
The low-down on home routers – how to buy, what to avoid - mrzool
http://esr.ibiblio.org/?p=8330
======
bscphil
Kind of missing any discussion of options like pfSense, or the other fancy BSD
powered options. The discussed routers are the sort of options I would look at
for buying for a non-techy family member, where I log in and update the
firmware for them once or twice a year. But for people looking for a little
more power and / or configurability, just pick up a little low power AMD x86
box and put some real firewall software on it. Add a little Ubiquiti access
point and you've got a great, solid setup.

I went with one of these:
[https://pcengines.ch/apu2.htm](https://pcengines.ch/apu2.htm)

~~~
dual_basis
I keep hearing this, but does Ubiquiti actually provide good speeds?

I got an Asus AC 5300, it works great. I can get 450 Mbps downloads and
uploads easily, and get good coverage.

I've also installed the Linksys Velop mesh system for a number of people now,
and I can crank out similar speeds with that.

The speed ratings I have seen for the Ubiquiti products are half that, at
best.

Here's another thread which mentions this issue:
[https://community.ubnt.com/t5/UniFi-Wireless/UniFi-AP-AC-
LR-...](https://community.ubnt.com/t5/UniFi-Wireless/UniFi-AP-AC-LR-maximum-
speed/td-p/1901054)

~~~
dano
Here is an explanation for expected throughput of various WiFi standards
[https://www.speedguide.net/faq/what-is-the-actual-real-
life-...](https://www.speedguide.net/faq/what-is-the-actual-real-life-speed-
of-wireless-374)

The Unifi product line works well for environments where non-network savy
people are involved. I've installed them in a number of non-profits, my
relative and friends homes with great success. By success, I get no questions
or complaints about WiFi coverage or access. Ubiquiti has done a pretty
incredible job of making multiple AP setup and management easy for a low
price.

For people who want a router + APs, I recommend the USG Gateway, Unifi Cloud
Key, and one or more AP-AC-Lite's. As an alternative to the USG Gateway, I use
Ubiquiti Edgerouter POE's or ER-X's.

I've used a USG myself, but may switch to a pfsense router as the USG lacks
some advanced features that aren't available in the USG.

Background: In the 90's I built my own firewalls, then moved to SG300's from
an Australian company that eventually got purchased by McAfee (I think?), then
to DD-WRT on WRT54G's, then Tomato, then Asuswrt-Merlin, and then to the USG.
Why not continue on the opensource route? I just wanted a firewall that worked
and was easy to maintain. The Ubiquiti Edge Router and Unifi Security Gateway
met most of my requirements and I've been satisfied. I'm happy to answer any
questions.

~~~
dual_basis
Thanks for the review of Ubiquiti in general. I'm still not sure I see a great
use case, however.

If the customer can get away with a single wifi router (eg. Asus AC 5300) that
will generally be easiest for them to manage (eg. easy to reset if necessary,
no concern that older devices are connecting to the wrong access point). It
also gives very strong download speeds (around 450Mbps for a gigabit
connection).

If the customer needs multiple devices the Linksys Mesh system has worked very
well. I can connect the nodes to each other wired or wirelessly, and I can get
speeds in a similar range as a single router (450Mbps). The Linksys app is
dead simple to setup and restart the system, and clients have even been able
to apply firmware updates from their phone without issue.

I don't consider the Ubiquiti software easy to use for general consumers, so I
would only install their products if I was planning to fully manage the
network for them, i.e. they would have to call me in the event that the power
went out and the system didn't come back up correctly or something.

Regardless of ease-of-use, I am more concerned about the speed. It seems like
the Ubiquiti access point I have installed top out around 200 Mbps, so I don't
even want to use them for my own house.

My guess was that the Ubiquiti devices were designed for use in an office
setting, where making sure that everyone can connect is more important than
enabling the fastest speed for say 5-10 devices.

------
yborg
>If I needed a new router today (I don’t, I have a couple of cold spares) I’d
trawl e-Bay for a one-generation-back commodity router on the OpenWRT support
list that does have 4GB+ flash and 32GB+RAM and doesn’t have a &$@*$!
Broadcomm chip in it, buy it, and flash OpenWRTs latest stable release.

This is the blogpost in a nutshell. Save yourself some time.

~~~
srcmap
Why does someone need 32G of Ram for home router?

Is it a typo?

~~~
SahAssar
The blogpost says MB, not GB.

~~~
nkurz
You are both right. Based on a comment, GB was a early typo that was then
corrected to MB.

------
sliken
I have an Ubiquiti ER-6P. I'm pretty pleased with it. The newest OS is based
on Debian stretch and it has generous ram, cpu, and storage (for a router).

The web gui is pretty nice, I can ssh (openssh not dropbear) into it (even
with a ssh key), and there's a command line available if I need it. The
security updates come out often, Ubiquiti seem responsive to the community,
and the upgrade procedure is sane.

Ubiquiti allow backing up the entire state of the router, in a human friendly
configuration format that's easy to hand edit.

