VPN server on it, do full NAT/routing at
gigabit line speed, or need to handle multiple VLANs. All of that has to be
handled by the frankly underpowered CPU on the C7.

The TO will chew through that pretty easily. A lot of it is handled in
software as well (I believe VLANs are handled in the silicon, though), but the
beefier CPU means it won't choke as quickly.

I use my C7 as a dumb access point. It literally only needs to handle the
encryption for a few wifi networks, and transpose the traffic into the proper
VLAN. No routing, no connection tracking, no NATing. My EdgeRouter handles all
of that, and does it very well.

~~~
ThePhysicist
Thanks for that information, makes sense!

------
mangix
Biggest problem with it is than you cannot put regular OpenWRT or LEDE on it.
You're effectively stuck with their OS.

Unless you put in the work to add LEDE or OpenWRT support. Or try putting
Debian or whatever on it.

Problem with their fork of OpenWRT is that it has diverged massively from the
original. LuCI is quite trash on it. Settings don't apply at all. Have to run
/etc/init.d/* manually. Unicode is broken for irssi, packages tend to not be
in sync with upstream.

A shit show basically.

------
dandelion_lover
Alternatively, there is also an FSF-certified [0] router:

[https://www.thinkpenguin.com/gnu-linux/free-software-
wireles...](https://www.thinkpenguin.com/gnu-linux/free-software-wireless-n-
mini-vpn-router-tpe-r1100)

[0] [https://www.fsf.org/ryf](https://www.fsf.org/ryf)

~~~
kopijahe
Looks like a GL-INET AR150[0] with a custom firmware and double the price to
me...

[0] [https://www.gl-inet.com/ar150/](https://www.gl-inet.com/ar150/)

~~~
dandelion_lover
Just like Libreboot laptops are 'double-priced' ThinkPad laptops [0]. If you
can sell user-respecting devices cheaper, go ahead. There are buyers.

[0]
[https://minifree.org/product/libreboot-x220/](https://minifree.org/product/libreboot-x220/)

------
scotu
This tingled my "so cool, I need it" part of my guts since the crowdsourcing
campaign, but the price was able to hold me back.

What's your favourite reason/use why you got one? (I'm assuming we have a
couple of people here who got it, but if you didn't and know what you would to
with it feel free to answer :D)

~~~
chme
Pro:

\- Really near to complete linux mainline support. Meaning newest kernel
versions can be used and is future proof. Maybe put normal Debian on it.

\- Security updates. OpenWRT isn't that strong about this if you don't want to
compile yourself.

\- Quite and energy efficient, because its a home router.

\- Pretty strong CPU and enough RAM for compiling ARM stuff native.

\- 3x Mini-PCIe slot for future proof design, customizability and
upgradability.

Con:

\- Not ARM64. Devices with 2 GB RAM should be a 64 bit architecture[0].

\- Price

Next to it, I have a PCEngines APU2[1] board running, that might be a good
alternative. Cheaper, Mainline-Linux, x86_64 arch

[0]
[http://www.realworldtech.com/forum/?threadid=76912&curpostid...](http://www.realworldtech.com/forum/?threadid=76912&curpostid=76980)

[1] [http://pcengines.ch/apu2.htm](http://pcengines.ch/apu2.htm)

~~~
helb
> Maybe put normal Debian on it

Yep, [https://github.com/tmshlvck/omnia-
debian/wiki](https://github.com/tmshlvck/omnia-debian/wiki)

~~~
chme
Yes that is Debian. But I said "normal" and implicitly meant with original
debian kernel.

~~~
helb
That should[0] work, too. Debian has _armhf_ port[1].

But yeah, it's not as easy as dding the image to some flash drive and booting
the installer… yet. :)

[0]
[https://wiki.debian.org/InstallingDebianOn/TurrisOmnia](https://wiki.debian.org/InstallingDebianOn/TurrisOmnia)
[1]
[https://wiki.debian.org/ArmHardFloatPort](https://wiki.debian.org/ArmHardFloatPort)

------
falsedan
> _€339,00_

My internal cheapskate is firing up & making me look at comparable MikroTik
systems.

> _a not-for-profit research project of CZ.NIC, z. s. p. o., the registry of
> the Czech national top level domain .CZ._

I'd like to see more on the background of this product, and what's driving the
NIC to develop it.

~~~
dsr_
You can roll a nice x86-64 system for this price, depending on what you want.
Seriously, the least expensive soldered-processor mini-ITX motherboards are
$40-50 in quantity 1; add a 4-port gig-e card, RAM, a small SSD and a
case/power supply and you can match this price but have replaceable components
running a stock Linux or BSD.

~~~
pilsetnieks
And you can also get a comparable Mikrotik for 1/3rd of the price.

------
ericfrederich
This theme of having overkill hardware for the main purpose and using leftover
resources for other tasks is happening on both routers and NAS.

Many routers use their extra resources to act like a NAS. You buy a NAS
(Synology/QNAP) or build your own (unRAID) with extra resources and use it for
desktop computing (even Gaming w/ unRAID GPU passthrough), Plex Media Server,
OwnCloud, GitLab hosting, etc, etc.

... so if both routers and NAS are trying to do the same thing (utilize extra
resources), at what point will these converge? Will something like unRAID
integrate OpenWRT as a first class citizen and have its focus be both NAS and
Networking?... or Synology/QNAP devices try to be routers.

------
skompfy
So first of all, this looked/looks awesome. Open hardware FTW.

My gripes include it being difficult to get ahold of one in the US. The idea
of unattended auto updates on a router seems a bit dangerous, but it's all OSS
anyway. It's initial rollout was meant for data collection (which can be
turned off on the paid product). I wish I knew if you could run vanilla
OpenWRT/LEDE on it and not their fork (support, maintenance, future look).
Overall though, cool.

~~~
helb
> which can be turned off on the paid product

Actually it can be turned _on_ , this feature is opt-in.

> I wish I knew if you could run vanilla OpenWRT/LEDE

It's not there yet, but the devs try to push anything needed to upstream
Linux/OpenWRT, see this: [https://github.com/CZ-NIC/turris-
os/issues/50](https://github.com/CZ-NIC/turris-os/issues/50)

------
comandillos
It looks really interesting but i still prefer to use a PC as my
router/firewall, use a AP for wireless connectivity and switches for more
ports, this setup gives me the best performance for my network, but hey, not
everyone is going to do this at home.

------
tpae
can it mine bitcoins?

~~~
redpola
Any computing device can mine bitcoins. You can even do it by hand if you
want. Without custom hardware and solar/hydro/volcanic free energy you won't
make any money though.

