
The Turris open router project - JoachimS
https://www.turris.cz/en/
======
dogma1138
"When the Turris router detects suspicious traffic, it sends its fingerprint
into the project Turris central."

No-profit or not, I'm not sure how many people would like this feature.

~~~
yitchelle
True, but if source code is available and is open, presumably you could
configure it send the finger print to any place you want, right?

~~~
dogma1138
It is but it seems that all of the security features of their software rely on
their "Distributed Adaptive Firewall" which can collect data and push
automatic updates to the router, they also can remotely modify the rule set of
the FW which runs on the router trough those updates (works like a signature
update for any AV or IPS/IDS appliance)

Neither in their site nor in what documentation they have does it appear to
say how can you disable data collection and or updates so it seems that to get
the designed functionality of this router you have to use their software which
collects data and allows them some level of remote access that can manipulate
the configuration of the device.

Now I'm not saying that they have any nefarious intentions this isn't any
different than a signature update for your AV, or system updates but it just
doesn't sound like it's the best approach for a device that is supposed to be
an "open" platform which operates like entry-level enterprise grade edge
network appliances.

Automatic updates and collection should be on an explicit opt-in premise and
not implicitly enabled on all devices, I understand that they need to collect
traffic in order to identify new attacks but as far as threats to SOHO/SMB/SME
users go that might use their software and are unlikely to be targeted by an
overly sophisticated attack (which most likely will not be detected in the
first place) running even a small scale traffic collection operation using
local chapters of organizations like OWASP and IEEE, academic institutions and
willing participants should be more than sufficient.

~~~
ZenoArrow
> "Neither in their site nor in what documentation they have does it appear to
> say how can you disable data collection"

From the homepage...

"the user is required to commit to using the Turris router as the main
internet gateway for his network for a specified period of time, and not to
intervene in collection of data."

Doesn't look like they will give you the option to disable data collection.

~~~
oselhn
Thats the main feature. Router is designed by non profit organization
[https://www.nic.cz/](https://www.nic.cz/) for collecting research data.

------
ZenoArrow
There are some benefits to what the Turris team is promoting, particularly
when it comes to guarding against DDoS attacks, but the approach is totally
wrong.

Users should be in control of the data that leaves their router. I'd much
rather see a 'Turris app' being built for OpenWRT routers, that would allow
users could control what information gets sent through it. OpenWRT is
effectively just a specialist Linux distro so from a software perspective it
wouldn't be too hard to build a distributed firewall app for it.

------
mschuster91
Solid hardware specs. Replace the Wifi card with an ac-compatible one and I'll
buy it.

Also, a SIM card slot? Me gusta, if it has LTE support - unfortunately it
ain't mentioned in the specs.

~~~
dogma1138
many "enthusiast" home routers have support for cellular USB modems I got a 4G
stick plugged into my ASUS AC-97 which provides a WAN fallback if the main WAN
connection goes down.

It works pretty damn well and it's seamless as long as you can get a true IPv4
address over your cellular connection and not some piss poor NAT.

~~~
mschuster91
Yeah, of course, but dongles usually have craptennas which cease working once
inside a building...

~~~
dogma1138
This one wont have any better, pretty much every router I've seen (good ones)
with a cellular interface will have a PCB fractal antenna, these work fine for
any residential environment if you get a good enough reception on your phone
to get LTE bandwidth the dongle will work just fine.

The only routers I've seen with an external antenna are those that are
designed to be put in data centers (you coax it to an external source just
like you would for GPS antennas for DC grade NTP appliances) or hardened
routers mostly for military or heavy industrial use that might be put in a
mobile data center (tricked out shipping containers and the like) which is
either shielded by design or by circumstance.

The dongle i have gets about 60mbits, my phone gets a bit under 50, and BTW it
technically has an external antenna connector (most dongles do btw, it's a
trade secret ;) shh) with a micro BNC connector they often used for testing
some dongles have it as a feature but virtually all of them (I have yet to see
one, I've seen one with unpupulated BNC slot but others from the same make and
model had it so i think it was a production goof than a design choice) will
either have them built-in on the PCB or an unpopulated slot for one.

Here is an example of an off the shelf 3G dongle go down to the PCB layout you
can see the mini/micro BNC connector in the right image in the top left
corner.

[http://www.3g-modem-
wiki.com/page/ZTE+K3565-Z+(Vodafone)](http://www.3g-modem-
wiki.com/page/ZTE+K3565-Z+\(Vodafone\))

So get a dongle strip it out of the casing find the BNC port, get one of these
[http://i47.tinypic.com/2rr9av8.jpg](http://i47.tinypic.com/2rr9av8.jpg) and
you're golden, if you want to work for your gold star then either cut/mill or
my favorite use that soldering iron and carve a hole/slot for you to push the
cable through or if you really want to make it skookum 3D print your own
casing and you got your external antenna.

P.S. Feel free to name your 1st born after me.

~~~
mschuster91
I'm thinking about a DLink DWR 512 or similar, but this one is 3G and honestly
I don't trust "brand names" any more, all these cheap routers usually come
with broken/buggy/backdoored software and next to no documentation, source
code etc. and the CPUs tend to be described best by "just enough horsepower to
implement a router", but not anything near the requirements for a solid VPN
router, or God forbid, a performant media server. Even AVM, a notable
exception on the plastic-router front, ships their flagship 7490 with a CPU
that isn't capable on delivering more than 10 MByte/s read throughput on the
USB3.0 (!) port.

This project at least has open-ness from the beginning, it might shift the
market a bit if they ever sell their routers public.

~~~
dogma1138
Well el-cheapo purpose built cellular routers can have them, it's not common
tho the DLINK also don't use a standard BNC connector if i can remember.

If you want to spend 1000$ or so you can build your own dedicated PFsense
router, for a bit less you can build an x86 OpenWRT machine or go for one of
the oWRT / DD-WRT boards but they aren't cheap either.

If you want to get rid of the software well then find a router with
OpenWRT/DD-WRT support many SOHO/CPE routers are supported, it won't help you
against bugs or broken software but at least it as backdoor free as it can be.

I actually found that many home routers come with pretty much over kill CPU's
these days, their choice of the wireless BBP is often questionable and if it
doesn't come on a mini-PCIe or a SODIMM type interface then you are stuck with
them.

FRITZ!Box btw has always shit (also crappy/backdoored through their own choice
of software) and the USB thing isn't unheard off many USB ports on routers are
slow not because of the CPU but because of the USB controller they are using,
heck new phones still come with USB 2.0 speeds as far as OTG/PC connection
goes even if they come with nifty USB Type C connectors.

------
simplexion
I like the look of that DSL modem. It is really hard to find a decent small
DSL modem. I use routers (no modem) with OpenWRT on them, so I have to bridge
a DSL modem. I could not find a good small cheap DSL modem that offered no
extras when I had to replace my modem recently.

~~~
dogma1138
Look at Actiontec modems, they got a small factor single port DSL modem/router
(router part cam be disabled, will support PPOE over the "LAN" port), ZyXEL's
"Prestige" line has a few tiny modems as well.

------
federico3
They are also building a powerful Open Hardware ARM-based router with WiFi and
NAS capabilities: [https://omnia.turris.cz/en/](https://omnia.turris.cz/en/)

