Pro-sumer WiFi 6/6E routers with support for VLAN, VPN, SSH, and some custom firmware

[sfx2000]

But this Kit from Bananna Pi looks good. But I would beef up the cooling just a little:

Erm no...

Nothing against stuff from Shenzen - just that most normal folks won't know what to do with a dev board..

 

[Digilog]

Erm no...

Nothing against stuff from Shenzen - just that most normal folks won't know what to do with a dev board..

It looks interesting. It just disappointing that these American designs are being manufactured over there. Probably because they can trash the environment and the political sector don't care.

But after seeing what they push onto consumers and what I have experienced in commercial settings, I rather run a router server myself. Currently, I am running a datacenter router server that is about 12 years old technology wise, but I wouldn't sell it off as nothing much new is better.But looking at wifi, their circuitry is no different from running wifi PCIe cards. Its just people dont understand for each band there is a wifi interface so If you wanted 2,5 and 6 Ghz wifi you run the three cards in that configuration.

 

[ddaenen1]

I settled for MikroTik's Chateau Pro AX and it is quite amazing. For $200 it really is. ASUS routers don't come close. RouterOS is not as customizable as pfSense, but more than Ubiquiti's OS.

There is also no telemetry to MikroTik if you decide to apply updates/upgrades offline.

I have owned a couple of Mikrotik routers about 4 years ago. RouterOS was good, very complete but at the time, somewhat complicated. Maybe it has improved in the mean time. The AP seems interesting though. Do i really understand it correctly that this is an Access Point with a built-in switch only and not a router?

 

[Digilog]

I have owned a couple of Mikrotik routers about 4 years ago. RouterOS was good, very complete but at the time, somewhat complicated. Maybe it has improved in the mean time. The AP seems interesting though. Do i really understand it correctly that this is an Access Point with a built-in switch only and not a router?

Well I never like their web gui because to me, they are cluttered with a lot of junk I would never use on a router. Currently I'm running IPFire (modified with Linux 6.12 rc6 ) and its simplistic but right now Linux is going through its once in the decade change in evolution and after April things will be a lot better for all who use Linux. Even the people behind oem routers that use Linux.so Router Os is bloated like open sense and pfsense in the web gui. I lived for about a decade without a web gui for configuring a router and even though it seems like its a nice to have thing, I think systems would run better without them. Because all they are doing is just configuring text based configuration files that I dd in the console for a long time. The ones I raise an eyebrow on is the ones that have phone apps considering all those phone systems are compromised.

 

[Tech9]

Router Os is bloated like open sense and pfsense in the web gui

The same pfSense/OPNsense you actually never run and don't have experience with?

Its just people dont understand for each band there is a wifi interface so If you wanted 2,5 and 6 Ghz wifi you run the three cards in that configuration

Client cards with 14-16dBm radios? Can be okay for a single room use and good luck with simultaneous multi-band.

 

[Digilog]

The same pfSense/OPNsense you actually never run and don't have experience with?

oh I've been test driving them in my computer lab and not really impressed with any of the gui router os systems.At least IPFire diddn't clutter their layouts. But as functionality, setting one up from a command line runs slightly better. I've been test driving ipfire on my network for penetration testing, next will be pfsense and then opensense. Because there hasn't been anyone really testing these in an unbiased matter.

After I'm fished with this, I will be happy to share with everyone my findings and point out the good, bad, and ugly in all of them.

 

[Tech9]

oh I've been test driving them in my computer lab and not really impressed

I haven't test drove the Pfsense or Opensense, but looking at the screen shots

Don't use if not impressed. Just a month ago on Dec 16th 2024 your opinion for both was based on screen shots.

 

[Digilog]

Client cards with 14-16dBm radios? Can be okay for a single room use and good luck with simultaneous multi-band.

Multi band inside routers come from different interfaces in them. 2.5Gb per radio is the norm regardless if its on a card or soldered on the board. Other things that are slightly different but would level the playing field would be using multiple and better antennas so you would end up with the same rf specification. the difference between the two are antenna gain. I was able to go 3 blocks down with the test wifi card with the antenna leads soldered on a defunct wifi router just to test this even though the situation was pretty clear to me what was going on.

 

[Tech9]

the difference between the two are antenna gain

Sorry, the difference between client and access point hardware is not just in antenna gain.

 

[Digilog]

Don't use if not impressed. Just a month ago on Dec 16th 2024 your opinion for both was based on screen shots.

yes, and since then I set up both in the lab for different speed tests. The only thing is I am not testing using new hardware software kernels are ironing out their drivers. Which is the only area I can see that is going to make one person pick it over another: how well does it work with their hardware.

