Home Router Selection

Hello,
I will have to admit that I have not read all replies in detail.
However, for what it is worth, here is my point of view:

First of all I would - due to possible security issues - avoid TP-Link routers.

Secondly I would recommend a solution separating the internet access to a trusted firewall solution and using any wifi router for the wifi in access point mode only.

My solution:

An Asus PN42 mini PC running an IPFire firewall for internet access, local DHCP and wired LAN and connected to a Asus wifi router for local wireless access.

According to Asus the wifi router have mesh function available also in AP mode although I have not tried this as it is not a present requirement of mine.

IPFire is updated regularly and there is an active and responsive support community.
And as per my experience Asus routers perform solid.

I do realise that separating Wan/Lan and Wifi may add an addtional (HW/SW) layer, but since I made the move 8+ years ago I haven’t looked back.

I found another way in the XT8 admin panels: you can filter MAC addresses to be accepted or rejected by each of the three radio bands, so it’s trivial to set the weather station to be accepted by the 2.4 band and rejected by the two 5 bands.

Asus doesn’t force you to write down or memorize (!) MAC addresses; they provide a human-readable pop up menu of your wireless clients when you’re configuring something like this. You can give each client a descriptive name in the main client list (for both wired and wireless clients; I have plenty of both), and that’s what you’ll see in the popup menu.

I guess you got me going about this; I haven’t been this happy with a wireless router since I bought my original Airport at the turn of the century.

I have an Ubiquiti Dream Machine. The initial set-up of this was painful, even with help from a friend who also has one. But with recent software releases, this has become pretty solid and easy to manage. I use its multiple managed networks approach to separate a DMZ network from my Trusted/default network and from an “IoT” network where untrusted devices (wireless thermostat, smart TVs, etc) are isolated from the trusted network.

But I’ve had problems with a recent Ubiquiti device “UI Extender”, which has not worked as expected. In particular, this device and my 3 year old iPad do not get along.

I don’t have info about Eero but I mentioned above that I was concerned about “registering” an Orbi mesh system in order to get it to work. This seems to me to be totally unnecessary for setting up a router and is a possible security issue. I get that automatic firmware updates are a good idea but I want control of access to my system.

You manage an Eero system through an app that provides a variety of additional services, so yes, it requires an account. I’ve never experienced any issues related to that, and I’m unaware of there being any serious security concerns associated with it. Certainly nothing like Amazon reading all the traffic through my network.

Sadly, a lot of manufacturers are going this route.

My Linksys MR8300 was similar. You needed a mobile app to perform the initial configuration via Bluetooth, although once configured, there is a local web interface you can use for subsequent configuration.

The Velop mesh nodes paired with it, however, can only be managed with the mobile app.

But, fortunately, they don’t require a Linksys cloud account. If your phone is connected to the same wireless LAN as the routers, you can manage them that way - the cloud account is only required for remote management.

I understand the need to make management as easy as possible, but I’d really wish they didn’t get rid of the older and more robust mechanisms. As an engineer who has developed router management interfaces for enterprise-class equipment, I’m quite comfortable with command-line interfaces and configuration files, and for someone who knows how to use them, these are usually faster and more robust than any mobile/cloud app will ever be.

2 Likes

Amen. This was a major factor pushing me toward OpenWRT, particularly when a couple of my routers (Linksys, IIRC) started requiring an account to get updates long after the routers were installed and configured. A big reminder that “you don’t own it.” I have now reclaimed ownership of quite a few routers.

I only wish that OpenWRT was approachable enough that I could recommend it to non-geeked-out consumers.

1 Like

I agree with others that you should consider the Ubiquity AmpliFi Alien. More details might help you make a better informed decision. I am no expert, so my comments are only anecdotal, even though I have happily used an Alien since it was first released in 2020.

From what I have heard (for example, other replies in this thread) Ubiquity makes very good networking equipment, intended for the small business/home office market. A problem is that setting it up can be more difficult than many home users tolerate. Working around this issue to address a broader market, Ubiquity created its AmpliFi line which retains much of the underlying solid hardware, but with an interface which simplifies its use. In 2020 the powerful AmpliFi Alien was released, then about 2023 the Alien mesh system.

A major virtue of the Alien is its strong WiFi access point. When a mess extension was first announced, the mesh hardware suggested was a second full Alien. I suspect this was because less powerful hardware could not provide the multi-everything WiFi of the original. Problem was the original was expensive, so doubling the cost to add a mesh point was not received well by the market. Subsequently, the price of the original Alien was reduced by almost half, and a slightly cut down version lacking, for example the user interface panel and maybe more, was introduced as the mesh point. Consequently, for the price of the original single Alien you can now get an Alien plus mesh point, or you can get the original single Alien for about half the original cost. The Alien includes a 4 port Gigabit ethernet switch, the mesh has a single Gigabit ethernet port. The Alien creates a VPN which allows secure connection to your home system from anywhere you access the Internet. No account needed. You can’t access your home LAN, but you can access the Internet with the same security you have at home.