They offer full IPv6, radvd, and sanely handling a IPV6 /60 from Comcast and
providing each router port with it's own /64\. Simple stuff I know, but often
missing in home routers. Similar was quite complex or broken on DDwrt and
OpenWRT, in a previous iteration of home router I actually had to steal pieces
for both to get things working with IPv6. The main problem is there was an
issue with a compatible IPv6 dhcp client to accept the /60 from Comcast.
Additionally I had to use a binary blob to get some of the most of my previous
Asus router.

I've built a router from scratch before, but the Ubiquiti hardware is silent,
well done, and their debian based OS makes all the normal router stuff easy.
And my favorite feature is the ability to use apt for package management.

I've never had a crash, currently it's been up only 65 days because of a power
outage.

------
rayiner
I have a different recommendation. Now that WiFi standards have stopped
evolving so fast, used commercial-grade WiFi access points are a fantastic
deal. I replaced AirPort Extreme with a pair of used Ruckus R600s. (They’re
AP’s so you need a separate router. I use a Linux server as an access point,
which allows using the CAKE packet scheduler at > 1 gbps.) They are $150-200
on eBay. The Airport is great, but gets a bit squirrely when your internet
connection can deliver packets faster than the WiFi can offload them. With the
R600, same-room performance stayed the same, but off-axis performance improved
dramatically. In the bedroom right above the access point, I used to get 100
Mbps or so. Swapping out the R600 raised that to 300 Mbps. (The Ruckus has
some cool directional antenna technology.)

------
bArray
Would just like to put the Orange Pi out there: wielding 2 Ethernet ports,
WiFi and other creature comforts for < $20 USD [1]. It's more than adequate
for running as a Pi Hole [2] as well as having enough left over to do other
interesting tasks. Would recommend from personal experience some form of
cooling is you plan to really push it.

[1] [http://linuxgizmos.com/tiny-hacker-board-features-dual-
ether...](http://linuxgizmos.com/tiny-hacker-board-features-dual-ethernet-
and-a-13-90-price/)

[2] [https://pi-hole.net/](https://pi-hole.net/)

------
xyzal
I use this router:
[https://www.turris.cz/en/omnia/](https://www.turris.cz/en/omnia/) and I am
quite pleased with it.

------
beckler
Not totally relevant, but if you have AT&T Gigafiber (and you don't have TV or
landline phone service), you can actually bypass AT&T's god-awful router by
getting an UBNT EdgeRouter or USG and setting up eap_proxy [0].

[0]
[https://github.com/jaysoffian/eap_proxy/](https://github.com/jaysoffian/eap_proxy/)

------
rtomanek
One commercial alternative I can recommend are AVM products, somewhat popular
in Europe (AVM is German).

Good hardware, frequently with open alternatives.

I currently use Fritz 4040 with 1Gbps fiber, with original firmware, works
like a charm.

Excellent wifi.

~~~
mrzool
Fritz!Box 7490 here, I love it to pieces. Best router I ever owned. But I
agree that the admin interface is a bit too simplified and doesn’t allow for
any advanced configuration.

~~~
ThePadawan
5490 owner here. I feel like a bit of a dangus for asking this, but have you
checked that you are in fact currently using the "advanced view" option? I was
disappointed with the configurability as well until I discovered that option.

------
banku_brougham
Is there any opinion here about Apple’s routers (airport express, airport
extreme)?

They have discontinued the product line but software updates have continued
and they say they will be supported for a while.

Are they safe to use, in the context of this blog post?

~~~
cmer
I had a few Airport Extreme and Express in the past and I think they are
awesome and under rated. They were rock solid. Never had an issue with them
and they always performed great. I also trust Apple to do the right thing in
terms of security.

------
dvfjsdhgfv
> If I needed a new router today I’d trawl e-Bay for a one-generation-back
> commodity router on the OpenWRT support list that does have 4GB+ flash and
> 32GB+RAM

You'd need to look hard to find a router with such specs.

------
chewyland
Just bought a Mikrotik router. Can't wait to get it home and start tinkering.

~~~
sliken
I've heard of Mikrotik, seemed popular with SysAdmin types, at least until
they were widely targeted by some malicious folks looking to compromise
SysAdmins to exploit the networks they manage.

Found one of many mentions (sorry for the long URL):
[https://www.trendmicro.com/vinfo/us/security/news/cybercrime...](https://www.trendmicro.com/vinfo/us/security/news/cybercrime-
and-digital-threats/over-200-000-mikrotik-routers-compromised-in-
cryptojacking-campaign)

I heard something about software limiting the routers, so you had to pay for
license upgrades to get full functionality out of their routers. Any truth to
that?

~~~
garganzol
The amount of security weaknesses in Mikrotik is low and they get immediately
patched. Those guys do excellent software updates and there are tons of
resources to get help at.

Regarding the pay for a license to get the full functionality. There is no
chance a home or ordinary office user will ever hit any limitations within a
stock license. The upgrade might be needed only for the ultimate stuff in
realm of BGP tunnels and stuff alike.

