The other router mentioned in this article, the Linksys EA2700, doesn't seem compatible with third party firmware. And apparently the Cisco firmware is buggy, no surprise there. It is an awfully cheap Dual-Band 802.11n router, but if you can't put working software on it it's useless.
I don't understand why some major router manufacturer doesn't just sell routers pre-installed with Tomato. It's easy to use, stable, and works way better than any crap the router companies cobble together. Flashing new firmware on a stock ASUS router is too complex for ordinary consumers.
It's also amazing how prevalent Ethernet still is, even when wireless is a competitor. The other day I left this comment: http://news.ycombinator.com/item?id=5052448 on HN, because in some circumstances running a cheap ethernet cable from a router to a desk, couch, or other work station can still be a real win, especially given how inexpensive even very long ethernet cables are from Monoprice.com.
They last forever, aren't subject to the level of interference wireless is, and, in many conditions, have faster data transfer speeds. Ethernet is still great.
Take away "in many conditions" and replace with "always, without exception" and replace "faster" with a "at least a magnitude faster" and we are in agreement.
If you need performance and reliability (like for instance for iScsi) there is really nothing which even compares to wired ethernet.
Note that in most cases wireless systems are far slower than theoretical speed, but 100Mbit wired ethernet is good for 90+ in both directions simultaneously, so in most cases it'll be faster than 802.11n, and with better and more consistent latency.
Someone measured the difference in transmissivity for different materials at 2 and 5 GHz (http://www.ko4bb.com/Manuals/05)_GPS_Timing/E10589_Propagati...) - the difference is quite large for brick and cinder block; unfortunately, they didn't measure insulation foil, which I expect would be quite a good RF shield, especially if earthed.
So if everyone switched to 5 GHz, the interference situation might still be better than if everyone was on 2.4 GHz.
Of course, being an early adopter of 5GHz probably helps with the other problem in apartment buildings, the 'prisoners dilemma' type problem where everyone who knows how ups their transmit power because of the noise, making the problem worse for everyone else but temporarily better for them, when if everyone lowered their power, everyone would get better speeds (exactly analogous to how everyone ends up shouting when having a conversation with the person next to them at a party, when if everyone talked quietly instead communication would be more successful).
Increase the beacon period of your router/AP to the fastest it will go, usually 20 microseconds. I think this is the best solution of anything you could try.
Maybe play around with the DTIM interval but I'm not sure what a good number for that is; too low supposedly drains batteries of wireless devices and too high causes other problems.
Max out RTS/CTS but you may lose overall throughput but that's no loss if it suck already, in for a lamb in for a sheep.
There are other settings too most explained in the help section of the AP/router help menu. They can be obscure but fiddling with them can help your AP signal a lot.
That's my unofficial educated guess theory.
The best bet it to switch to 5GHz, but that isn't practical for use with mobile devices.
Option B is to turn off the higher speed modes like 802.11n. Just try to stick with 11g. If you are still having connection problems, maybe switch down to 11b, but that will be real slow even when it works.
If you use an access point with detatchable antennas (which is actually most of them if you open the cover), then maybe replace the omni-directional antenna with a high-gain directional antenna (also known as a patch antenna). Then you'll need to point the antenna at where you sit.
Another (probably lousy) option to try (but very quick and cheap) is to move off of the commonly used WiFi channels (1, 6, 11). They are commonly used because they don't overlap with each other. So maybe try 4 or 9. The downside is that you will get interference from two commonly used channels, but the overall situation may be better than what you've got now.
Although I do agree with your advice about channels I often get relatives to do that as they first step in troubleshooting problems with their home wireless network.
People have all those adjustable router options they may as well try something rather than default settings. You don't have to design wireless devices for a living to fiddle with a few settings.
You say "switch to 5GHz, but that isn't practical for use with mobile devices" -- is the reasoning that the 5GHz signal doesn't penetrate the walls enough as you walk around with the device?
The short version is that, depending on your usage, you may run out of NVRAM before RAM and may lose your settings. For reference see  and .
I have 32MB NVRAM to play with and that has served me well enough, but I see plenty of consumer-routers which can be "upgraded to dd-wrt" but which doesn't even have enough NVRAM to do an ipkg update.
