the FCC ruling yesterday got me thinking about my router, it’s probably due for a replacement by the time the theoretical end of firmware updates baked into that (natural eol is likely around the same time) takes effect. I’m having trouble finding good options particularly in regards to openwrt at least.
We currently use two asus rt-ax3000 routers in mesh mode. One attached to the modem because it’s in a really shitty location, and one attached to our home server. I have 3 items that need 2.4ghz for smart home automation and everything else runs 5ghz, 2 laptops phones etc.
Everything I can get in local stores isn’t supported by openwrt (neither are the current routers). Looking at using older hardware we have spare (a MacBook Pro 2012 or rpi4) seem to have a track record of underperforming. What are the recommendations for upgrades from here?
Follow up question is am I overthinking it? Would the MacBook Pro or rpi4 with a second Ethernet nic running a firewall before the routers also fix the issue of not getting security updates?
Many open source operating systems exist that can turn a computer with multiple NIC’s into a router or can be used in place of a hardware router OS. https://distrowatch.com/search.php?ostype=All&category=Firewall&origin=All&basedon=All¬basedon=None&desktop=No+desktop&architecture=All&package=All&rolling=All&isosize=All&netinstall=All&language=All&defaultinit=All&status=Active#simpleresults is a search on distrowatch.com that gives you a petty good list to get started.
I personally use OpnSense with a Supermicro motherboard a Xeon E3-1226 v3, and 16GB of RAM. It was all used server equipment bought on Ebay. I run Caddy, an ACME client, Intrusion Detection, Chrony, UnboundDNS, Wireguard as a VPN endpoint, and Wireguard as a client for IPv6 connectivity through Route64 because my ISP only has an IPv4 stack. For WiFi access I’m running a couple TP-Link Omada EAP-650’s with the OC200 controller using POE so I can place them in ideal locations.
Will a firewall prevent issues if the Asus devices have some sort of Spyware on them. It can but not by default. Generally firewalls are configured to stop anything coming in and let anything out. Since the RT-AX3000’s are on your internal network by default they can send data out. Something like Intrusion Detection can watch for bad things running on your network and help but you would have to set static IP’s on each one and null route them. You could also flash them to an open source firmware if you are worried but is a personal decision.
I avoid two things in networking, router modem combo devices and really cheap routers or access points. Honestly you should ask, “Why is this so cheap?” Then look at the reviews for those super cheap Chinese android tablets and computers and you should begin to understand my reasoning why.
Also used commercial grade hardware on Ebay is a great place to get a steal if you are building a homelab. Most of the time this stuff is pulled because it no longer is fast enough for a server farm and functionally obsolete. The firmware will generally be very stable and well tested. I’m running a 10Gbps fiber backbone for my network that connects my router, server, 48port ethernet switch (using 2 DAC cables), and desktop computer together.
I have a 1Gbps fiber connection and speedtest at 950Mbps while everything is up and running. The Ethernet connection at 1000Mbps is the limiting factor. A speedtest from my cell phone (S26) over WiFi I test at 680Mbps. My testing internally from my desktop to my server using openspeedtest runs around 8000Mbps.
Minor nitpick, but if you’re planning on sticking a NIC into a machine to make it a router, it’s probably more cost-effective to get a single NIC with multiple Ethernet ports than multiple NICs.
I’ve always thought that combo devices are probably good for the average, casual internet user, but not high end, extreme users. I want the best (within reason of course) delivery mechanism that I can get to route the signal from the street to my devices. It’s worth the extra $$ to me.