router recommendation?

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

a viewer

Well-known member
Sep 30, 2020
87
19
I am looking for a router to recommend, and I can't seem to find one. I use an edgerouter with emerging threats protection installed. However, I'm looking for an option for someone who is terminal-challenged could use. PFSense probably would be a bit complicated for them.

Is there any consumer router that provides this? Even if it is an option that could be installed. Checked dd-wrt, openwrt, and community.emergingthreats.net, but didn't find a simple solution.

Adding nextdns should work easily on most routers, but wanted the extra protection to block connection to the ips listed in the emerging threats list

Any suggestions?
 
Synology makes a fairly pricey WiFi Router that might be configurable with add-ons? (I add a question mark because I've never use their WiFi products, despite having a long relationship with their NAS products, which do have add-on capabilities.)

Otherwise, you'd be looking at getting one of the "open" routers, and installing something like "Tomato" or OpenWRT or the like on it. They would certainly have the ability to run add-ons, assuming such a thing exists or was created.
 
One persons thoughts on secure routers

I used to recommend the $200 Pepwave Surf SOHO
but it has gone out of production. It will be replaced with a newer model but I do not have a timeframe. Until then, the cheapest Peplink router with WiFi is the Balance 20x for $450. It is secure and relatively easy to use. If you can afford it. Peplink does support secure DNS and does support NextDNS for this, even with a custom profile.

Some people will recommend Asus. I had a recent experience with one of their mesh systems and feel confident in saying that avoiding Asus is the right thing to do.
 
I am using a Synology RT6600AX router. I hesitated a while because of it's price but eventually bought one being that it was a tri-band and probably won't need replacing for quite a while. I really like it! It auto updates itself and has plenty of options for customization. A disk can be plugged into it's USB port for use as a NAS and a VPN package can be installed on it.

The $300 price at the time (not sure what it is now) almost made me look elsewhere but I am extremely happy with it. The reports it generates, and the fact it scans itself for issues is nice. When researching before purchase there were a number of points some people had issues with, only 1 USB port being one. However, if the RT6600AX fills your needs, and $300+- is not much of an issue by all means check it out.
 
Some people will recommend Asus. I had a recent experience with one of their mesh systems and feel confident in saying that avoiding Asus is the right thing to do.
Please elaborate on why you feel we should avoid Asus routers. This is the place to do it. We are all looking for the best networking hardware we can find/afford. Tell us about your "recent experience with one of their mesh systems".
 
It was a painful experience. In brief, Asus has many features but what exactly each feature does is none of your business. The documentation is non-existent or useless. And, their email tech support is worse than an AI. They seem to have one canned response no matter what the question is. I found the Forums to be useless too.

For example, there are 3 different places in the Asus world where you can configure DNS. Why three? Compare and contrast them. What does each actually do. None of your business. Also, I tried to reset the WPS pin code and reset all the settings on the router.

For many years now Asus routers have an on/off switch. Why? Routers, as a rule, do not need to be turned off and on. And, if you do want to, you can unplug the power. The switch is in the back right next to the power cord, so its no easier to use than powering off. If it was on the top and easy to access, I could understand that. And, on one Asus router that I had the switch broke so the thing had to be thrown away. Just stupid. This stupidity is infused into Asus.

Their mobile app is poorly rated. Its clearly an afterthought. It gives you a choice of setup or manage. Setup has a choice of three different Asus router families. The mesh system I had not was not in any group. Of course not.

Unlike most other router manufacturers they do not have their own cloud system for remote administration. On the one hand, this is good for privacy as you can use an Asus router without having an Asus account. Fine. But if the mesh system is installed behind an ISP provided box, then you would have to poke a hole in the ISP box (port forwarding) to get at the Asus hardware.
 
  • Like
Reactions: ams72 and Greg S
I have just installed 3 of the Zyxel Multy M1 - WSM20 routers. One is the gateway, and the other two are just access point and mesh routers. They have all been upgraded to run OpenWRT rather than the garbage software they come with. I am in the process of writing this up on my blog. I will post when I have that together. A 3 pack of these was GBP 74 I am sure they are available for the same number of dollars. In my case the 3 pack was perhaps overkill, but it does mean I have brilliant WiFi all the way to the bottom of the garden.