You're sure about that? I've had an rt-n16 sitting on a shelf for over a year waiting for OpenWrt support. Your message caused me to go check their website, and all it says is:
"The Asus RT-N16 has early support in Barrier Breaker (trunk) only!"
there is support for dd-wrt, apparently since late 2010. You understand that Barrier Breaker is pre-release, right?
I am uninterested in dd-wrt, which is why I didn't mention it.
When I was in the market for something like that one or two years back, I was recommended a specific type of Buffalo Router . While I see my particular model has been superceeded by newer ones, I still thought I'd mention it because:
1. It was recommended to me by someone who had been served it extremely well by it in the past. It has now served me extremely well for years. It will probably do you good as well.
2. It's OK to support more than the top 3 vendors in the world with your money. This leads to more competition, more diversity and better products.
3. Putting stock dd-wrt or openwrt on it can be done all in browser and doesn't seem to involve brick risking procedures like bootloader updates, like I see you may have to go through for the Asus router.
The one thing I'm worried about though is whether that setting of 63 is worse for shorter distances. From my limited experience with building a simple radio transmitter/receiver and amplifiers, if your received signal is too strong it'll just saturate and turn to crap, and as it happens my bedroom is right next to the room with the router in it, so boosting the signal might screw up reception on my phone. But at least now I know that there's room to play around here, thanks for letting me know!
I used to do this until something happened at my ISP and my router can no longer authenticate against my ISP's PPPoE server. Now I have my modem providing NAT and DHCP, and my router is just a dumb access point. The only problem is my modem has an externally accessible administration page running on port 4567, and telnet on port 1111 that I can't turn off, even when all remote management configuration options are turned off. I've had to set up a cronscript to attempt to telnet into the thing continuously, and if successful it will kill the httpd server and telnet daemon.
It's absolutely ridiculous how insecure home network equipment is.
But remember not to leave your wireless access open to passers-by. That helps hackers, and Al-Qaeda, and pedophiles, and drug dealers! /sarcasm
There is a good reason why reverse shells exist.
Cable companies might still ship modems (they did the last time I had cable internet, but that was probably 8 years ago).
Amusingly, they always set the SSID to 'insight_wifi_XXXX' and their formula for WPA keys is `firstname + lastname + housenumber`.
That coupled with a router/wireless ap running tomato or the like should work well from what I understand. I, however, never have used DSL so I'm not an expert.
There's nothing to return, I get DD-WRT instead of whatever garbage they're running, and usually measurably faster in both internet speed (usually lower latency) and wifi speed. In particular, I've never had a bundled device get within 50% of what 802.11n is capable of, especially when you have 4 or more devices. All my dedicated routers have done just fine.
It's a free firmware and great other than QoS but who am I to complain :/
EDIT: WRT54GL is pretty old and it won't run the default build of OpenWRT Attitude Adjustment (the newest release). It also probably won't have enough memory to operate the package manager or the webinterface.
But I do have one running a custom build. The only downside is that you need to decide which software to include upfront. Their build tool is rather friendly.
EDIT2: You can have a VPN server and any routing you like on OpenWRT, same with Samba, radvd, vnstat... There are even webUI pluings (luci-app-whatever) so you can control those from the webinterface for ease of access. It is a real Linux distro that just happens to run on routers.
I find that if you're interested in experimenting with a Linux router, old PCs are a much better choice. You can get a PowerPC G3 or G4 or a late model Pentium III for practically zero money (if not literally zero money out of a trash heap) and PCI NICs for secondary interfaces are similarly inexpensive. For only slightly more money the G4 Mac Mini is an excellent choice for a wireless router. Then you have a processor that is several times faster and can put arbitrarily much memory and storage in it to suit your needs and then put your favorite Linux router distribution (or Debian) on it and have at it.
They tend to have 500Mhz CPUs, approximately no RAM, unresponsive very basic web interfaces, and fall over at the touch of a light breeze.
An el-cheapo Android tablet with 1.6Ghz dual core ARM processor, 1Gb RAM, WiFi, and a bunch of other technically hard stuff on top (IPS screen, battery) costs less than one of these style of WAP/switch/routers.
Are they really so different?
I recently got a PC Engines Alix . It's not as cheap as a consumer router but it's got good specs and runs the latest OpenWRT with no problems. Most of all, it's as small, unobtrusive, and fan-less as a consumer router.
