this post was submitted on 02 Aug 2023
353 points (98.1% liked)
Technology
59300 readers
4765 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The problem with DIY solutions is that you will be missing out on all advanced hardware features available in prosumer and industrial routers. It's always better to just buy top of the line ASUS router than going DIY. DIY won't give you WiFi 7 or even WiFi 6E. DIY won't give advanced antenna array. The list goes on.
Another point for ASUS routers is that Merlin firmware is available for most of them. And new routers are added all the time. Simply because Merlin is based on official firmware from ASUS. And it adds a lot of nice features, plus gives you SSH access so you can do whatever you want.
And last, but not least, ASUS supports old routers for many years, adding new features and fixing bugs. So if you're not comfortable with flashing custom stuff, you are still better off with ASUS product than with a competitor, as some companies tend to drop support after a measly 9 months since release (looking at you, TP-LINK).
Basically, always go with hi end ASUS - the best hardware plus really good software and support.
Couldn't you use the prosumer router as an AP for the opnsense appliance?
But why?
Because then you get the best of both worlds, powerful routing hardware that can easily route and firewall at multi gig speeds, extreme flexibility in software packages to run on your open router platform, and a prosumer AP with best in class wifi performance, antenna configuration, mimo, solid chipset and driver, etc.
Doing everything on a prosumer router running mips or arm with limited package selection at best and a locked down router is at worst is subpar just as trying to get good modulation rates with a client oriented wifi card running in AP mode with subpar antenna configuration.
If you want the best wifi and the best routing/firewall/IDs with the widest package selection (and ability to just run any x86 application) then a separate router box running an x86 based os like opnsense,pfsense,whatever paired with a high end AP (business AP is a good choice) will always be the way to go unless you value compact, low power, or simplicity over achieving the best performance.
How many devices are you realistically running in parallel that a high end WiFi router is not enough for you? Up to 100 devices is easy. Even with a smart home you'll be fine.
I'm not sure if you understood my comment fully since none of the benefits I gave have to do with number of devices. Again, the main reasons I listed are that dedicated router boxes on x86 hardware is much more flexible configuration-wise and has many more software packages and addons that can be easily installed compared to consumer routers. You can have plugins like nginx, radius, wireguard, snort (as well as full power to run ids/ips at full speed), etc. For configuration, you have more control over multicast, ways to customize local dns resolution, the full range of local hostname resolution settings, DNS failover, multi wan with the full ability to tune failover metrics, advanced routing rules using hostname aliases that periodically auto-update, advanced dhcp flags and dhcp6/SLAAC settings, virtual IPs (a huge help when doing 0-downtime migrations between hardware or subnets), network bridges, GRE and LAGG, v6 router advertisements, and so so much more.
If I had a consumer combo router there's a good chance I would not have vlans, all my roommates would see each other's smart devices and it would be pretty annoying. I wouldn't be able to selectively route only traffic to google servers from only my laptop, phone, and chromecast through the same Germany VPN so that all the non-google traffic would be unVPNed, and I wouldn't be able to set multiple multi-wan failover modes (let alone gateway groups to group failover WANs) so that for example one vlan fails over from the fiber connection to the copper connection while our neighbors connection fails over from the copper connection to the cable internet connection. I would have no ingress load balancer on my router handling incoming traffic to my homelab, and I would have to use extra media converters to get my SFP+ fiber connection to connect to a consumer router's 2.5G port (did we even have consumer routers with mgig 4 years ago? That's around when I got my fiber).