EDIT: I have now written this up on my blog https://stuartward.wordpress.com/2023/10/14/new-routers-and-openwrt/
 
Last edited by a moderator:
  • Like
Reactions: leilabd
I am now on my 2nd eero mesh network, having upgraded from the original units to WiFi 6 units, when I went from Comcrap 100 down / 6 up service at over USD$100/mo to AT&T 300 bidirectional fiber-to-the-home for USD$55/mo.

I have a main node in my basement ham shack, which has multiple gigabit LAN connections, and two mesh 'extenders' on the main and 2nd floors. I get rock-solid A/B/G/N/AC (wxyz?) coverage over a 1500 sq. ft house with full basement.

The network upgrades itself, and has a nice mobile app, with all kinds of options/settings. Highly recommended (by me).
 
I'll weigh in here. But PLEASE do not take my choice as being in any way definitive.

During this past Tuesday's Security Now! podcast, my connection dropped and then resumed several times. This behavior is something I've observed from time to time. Since it was transient I didn't worry about it and I generally mistrusted my cable modem. But I decided that I needed to get to the cause. So I began quickly probing the health of links every time it happened. I finally obtained evidence that I was unable to reach the management interface of the cable modem during this time. So that brought me back to the little pfSense-based router.

I cleared its logs and waited. And after another dropout I checked. The router had rebooted. So that was the culprit. The router I was using was the cute little "Netgate 1100 pfSense+ Security Gateway." I have been pleased with it in the past and have often recommended it. But I think I'm going to change my mind. At my other location I've been using one of the "Protectli" firewall appliances: FW4C which has been sitting, largely unattended, for six years without a single hiccup. So I've just ordered another of these for delivery tomorrow. Although OPNsense is the competitor to pfSense, pfSense is the one that I know and they appear to be largely at parity. And, since I already have a complex and mature configuration for pfSense in the router I'll be replacing, I hope to simple save and restore that config in the replacement router.

The Protectli devices are essentially fanless, NIC-heavy SBCs (single board computers) that are designed to sit unattended. So I expect that after making this change my daily work location network will be better connected to the Internet, and I'll continue to have many features that I depend upon pfSense to provide, such as Dynamic DNS-based firewall rule tracking (to allow each of my pfSense instances to keep locked onto the other) and static port shifting (to bypass my ISP's annoying "protective" consumer port blocking).
 
At my other location I've been using one of the "Protectli" firewall appliances: FW4C which has been sitting, largely unattended, for six years without a single hiccup.
I purchased a Protectli FW4B three years ago (based on your high praise of pfSense, I believe) and have been quite happy with it. With one caveat. It didn't seem to like my cable modem. There were constants disconnects. After an extensive back and forth with their tech support, they were going to give me a refund, but I then learned my apartment building is wired with fiber optic cable and I could get a much better connection through AT&T. Why didn't anyone tell me this when I moved in? Since I switched from Spectrum cable internet to AT&T fiber, everything has been great. I just looked at the pfSense UI and the uptime is at 118 days. It just sits there and performs flawlessly and silently. It has more configuration options than most people would know what to do with. I especially like being able to keep my desktop computers on a separate network from all of the WiFi and IoT devices.
 
My first world problem is that I can get 8Gbps symmetric fibre from a different ISP. There is no way in heck my current (and out-moded) router could handle this... it can barely handle the 75Mbps download (and 10Mbps upload) speeds I get from cable now. I am actively looking for a good replacement for the router, and pfSense could be a possibility, but I would want to get a device that had a 10G Ethernet (possibly SFP+ even) and has the horsepower to drive such a connection at wire speed. Netgate/pfSense sells a device they claim can do this, but it's mighty expensive ($800US https://shop.netgate.com/products/6100-base-pfsense )

If I replace my current router, with a firewall, that still would leave me without any WiFi (I could continue to use my current router in AP only mode, maybe) and I am also desiring to get a mesh system that can do multi-gig (10/5/2/1) and supports WiFi 6E or 7. (No point spending all this money only to be obsolete in a few years.) The prices for those sorts of systems are also still a little too high for me.

As I said, first world problems to be sure... but it does indicate how having the option for higher speed fibre puts more pressure on your gear (and budget) if you're gonna actually be able to use what you pay for.
 