There's a mini-pci slot so you can add wireless, but I have an airport express and so I'm just using that in bridge mode for my wireless.
I got plain Ubuntu working on it, you just have to set it to serial boot.
Dell Optiplex (1.4GHz Pentium III): 32W ($5.76/month @ $0.25/KWh)
Mac Mini (1.25GHz G4): 17W ($3.06/month @ $0.25/KWh)
Even if a WRT54G uses zero watts, you're still talking about a year before you even recover the $50 cost of one, and in any event ~$50/year is not a very expensive hobby.
Part of that is surely that I don't see what makes having a very ordinary Linux box sitting around making noise a hobby. To each his own.
I live in what I believe to be a relatively high electrical cost area and I pulled up my bill online for 2/13/2013 to 3/14/2013 and I'm paying 13 cents per KWh solely for energy although by the time I add on the substantial fixed monthly meter fee, the state low income assistance tax, 100% energy for tomorrow (in theory, all my KWh come from the local windfarm instead of from coal, in practice its probably merely a greenwashing scam) I'm writing a check (well, paying online) for about 17 cents per KWh, other words the number of KHw divided by the debit to my bank account. So the optiplex would cost me a whopping $4.04 per month lets call it a buck a week. Do I get a buck a week of fun out of my homemade firewall/PBX/other things? Yes.
If I did my math right, this is equivalent to about 4 minutes of labor at my current family income, other words spending time on detailed monthly accounting is more expensive than just paying for it outta the slush fund.
I don't have a wifi network installed merely to roast my brain with microwatts of RF. It exists solely as background infrastructure for a small herd of apple idevices and android phones/tablets all of which are value engineered to be disposable after a year or two. If I had no wifi devices I probably wouldn't have a wifi router. In other words if I wanted to save money in the category of "tablets", I'd look first at not replacing it every year or two. Just the capital/depreciation cost of only one wifi connected idevice is about an order of magnitude more than I'll pay for the electricity to run my home router/PBX/Buncha-other things. Electricity is so cheap its not even a rounding error in total systems cost, and optimizing for the wrong value is always a fail.
Another interesting anecdote is a couple decades ago I was taught as a pretty crude consumer product engineering estimate "a watt for a year is about a buck" but via inflation etc its now about $1.50. Apparently folks in less civilized areas are paying around $2 for a watt for a year. So something that runs 24 hours a day and costs $8 at walmart like a 5 watt clock radio alarm clock uses its own cost in electricity in a bit more than a year. This is also the genesis of trying to save money on wall warts, if a wall wart costs $2.50 and uses $5 of electricity per year, a more efficient switcher that costs $10 and uses only $1 of electricity per year pays for itself rather quickly.
It's true that it doesn't take the value of your time into account.
It does have enough memory for the web interface - at least for the one in KAMIKAZE (8.09.2, r18961), the version mine is running.
Now a lot of people might say "I doesn't matter who makes it, I'll just flash OpenWRT or DD-WRT onto it!" But I say to that, "then why buy a Linksys?"
Asus for one example are cheaper, they often have external antenna giving you more power and flexibility (both literally and figuratively) plus and most importantly they can be flashed with OpenWRT or DD-WRT at your pleasure.
Even without the security issues there is no good reason to buy a Linksys.
Right now I am using my ISP supplied "router" in cable-modem "mode" (i.e. just dumb pass-through to ethernet) and have a cheap MikroTik/RouterOS device sitting behind it which was cheaper than most retail grade routers but with the functionality of commercial grade equipment.
RouterOS might not be as easy to use as DD-WRT, but if you can use it then it is far more powerful as a web-based environment. Just for one example, want a VPN server? RouterOS supports IPSec/L2TP, PPtP/GRE, SSTP, and OpenVPN. Basically everything. The list of its network functionality is almost endless...
Howso? All I remember from their heyday was that they were good enough, cheap enough, and flashable. I don't remember them commanding a premium for any particular reason.
I've actually heard of Mikrotik before; about 10 years ago I was doing some work planning a 2.4GHz wireless ISP (WISP) and I think Mikrotik equipment was highly regarded then (especially in the 900MHz spectrum IIRC) so looking forward to this.
