My area is scheduled for FTTC NBN (i.e. VDSL2) around March next year, so I need to find a good VDSL modem. I don't trust vendor-supplied firmware in devices like that, so I want to be able to install LEDE on it.
I'm looking at buying something like one of the following (or slightly better/more expensive - I'm willing to spend up to $200-$250 AUD if I have to - that's around $150-$200 USD):
- TP-LINK TD-W9977 ~$80 AUD
- TP-LINK Archer VR200v, VR400, or VR600 ~$140-$165 AUD
- ASUS DSL-AC52U ~$140 AUD
- ASUS DSL-AC56U ~$175 AUD
- Netgear D6220 ~$180 AUD
These all have roughly similar CPU speeds, and range from 64MB RAM to 256MB. WiFi varies from N300 to AC1200, but I don't really care too much about WiFi (my house is wired for ethernet), although I do run hostapd with an AR9271 802.11n USB stick to provide internet access for phones, tablets, laptops etc.
The two most important things to me are VDSL2 support and being able to run an authoritative DNS server. Working WIFI would be nice too. Anything else is just a bonus.
So, my questions are:
- Which (if any) of the above have working VDSL and wireless in LEDE?
- Has anyone got direct experience with any of them?
- Are there any that I should avoid, or that are highly recommended?
- Is it worth spending the extra for a model with 512MB RAM and/or faster CPU?
I'm currently connected via ADSL2 in bridged mode, with pppoe (and dns, and dhcpd, and squid, and iptables and fail2ban and lots of other stuff) running on my AMD64 gateway/server/workstation box running Debian.
I could just buy the TD-W9977, configure it for bridged modem and not have to change anything else. I'll probably even get slightly better ADSL2 sync speeds from it (my ADSL2 modem is about 10 years old) until the switch to VDSL....but I'd like to move gateway functions like PPPOE, DNS (bind9 or nsd+unbound, preferably as all my domains have bind-style zone files), dhcpd, hostapd, iptables firewall rules, openvpn etc off of my server/workstation box and onto a VDSL+WiFi router running LEDE. I'll install snmpd too, for monitoring, if it's not installed by default.
i.e. all the relatively "lightweight" gateway-related stuff - "heavier" stuff like web servers, postfix, squid etc will remain on my amd64 server.
I know that 128MB or even 64MB should be more than enough for all that - but is it enough for running fail2ban? I routinely see f2b using 1 or 2GB RSS on my amd64 box. Is there even a fail2ban opkg for lede? Or am I better off just setting up the router to do remote syslogging to the server and continuing to run fail2ban on the amd64 box?
I don't really have a good feel for what these ~500Mhz CPUs are capable of, what their limits are. I know they're all much more powerful than the internet gateway boxes I was building back in the early 90s with 40MHz 80386 CPUs and only 4MB of RAM (that's 4 megs, not gigs) and I used to run similar stuff on them...but that was with 28 or 56Kbps modems, not 50-100Mbps VDSL, and they weren't under constant attack by bots and script-kiddies back then, so there wasn't the packet filtering load on the CPU.
BTW, even if I just set it up in bridged mode, I'd still like to install LEDE on whatever I buy. Vendor "firmware" is rubbish, or a security hazard, or both.
Thanks,
Craig