 

[Digilog]

Sorry, the difference between client and access point hardware is not just in antenna gain.

when you run wifi in a pc you have a card for each band. This is what I think people don't understand that you use one radio device on the pcie lane just what is going on on the router board. Of course the router is going to be cheaper to build. But so with any device you integrate onboard.

 

[Tech9]

The OP made their choice already. What you think people do/don't understand is irrelevant to this discussion.

 

[ddaenen1]

oh I've been test driving them in my computer lab and not really impressed with any of the gui router os systems.At least IPFire diddn't clutter their layouts. But as functionality, setting one up from a command line runs slightly better. I've been test driving ipfire on my network for penetration testing, next will be pfsense and then opensense. Because there hasn't been anyone really testing these in an unbiased matter.

After I'm fished with this, I will be happy to share with everyone my findings and point out the good, bad, and ugly in all of them.

I am a long time pfSense user and have also tried OPNSense to see if it could be an alternative in case pfSense would start charging for personal use. Eventually, i opted to stay with pfSense as it does exactly what i want, the way i want it. I can relate to the fact that it could be all a bit more polished and maybe the menus are not as intuitive as they could be but i can tell you, of al the routers i have had, including Linksys, Asus, Ubiquiti, Mikrotik, pfSense is by far the best one i had in terms of functionality and reliability where i have to mention that it is mission critical as i use it for my business. The fact that it can host my certificates and reverse proxy for external access to my self-hosted cloud is a huge bonus and as for GUI, once it is set up properly, it is only to look if there are any updates or to trouble shoot any irrgularities in the LAN so i really can't be bothered too much about the appearance.

Last but not least, i wonder how "unbiased" your testing will be considering how you have been advocating for IPfire thus far...

 

[sfx2000]

Sorry, the difference between client and access point hardware is not just in antenna gain.

Yeah - looking at cards that support ath11k - clear difference in client firmware to AP - two different tasks there...

 

[Digilog]

Last but not least, i wonder how "unbiased" your testing will be considering how you have been advocating for IPfire thus far...

Well, I will tell you what I like and what I didn't like and had to fix. Plus what I see that is missing. Granted I only had a few months of evaluation, so this is going to be an incomplete list.
The things I liked:
1. simple layout design of the web gui.
2. they wrote their distribution like I compiled and wrote my command line based firewall/router OS 25 years ago. Which prevents any form of rootkit and malware from installing or compiling on the machine.
3. They adopted the 'Network of Colors' for laying out firewall zone policies applied to hardware network segments instead of just having firewall policies applied to devices or VLANS.
4. Ethernet ports can be configured as a color zone, a zone with VLANS (with any color zones) as well as short haul of all color zones.
5. Not susceptible to query string injection.
6. Web GUI is only accessible in the main networking zone. So wireless zones and hosting zones do not have access to this part of the system.
7. can make a system iso backup with settings so one can restore the whole OS plus setting from one cd rom.
8. can support isolated sub networks on each ethernet ports. But have to be configured manually on the command line.

What I don't like (that I fixed for myself):
1. Lack of network tuning and relies on Linux buffer based auto tuning.
2. If blue network is assigned wifi cards, The wifi password is not sanatized in the system. So it can be susceptible to command injection if they know the white space escape characters for Perl/CGI and does not truncate string length to limit user input size
3. can not assign web gui exclusively to a port for out of band management inside the web gui. But of course can be done at the command line in a system terminal.
4. some software packages are installed by default the average user is not going to use.
5. Linux Kernel currently in state of flux, but can be fixed by moving to experimental software branch to run the release candidate for the next LTS version.
6. lack of developer's edition and have to create one on a separate machine for compiling drivers. This includes compiling tools like GCC for the developer's system.
7. does not support IPV6 and has no 6 to 4 bridge.
8. Relies on external NTP over http instead of https.

Other things I didn't like:
1. Lack of support for hardware based random noise/ number generators and cryptography accelerators inside processors.
2. Software package center lacks some software I would use, while at the same time, there are other packages I wouldn't install on the edge device. (for example: Linux audio, network shares, media players)
3. system monitoring modules are always running.and can not be toggled off (like I need to know how my processor clock, system load, temps, voltages are doing 24/7 with logs wring constantly in the background)

It takes time to do this level of analysis especially since I'm busy with a lot of things and don't get paid doing this so paid time supersedes this hobby/project.

 

[ckong]

I was just alerted to this thread by a "SNBForums - See what you have missed" Email. I'm just chiming in that I switched from using only an Asus RT-AX88U all-in-one to a Proxmox/OPNsense mini-PC used as a router and using the Asus in AP mode. There are also two mesh Asus RP-AX-56 to expand coverage. I did this as I have two ISPs (Spectrum and T-Mobile) and needed a seemless failover. I'm happy to report everything is working flawlessly so far. I admit, it was a bit of an experiment and a very steap learning curve, but with the help of various YouTube videos it all works.