None of this has to do with number of devices, but total capacity is a bonus of having nicer hardware than consumer crap. This wouldn't be a benefit to most people, which is why my main points are about configurability and flexibility with third party packages, but it is a benefit to me since I have 4 gig of total wan and a 10G link to my core switch. If any 2 of the 10 people in this apartment decide to download from steam at the same time, they will both get a full gig download with plenty of bandwidth left over for the other 7 people to be streaming or doing whatever. Again nothing to do with number of devices, more to do with how many simultaneous high-bandwidth uses you expect to coincide. Of course I could just have everyone share a single gig connection (or 1.2 gig which is currently the maximum residential plan you can get here), but then I would need to deal with traffic shaping / queues, another thing that opnsense coincidentally excels at, having way more traffic shaping options. You can even do traffic shaping on a per-destination basis - for example you could use an auto updating ASN alias to categorize traffic to steam or netflix, then dynamically apply different traffic shaping rules based on which user is accessing those services.
TL;DR, consumer routers cannot come close to achieving a fraction of the configuration options that open router platforms have. While you might see benefits in capacity if you invest in a good uplink and high end APs (I have uap u6 pro which is "good for 350 devices", though really I bought for the higher single device performance and higher modulation rates and better mimo configuration), even people with slow internet and very few devices can benefit from the immense amount of configurability that these OSes provide - you're practically one step away from running a bare OS with open source packages installed and editing a slew of config files where you can use every obscure configuration option that any of these FOSS contributors ever put into these daemons. In fact many of the opnsense configuration pages have an advanced text box at the bottom where you can put in extra config directives in case the UI doesn't include a knob for something you need.
It's great, 10/10 recommend opnsense or pfsense
You can have all of that with ASUS router out of the box.
No you can't. You're being silly. They don't even support lacp with more than 2 members out of the box. No gateway groups, no unbound with adjustable cache ttl and cache revalidation. I would know I switched away from Asus specifically because of it's shortcomings, many of which cannot even be fixed by ddwrt such as low system memory for state table, which btw can easily be filled up by torrenting. My opnsense box has a huge state table because I just dropped in 8GB of ram.
You only need to look at the Asus router admin interface to see how many more pages of configuration options opnsense has.
Ok lol
I mean you're literally the one who asked ¯\_(ツ)_/¯ who am I to deny you the enlightenment. But I assume you're just trolling or have the maturity of a teenager because clearly you're wrong.
Opnsense / pfsense is practically a business router like what you might find at a university or hospital. In no universe is it comparable to a consumer router, let alone one from Asus.
Ok, mate. If you believe so.
I know so, and clearly so do you since you haven't offered any arguments to the contrary. Besides "nuh uh you're still wrong"... It's so funny that you would pick such a losing argument to troll about though, like why wouldn't you pick a topic where you can better fake that you're arguing in good faith?
While I agree in general that turnkey solutions for access points (not routers) are largely preferable I must point out that it is at least possible to achieve 802.11ax with DD-WRT: https://openwrt.org/toh/views/toh_available_16128_ax-wifi for example, as I found out from this excellent post: https://lemmy.ninja/post/224052
That post also does a fantastic job of explaining the inherent issues of dealing with wifi hardware from an open source perspective.
Features like Mu-MIMO/beam forming that call for arrays of antenna are a part of the respective WiFi specifications, and are baked into the closed firmware of the radios. While manufacturers will fight hard to make you believe they are implementing something special, the fact is that they must abide by the WiFi standards and are just rebranding things built into the radios they buy. Hence even FOSS software can implement them. Check out this thread I found which describes what’s going on:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1215880
What troubles me about the ap/router combos from Asus and the like is that they they charge so much for so little, and they have a history of being generally shitty: https://www.pcworld.com/article/447083/netgear-accuses-asus-of-submitting-fraudulent-test-results-to-the-fcc.html
https://www.ftc.gov/news-events/news/press-releases/2016/02/asus-settles-ftc-charges-insecure-home-routers-cloud-services-put-consumers-privacy-risk
It was these same companies that claimed gigabits of wifi throughput, when they were in fact advertising the combined speed of three antennas over two bands. No one device would ever see the speed they slapped on the package. Heck even if they did, grandma probably can’t appreciate the fact that faster wifi doesn’t mean shit if you have a 20/3 asynchronous dsl connection.
