Suggestion router+firmware for daily productivity.

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
Sup3rn0va
DD-WRT Novice


Joined: 20 Aug 2019
Posts: 3

PostPosted: Tue Aug 20, 2019 22:24    Post subject: Suggestion router+firmware for daily productivity. Reply with quote
Hello guys.

I'm new around here so I hope I'm not messing up with the rules.

I've been reading a round and the more I read the more confusing it gets.

So, I have a few questions I hope you can solve for me. Feel free to del or edit the post (if so pls let me know why).

My background is technical, I work as a security architect and I'm quite used to systems and business Network items, but no clue about home gear.
Soon I'm starting a personal project and I need advice in a router to handle my daily usage at home.

Since I did not purchase any router yet, I would need advice in a combo router+firmware and someone experienced enough to confirm is good match.
I need this toon to be stable and capable to escalate as my needs go.
Starting from vlan segmentation, firewalling, ability to add 3th party plugins such an Ids/ips and so, log analysis, wifi..
I will be running 5+ servers, VPN, socks, file server, storage, http sites and who knows what else, as well as my home net (tv, and all type of insecure items).
I read all I could in my free time from this forum and still did not find suggestions about router+firmware.

I'm trying to run away from facing bugs and multiple flash until I find the perfect build because I am going to be dealing with a lot of issues on my own field.

My budget is around 300€ but I could go up to 500 if the item its worthy.

My eye pickd the Netgear r9000 x10 7200d (saw its 4 cores and I liked it).

Tried then to find a perfect match firmware for this one but I find many ppl complaining of stability, settings not working, speeds low, etc...

Some members of this forums got in their signatures some of the router+firmware they are running but I don't know if this is updated.

Eg. [r9000] running BS 40672

Something that also bugs me is the frequency of firmware update. Once you guys find a firmware working for your device, have to keep updating? Or it's not that big deal? On my experience this is done upon the changelogs and usually is good to patch but with these firmwares I saw updating is adding issues.

Last but not least, I may be dealing with some nasty piece of software on the network. I know possible vectors on routers but not on custom firmwares. Is it common to find these? Should I worry about?

Sorry about wall of text.

Thanks in advance
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4377
Location: Netherlands

PostPosted: Wed Aug 21, 2019 8:45    Post subject: Reply with quote
What VPN speed do you want?
_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 2683
Location: Texas, USA

PostPosted: Wed Aug 21, 2019 9:05    Post subject: Reply with quote
Netgate pfSense appliance as your main router, and wireless APs if you need wireless. I know this is probably a Devil's Advocate response, but that is what I would recommend to someone with your background. It already has what you would want to add to DD-WRT. The only drawback is that it may not fit your budget. Embarassed There is also the option of finding an old x86_64 / amd64 PC and adding the hardware needed to load pfSense or OPNSense (or even VyOS) and configure it to your needs Cool Not saying that there aren't any capable SOHO devices for what you want to do that will work, but these are the things I am looking at doing myself.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3077
Location: UK, London, just across the river..

PostPosted: Wed Aug 21, 2019 10:11    Post subject: Reply with quote
hmmm this days so many of you, asking the same question...
so far the best price/performance/ddwrt support/stability goes to Netgear R7800...Kong builds on it...
and if you are aware how to prioritize the cores and max the CPU,fiddle with all the settings, its a great unit with a lots of specs...and potential

For my needs i use R7800, it does the job, no need of any other gear..
And, yep you can use other software packs via Entware..
yep you can do VLAN's too..
Yep there is a R9000 and there is a Kong build for it...
hmmm updates, yep they come so often, the devs tend to keep all updated...you look at the SVN and decide, if the update is patching things, that you use...

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ----DD-WRT 41659 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT, VPN)
TP-Link WR1043NDv2 ----DD-WRT 41686 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT, VPN)
TP-Link WR1043NDv2 ----Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 41686 BS (AP,NAT,AD-Blocking,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,VPN)
Broadcom
Netgear R7000 -------DD-WRT 40270M Kong (AP,NAT,VLAN,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
Sup3rn0va
DD-WRT Novice


Joined: 20 Aug 2019
Posts: 3

PostPosted: Wed Aug 21, 2019 13:06    Post subject: Reply with quote
egc wrote:
What VPN speed do you want?


Sincerely, I find much more practical software vpns on my boxes since I am dealing with more than one connection at once. So, it is not really a requirement the VPN speed, but since it's related to CPU and latency of provider, the higher the better.

kernel-panic69 wrote:
Netgate pfSense appliance as your main router, and wireless APs if you need wireless.

It is actually quite a good solution given the requirements, I did not think of it although I knew the solution.
The entry appliance is 700$ a bit of budget, but will consider.
kernel-panic69 wrote:
Embarassed There is also the option of finding an old x86_64 / amd64 PC and adding the hardware needed to load pfSense or OPNSense (or even VyOS) and configure it to your needs Cool Not saying that there aren't any capable SOHO devices for what you want to do that will work, but these are the things I am looking at doing myself.

Not an option, I don't want to deal with another box, drivers, os, nics, etc.

alozaros wrote:
hmmm this days so many of you, asking the same question...
so sorry to ask the same, but I'm doing this research on my free time while on vacation with my kids, did not find a topic that adapt my needs.

alozaros wrote:
so far the best price/performance/ddwrt support/stability goes to Netgear R7800...Kong builds on it...
and if you are aware how to prioritize the cores and max the CPU,fiddle with all the settings, its a great unit with a lots of specs...and potential

For my needs i use R7800, it does the job, no need of any other gear..
And, yep you can use other software packs via Entware..
yep you can do VLAN's too..