I am moving to a new three story house. After setting up the Alien on the middle floor, my wife tested WiFi strength throughout the house. More distant locations were weaker, but within a few seconds became much stronger. Direction focusing of the radio signals by the Alien seems to work well.

More details on the company and its (lack of) marketing are significant. Ubiquity was founded by Robert Pera, a graduate (Phi Beta Kappa) of UC San Diego with a BA in Japanese language and BS in Electrical Engineering followed by an MS EE with an emphasis on Digital Communications and Circuit Design. He was an admirer of Steve Jobs, and worked at Apple a couple of years until in 2005 his supervisors at Apple refused to implement the improvements he suggested for the Airport router. He quit his job and founded Ubiquiti because he wanted to build high powered but affordable networking technology to bring the Internet to underserved rural and emerging markets. Interesting comments on Robert’s blog.

Despite its success, Ubiquity is not so well known because rather than spending on brand recognition and marketing, they depend on evangelism from satisfied customers. I first heard of Ubiquity when Ric Ford announced the then-new Alien on MacInTouch. Now the Alien is the only router offered in the Apple store. (Don’t buy from Apple. Prices for the Alien, or Alien plus mesh, from Apple are $379.95 and $699.95; from Ubiquity $199.00 and $379.00.) The Ubiquity site lists the Alien as out of stock. Their advertising lists new WiFi7 devices for higher end equipment. Will there be an improved Alien in the near future?

Standard disclaimer: I have no connection to Ubiquity except as a very satisfied customer.

As someone who bought a Ring doorbell before it was owned by Amazon, then watched as Amazon took over and started distributing video from Ring cameras and bribing law enforcement agencies to recommend Ring to their constituencies, I would be reluctant to trust Amazon with something so central to my network security.

On the other hand, I use TP-Link routers and though they’re flashed with OpenWRT, there is still at least a theoretical risk that they’ve been compromised to the benefit of the CCP.

In theory, you’re right. In practice, I’m far less concerned about spy-chips than I am about spy-firmware.

I also choose to believe that the OpenWRT people would detect (via various compliance and throughput testing) a router spewing data to some location on the Internet without any configuration to do so. Maybe I’m being naïve, but that’s my opinion.

I do know that the CCP has designed spy-chips and has embedded them in routers, but it’s my understanding that these were only used in high-end routers sold to enterprise and service provider networks, not in cheap-junk consumer devices.

1 Like

I’m with David and others…it isn’t spy enabled chips as much as spy enabled firmware that I’m concerned about…and TBH it’s a pretty minor concern since consumers are not high value targets and as I always change the name on the admin router login and use good passwords I’m not going to be a soft target. That said…getting something not made in China is still a good thing.

I took a look at Ubiquity and since I need ethernet connectivity on both ends of the mesh the Alien mesh is the only viable option (well, their Instant would work too but it is slower according to their specs). We had Ubiquity hardware (a Bullet) in our RV back in the full timing days and while the hardware was excellent…the support was pretty much bonn existent. Nonetheless…I looked again and from a specs standpoint the Alien Mesh would seem to work except for the fact that if I’m going to upgrade going to 6E at least and perhaps 7 would also be a good thing. Unfortunately they do not have a manual for the Alien Mesh system so that one can review the web configuration page and make sure it does everything a long time sysadmin wants it to do. I spent 15 minutes on the chat with their support people and while they attempted to be helpful…their answer was “just use the app and it configures itself for you”. So…their support isn’t any better than it ever was…and I can’t believe that they sell hardware without a detailed manual being available.

I also considered WRT…but figuring out which version I needed and what non Chinese hardware to buy is more effort than I’m willing to consider. Sure…I could configure it but at least the last time I looked at a WRT router it was somewhat confusing and I need something simple enough for my wife to change the configuration on if for some reason I was not here to fix it and for that using the app would be sufficient unless I could talk her through it over the phone…depends on why I’m not here I guess.

At this point…we’ve pretty much decided to just live with the inability to change the config on the Orbi unless it dies or we get more 6E or 7 devices and then upgrade…since we’re not a soft or attractive target and even the Chinese are unlikely to try and hack into every router that companies they control ever made. While Foxconn is headquartered in Taiwan…they’re still a Chinese company and take orders from the Chinese government. Asus at least is a Taiwanese company so unless they farm out their manufacturing to the mainland (and I would bet they don’t) then getting compromised by the mainland government firmware is pretty unlikely.

I will keep Ubiquity on the list though…because in reality they are a US company and write their own firmware I presume…and frankly I won’t need the pretty minimal support they provide (at least minimal based on their web site and support chat people).

