If you buy a router today, which one is it and why?

If you had to pick a router from this list https://openwrt.org/toh/views/toh_available_16128
which one would it be and why?

Are you asking for recommendations? I think the answer is going to be different for everybody based on (non-exhaustive list):

  • their location in the world (product availability)
  • their budget
  • the size and floorplan of the space
  • the internet connection speed
  • the number of devices they need to connect (wired and/or wireless) and the bandwidth requirements thereof
  • services they may want to run (VPN inbound or outbound, adblock, etc.)
  • etc.

If you're asking for yourself, maybe start by giving some context of what you want/need, Otherwise, this thread isn't going to produce meaningful answers. It's like saying "if you had to buy a vehicle today, what would it be" -- somebody might select a speedboat while another might select a pickup truck, and another might choose a snowmobile (I'd get a new road bike, personally).

3 Likes

Pick like, get it for free??!??

Because that is much easier to answer! :rofl:

1 Like

Great humor, but that's not how i ment it.

@psherman had a lot of questions.

Might be good to think them out and reply.

Your guess is correct i am asking for recommendations.
I've already created a thread in this regard before, and screwed up twice.
The first router i bought was from asus, the flashing failed and the device was inaccessible with my limited skillset. The second device i bought was a nighthawk but it was not compatible with openWRT, i expect it would be but should have checked prior to buying...

So i'm here again to ask for recommendations, i don't want to screw up this time.
Location: EU
Budget: 150 Euro (i hope this is realistic in exchange for a "quality product")
I don't know what you mean by "the size and floorplan of the space" the size of the device doesn't really matter if that was it.
Connection speed: 100mb/s download 10mb/s upload (my current contract, might change in the future)
Number of devices 1-2 Desktop/Laptop + 1-2 Mobile max. (I would preffer atleast four ethernet slots)
Services: I want to use the openWRT router mainly as an additional layer of security and privacy.
I'd like to use openWRT to detect if my desktop computer using an intel cpu is phoneing home via the intel management engine / minix.
I am using a VPN all the time so a compatible device for that is mandatory, but i personaly haven't heared of routers that can't handle vpn connections, otherwise what do you mean by inbound/outbound?
Adblock sounds great, does it make sense to filter on the router level? As of now i do this with ublockorigin and a filterlist in my firewall software.

I was busy writing the reply

1 Like

Sorry, I was walking someone through an uninstall on line at a time; didn't see it coming.

As in the size and layout of your home. If you want to use wifi, it's a different equation if you're talking about covering a 250 sq foot (23 sq meters) studio apartment vs a 5000 sq foot (465 sq meters) multi-story home. Also relevant is the construction materials if you need to penetrate walls and such).

If you know where it might phone home to, yes... you could setup firewall rules to stop it.

Will the VPN run on your computer or on your router? Do you need remote access to your network when you are away from home?

depends on your needs and requirements. It will require more resources on the router, but serves the whole network vs just the single computer.

This may not be the answer you could expect but here is what I did and it works great.

I bought a Raspberry Pi4B with 4GB ram, a USB3-to-Ethernet adapter and a 64gig µSD card. I already had an old NETGEAR R6200 router.

I installed OpenWrt on the Pi4 and connected the output Ethernet port to the NETGEAR WAN port. The USB3-to-Ethernet adapter is the WAN input on the Pi4. It is connected to my Internet provider Modem.

Now I have OpenWrt running 24/7 , I have 4 Ethernet ports from the NETGEAR and I have both 2.4GHz and 5GHz WiFi available from NETGEAR. On the Pi4, the WiFi is disable. The Pi4 is implemented with a VPN subscription.

The whole installation works like a charm. I love it. And I didn't have to brick the NETGEAR.

3 Likes

I like this too.

2 Likes

10 posts were split to a new topic: NAT masquerading and double NAT

Maybe the Mercusys MR90X?

Area that should be covered by wifi 50m² - 100m², i asume this is standard for modern routers anyway? As for the walls, they're typical material used for any civilian housing infrastructure.

