A couple years ago, I replaced my Airport Extreme with Ubiquiti gear (Dream Machine - DM). I believe I was seeing ‘buffer bloat’ in the Airport Extreme, and I had a friend who had a lot of success using Ubiquiti in a relatively complex home/home office setup like mine. The initial installation was painful, but when I changed ISPs (from paired DSL to fiber-to-the-house :-) ), the transition was easy. A few DM features were hard to use or were missing, but I’ve been very happy with the level of updates since I deployed the DM. Some of the newer security features in particular have been easy to configure (such as ‘block all Meta IP addresses at the firewall’ and some adaptive DDoS blocking…) I still have one problem with Ubiquiti hardware where a relatively new WiFi extender does not play well with my 3 year old iPad. Other than that, if you can afford it, Ubiquiti has worked for me.
Before I went with Ubiquiti, I did try Eeros, but had problems getting that stuff to work. Several neighbors have Eeros and have been happy, and I helped one neighbor configure an older set of Eeros in his church (including running some ethernet cable where signals were blocked by concrete walls.) He’s been happy with the level of support from Eero and the features there.
I de facto standardized on TP-Link routers re-flashed with OpenWRT. One bonus is that I was trolling a thrift store and found an AC1750, that matched other routers scattered around my place, for $3. It didn’t have a power supply, but I ended up using power over ethernet anyway.
One nice thing about OpenWRT is that I would often end up fighting routers’ built-in user interface to get the functionality I needed, even though I knew that the underlying hardware and lower-level firmware supported it. OpenWRT seems to have support for any of the crazy networking configurations I’ve dreamed up.
There’s a price, unfortunately. While I’ve found that flashing the OpenWRT software is pretty straightforward, getting an initial configuration going is a lot more involved than it is on consumer-grade devices. For example, by default OpenWRT comes up with the radios disabled, so you’re going to have to connect with a cable to even get started with configuration.
… depending on your device. I noticed, for example, that if I would install it on my Linksys MR8300, I need to install an old version, then manually change some of the boot parameters, and then install the latest version. This is because the factory boot partition is too small to hold the current release and you need to make it boot from another flash partition. Failure to do so will brick the device (although you can recover by jumping through a few hoops).
I personally think this is a great idea. Insecure Wi-Fi is a massive vector for attack. Maybe not a concern if you live in a single family home, but could be a problem in an apartment building. By forcing you to only use Ethernet for the initial configuration, they can make sure nobody slips in through the back door before you’ve secured the wireless connection.
I wish the Linksys factory firmware did this - they require you to use a mobile app and Bluetooth for the initial setup.
Keeping a home router up-to-date with respect to security can be more difficult than it should be. The same can be said for selecting a new router for purchase.
As was mentioned in the first post in the thread, it is entirely possible to walk into a store and buy a “new” router with firmware that is a few years out of date. It’s even possible to buy “new” equipment that has reached its “end of support” and will receive no further security patches.
Before buying a router, definitely check the manufacturer’s website to make sure it is still supported. It’s not always predictable by the model number. For example, I have a Netgear RAX15 that is still supported, but models like the RAX35 and RAX45 are no longer receiving security updates. Depending on the manufacturer, look for information about lifecycle, end of service, end of support, or end of life. Complicating matters further, some models will have several different hardware versions, each with their own end-of-support dates and different firmware compatibilities. It is not always obvious from the packaging which version of hardware is in the box.
Buying on Amazon can be particularly tricky. For example, you can buy refurbished RAX35 and RAX45 routers there, but the product pages have no indication that these models no longer receive security updates from Netgear.
Even if a model is still supported by the manufacturer, check to find out when it was first released. My RAX 15 was released in 2020, so I expect it will reach end-of-life soon. I generally wouldn’t recommend buying a router that has been on the market more than two or three years unless you get a spectacular discount.
I really like having the option of using OpenWRT or other types of alternative firmware, but it’s not for everyone. There are installation tutorials on the web, but it’s definitely more complicated than simply downloading an app or loading a web page. Also, not all routers will accept third-party firmware. For example, I neglected to check my RAX15 for compatibility before buying it, and I was disappointed to find out that OpenWRT does not support it. I do have an older Netgear router that is supported, and it is interesting to tinker with it. You also can run into situations where some hardware revisions of a router will work with OpenWRT, while others will not.
I switched to Firewalla, and I couldn’t be happier. They were founded by ex-Cisco employees, initially funded via KickStarter, and they’re continuing to innovate. Performance has been great - I have no complaints.
Prior to this, I used Ubiquiti UniFi for a number of years, and I was reasonably happy with them as well. They’re also continually innovating. I actually switched to Firewalla originally because at the time UniFi didn’t offer a router with dual WAN ports, and I wanted a failover once I started working remotely full time.
Is the above discussion about using a router in addition to the one usually given by an internet service provider? I ask because that is my situation. Bell Canada is my internet/TV/phone provider. They have given a device to me that they call a Home Hub, which I believe is a modem and router.
As @shamino pointed out, installation can vary depending on device. In the case of my TP-Link Archer A7 routers (that still had working factory firmware installed) the process was to just use the devices’ browser-based firmware update procedure but substitute a downloaded OpenWRT firmware image for the manufacturer’s proprietary file. It’s platform agnostic. I used a Linux machine, but a MacOS or OpenBSD or iOS or Android or even Windows browser would have worked just as well.
When Apple announced they were discontinuing the Airport Extreme in 2018, I immediately bought one and am still using it. Having read about so many Chinese routers with possible back doors built in, I figured the proprietary admin interface in the Apple routers has to be better. At some point we won’t be able to administer them anymore, or my hardware will fail, at which point I guess it’s back to some tomato flavored solution.
I don’t really care about Time Capsules but I really wish Apple would keep making the routers.
Good question. The preceding discussion has been about personally-owned routers.
Assuming compatible hardware, the third party software under discussion can be used to:
maintain the security of routers after the original manufacturer has dropped support for them,
add features to routers that aren’t supported by the original manufacturer, or
provide the owner with more flexible configuration options.
The software we’ve been discussing doesn’t support the modem and telephony features of your ISP-provided equipment. Nonetheless, some people like to use a separate device for routing and/or wireless networking than their modem/telephony device, usually for reasons 2 or 3 above. That’s probably a subject for a different post.
If you use ISP-provided equipment and aren’t interested in maintaining a more complicated environment or buying your own equipment, the key thing is to replace the equipment when your ISP recommends. It’s worth checking your ISP’s support site or app periodically to make sure you aren’t missing any important notifications.