While it may be an option, I find it a bit on the limits, after all is a 2 core tool no hardware Accel... Maybe I'm mistaken.

alozaros wrote:
Yep there is a R9000 and there is a Kong build for it...

This is the one that picks my eye, but I would need some more info about the build for it. Like: what is last kongs build for it? How stable is it? Is there a chance that people use an older build over a newer just because of stability? In that case, which one? What this can provide me over the 7800? Between the Netgear with pfsense and this r9000 running Kong's, what would you choose?

alozaros wrote:
hmmm updates, yep they come so often, the devs tend to keep all updated...you look at the SVN and decide, if the update is patching things, that you use...

So, if no noticiable updates over the current build, or if you find yours is running good, one could stay years w.o patching?


Thanks again for the answers guys.
The soon I get extra time I will look around to see if I can answer other topics and help other people.

<3
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3077
Location: UK, London, just across the river..

PostPosted: Thu Aug 22, 2019 5:26    Post subject: Reply with quote
between pfSense and R9000 i will choose R9000 as im not experienced with pfSense and i don't have a resource for it, so if it will be a dedicated PC for it i may choose even something else..
As i said R7800 look at the gurus and forum members sig most of them are using R7800, very few are using R9000..and they are happy with it..you could PM them
The reason that R7800 is so popular, is as i said price/performance/support value...so far its a powerful unit...do in mind, on the stock firmware CPU core utilization is not the same, as well DDWRT does not have a hardware acceleration it uses software. On R7800 you can fairly move processes from one core to another and balance the CPU use..but so far i haven't need it desperately...but for some users, its a good option...
here are the Kong builds look around and read all read me files http://www.desipro.de/ddwrt/ last drivers are usually in the test folders... The reason
Kong is preferred is he personally test his DDWRT builds before realize and provides a stable versions..so called...
Regarding updates, as DDWRT is using binaries and drivers/app's that need update and concern stability, you do update when you decide....that's y ppl look at the SVN https://svn.dd-wrt.com/
Personally, when update is available i do update, but its a good to know how to unbrick in case of... Wink that's why we are here to TEST...
Some ppl stick to an old build that is working and update only when they decide is necessary or its vital...
In general DDWRT devs provide a frequent updates and keep the firmware updated, but sometimes it could be a mess so looking at the forum threads is not a bad idea..
but i can tell you, wright now.... everyone is avidly waiting for the next Kong build !!!! Smile

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ----DD-WRT 41659 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT, VPN)
TP-Link WR1043NDv2 ----DD-WRT 41686 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT, VPN)
TP-Link WR1043NDv2 ----Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 41686 BS (AP,NAT,AD-Blocking,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,VPN)
Broadcom
Netgear R7000 -------DD-WRT 40270M Kong (AP,NAT,VLAN,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
Sup3rn0va
DD-WRT Novice


Joined: 20 Aug 2019
Posts: 3

PostPosted: Sat Aug 24, 2019 10:28    Post subject: Reply with quote
Thank you for the responses.

What scares me the most about R9000 and R7800 is the firmware followed by the processing power.
I have read about Kong, I have read about bs, and other devs. I see you guys put a big faith on them, I understand, they are better than official but still bugs are found... However, and this is my pov, I think you guys love to play with routers, test and report bugs to keep developing a good firm. For me however, this is not an option, when I find a problem, I can't be considering it is a firmware issue or something on my side. Also, I can't be checking weather I can upgrade or not because thints can break.


After all I think I am going to be after something like kernel-panic69 suggested...

The netgate is one of the options, a bit off price but will see.
https://store.netgate.com/SG-5100.aspx

Similar products can be found as well.

From protectli:
https://protectli.com/6-port/

And teklager:
https://teklager.se/en/products/routers/

Even some small PC's:
https://www.amazon.com/Dell-OptiPlex-790-SFF-Desktop/dp/B01HTTGI64/ref=mp_s_a_1_4?keywords=dell+optiplex+790+i7&qid=1566642034&s=gateway&sr=8-4

Thank you again.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3077
Location: UK, London, just across the river..

PostPosted: Sat Aug 24, 2019 16:09    Post subject: Reply with quote
Good to see, you've done your homework...
Nice to see you, self-answered your questions...
Just to add, DD-WRT is free and it comes, with its glory..
Why its preferred...because it help's ppl that already have current gear, to have an alternative software for it... Razz
Very few are buying it, for an enterprise or heavy home/office use...any they know its pros/limitations very well....
Basically, DDWRT is a fork of OpenWRT and currently, they are in a new development like DDWRT is ...
i guess DDWRT/OpenWRT tend to keep up with updates using another binaries, that my contain bugs, like most of them do/have and that's not an a DDWRT issue, but the Dev's get the blame... Razz

Those you choose, are way beyond the price and performance
of R7800, nor the definition of a 'normal home/light office use needs'...
Good Luck

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ----DD-WRT 41659 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT, VPN)
TP-Link WR1043NDv2 ----DD-WRT 41686 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT, VPN)
TP-Link WR1043NDv2 ----Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 41686 BS (AP,NAT,AD-Blocking,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,VPN)
Broadcom
Netgear R7000 -------DD-WRT 40270M Kong (AP,NAT,VLAN,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5222
Location: Akershus, Norway

PostPosted: Sat Aug 24, 2019 17:34    Post subject: Reply with quote
Have anyone actually run a 10 gig LAN on the R9000?

You also have to add the cost of the 10 gig SFP Module.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum