New router/firewall device

Networking and broadband talkabout. Need help with that new router or setting up a network?
Post Reply
User avatar
Genom
Steely Eyed Missile Man
Posts: 866
Joined: Thu Aug 28, 2014 4:14 pm
Location: Hotlanta

New router/firewall device

Post by Genom »

So, got myself one of those chinese micro pc's to load up one of the router/firewall OS's. So far pfsense seems to be the leading contender for me, but curious if anybody has compared it to the other ones like opnsense, ipcop or VyOS and had an opinion.
User avatar
normalicy
Posts: 9513
Joined: Sat Nov 25, 2000 4:04 am
Location: St. Louis, MO USA
Contact:

Re: New router/firewall device

Post by normalicy »

I just so leery of Chinese electronics that are connected to the internet. I don't want to be part of some hacking program for them.

https://www.theregister.co.uk/2017/03/0 ... or_claims/
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: New router/firewall device

Post by FlyingPenguin »

I've been tempted to build myself a pfSense box, but I really like my Asus RT-N16 with Tomato Firmware. It does everything the fancy commercial stuff does, and should be a lot less hackable than off-the-shelf routers.

I've spent months tweaking my QoS settings so I really don't want to start over with a new router.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: New router/firewall device

Post by Losbot »

I haven't played with pfSense yet. I've got a Sonicwall at home that works nicely.
User avatar
Genom
Steely Eyed Missile Man
Posts: 866
Joined: Thu Aug 28, 2014 4:14 pm
Location: Hotlanta

Re: New router/firewall device

Post by Genom »

I like the RT68 router I have been using for a bit with the Merlin firmware a lot, but wanted to play with something different and potentially better and am liking this setup so far. The box came with win10 (not licensed) but that gets blown out with the router install. The functionality is great, and it is super flexible. Realistically took about 15 minutes to get the basic router up and running and then I spent all day just learning all the different goodies it has. setup a vpn client connection to my work vpn and setup what machines should ride that network for what data, etc. Makes my work laptop (that has to sit on the VPN all day anyway) much nicer to live with as I only route work traffic through the VPN, and everything else is going over my regular connection.

Now that it is all setup and I have made a config backup, I'll blow it out tomorrow and setup opnsense and see how it compares. I already know opn doesn't have a adblocker addon that is quite as transparent, requiring setting up a transparent proxy, but there are workarounds for that. Once I have played with opnsense, I'll then try ipfire or ng Then whatever I ended up liking best will go back. Only downside is of course, right after I get the minipc, I find out pfsense is going to require processors with built in crypto instruction sets (that this celeron does not have), but that release is 2-3 years away so not too worried about it.

On the flip side, the mini pc is pretty decent. 190 bucks got me a quad core celeron 1900, 4GB RAM, 32GB SSD and 4 intel based 10/100/1000 ports. Tiny little fanless box so there is no noise, and it sits next to the modem on top of my main managed switch.
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: New router/firewall device

Post by Losbot »

Post the link to the mini pc. I'm curious.
User avatar
Genom
Steely Eyed Missile Man
Posts: 866
Joined: Thu Aug 28, 2014 4:14 pm
Location: Hotlanta

Re: New router/firewall device

Post by Genom »

This is the one I got:

https://www.amazon.com/gp/product/B01N6 ... UTF8&psc=1

It came with a USB wifi card, but thats trash as far as I am concerned. Besides, my other 2 wifi routers work perfectly fine as AP's

Played with opnsense today. It's been hardened a bit more than pfsense, but being a pfsense fork only 2 years old, it's still missing a few features that are more "comfort" things for home users. I've reverted to pfsense for now. Next weekend I will try out some of the other ones since I spent so much time in opn today.

