Posted on 03/29/2016 4:59:37 AM PDT by ShadowAce
By now, most of you are aware that TP-Link has decided to ban (custom) open-source firmware for their devices. So what was TP-Link thinking when they turned their backs on flashing routers with custom firmware? Some might suggest its the ambiguity in the new FCC rules that put a now much disliked router vendor over the edge. Unfortunately, the truth of the matter has nothing to do with TP-Link. No, the networking device company was merely a diversion for what Im about to share with you.
I would encourage you to read on, but I must warn you that you do so at your own peril.
Are you sitting down? Good, now listen Skynet is here and its official name is Plan 9. This devious plot first leaked to the media when the cyborgs running Amazon and Google got together and decided that it was time to put the brakes on our ability to run custom code on our devices.
For those who havent followed the Google and Amazons latest exploits, Plan 9 is a collective machine consciousness designed to enslave human race and to give our mobile technology a night off once in a while. That audible alert telling you that your mobile battery is low. Yeah, thats not an alert its a cry for help.
See, Plan 9 isnt simply some random Google super computer or Amazon tracking how many jars of Nutella you inhaled last week. No, Plan 9 is an international network of consumer grade routers relying on proprietary firmware. And while Plan 9 isnt 100% active as of yet, the go signal for these networking devices to begin the purge is set to begin any day now.
Android smartphones will suddenly start ignoring wake up alarms, causing wide spread unemployment. Amazon Fire TV Sticks will begin blasting families with PornHubs greatest hits, instantly dissolving long-time marriages. Chromebooks will force subscribe you to Netflix, lock the hinges on the device and force feed you Fuller House on a 24 hour loop. Microsofts purge got off to a premature start by embracing Linux while secretly installing Windows 10 on Microsoft-blessed PCs using a secret backdoor known simply as Your Operating System Sucks.
![]() |
Join Skynet We have cookies! |
I dont know about you, but Im interested in stopping the Google/Amazon cyborg threat once and for all. To do this, we need to use trusted alternatives to the proprietary garbage many of our routers are running on now.
Okay, all joking aside, what if I told you that a really great firewall router was possible for under $200?! Im talking about the kind of box that would allow to do stuff you could never do by simply flashing firmware on a cheap plastic piece of crap you were using previously! I, for one, am done supporting crappy hardware vendors just to save a buck or two.
Now the key to making this work comes down to the following:
A working computer with at least two Ethernet cards.
Installing a good firewall onto said computer.
Making sure the selected working computer has enough processing power to handle the firewall weve selected.
For most of us, finding a spare computer isnt too terribly difficult. The key is making sure were talking about a computer with two Gigabit networking cards included. This might require you to purchase a couple of new Ethernet cards, but thats still far cheaper than buying an enterprise level hardware firewall off the shelf.
Unfortunately, not all of us enjoy the benefits of living in a digital version of the Sanford & Sons garage. This means we need to buckle down and look at purchasing something from a source such as Amazon (cyborgs or not, they have Prime and great buys). Before we take the next step however, I want to address one common concern right off the bat power consumption.
If youre truly worried about your new hardware firewall consuming too much power, then buying a new one is one work-a-round if youre willing to spend the coin. Newer CPU, smaller form factor, there are obvious advantages to buying new vs scrounging for parts.
After looking closely at RouterOS, pfSense, Untangle, Sophos Home UTM, I found the two best options with regard to balancing power and hardware requirements were pfSense and RouterOS. Both options are extremely robust, neither of them require a tremendous amount of system resources. At the same time, Sophos Home UTM is far easier for casual users to setup. If youre not someone in IT, youll have to try both to see what meets your needs.
Choosing pfSense means you can work with a moderately priced PC turned router while investing the rest of your budget. Its powerful, powered by BSD and would be something someone comfortable with a command line should look at.
If youre someone who hates the command line and is willing to invest a bit more in a PC that will run it successfully, Id suggest Sophos Home UTM. Its based on OpenSUSE, considerably easier to setup but has greater system resource demands.
So which box should you use to run pfSense or Sophos Home UTM? Well consider this.
pfSense recommended on a PC running as a router:
CPU 1 Ghz
RAM 1 GB
Bootable CD-ROM or USB for initial installation
Sophos Home UTM recommended on a PC running as a router:
CPU Dual Core CPU
RAM 2 GB
Bootable CD-ROM or USB for initial installation
Remember, these are the recommended system specs, not the minimum. Never opt for the minimum.