I’m just astounded that they don’t have a detailed manual for each of their hardware options…

For those in Australia who are stuck with using a Telstra modem this kind person has produced a configuration manual. It has tips that could be relevant to other routers:
https://www.letsbemates.com.au/mate/wp-content/uploads/2020/11/Telstra-Smart-Modem-Gen-2-DJA0231-User-Manual.pdf#page15

I wasn’t aware that it was Chinese, and since I’m not conducting secret government business over it that doesn’t really worry me, nor do I conduct business over it that I’d worry about other entities, but I just recently replaced an old and increasingly finicky LinkSys with a new LinkSys: the Hydra Pro 6 Mesh - MR5500-AMZ. I had researched what’s available in the modest-budget range and was most interested in coverage over a large house without extenders. I also needed one that fits in the box where I hide it. It’s been great. I set it up with the same name and password as the old one and everything connected immediately.

I am looking for a replacement for an Airport Extreme router and I wonder how the Synology routers compare to the Ubiquiti routers. Has anyone tried both?

Sorry, but I think you lost some context, so I don’t know which brand you’re referring to.

Of the brands that have been mentioned in this thread in alphabetical order:

  • Amazon is US. Eero was US before its acquisition by Amazon.
  • Asus is Taiwanese
  • Cisco is US, but no longer makes consumer equipment (enterprise, data center and service provider only).
  • The Fritz!Box is made by AVM, a German company.
  • Linksys is part of Foxconn. The company is Taiwanese, but has a lot of major factories in China. Once upon a time, they were a part of Cisco, and were an independent US company before that, but that is ancient history today.
  • Netgear is US, but this original thread was started because of dissatisfaction with their Orbi products
  • Synology is Taiwanese.
  • Technicolor doesn’t seem to exist as a router manufacturer. I’ve found manuals for routers that include links to technicolor.com, but that web site is entirely focused on products for people making movies. So I have no clue who actually makes the products carrying their brand.
  • TP-Link is Chinese
  • Ubiquiti is US

I personally don’t currently have problems with Taiwanese companies, although that opinion might change depending on how the politics in that part of the world change in the future.

I don’t think the concern is that the Chinese government cares about what you’re doing (unless, perhaps, if you’re in contact with dissidents), but I don’t want to participate in what appears to be a world-wide monitoring program, which will involve everybody they can spy on, whether through routers, apps or malware.

4 Likes

I was referring to my LinkSys (“potentially compromised by the
Chinese”). I doubt that only the Chinese might be monitoring. And
doesn’t Foxconn make iPhones?

I setup a Ubiquity Amplifi system for a client a few years ago. It has works well, but I’m not a big fan of needing to use an App, and having to have a cloud account. It has a web UI, but it is limited.

I’ve since started using Asus units, and I like them much better. Web based config, and a consistent UI. However, I’ve since replaced my Asus with a Synology, and I am thrilled with it. The unit is hyper-configurable, although the UI does takes a while to learn. (It’s very similar to their NAS UI.) I’ll be sticking with Synology units for some time.

1 Like

Foxconn manufactures many (not all) iPhones, but the designs are all from Apple.

This is different from Linksys, where the products are designed by Foxconn.

It’s much easier to slip a chip into a design without detection if you are the actual designer. I would like to think that Apple would notice it if boards came back from the factory with a chip that nobody from Apple put on the schematic.

But again, I wouldn’t worry nearly as much about a Taiwan company vs. a Chinese company. Taiwan is not China, even though the PRC would like to insist otherwise. A Taiwan company is not going to be legally obligated (for example) to put PRC political advisors on their board of directors or do whatever the Chinese military tells them to do. The presence of major factories in China may be (probably is) a source of leverage, but it’s still not going to be the same as for a Chinese corporation like TP-Link.

2 Likes

I set up relatives with an Apple Airport and they love that Time Machine on their Macs backs up to a hard drive attached to the Airport. Is that possible with a Synology router.

I’m not sure what’s going on with your Orbi router, but I’ve been using an Orbi WiFi 6 router pair (RBK852) for the last year, and prior to that an Orbi WiFi 4 router pair (RBK50) for five years, with no issues whatsoever. I can configure everything I need to, either via the built-in web server at orbilogin.com or the phone app. Haven’t had any issue with them at all, and the RBK50 was blazingly fast compared to the old Airport it replaced.

I briefly used a well-reviewed ASUS Zen WiFi AX6600 system. It mostly worked, but the wireless surround speakers I used with my soundbar would get kicked off the network once a week or so and I would regularly have to spend 10 minutes or so to reconnect them, so I returned the ASUS within the return window and got the RBK852 pair. That may very well have been a WiFi 6 issue; I replaced the surround system shortly after getting the RBK852 set.