Posted: Tue Aug 20, 2019 22:24 Post subject: Suggestion router+firmware for daily productivity.
Hello guys.
I'm new around here so I hope I'm not messing up with the rules.
I've been reading a round and the more I read the more confusing it gets.
So, I have a few questions I hope you can solve for me. Feel free to del or edit the post (if so pls let me know why).
My background is technical, I work as a security architect and I'm quite used to systems and business Network items, but no clue about home gear.
Soon I'm starting a personal project and I need advice in a router to handle my daily usage at home.
Since I did not purchase any router yet, I would need advice in a combo router+firmware and someone experienced enough to confirm is good match.
I need this toon to be stable and capable to escalate as my needs go.
Starting from vlan segmentation, firewalling, ability to add 3th party plugins such an Ids/ips and so, log analysis, wifi..
I will be running 5+ servers, VPN, socks, file server, storage, http sites and who knows what else, as well as my home net (tv, and all type of insecure items).
I read all I could in my free time from this forum and still did not find suggestions about router+firmware.
I'm trying to run away from facing bugs and multiple flash until I find the perfect build because I am going to be dealing with a lot of issues on my own field.
My budget is around 300€ but I could go up to 500 if the item its worthy.
My eye pickd the Netgear r9000 x10 7200d (saw its 4 cores and I liked it).
Tried then to find a perfect match firmware for this one but I find many ppl complaining of stability, settings not working, speeds low, etc...
Some members of this forums got in their signatures some of the router+firmware they are running but I don't know if this is updated.
Eg. [r9000] running BS 40672
Something that also bugs me is the frequency of firmware update. Once you guys find a firmware working for your device, have to keep updating? Or it's not that big deal? On my experience this is done upon the changelogs and usually is good to patch but with these firmwares I saw updating is adding issues.
Last but not least, I may be dealing with some nasty piece of software on the network. I know possible vectors on routers but not on custom firmwares. Is it common to find these? Should I worry about?
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Wed Aug 21, 2019 9:05 Post subject:
Netgate pfSense appliance as your main router, and wireless APs if you need wireless. I know this is probably a Devil's Advocate response, but that is what I would recommend to someone with your background. It already has what you would want to add to DD-WRT. The only drawback is that it may not fit your budget. There is also the option of finding an old x86_64 / amd64 PC and adding the hardware needed to load pfSense or OPNSense (or even VyOS) and configure it to your needs Not saying that there aren't any capable SOHO devices for what you want to do that will work, but these are the things I am looking at doing myself.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Wed Aug 21, 2019 10:11 Post subject:
hmmm this days so many of you, asking the same question...
so far the best price/performance/ddwrt support/stability goes to Netgear R7800...Kong builds on it...
and if you are aware how to prioritize the cores and max the CPU,fiddle with all the settings, its a great unit with a lots of specs...and potential
For my needs i use R7800, it does the job, no need of any other gear..
And, yep you can use other software packs via Entware..
yep you can do VLAN's too..
Yep there is a R9000 and there is a Kong build for it...
hmmm updates, yep they come so often, the devs tend to keep all updated...you look at the SVN and decide, if the update is patching things, that you use... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Sincerely, I find much more practical software vpns on my boxes since I am dealing with more than one connection at once. So, it is not really a requirement the VPN speed, but since it's related to CPU and latency of provider, the higher the better.
kernel-panic69 wrote:
Netgate pfSense appliance as your main router, and wireless APs if you need wireless.
It is actually quite a good solution given the requirements, I did not think of it although I knew the solution.
The entry appliance is 700$ a bit of budget, but will consider.
kernel-panic69 wrote:
Embarassed There is also the option of finding an old x86_64 / amd64 PC and adding the hardware needed to load pfSense or OPNSense (or even VyOS) and configure it to your needs Cool Not saying that there aren't any capable SOHO devices for what you want to do that will work, but these are the things I am looking at doing myself.
