Skip to content

Top Best Ask Show New Jobs

Ask HN: Which wireless router do you use at home?

39 pointsPerceptes8y ago83 comments

I've been using an Airport Extreme for many years, but recently I started having trouble with wi-fi quality. I'd been thinking about getting a new router anyway, because I'd like one that can run a DNS server I can use to add a few records only visible to my local network. Which hardware do you use? If its software is customizable, what do you run on it (e.g. OpenWrt)?

83 comments

76 comments · 40 top-level

ktta8y ago· 8 in thread

This might seem weird, but I use an old PC with a wireless card in it (get one with a good antenna, and connect wireless APs via ethernet if you want more coverage). I've put Ubuntu server on it, and it has quite a few advantages over my old router which had OpenWrt

1. Persistent DNS cache using pdnsd (even after reboot because it is on-disk) with a long minimum global TTL. You would imagine this would be a problem, but surprisingly I haven't had any. I've only had to get in once to correct something. You can manually purge a specific domain, and all of them if you think something is wrong.

2. Powerful enough for good OpenVPN settings. Automatically routes through a VPN, and can be disabled for a specific client if needed. The AES instructions (which are on any Intel chip after 2008) help out immensely compared to using just a generic router.

3. Smoother LAN transfers. A cheap gigabit PCIe card (Intel EXPI9402PT - on ebay for about $20) which takes away local transfer rate problems, especially if you have an NAS.

4. Use it as an NAS. It isn't a good idea to mix devices which need good security with non-critical systems, like NAS so be sure about your settings and know what you are doing.

Another cool thing is port forwarding to the remote VPN instance so you can login remotely and check out your network or access any files/media you have on your NAS.

There are more things people can do which give more control and/or better experience, like setting up rate limiting on clients, custom settings for clients with unknown MAC addresses, etc. Traffic shaping is a good one (prioritize specific type of connections over another - example VoIP > Netflix > torrent).

The extra power really opens up the possibilities of what a router can do.

If anyone has any questions, I'd be glad to help out.

ac298y ago

Something to keep in mind is that even at idle, a PC will probably run at 50W or so. This would cost $80-100/year to run where I live, which isnt insignificant. Unless you are using it as a NAS, need very high speed OpenVPN (>100MBit/s), or other things that a PC can do best, you're much better off with something like an ER-X, which has a max power draw of 5W, and has no problem doing gigabit line-speed routing/NAT/etc.

ktta8y ago

True, power consumption should be considered. I guess doing this would be a good choice if someone has a NAS already running.

>you're much better off with something like an ER-X I pretty much recommend a plain jane router which can run DD-WRT for anyone. All this is clearly overkill, and more importantly useless for most people.

Another choice is getting a cheap NUC like x86 device and get AP-only devices for good coverage.

ac298y ago

>The AES instructions (which are on any Intel chip after 2008) help out immensely compared to using just a generic router.

Be careful, this isn't true... most low end Intel chips (Celeron, Pentium, i3) don't support AES-NI. Starting with Skylake chips (2015/2016-era), the whole processor line supports AES-NI. See https://en.wikipedia.org/wiki/AES_instruction_set

ktta8y ago

That's good to know, thanks for the correction

revenz8y ago

How did you set it up specifically, what ubuntu packages are needed on the pc? Can you point to a resource where I can go from, I have a pc with two network cards an incoming line and a switch. To working DHCP, port forwarding and a firewall for the things connected to the switch?

ktta8y ago

For setting it up as a router first, I recommend this[1] guide

I usually build the software from source so I don't know if every thing will work fine for you. Nevertheless here are the package names I remember from when I first set it up.

pdnsd - for DNS caching read the manual so you can write a good config, and don't forget to change the bind IP to an interface so that it is accessible to the local network

openvpn, easy-rsa - Initial setup[2] there is a bug which for which there is a temporary fix[3]. Might be fixed by now.

Port forwarding: I currently use iptables, but I've been trying to move to nftables, which I recommend. Here's how I do it for now (this must be done on the OpenVPN server):

tun0 is the openvpn interface

eno1 is the public ethernet interface of your VPN

Say the IP addr of openvpn CLIENT (router in this case) is 10.8.0.2 - eno1 port you want to forward to is 1234

say the client port (the router port to be forwarded) is 6789

#iptables -t nat -A PREROUTING -p tcp -i eno1 --dport 1234 -j DNAT --to-destination 10.8.0.2:6789

#iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 6789 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

The above commands are not persistent so save them to /etc/iptables.conf

I always choose very conservative settings for firewall. Only a single port is forwarded to the VPN. Rest are closed, spoof open ports, and have a honeypot if you want.

There are many guides on iptables, but I would again recommend nftables. You're going to have to dig deep sometimes since it is still new.

If you have questions about anything, just google. Chances are, it has already been covered several times.

[1]: https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-bui...

[2]: https://www.digitalocean.com/community/tutorials/how-to-set-...

[3]: https://bugs.launchpad.net/serverguide/+bug/1504676

> 1. Persistent DNS cache using pdnsd (even after reboot because it is on-disk) with a long minimum global TTL.

What problem does this solve? Is it a bid to improve privacy?

ktta8y ago

Performance. Most routers also have DNS caches for the same thing. It is often recommended to use OpenDNS servers for privacy, but it is slower than your ISP's DNS or Google's.

This is especially useful when you have an application which doesn't cache DNS requests and issues a new one for every connection. Torrenting gets a big boost for example.