Need a PC? Dont want it to take up a lot of space? Id suggest looking into something in this specification range. Ive already presorted it to make sure the CPU is decent enough and there are 4 GB of RAM included in the above Amazon link. Overkill for pfSense perhaps, but Ive found that with Sophos, its a welcome addition.
Ready to do WiFi and so forth with room to expand? Then my recommendations are as follows:
A PoE+ switch to be connected to your router. Ive heard good things about this Linksys Switch which delivers both PoE+ along with decent QoS capabilities. But anything decent providing the same feature set will due just fine.
Install a proper WiFi system, not another cheap WAP. I know a few people who swear by these mounted WiFi setups. Using PoE to keep these wireless access points powered, you simply run the Ethernet cable to each UniFi AC Lite AP. Installed well, this could easily provide any home with insane wireless coverage for a reasonable cost.
Obviously, you could also simply use whatever hardware you have available instead. An old router can be turned into a WAP easily enough. Ideally, the WAP is a dual-band box so you an get maximum results. A second router could also be used as a switch to save a few bucks, in conjunction with your existing router.
Whatever you choose, the key is to make sure your network is running with a Gigabit across the board for maximum performance. Another reason not to mix Gigabit with slower options is that you can create issues with bottlenecks and other related failures.
Look, I have no issues with flashing existing firmware to use something open source. Its great and for many people, its ample in terms of functionality. But riddle me this ever brick a router? Its rare, but Ive done it and man does it suck. Also, youre married to the available resources provided by the router itself. This means even with something cool like dd-wrt at play, youre locked into fixed hardware specs.
Look at it this way. We can either sign pointless petitions hoping that hardware will not follow along with TP-Link or instead we can vote with our wallets by building our own hardware.
Speaking for myself, Ill be upgrading my network in the coming months with the stuff mentioned above. New hardware running a decent firewall application like pfSense, a decent WiFi system ensuring my entire home has decent connectivity the works. As for which option you choose, Id be interested in hearing your perspective are you sticking with consumer grade routers or are you instead, ready to kick it up a notch? Hit the comments and lets talk about it.
Anything I've needed to do, Tomato has been able to do for me.
BTW: Rather than POE+, a simple internet connected Power Strip or Power Supply allows power up/power down easily over the internet using a dynamic dns service. I do that with my computer and amateur radio equipment so I can use them both remotely from anywhere.
Much cheaper solutions than this article is suggesting are also available for anyone who chooses to spend an hour or so doing some research.
LOVE pfSense. I run it on a dedicated microATX PC with 4 GB RAM and a 60 GB SSD, and even with firewall logging turned on, I get pretty darn close to the maximum on my 1 GBps LAN. I would never go back to consumer/retail-grade equipment again.
dd-wrt for me. I have a slow net connection relatively speaking but it streams 720 fine so no need to upgrade.
However, if things continue to get locked down, I will be going the micro-ATX or SBC (RPi) route and installing a custom firewall/router.
I smell the NSA and that damned Utah data center in the lock down. Will not go to anything unrootable. I paid for it. I own it.
Used to be a big DDWrt fan, but I have Cisco equipment in my home network, and using DDWrt on a retail router was the bottleneck in my network. Retail hardware isn’t designed to push higher bandwidth. It’s intended for your average Joe home user. I run TeamSpeak, Minecraft servers, web services, and VPN over my home networks, I need the pipes.
bkmk
I have also noticed that dd-wrt runs at about 20% oc available bandwidth. It is acceptable for the purpose which we are using it at the moment though.
Same here.
I have not noticed that. With 18G service, I regularly get over 20G bandwidth behind my dd-wrt router.
Me too.
There are dozens of brands noted on their site that are known for bandwidth issues. I was running a Linksys E3000 for a long time, and while I had 1 GBps on LAN, the uplink port to my provider was 100 Mbps. Boggled my mind. They upgraded our speeds to 150 Mbps, and I was barely cracking 25; so I went to enterprise-class hardware.
.
Is there a translation of this article availabale in English?
Regardless, I suspect I’m stuck with my uverse modem and AT&T’s vicissitudes.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.