On the flip side, the backup/restore process with pfsense was painless. Just reloaded the OS, loaded the backup config, and it did everything else including downloading and configuring some extra packages I set up.
User avatar
psypher
Golden Member
Posts: 884
Joined: Sun Nov 02, 2014 1:05 pm
Location: Marietta

Re: New router/firewall device

Post by psypher »

pfSense is a great choice, much better than Tomato. You can through lots of hardware at it as a firewall with and without wifi. OPNsense is also another good alternative to it which was forked from pfSense, but mostly re-written.
User avatar
ZYFER
Posts: 2137
Joined: Thu Nov 07, 2002 4:10 pm
Location: Tampa Bay, Florida

Re: New router/firewall device

Post by ZYFER »

normalicy wrote:I just so leery of Chinese electronics that are connected to the internet. I don't want to be part of some hacking program for them.

https://www.theregister.co.uk/2017/03/0 ... or_claims/
In all fairness, aren't they almost all Chinese electronics these days?
User avatar
Genom
Steely Eyed Missile Man
Posts: 866
Joined: Thu Aug 28, 2014 4:14 pm
Location: Hotlanta

Re: New router/firewall device

Post by Genom »

This also isnt a IOT device, just a mini pc. Yeah, there may be something in the BIOS I am unaware of, but the risk is minimal in that regard since the software is it's own thing and you cant get too paranoid or you wont use anything, since pretty much 100% of electronic devices out there today have something made or assembled in China.
User avatar
normalicy
Posts: 9513
Joined: Sat Nov 25, 2000 4:04 am
Location: St. Louis, MO USA
Contact:

Re: New router/firewall device

Post by normalicy »

ZYFER wrote:
normalicy wrote:I just so leery of Chinese electronics that are connected to the internet. I don't want to be part of some hacking program for them.

https://www.theregister.co.uk/2017/03/0 ... or_claims/
In all fairness, aren't they almost all Chinese electronics these days?
I'll agree, it's increasingly hard to find anything that isn't made in China or at least Chinese parts. My main thing is that I'm terrified of anything that is "the internet of things" being of Chinese manufacture. Especially if it isn't a vetted out brand. I will say that there are some well known solid products out there that are Chinese made, but every security expert on the planet has seen them and had a chance to give them a go-ahead.

Just to clarify, I don't mind a Chinese capacitor or resistor or diode. But to be wholly designed and manufactured in China is a whole different thing. They can intentionally build a back door in the hardware. At least if it's made in another country that is one of our allies, it's unlikely that even using their components that a back door could be made, especially if the main chipsets are made in other countries. I'm even OK with Taiwan due to the fact that they really separate themselves from China. I'll even accept an item that was designed in the US and built in China, but it doesn't make me feel warm and fuzzy at night.

Not to say that other countries wouldn't or couldn't do a back door, it's just that the people of China are much more bold faced about it and are getting away with it.

Just out of curiosity, I checked into some of the router manufacturers country of manufacturer and I'm saddened:

Linksys: Mostly made in China
Netgear: All China
Asus: Almost all China
D-Link: About 50/50 China/Taiwan
TP-Link: China
Synology: Taiwan
Trendnet: China
Belkin: Mostly China
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: New router/firewall device

Post by FlyingPenguin »

I stick with my Asus RT-N16 with Tomato. One has to assume (hopefully) the Tomato firmware has nuked anything nasty that might have been in the factory firmware - be it a bug or intentional.

I'm running EasyTomato on the old house, but I've configured a new RT-N16 for the new house that's running the more advanced Shibby Tomato. It allows me to configure multiple VLANs. I have it setup with two isolated VLANS: one for the main (secure) network and one for the Guest/IOT (insecure) network. There will be a dedicated network jack in my office on the insecure network for bench testing client PCs to keep anything nasty from infecting the network.

I was thinking of picking up one of those Ubiquity EdgeRouters, but I hear they are a bitch to program. I'm very comfortable with Tomato.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
b-man1
Posts: 5201
Joined: Wed Nov 22, 2000 10:23 am

Re: New router/firewall device

Post by b-man1 »

My R-16 blew a capacitor (based on the googles, it's pretty common) and I ended up going with an Edgerouter X. The config isn't bad at all, and it's quite powerful for $49 or whatever they go for now. I also set up a VPN through it so I can connect it from my mobile phone when on open wifi...works great.
User avatar
Cap
Posts: 44
Joined: Tue Feb 10, 2015 9:39 pm

Re: New router/firewall device

Post by Cap »

Second the Edgerouter X, or the easier to setup USG by Ubiquiti. Recently moved up to the Charlotte area, and setup the new house with an Edgerouter X, Unfi POE Switches, and AP AC Pro's https://www.ubnt.com/unifi/unifi-ap-ac-pro/

So far all works amazingly, and the Router is a great value for all it does.
Post Reply