Which router

Orcvader · 29 Apr 2018 at 22:57

riamu said:
I am going to buy draytek 2862ac router i think it will suit vurgin hub 3 well and can handle 350mb speed. Please let me know ur thoughts before i click buy thnx

I use Drayteks at work and I can't recommend them for home use, they're overpriced for what you want. An alternative like the Asus will provide a better Wi-Fi experience for the same price and the UI is far easier to configure.

Even started deploying the Unifi APs in the sites that does require decent Wi-Fi since the Draytek doesn't suit it.

4K8KW10 · 1 May 2018 at 08:55

Tenda is better than Asus at the same price point. The Tenda AC9 AC1200 is around 50 pounds, provides very strong signal enough to cover a large apartment or even a multi-storey house, is reliable and stable, and is capable to support many devices simultaneously.

Actually, I wouldn't recommend it to any of my close neighbours because it isn't in my interest to have a so good signal device close to mine. Might interfere.

free photo hosting

https://www.digitalcitizen.life/review-tenda-ac9-ac1200?page=1

Actually, Asus is one of these brands that don't deserve to keep their reputation at that level.

Avalon · 2 May 2018 at 08:26

4K8KW10 said:
Actually, Asus is one of these brands that don't deserve to keep their reputation at that level.

ASUS is just a brand name that people feel comfortable with, the networking products have never been that great, the warranty service has sucked for years and the security side has a history that makes me cringe.

I have a lot of time for DDWRT and in ASUS scenario’s Merlin, but if you want a decent router in this day and age, you don’t buy ASUS and you certainly don’t run stock FW if you value security/privacy.

beachBOYken · 2 May 2018 at 11:59

Seriously since when did Asus suddenly make rubbish routers?, they are a very popular choice and the firmware is perfectly fine.

Steveocee · 2 May 2018 at 14:04

This forum usually touts Asus routers as being the "go to" all in one. They have proven to be great kit and reliable whether on 3rd party firmware or Asus.
The UBNT combo is usually regarded as the next step up.

4K8KW10 · 2 May 2018 at 20:42

I also heard about Asus here but after checking the real reviews available and after comparing prices, I said no to Asus, at least for my particular case.

neodude · 2 May 2018 at 20:58

PfSense VM here. Slightly overkill, but I wouldn't go back.

Avalon · 6 May 2018 at 12:00

@beachBOYken ASUS faked the submission data for the FCC certification on a number of hardware/networking products and got caught out, they settled for $240k (with the FCC) in 2014/15 and with Netgear in a private agreement - couldn’t find a ‘safe’ link but google it.

They also got busted for ignoring security issues over a long period that they were notified of and were forced to agree to TWENTY years of enhanced 3rd party auditing: https://www.theregister.co.uk/2016/02/23/asus_router_flaws_settlement/

They still haven’t resolved the DSL-AC68 issues (longest networking thread on here at 158 pages?) see: https://forums.overclockers.co.uk/threads/anyone-using-an-asus-dsl-ac68u.18606945/

Thats not just the normal half hearted consumer grade kind of not great you expect with slow updates and patching, but the ‘we genuinely DGAF’ kind of not great. This forum historically loved ASUS, perhaps it’s time people looked a little deeper and stopped recycling the same advice? I’m not saying every single ASUS product is rubbish, but they wouldn’t be my ‘go to’ option anymore.

Sparx · 6 May 2018 at 12:44

Very interesting article @Avalon hadnt heard about this. Asus were originally loved years back when they initially released their router lineup.

I too had a DSL-AC68U and the inferior model or two before. Loved it but can concur with the article/FCC findings and remember these issues.

The check for updates thing I remember always hearing new releases but the router never told me there was one. Really does show Asus are a 2-bit organisation in the networking world at least, need to buck their ideas up and hire real engineers and programmers. Not fresh uni students or graduates doing their assignments....

I went for a TP-Link VR900 after and never looked back. Only issue was it didn’t work with VPNs.

beachBOYken · 9 May 2018 at 08:59

Avalon said:
@beachBOYken ASUS faked the submission data for the FCC certification on a number of hardware/networking products and got caught out, they settled for $240k (with the FCC) in 2014/15 and with Netgear in a private agreement - couldn’t find a ‘safe’ link but google it.