The specialised hardware - ASICS that push packets - are what allow them to include megabytes of RAM and tiny amounts of storage along with extremely anemic CPUs. Very little if any of this is designed in house, they pick components or even an entire SoC, lay out a board, test it and ship it with a nauseating markup. Those ASICS aren’t expensive: they’re in the most basic switches, and the super duper wifi hardware is just a rebadged product from another company. This isn’t really a criticism, it just means that they are efficient and low power but hardly unique. It is though an observation that even the high end router/ap combos are far from bleeding edge tech worthy of the high prices they charge, imho. Why the fuck is 10GbE still so expensive in 2023? There are 10 year old SATA3 drives that can saturate a GigE uplink.
The software side usually consists of a minimised Linux build often running a myriad of the same open source software running on DIY builds. Back in the bad old days it even took some pressure to get them to abide by the respective OSS licenses and give their code back to the communities they were using to make money.
They’re charging a premium for very low spec hardware, and not doing a great deal to earn their keep.
Finally while these companies are now being forced to provide updates, they are still shipping products with security issues:
https://www.bleepingcomputer.com/news/security/asus-urges-customers-to-patch-critical-router-vulnerabilities/
One of the most relevant examples from that article being: ‘The other critical patch is for an almost five-year-old CVE-2018-1160 bug caused by an out-of-bounds write Netatalk weakness that can also be exploited to gain arbitrary code execution on unpatched devices.’
So while I can agree that a DIY Wifi AP will likely cause a certain amount of avoidable grief, I simply can’t abide by the notion that OPNsense or PFsense is unable to offer feature parity with COTS routers.
As an addendum, if my $100 x86 router can route 1GbE as well as a $300 RGB monstrosity, what are they bringing to the party exactly? Why should we indulge that? Why should we tolerate such gratuitous bullshit?
Show me a DIY WiFi 7 router.
I can’t even show you a COTS Wifi 7 device, unless I’m missing something the two models Asus have listed aren’t available on Amazon.com - not only that but are there any clients yet? So it doesn’t really support your point.
Even then.. how are you even getting 30gbps into the device - three 10GbE ports in a LAG? And then you’re what.. pushing that 30gbps over your home fibre? Looking at the spec Wifi 7 is designed for large scale deployment not home use. Anyway I’m getting off topic.
I mean you do realise I’m largely in agreement with you when it comes to discrete access points? I was just pointing out a factual flaw in your assertion that so called DIY devices did not support 802.11ax. My strong disagreement was with the state of COTS routers.
I think you kind of missed my point. The WiFi 7 magic, or any magic really that you’re ascribing to Asus or any consumer facing manufacturer doesn’t even come from them - they buy that shit in, slap on a load of marketing drivel and try to con your grandma or some gaming kid out of a few hundred bucks and call it a day. At best they’re gonna be sending it out for emissions testing because they have to, to get it certified. Maybe they test the antenna placement but given some of the testing I’ve seen it’s clear they don’t even always do that.
If any of those guys do anything considerably different to anyone else it wouldn’t be a standard right? The clients would only work with matching routers! In fact years back you used to see this, I think 802.11n some manufacturers had some superfast bullshit that only worked when you had a matching pair.
The whole point of standards like 802.11be is to make sure everything works together and does more or less the same thing, and the whole point of their marketing department is to convince you that their special brand of bullshit does something super special and unique when by definition it cannot without breaking standards, rendering it unable to use the term wifi.
Home routers have been dog shit for years, and behind the marketing they largely all still are. Don’t allow that shit. Don’t forgive them. I literally linked you to a laundry list of vulnerabilities in Asus routers patched last month, some of which had been known for years
Sorry my dude. I know this is a bit of a ranty winding post, but holy shit I’m guessing you haven’t been around for the last 20 years of bullshit that these companies have been pulling.
NONE of them deserve your loyalty and they definitely don’t know the meaning of the word kindness. They have proven time and time again that they would sell their own granny for a few pennies.
Don’t accept that shit.