New router options....

Associate
Joined
20 Mar 2007
Posts
1,051
First some background....
My Virgin Media cable modem/router loses the port forwarding rules when it's unplugged, which is a pain for the services I use that don't use UPnP. I'm fed up with it happening (it's not often, but it is painful), it wouldn't be so bad if there was a way to upload the settings, but no, you have to put them in one at a time by hand. I guess I 'could' write a script to access the router and do this for me, but that's going to take some time and a fair bit of testing - I'd rather not!
It's a pretty common bug for the people who use the feature, it doesn't appear to be a hardware issue. I don't see this being fixed any time soon. the box seems to perform well other than that.
So, it's time to find a router!
I have various PCs wired via a 'marginally managed' smart switch (I use the port mirroring to snoop on my arduinos when debugging network code).
Some PCs host services such as games and voice. Wi-fi is used by my phone and a laptop occasionally, so assuming I couldn't loop-back to the virgin box to utilise the wi-fi, the solution would need to provide this as well (not necessarily in the same box).
I'm ideally after the cheapest option. This could involve buying a new box, or utilising an existing linux PC and adding an extra NIC/wifi. The cost of some of the boxes I've seen are actually cheaper than that.
Speed is potentially an issue, currently it's only 200/20, but I expect this to increase over time, I'd like the solution to be able to deal with the foreseeable future, which is probably around 1000/100. Steam will eat this during updates so it is useful to utilise all the available WAN bandwidth I can :)
latency probably isn't a concern, I would expect it to be well below 1ms though.
I'd spend a bit more if I could get more interesting features, this guy built his own:
https://blog.tjll.net/building-my-perfect-router/
I'd be reasonably comfortable going down this sort of route if it's sensible to do so, I like the flexibility though I don't actually know what features I might find useful, never having had them before!
Are the really cheap travel routers good for 24/7 operation or are these just a no-go?

So, the options are quite wide ranging, if anyone an point me in a direction that would be great. (tho I suspect there will be questions first on the stuff I've neglected to mention).
 
Associate
OP
Joined
20 Mar 2007
Posts
1,051
I have added that to a list, I spotted it in one of your posts in another thread :D
So far, I have the following 'ready to rock' routers shortlisted: (from £££ to £)
£££ Google Nest Wifi Router, £117, probably won't make the cut
££ TP-Link Archer A7 (or C7), £72
£ Honor Router 3, £50
I don't have any cook-at-home solutions shortlisted :(
 
Soldato
Joined
29 Dec 2002
Posts
6,962
Untangle doesn’t require a subscription, but you get a lot for the price. Pfsense/OPNsense and Sophie are other (free) options. It used to be possible to buy a dual nic Zotac box for under £85, throw some cheap RAM in and you have a 32GB i3 7100 for bugger all. Now the ODroid H2 is likely a better buy, or the H2+ if you want 2.5Gb NIC’s, the Realtek stuff isn’t the best in terms of driver, but it’s now a lot easier to use a current version which fixes the majority of the BSD issues. Alternatively ex corp desktops are very cheap/more expensive, you could also virtualise or use something like the APU2.
 
Associate
OP
Joined
20 Mar 2007
Posts
1,051
The only pricing I can see is $50 a year for untangle. Their site sucks.
My biggest stumbling blocks with going the DIY route are
1) finding something sub £100 (that I can actually buy new)
2) working out if the hardware is actually supported by untangle or any of the others.
 
Soldato
Joined
29 Dec 2002
Posts
6,962
You don’t need a licence, the core functions work without it. New on a firewall is generally not the done thing as it doesn’t make financial sense unless you have access to free hardware or are so loaded your bank account looks like the GDP of a small nation. I honestly can’t think that I have ever bought a ‘new’ PC to be a firewall in the last 25 years of running them, even when doing so professionally, they’ve all been used and I’ve had zero failures other than a dodgy CPU fan on a P200 that turned out to be an overclocked P133. The ODroid would likely be the exception if you wanted to go that route, but remember you’ll need an AP for WiFi and probably some sort of case etc. Compared to the other options it’s going to be way more expensive.
 
Associate
OP
Joined
20 Mar 2007
Posts
1,051
I signed up with Tangle, the only iso I can see is the firewall one. I wouldn't mind some extra expense if there are features that are useful to me, I'm no longer entirely convinced there are over getting an off the shelf router, especially if it's openwrt compatible, not that I have any experience with those yet - it's all guesswork on my part at the moment :D
 
Soldato
Joined
13 Jul 2005
Posts
18,021
Location
Norfolk, South Scotland
The Next Generation Firewall is the product. For the first 14 days it includes all the modules. After 14 days you can pay $50 and keep things like the web filter and the basic antivirus. For $150 you get almost the whole package including the full Wireguard solution. Or you can not pay and you keep running the basic routing and firewall features.
 
Associate
OP
Joined
20 Mar 2007
Posts
1,051
Dual nic turned up earlier, trying out openwrt in a VM with the dual nic dedicated to it. It's already had over 1500 simultaneous connections without any issues.
I may try untangle tomorrow :)
 
Associate
OP
Joined
20 Mar 2007
Posts
1,051
Thought I'd update with the current solution in case it helps anyone out....
During my playing around I needed a break and found I suddenly needed wifi, but still no wireless access point sorted.
So what I did is put the virgin media box back into router mode and simply enabled DMZ to point to openwrt which is still running in a VM.
This gives me wifi via the cable router and this now cannot see my LAN, which is absolutely fine for my purposes. Of course, I can see wifi devices from LAN since openwrt forwards to what it considers to be the WAN.
This setup seems to be far superior to just using the virgin box which forgets all my port forwards.
WAN <--virgin router--> Wifi/DMZ <--openwrt--> LAN
The openwrt VM has fairly exclusive access to the dual nic for its LAN and WAN ports, I disabled all the window items except the virtualbox bridged networking driver.
 
Top Bottom