They also got busted for ignoring security issues over a long period that they were notified of and were forced to agree to TWENTY years of enhanced 3rd party auditing: https://www.theregister.co.uk/2016/02/23/asus_router_flaws_settlement/

They still haven’t resolved the DSL-AC68 issues (longest networking thread on here at 158 pages?) see: https://forums.overclockers.co.uk/threads/anyone-using-an-asus-dsl-ac68u.18606945/

Thats not just the normal half hearted consumer grade kind of not great you expect with slow updates and patching, but the ‘we genuinely DGAF’ kind of not great. This forum historically loved ASUS, perhaps it’s time people looked a little deeper and stopped recycling the same advice? I’m not saying every single ASUS product is rubbish, but they wouldn’t be my ‘go to’ option anymore.

Thanks for the info, Im still pleased with my 86U and it gets great support, like all the Asus routers over on smallnetworkbuilders website from Merlins firmware and various Fork versions.

Avalon · 9 May 2018 at 22:09

beachBOYken said:
Thanks for the info, Im still pleased with my 86U and it gets great support, like all the Asus routers over on smallnetworkbuilders website from Merlins firmware and various Fork versions.

SNB is a wonderful resource, but it’s main push is reviewing enthusiast consumer grade hardware for consumers and accordingly it’s usually only interested in core functionality and throughput/numbers of one form or another, security isn’t really the main focus or indeed within the scope of the review, which is fair enough.

As to your suggestion that your router ‘gets great support, like all the ASUS routers’, perhaps you missed the initial Merlin NG release notes? Specifically the part where he points out that he’s unsure when or even if the AC56U users will see a base GPL update so users may wish to stay on a (part-broken) pre NG firmware to maintain functionality. Well other than the radio side, an AC56U is basically the same hardware as an AC68U last I looked (identical CPU/RAM), come to think of it, it’s only one small step away from the AC86U you have - just a thought. He also mentions that ASUS’s code base is not considered hardened enough to be exposed to WAN based administration, obviously you have to wonder who would think that a good idea in the first place, but the point is the base firmware has a very iffy track record on security.

I do have one question though if you wouldn’t mind, as you’re obviously interested in networking and care enough to read SNB and presumably flash 3rd party firmware, why are you so happy to ignore the issues raised?

beachBOYken · 10 May 2018 at 00:10

Avalon said:
SNB is a wonderful resource, but it’s main push is reviewing enthusiast consumer grade hardware for consumers and accordingly it’s usually only interested in core functionality and throughput/numbers of one form or another, security isn’t really the main focus or indeed within the scope of the review, which is fair enough.

As to your suggestion that your router ‘gets great support, like all the ASUS routers’, perhaps you missed the initial Merlin NG release notes? Specifically the part where he points out that he’s unsure when or even if the AC56U users will see a base GPL update so users may wish to stay on a (part-broken) pre NG firmware to maintain functionality. Well other than the radio side, an AC56U is basically the same hardware as an AC68U last I looked (identical CPU/RAM), come to think of it, it’s only one small step away from the AC86U you have - just a thought. He also mentions that ASUS’s code base is not considered hardened enough to be exposed to WAN based administration, obviously you have to wonder who would think that a good idea in the first place, but the point is the base firmware has a very iffy track record on security.

I do have one question though if you wouldn’t mind, as you’re obviously interested in networking and care enough to read SNB and presumably flash 3rd party firmware, why are you so happy to ignore the issues raised?

Well your info you posted is the first I had heard of it, Ive owned an asus n66u for years and now the ac86u without problems so I'm not to concerned enough to suddenly change to a different router, but thank's for bringing it to our attention.
Also having some kind of security audit, would make you think Asus are now on the ball and will work hard to keep security up to date, it also states something about Asus not being the only company that FTC are keeping tabs on.

*Also whats the issue with the AC68U then, the link you posted was about who owns that router and is thinking about getting one?

Andy_82 · 10 May 2018 at 14:36

beachBOYken said:
*Also whats the issue with the AC68U then, the link you posted was about who owns that router and is thinking about getting one?

The issue was/or is dropped/unstable DSL/VDSL connections as well as speed problems, from what I remember it was thought to be the DSL chipset driver/firmware causing the issues, for which Asus support promised to fix but have never followed through with their promise. I may be wrong, but i think other manufactures used the same DSL/Router chipset without having the issues Asus's model has.