Not an option, I don't want to deal with another box, drivers, os, nics, etc.
alozaros wrote:
hmmm this days so many of you, asking the same question...
so sorry to ask the same, but I'm doing this research on my free time while on vacation with my kids, did not find a topic that adapt my needs.
alozaros wrote:
so far the best price/performance/ddwrt support/stability goes to Netgear R7800...Kong builds on it...
and if you are aware how to prioritize the cores and max the CPU,fiddle with all the settings, its a great unit with a lots of specs...and potential
For my needs i use R7800, it does the job, no need of any other gear..
And, yep you can use other software packs via Entware..
yep you can do VLAN's too..
While it may be an option, I find it a bit on the limits, after all is a 2 core tool no hardware Accel... Maybe I'm mistaken.
alozaros wrote:
Yep there is a R9000 and there is a Kong build for it...
This is the one that picks my eye, but I would need some more info about the build for it. Like: what is last kongs build for it? How stable is it? Is there a chance that people use an older build over a newer just because of stability? In that case, which one? What this can provide me over the 7800? Between the Netgear with pfsense and this r9000 running Kong's, what would you choose?
alozaros wrote:
hmmm updates, yep they come so often, the devs tend to keep all updated...you look at the SVN and decide, if the update is patching things, that you use...
So, if no noticiable updates over the current build, or if you find yours is running good, one could stay years w.o patching?
Thanks again for the answers guys.
The soon I get extra time I will look around to see if I can answer other topics and help other people.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Thu Aug 22, 2019 5:26 Post subject:
between pfSense and R9000 i will choose R9000 as im not experienced with pfSense and i don't have a resource for it, so if it will be a dedicated PC for it i may choose even something else..
As i said R7800 look at the gurus and forum members sig most of them are using R7800, very few are using R9000..and they are happy with it..you could PM them
The reason that R7800 is so popular, is as i said price/performance/support value...so far its a powerful unit...do keep in mind, on the stock firmware CPU core utilization is not the same, as well DDWRT does not have a hardware acceleration it uses software. On R7800 you can fairly move processes from one core to another and balance the CPU use..but so far i haven't need it desperately...but for some users, its a good option...
here are the Kong builds look around and read all read me files http://www.desipro.de/ddwrt/ last drivers are usually in the test folders... The reason
Kong is preferred is he personally test his DDWRT builds before realize and provides a stable versions..so called...
Regarding updates, as DDWRT is using binaries and drivers/app's that need update and concern stability, you do update when you decide....that's y ppl look at the SVN https://svn.dd-wrt.com/
Personally, when update is available i do update, but its a good to know how to unbrick in case of... that's why we are here to TEST...
Some ppl stick to an old build that is working and update only when they decide is necessary or its vital...
In general DDWRT devs provide a frequent updates and keep the firmware updated, but sometimes it could be a mess so looking at the forum threads is not a bad idea..
but i can tell you, right now.... everyone is avidly waiting for the next Kong build !!!! _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
What scares me the most about R9000 and R7800 is the firmware followed by the processing power.
I have read about Kong, I have read about bs, and other devs. I see you guys put a big faith on them, I understand, they are better than official but still bugs are found... However, and this is my pov, I think you guys love to play with routers, test and report bugs to keep developing a good firm. For me however, this is not an option, when I find a problem, I can't be considering it is a firmware issue or something on my side. Also, I can't be checking weather I can upgrade or not because thints can break.
After all I think I am going to be after something like kernel-panic69 suggested...
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat Aug 24, 2019 16:09 Post subject:
Good to see, you've done your homework...
Nice to see you, self-answered your questions...
Just to add, DD-WRT is free and it comes, with its glory..
Why its preferred...because it help's ppl that already have current gear, to have an alternative software for it...
Very few are buying it, for an enterprise or heavy home/office use...any they know its pros/limitations very well....
Basically, DDWRT is a fork of OpenWRT and currently, they are in a new development like DDWRT is ...
i guess DDWRT/OpenWRT tend to keep up with updates using another binaries, that my contain bugs, like most of them do/have and that's not an a DDWRT issue, but the Dev's get the blame...
Those you choose, are way beyond the price and performance
of R7800, nor the definition of a 'normal home/light office use needs'...
Good Luck _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913