Here's a link to a distributor where it can be purchased: http://www.roc-noc.com/mikrotik/routerboard/RB2011UAS-2HnD-I...
Positives: Cheap. Powerful. Stable.
Negatives: Harder to use than OpenWRT/DD-WRT or similar. It is still a web-interface, but doesn't "baby" the user. If you aren't comfortable manually setting up interfaces and then setting up tunnels through those interfaces for example then skip this.
I love it. But I won't kid myself, it isn't for everyone. The documentation isn't comprehensive and the software is very powerful but not very intuitive (or at least it isn't if you don't have a good background configuring network equipment).
I've got a pretty in-depth networking background and for my home network rebuild I wanted something less power-hungry than my previous big AMD box running Vyatta, but needed something that supported n+ layer 3 interfaces, BGP and VLANs (i.e a proper router). Couldn't justify the cost of a 1900 series Cisco and associated k9-sec license, so went for a RB1200 (512MB RAM, 1Ghz PPC chip, 10 physical ports, 5 of which can do hardware switching and wire-speed filtering) and a couple of Groove access points.
Getting tagged and untagged VLANs to interact together on a single port is a non-starter (not supported at all), and getting VLAN trunking and routing to work together simultaneously requires terminating the layer three interface on a virtual bridge, then for each VLAN you need to create a virtual VLAN interface for each physical interface, and then put that onto the bridge as a 'bridge port'. The documentation is very scant on this side of things and the command line interface is pretty arcane compared to IOS but does make sense after a while.
If they weren't 1/4 price (or less) than an equivalent product from $enterprise_vendor I'd hesitate to recommend them to anyone, but seeing as they are - if you've got a networking background and can put up with some of it's quirks and limitations, there is very little out there that can compete with Mikrotik on price/feature set.
Fewer ports, but essentially the same wireless specs (1W DC 2.4GHzbgn). The routing capacities on both are way more than you'll ever run up against on a home connection. Same RouterOS. License level is one lower, but that essentially just restricts you to 200 VPN connections instead of 500.
The RB751 is ~$80 (5xgiga) or ~$60 (5xfast) versus the 2011's ~$130 (5xgiga+5xfast).
Setup can be quite complicated, though, compared to a consumer router.
Also, there's plenty of very cheap router hardware coming from China nowdays, from TP-Link you can get OpenWRT-capable routers for less than $15, so there's not much point in paying a lot more for Linksys products.
And the reason for it becoming popular in the first place was probably a security issue that allowed third party software to be installed.
The "L" version was introduced because newer routers didn't have this capability/vulnerability and people wanted something they could install third party software on. So when the "L" version (which I use) came it was just an older model, with even less memory than the original and a much heftier price. Unless you wanted to run third party software on it it was really bad value for your money.
Anyway, all of this truly sucks. But really, I don't expect more of any consumer router.
EDIT: Oh wow, the WRT54GL was introduced in 2005, nothing too fancy at the time and you can still buy it today - lots of stores have it in stock even.
It's not that they didn't have the "security vulnerability" but they just weren't able to run Linux in a useful manner due to low hardware resources.
I also don't remember if the WRT54G became popular in the first place because of a security issue, I think it just enabled you to upload any firmware to it and that the original firmware eventually became open-source after they received GPL violation complaints. But my memory might be fuzzy, it was a while ago.
Basically the WRT54G with base firmware was better than anything else on the market at the time of release (within the same market segment - retail routers).
Just to put that into some perspective before the WRT54G, some of the functionality in the base firmware was being sold to small-medium businesses by companies like Cisco for thousands of dollars.
Word spread quickly and instead of your local coffee shop paying Cisco $20,000 to install their WiFi, they could spend $100 on a Linksys router. This meant companies could afford to give away WiFi for free because it cost them little or nothing to install the WiFi initially.
But what happened next is what turned the Linksys WRT54G from a "great" to a "legendary" product - people found out it ran on Linux. Now Linux is open source but more specifically it is under the GPL license.
What that meant is that legally Linksys were required to share the source code that made the WRT54G run. Which after some not-so-gentle prodding and legal threats they did.
People then made distro's (in the Linux sense) which updated the Linksys firmware to add new functionality, fix issues, and similar. This made the thing even more powerful than perhaps even Linksys wanted, and ate into Cisco's small-medium business space even more.