On the positive side i've always found asus's hardware to be solid, i've had the RT-N16, RT-N66u, AC68u (initial 800mhz cpu version) without any problems, though i've never used asus's firmware, I've always used either tomato or DD-WRT. Apart from the matter of the mentioned failure to patch known vulnerabilities asus has generally been one of the few manufactures of consumer routers to update firmware, even for old devices. (as an example the RT-N66u was released around 2012 and was last updated in March this year). How many other manufactures release firmware updates after 6 years.

Another plus is asus or merlins firmware has features other router manufactures don't have, for example the QOS engine (which works with CTF and thus doesn't severely limit throughput when enabled), and also the detailed bandwidth monitoring. The downside to this is that the more features the more chance of security flaws, plus the code for the advanced qos and aiprotection etc is closed source as far as i know, also the aiprotection code comes from trend micro not asus which adds yet more complexity.

The fact is though if you care about security don't use consumer grade routers as they all have there fair share of vulnerabilities. I switched from asus router with third party firmware to pfSense on a Supermicro Atom C2558 board, mainly because I wanted more flexibility and better VPN performance (something which consumer grade routers are terrible for). It does take a bit of effort to learn but has masses of flexibility for routing and firewalling, the only feature missing for me now is FQ_CODEL though i'm sure it'll be added at some point. Add a decent quality switch and Ubiquiti Unifi WiFi access points and you have a very solid and flexible system. If it wasn't for OpenVPN performance i'd probably just of got Ubiquiti USG, Switch and Access Points.

Avalon · 10 May 2018 at 16:50

Andy_82 said:
I switched from asus router with third party firmware to pfSense on a Supermicro Atom C2558 board, mainly because I wanted more flexibility and better VPN performance (something which consumer grade routers are terrible for). It does take a bit of effort to learn but has masses of flexibility for routing and firewalling, the only feature missing for me now is FQ_CODEL though i'm sure it'll be added at some point. Add a decent quality switch and Ubiquiti Unifi WiFi access points and you have a very solid and flexible system. If it wasn't for OpenVPN performance i'd probably just of got Ubiquiti USG, Switch and Access Points.

I was with you right up until the C2558, between Intel screwing up the production so they will die prematurely and the Asrock bios write bug, a lot of people got burnt on Avoton, at least you went Supermicro. The point you raise on ASUS updates is an interesting one, i'd imagine the FTC required patching of all historic products affected, given the likely settlement was large and will have had the threat of additional future penalties made clear, i'd imagine they'll keep maintaining the code base from a security perspective until they can justify not doing so.

beachBOYken said:
Well your info you posted is the first I had heard of it, Ive owned an asus n66u for years and now the ac86u without problems so I'm not to concerned enough to suddenly change to a different router, but thank's for bringing it to our attention.
Also having some kind of security audit, would make you think Asus are now on the ball and will work hard to keep security up to date, it also states something about Asus not being the only company that FTC are keeping tabs on.

*Also whats the issue with the AC68U then, the link you posted was about who owns that router and is thinking about getting one?

Asus on the ball? They're still debating if it's flat or not.

Have a closer look at the later pages of the AC68 thread (also includes the N66 etc.) and the hate directed towards the product/ASUS, Andy_82 is correct, ASUS promised to resolve the issue then just ghosted users after stringing them along for years. Asus got nailed by the FTC in 2016 over it's fundamental failure to patch gaping security holes over a long period of time and then not notifying customers that the updates existed (the whole update mechanism was broken/easily attacked via MiM style attacks as it operated over http so could be tricked into downloading anything). Generally you don't agree to a large fine and 20 years of forced external auditing on a bi-anual basis, that said ASUS's patch history previously ran over two years, so perhaps this is progress? The FCC (not the FTC) fined ASUS $240K in 2014 for faking test data to gain certifications on numerous devices over a long period, Netgear also sued them over this and settled out of court.

https://www.ftc.gov/system/files/documents/cases/160222asuscmpt.pdf
https://www.fcc.gov/document/asustek-pay-240k-resolve-equipment-marketing-investigations

I'd personally suggest that any single one of those is significant enough to ask some serious questions of ASUS and reconsider if you'd really recommend the product to others, all three of them combined with the other history makes it clear how ASUS feels about consumers and our security.

Andy_82 · 10 May 2018 at 21:08

Avalon said:
I was with you right up until the C2558, between Intel screwing up the production so they will die prematurely and the Asrock bios write bug, a lot of people got burnt on Avoton, at least you went Supermicro.