What do you mean "if i knew where it might phone home to"?
From my understanding ALL internet traffic goes through the router given that my pc is connected to it obviously. So if all traffic goes through that device am i not able to see all of it?
If i can see everything doesn't that mean that intel ME's / minix's connection are included to "all traffic"?
Speaking of state level spyware, if my govt was to try and infect my pc with a state-trojan, with my current setup i would most likely not even notice it. What if they try that once i have a router with openwrt, could i detect the malicious attempt? Could i block it automatically or manualy?
Does using a vpn at all times prevent state-trojan infection, i don't see how the gov't would be able to hijack the vpn connection and for exmaple infect a pending download, unless they interact directly with the vpn company, any explanation is welcome..

The vpn runs on my computer, i rely on a vpn company, not self hosting.

Does openWRT offer a simple adblock setup, otherwise i might just stick to what i've already got now, the filterlists i use are i'd say very good (they're not mine ofc).

Thanks for the offer, that device looks like an alien and is out of stock in my region.

That's certainly interesting, but not really what i want to acomplish.
Appreciate the info though!

Just so i get this right, device 1, your isp modem, which is connected to device 2, netgear router which is connected to device 3, the raspberrypi where you installed openwrt, and then? Is the raspberrypi running openwrt used as personal computer at the same time or is there another device behind it?

how about a gl.inet gl-mt6000 - the specs at least make it a great device - there are also some reports that suggest the same - at least for VPN it should support around 900mpbs wireguard traffic and it's exactly within your budget (149.99 :slight_smile: )

2 Likes

Yes, all the traffic goes from your PC through your router to the internet. But how does the router know what traffic you want to allow or deny?? The only way it can know is if you tell it, and for that to happen, you have to identify the traffic in some way -- destination address, source and/or destination port, protocol, etc..

The router doesn't have any way to magically know "oh, this is traffic for this purpose vs that" -- you must create rules that are relevant to your use case and security requirements.

The simplified default state of the OpenWrt firewall is:

  1. block all unsolicited incoming (from the internet > router/lan) traffic
  2. allow all outgoing (from the lan > router > internet) traffic
  3. allow all established/related sessions based on rule 2 (i.e. response traffic).

You can make the firewall rules more restrictive and as granular if you want, but you need to define the criteria.

They'd probably do it as a payload to something else you're doing on the internet. Rule 1 above will prevent unsolicited ingress (and this should be true on all consumer routers, really), but if you connect to a site/service that has been comrpromised (or, for that matter, designed for malware/spyware delivery) combined with exploits they can leverage on your computer (browser, OS, image/pdf viewers, etc...), that's how they install their ware. That code then runs on your computer and sends requests and/or data to command and control servers or other systems according to how it is designed.

Your router is not in a position to stop that traffic unless it has been identified as malicious (again, how does the router know).

You can use Intrusion Protection System / Intrusion Detection System packages on your router that can evaluate every packet and compare against known C&C servers and/or other malicious patterns. Doing this requires serious horsepower, though -- you'd probably want an x86 class router to achieve this without compromising your bandwidth.

But this problem is more readily addressed via anti-virus/anti-spyware software on your PC.

While they can't easily craft a man-in-the-middle attack, they can do it on a compromised site/service that you are using. Put more bluntly, they're not injecting poison into your drinking water via the pipes to your home, they're dumping poison into the resevoir and/or treatment plant output.

Do you trust your VPN company? You're just shifting the privacy/security responsibility to your VPN company from your ISP.

Most internet services use end-to-end encryption for the content they serve from their servers to your computer (think https, etc.). The privacy you gain from a VPN is the fact that the ISP (and possibly government) cannot see the source/destination of your internet traffic. This assumes that the VPN service doesn't compromise your trust by sharing it with advertisers, governments, and so on. I'm not saying that they do, just that you would not know if they do or don't unless you trust their word and/or can otherwise rely on audits of their practices.

If you want, yes, you could use something like AdGuard Home.

1 Like

Any purpose built AP or all-in-one wifi router can easily handle that general area. However...

There's no such thing as typical, especially when you consider this is a world-wide forum. What is typical in one part of the world may be very different from another. Or type of structure (for example single family home vs apartment and condo buildings), the climate and/or seismic considerations, and even the age of the structure? Concrete, cinder block, brick, plaster and lath, wood framing and drywall -- they all behave very differently wrt wifi, but may all be found in 'civilian housing infrastructure' depending on the situation. So more specifics can be useful.

+1 for the gl.inet gl-mt6000

And also check these:
ASUS TUF-AX4200
Dynalink DL-WRX36

1 Like