Word spread like wildfire and soon everyone and their brother owned a Linksys WRT54G. Linksys improved the base firmware only mildly while the third party firmware was steamrolling ahead.
Cisco eventually purchased Linksys and started cutting corners on all of their retail products. Using less powerful CPUs, less RAM, and stripping out functionality while not altering the cost. Linksys stagnated.
This was likely in no small part to try and get some of their small-medium customers back onto Cisco's books, but by then it was too late. The market that Linksys had created had spread to Linksys's competitors and soon everyone was "letting" their routers get firmware updates that turned a cheap little home router into something able to fend off medium-business level commercial equipment.
Add in a managed switched and you have the start of a real network at home.
Drivers for 802.11n are in FreeBSD 9.0 and later, but that won't be the base for pfsense until 2.2:
Your mother / father / grandmother / etc are not installing openWRT on their routers. Installing one of these CISCO home routers is pretty much hacking yourself. And, just update the firmware is not gonna work.
Try it one day, go up like 10 people and ask them what's a firmware. If the user isn't technical, you're going to get a 0/10 correct responses.
My mother / father / grandmother / etc are typically not buying the routers. They are saying things like, "next time you visit, can you fix my internet?" Or, "since you're here, can you check what's wrong with the internet? I can't get it to work." which is when you install and configure the xxxWRT device for them.
I went to their website (draytek.us) and got this:
> Database connection error (2): Could not connect to MySQL.
(also a lot of startups have like 20 people working out of a home or condo, and they bump up against memory/crapiness/etc. limits of consumer routers and APs pretty hard.)
OP asked for "low end commercial router", though.
IPSec (roadwarrior config w/ certs)
CoDel (big plus but optional)
I enjoy my Asus RT-AC66U.  Best commercial router I've seen, and Asus Merlin  firmware makes it better.
All I really wanted was to set it up in bridge mode in front of my pfsense box, but couldn't do this. I cloned their router's MAC, put their router back in the box and used my existing 'dumb' modem.
Perhaps this would work for you as well.
A higher end hardware router actually has tested and (mostly) secured software, these don't...
I was able to finally fix it by downloading a firmware from Linksys, doing a 30/30/30 reset (push reset button for 30 s, turn power off for 30 s and keep on pushing reset for another 30 s after turning it on again) and flashing it with tftp as explained in http://community.linksys.com/t5/Wireless-Routers/E4200-Firmw...
After that I was able to login using the web interface again.
For Mac OS X the command to flash is just tftp, and then in the console that opens type:
As a simple example, imagine that you had a test server behind a firewall in your own home network, totally inaccessible from the internet. Now let's say you have it set up so that it will, oh, let's say turn on the oven if you hit a specific URL without any authentication (like testserver/actions/oven/on, or some such). If someone knows of this then they could contrive to have you visit a web page with some embedded resource such as an inline image that causes you to hit that url from your browser. Boom, now your oven is on and you didn't even know it. Even if you switch to using logins and cookies on your test server to ensure that only authorized users on your network can use it then you'll still have the same problem, because when your browser hits that URL it will be in your name, and all of the right cookies will be there. That's the nature of CSRF.
Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.
For small projects which few contributors I would agree but, for projects as large as OpenWRT and DDWRT and such, I don't agree.
However whenever code moves towards being more open, you've got all of the vulnerabilities of closed source software, and all of the bug-finding ease of open source software. This is the worst of all possible worlds.
Therefore #5 is true. The fact that you have easy access to known-to-be-crappy code increases the vulnerability of that code.
<sarcasm> Right, because somehow people not being paid to work on code right better since they are doing it for their pride, where as closed source people just lose their jobs if they write crappy code</sarcasm>
Open Source with wide adoption leads to bugs being fixed.
Closed source security through obscurity leads to exploits being only known by those exploiting them. Not a good thing.
The real consequence is that how secure a product is depends more on the project than on whether it is open source. Apache and OpenBSD are two examples of very good open source code. Java and Rails are two examples of not so good open source code.
Google's website is an example of good closed source code. The software shipped by Linksys is an example of bad closed source code.
What I've gotten from your answer so far is that it isn't an effect which is general, and it'll depend on the project in question. Am I on the mark?