Unfortunately I purchased the board a year before the AVR54 bug surfaced. Although supermicro did fix the board (not sure what they did, I think an extra resister was added). But that is the chance you take with any hardware, just look at the old Pentium FDIV bug, AMD's Phenom TLB issue, and even the Superhub 3 issues (not sure if those have been fixed, i've still got the Superhub 2). All complex chips have defects, though usually the consequences aren't as dire.

The problem the manufacturers have is that they make their money selling hardware (i don't know what their margins are, probably pretty low on low, mid range kit). The aim is usually to get users to get the next upgrade for better wifi speed, more antennas and bigger numbers in the model name etc. software for most manufactures is pretty much an after thought. I doubt they spend much of their revenue on firmware development, and when they do develop the aim is adding features, which increases the possible attack surface area, especially services like asus ai cloud etc with insecure defaults. As I mentioned though it doesn't help when code comes from so many different places, If I recall correctly, Broadcoms SoC devices used completely closed sources drivers etc, even the QOS engine is propriatorie i think, so that is code from Broadcom, Trend Micro and Asus + other opensource components, I bet it is a PITA to manage.

Slowly but surely things seem to be changing though, but Maybe some need to be forced to provide security updates for however many years afterwards.

Rainmaker · 10 May 2018 at 21:15

Avalon said:
I was with you right up until the C2558, between Intel screwing up the production so they will die prematurely and the Asrock bios write bug, a lot of people got burnt on Avoton, at least you went Supermicro. The point you raise on ASUS updates is an interesting one, i'd imagine the FTC required patching of all historic products affected, given the likely settlement was large and will have had the threat of additional future penalties made clear, i'd imagine they'll keep maintaining the code base from a security perspective until they can justify not doing so.

Asus on the ball? They're still debating if it's flat or not.

Have a closer look at the later pages of the AC68 thread (also includes the N66 etc.) and the hate directed towards the product/ASUS, Andy_82 is correct, ASUS promised to resolve the issue then just ghosted users after stringing them along for years. Asus got nailed by the FTC in 2016 over it's fundamental failure to patch gaping security holes over a long period of time and then not notifying customers that the updates existed (the whole update mechanism was broken/easily attacked via MiM style attacks as it operated over http so could be tricked into downloading anything). Generally you don't agree to a large fine and 20 years of forced external auditing on a bi-anual basis, that said ASUS's patch history previously ran over two years, so perhaps this is progress? The FCC (not the FTC) fined ASUS $240K in 2014 for faking test data to gain certifications on numerous devices over a long period, Netgear also sued them over this and settled out of court.

https://www.ftc.gov/system/files/documents/cases/160222asuscmpt.pdf
https://www.fcc.gov/document/asustek-pay-240k-resolve-equipment-marketing-investigations

I'd personally suggest that any single one of those is significant enough to ask some serious questions of ASUS and reconsider if you'd really recommend the product to others, all three of them combined with the other history makes it clear how ASUS feels about consumers and our security.

I've done a lot of nodding throughout your replies, Avalon. I'd suggest others on the thread read this router security site, which basically lists some of the many reasons they're a horrendous idea from a safety/security point of view. For me (and for you, afaik) my tolerance for acceptable router/firewalls goes thusly:

OpenBSD (pf) > FreeBSD/pfSense (pf) > macOS/server headless (pf) > IPFire / Debian / CentOS (iptables) > VyOS > DD-WRT/Merlin/padavan (he still going for Asus?) etc > Unplug all internet capable devices and burn my house down, rather than use whatever comes next in this list.

If it's a consumer 'all in one' it's only allowed in the house if I'm flashing it to something else before it even smells a WAN port.

leonleon · 11 May 2018 at 09:15

Rainmaker · 11 May 2018 at 10:38

leonleon said:

Strong first post... lol. Welcome.

neodude · 11 May 2018 at 10:44

Rainmaker said:
OpenBSD (pf) > FreeBSD/pfSense (pf) > macOS/server headless (pf) > IPFire / Debian / CentOS (iptables) > VyOS > DD-WRT/Merlin/padavan (he still going for Asus?) etc > Unplug all internet capable devices and burn my house down, rather than use whatever comes next in this list.

If it's a consumer 'all in one' it's only allowed in the house if I'm flashing it to something else before it even smells a WAN port.

Completely agree. I'd never go back to an 'all in one'.

Currently using a PfSense VM (with PfSense on a Jetway JBC313 as a physical backup)