I am now on my 2nd eero mesh network, having upgraded from the original units to WiFi 6 units, when I went from Comcrap 100 down / 6 up service at over USD$100/mo to AT&T 300 bidirectional fiber-to-the-home for USD$55/mo.

About eero: Its owned by Amazon and will spy on you, there is no opting out of this. Also, in a crowded Wi-Fi neighborhood eero is a bandwdith hog. It uses 40MHz wide channels on the 2.4GHz band, which is bad for everyone in the area.

Auto updating is fine for non techies, but techies prefer to update when the time is convenient for them. Also, best to let new firmware get beaten up by other customers a bit before upgrading. And, if new firmware causes a problem, can you downgrade (install older firmware) with eero? Not all routers support downgrading.
 
My first world problem is that I can get 8Gbps symmetric fibre from a different ISP. There is no way in heck my current (and out-moded) router could handle this... it can barely handle the 75Mbps download (and 10Mbps upload) speeds I get from cable now. I am actively looking for a good replacement for the router, and pfSense could be a possibility, but I would want to get a device that had a 10G Ethernet (possibly SFP+ even) and has the horsepower to drive such a connection at wire speed. Netgate/pfSense sells a device they claim can do this, but it's mighty expensive ($800US https://shop.netgate.com/products/6100-base-pfsense )
I suggest you do your research here


Dong is a techie who knows his stuff. He is also very interested in the fastest speeds and has tested lots of hardware.
 
I'll weigh in here. But PLEASE do not take my choice as being in any way definitive.

During this past Tuesday's Security Now! podcast, my connection dropped and then resumed several times. This behavior is something I've observed from time to time. Since it was transient I didn't worry about it and I generally mistrusted my cable modem. But I decided that I needed to get to the cause. So I began quickly probing the health of links every time it happened. I finally obtained evidence that I was unable to reach the management interface of the cable modem during this time. So that brought me back to the little pfSense-based router.

I cleared its logs and waited. And after another dropout I checked. The router had rebooted. So that was the culprit. The router I was using was the cute little "Netgate 1100 pfSense+ Security Gateway." I have been pleased with it in the past and have often recommended it. But I think I'm going to change my mind. At my other location I've been using one of the "Protectli" firewall appliances: FW4C which has been sitting, largely unattended, for six years without a single hiccup. So I've just ordered another of these for delivery tomorrow. Although OPNsense is the competitor to pfSense, pfSense is the one that I know and they appear to be largely at parity. And, since I already have a complex and mature configuration for pfSense in the router I'll be replacing, I hope to simple save and restore that config in the replacement router.

The Protectli devices are essentially fanless, NIC-heavy SBCs (single board computers) that are designed to sit unattended. So I expect that after making this change my daily work location network will be better connected to the Internet, and I'll continue to have many features that I depend upon pfSense to provide, such as Dynamic DNS-based firewall rule tracking (to allow each of my pfSense instances to keep locked onto the other) and static port shifting (to bypass my ISP's annoying "protective" consumer port blocking).

I've obtained two different Netgate 3100 appliances second hand after they behaved badly and were ripped out in favor of an alternative. I've had good luck obtaining the install image from pfsense support, they respond only instantly. So I opened each up and installed a replacement cmos battery as well as a m2 drive. I think their hardware choice of storage just doesn't last. After some magic in getting the replacement OS installed and configuring the appliance to boot from M2, both have been bullet proof. But yea, comes down to hardware. pfsense OS is great, I've found their hardware not so much.

Regards,
Adam Tyler
 
Cheap wall wart will likely be the problem, failed capacitors in it. Open up the firewall itself, and check for bulging capacitors as well, as those failing also cause issues.
 
  • Like
Reactions: Steve
UPDATE: FWIW, not yet "conclusive", but since swapping out the previous SG-1100 power supply for a new and beefier 12vdc power supply, the router has not rebooted. It generally would at least once a day. Sometimes many times. I performed the exchange 18 hours ago. So I won't be able to draw any conclusions, even tentative, for a few days. But if that was the culprit I'll be happy since it saves the time of setting up its replacement. (y)
 
Yes wall wart supplies do regularly fail, and I have repaired a good number of them as well, along with a good number of SMPS power supplies as well, because a replacement is either expensive, just as unreliable, or no longer available, or sold only with a new one, despite being a generic unit from any number of Chinese OEM's.