What's a good affordable router well supported by Tomato/OpenWRT, these days? (put differently: 2018's version of the Linksys WRT54G :)
From what I understand, alternative firmwares like Tomato & OpenWRT are not inherently safe from VPNFilter, but it seems to me the rate at which they are maintained make them less easy targets (?). So this new flaw made me think now is a good time to replace my crappy router and its unmaintained vendor firmware with something more solid running Tomato/OpenWRT. Disagreements?
I have a Netgear WNDR3700v4 that works pretty well with OpenWRT/LEDE. You just have to be careful about which version of the WNDR3700 you get, because some of them use unsupported chipsets, iirc.
I've stopped trying to find routers with OSS support, it's too much of a pain in the ass. Instead, I got a Core 2 Duo based used Dell Optiplex from my local university's surplus store for $10, threw a second nic in it, and installed PFsense. Sure, it's bigger than a consumer router, but PFSense is battle tested and it's really fast. I use a Ubiquity UniFi access point to provide wireless capability.
Wrt1200ac, supported by openwrt and I can personally tell you that I installed it with no problems. All i did was upload the firmware via the default wrt1200ac ui
IMO both are obsolete especially if your connection is >50Mbps. If you must DIY use pfsense on a x86 machine with Intel NIC and low idle power draw. Otherwise use Ubiquti Edgerouter or Microtik.
Ubiquiti is overpriced and Mikrotik is underpowered. There are good consumer routers that have 802.11ac for the price of a wired-only Ubiquiti router. If you're comfortable installing OpenWRT, it still offers more capabilities for a lower price than those "prosumer" brands that pretend to be real enterprise-grade stuff.
In my experience, a lot of the MikroTik hardware has been underpowered (struggling to get decent routing and IPSEC performance), so I’ll agree with you on that point.
But I’ve found a lot of Ubiquiti hardware to be extremely high quality given how cheap it is. At my office, we installed seven new 802.11ac Ubiquiti access points for as much as it would have cost to add one more 802.11n to our Cisco system (apart from wanting 802.11ac, we also decided to decommission the Cisco because the controller would periodically crash every two months or so).
To get the number of 10GbE interfaces and performance the EdgeRouter Infinity has (for $1600) in a Cisco would cost multiple times the price there too.
I don’t know if I’d trust it for service-provider infrastructure, but we’ve replaced a lot of enterprise Cisco stuff in our office networks with Ubiquiti and only had a good experience.
Pointing out that Ubiquiti equipment is cheaper than Cisco isn't saying much. With regards to the products that are actually relevant to this discussion—the stuff that's a reasonable alternative to typical consumer networking equipment—Ubiquiti definitely isn't the more affordable choice than the competition.
I was at $150 a year ago for an edgemax router + one of the long-range access points (i added a second ap, but for comparison's sake, that was the cost for those 2 components), which gave me an open-source router os (vyos) out of the box. I'm not sure what the cheaper option is once figuring in your own time-cost to hack openwrt in, but it's hard to imagine it would be some dollar-sum that really deserves this much angst.
> I'm not sure what the cheaper option is once figuring in your own time-cost to hack openwrt in, but it's hard to imagine it would be some dollar-sum that really deserves this much angst.
WTF? Angst!?
It takes minutes to install and configure OpenWRT on supported hardware. You upload the OpenWRT firmware like any manufacturer-provided firmware update, and after it's beeen flashed the router reboots into OpenWRT. The added time cost compared to learning and configuring any other router OS is negligible.
Compute power, mostly. The hEX and RouterBoard products are mostly single-core MIPS processors in the 600-800MHz range, with a few using the dual-core 880MHz MIPS chip from Mediatek. You have to go all the way up to the $180 RB3011 to get a decent dual-core 1.4GHz ARM, or you could get that same CPU in a TP-Link router for $125 and also get dual-band WiFi (though admittedly, half as many Ethernet ports, but the second 5-port switch in the RB3011 certainly isn't worth the price difference).
The WRT54 is dog slow by today's standards. My residential Comcast service is faster than it can handle; my max down almost doubled when I swapped my WRT54GL for an AC3200
A few years ago I used my 54G to DL a 15GB file at (a reported max of) 60Mb/s. Obviously took a while ... without hiccups. I'm guessing most US customers aren't getting service that fast ... so there's still plenty of use for them. (Still use one all day at 25Mb/s.)
At least get a WRT841N, they are like 15$+sales tax, unless you get the wrong vendor. Less if you find refurb's or buy bulk. They are the main workhorse for our local mesh network, with WRT1043 devices handling encrypted uplinks due to the lack of speed with chacha/poly running on the former (think under 10Mbit/s). Don't worry, they do handle advanced mesh routing algorithms at line rate, e.g. 2x2 mimo 802.11n and 100BASE-T (4+1 ports).
E.g., they handle mesh domains of about a thousand nodes before one needs to split, and mostly due to L2 traffic starting to hog the slower links (it's an L2 mesh).
At that speed, and if you won't need fancy buffering and got the necessary 3.3-ish volt ready, check out some esp8266-based mesh/repeated tech. Possibly with using wires on their (quad-) SPI bus to pair two, potentially over quite a sizable line length. Saves airtime.
From what I understand, alternative firmwares like Tomato & OpenWRT are not inherently safe from VPNFilter, but it seems to me the rate at which they are maintained make them less easy targets (?). So this new flaw made me think now is a good time to replace my crappy router and its unmaintained vendor firmware with something more solid running Tomato/OpenWRT. Disagreements?