Privacy is just a side effect.

slacka8y ago· 6 in thread

I have an Asus RT-AC66U w/ merlin firmware. I've been running it for years now without a single crash. It's only been rebooted once to update the firmware as it's on a UPS. I have a 2 TB HDD that turns it into our house's media server.

gmac8y ago

Similar: RT-N66U, with stock firmware. In Wireless Access Point mode, attached to my ISP-provided modem/router, whose WiFi is turned off. Very happy with it.

thrilleratplay8y ago

Same except I am using Advanced Tomato firmware.

https://advancedtomato.com

hetspookjee8y ago

RT-AC88U with a 4tb HDD to it and stock firmware. Extremely happy with it.

homero8y ago

RT-AC5300 here with Merlin

Same router. Very happy with it after 1y of usage

kav2k8y ago

Very similar, with RT-AC68U.

sgloutnikov8y ago· 5 in thread

Ubiquiti EdgeRouter X [1] with a Unifi AP Pro [2]

Extremely happy with the performance and quality. I don't know of any router for $180 that can rival this combination overall.

[1] https://www.ubnt.com/edgemax/edgerouter-x [2] https://www.ubnt.com/unifi/unifi-ap

Same setup for me. Two things to look out for with the EdgeRouter X:

1, IPv6 is not trivial to setup. In my case I struggled to find documentation on configuring it on a PPoE connection.

2, It can't reach 1 GB/s on WAN.

ReverseCold8y ago

+1 for this, I use it at home and I've never had any problems.

Runs arm Linux so I also have a VPN server running on it as well. Very convenient to not need a separate device for things like that.

feistypharit8y ago

+1 for this. I used to use tomato. I also use a pihole for network wide as blocking.

This is my stack as well. I haven't touched it in a year.

cagey8y ago

I use the same combo

oDot8y ago· 4 in thread

Before paying for a Ubiquiti product, take a look at how they treat the GPL:

https://en.wikipedia.org/wiki/Ubiquiti_Networks#Open-source_...

nisa8y ago

They also run PHP 2.0 (sic!) on all routers - https://www.theregister.co.uk/2017/03/16/ubiquiti_networking...

frik8y ago

"A command injection vulnerability was found in 'pingtest_action.cgi.' This script is vulnerable since it is possible to inject a value of a variable. One of the reasons for this behavior is the used PHP version (PHP/FI 2.0.1 from 1997),"

The first time I heard someone is using a pre PHP 3 version. Must be perl/cgi based and really old stuff. Why do they even ship with an inbuilt web server with cgi enabled - it's so outdated and screams 1995 tech. (even back in 2002 cgi, and Perl and PHP3 were considered outdated, and we had already PHP 4)

ac298y ago

EdgeOS is dumping PHP for Python in the next release, due any day now (already publicly in beta). Not sure the exact stack, but probably based on Python 2.7.

ReverseCold8y ago

What's even more impressive is this:

"In 2015, Ubiquiti revealed that it lost $46.7 million when its finance department was tricked into sending money to someone posing as an employee."

How does that even happen?

givemefive8y ago· 3 in thread

a ubiquiti AC-lite with pfsense on an APU2

I'd rather have my wifi be a black box that just works and my router be a little more just raw hardware with openbsd or linux or pfsense.

nicolas3148y ago

Same here: APU2C4 running vanilla OpenBSD for routing, DHCP, DNS, attached to a Unifi AC configured in pure bridge mode. I was not too pleased with Ubiquiti's firmware though and flashed LEDE, for which you can find ready-to-use firmware images. No more need to install and run a java-based controller instance on another PC for just a wireless bridge. For guest WiFi, I got a GL-AR150 for 20€ and also run LEDE, this time in isolation mode -- guests are NAT'd on their own network and cannot see each other.

givemefive8y ago

Cool didn't know about LEDE, I use the iPhone app to manage the ubiquiti. But I don't really need to manage much. Just upgraded the firmware once...

Have bought this gear myself and just waiting for it to arrive

praveenster8y ago· 2 in thread

Google WiFi (mesh of 3 units). Really love it so far. Very easy to configure and manage. No more clunky webpages to navigate, no more worrying about firmware upgrades. Switched recently from Linksys WRT610N after using it for about 8 years without any issues except for lack of firmware updates.

Same here, but with 5 units, and I'm supremely pleased by its overall performance.

For some odd reason, after moving to a new house, the Powerline networking in my office degraded from the consistent 300-400Mbps in the old house to < 10Mbps in my new office.

The new house is old, with thick walls, and I wasn't getting good throughput with the old pair of OnHubs I was using, but I figured that enough mesh points would overcome that, and as one of the mesh points is in my office, I've found plugging the desktop ethernet output directly into the ethernet input on the Mesh unit to be extremely performant.

praveenster8y ago

I did the same thing on one of the mesh units as well as it was in one of the rooms diametrically opposite from the main unit and on the second floor. The mesh shows great signal strength now.

songzme8y ago· 2 in thread

Here's how our home router is set up at our code school:

I bought a cheap gigabit router (from craigslist for around $30) and then bought a wireless range extender ($60) for the far end of the house. The router is not connected to the modem (so obviously no internet). We built our own server to host all the code, exercises, videos, as well as a DNS server. Our gitlab repository is resolved to google.com, so they usually get a kick out of pushing their code to 'google'. We have our own internal q/a site that resolves to facebook.com. Everybody gets to pick their own domain name to host their own projects.

We experience 0 downtime (unless there is a power outage), pushes to our repository is almost instantaneous, and tests run blazing fast on our speedy i7 desktop with 62GB Ram (that I got for $600 on craigslist). Also, students are not limited to their machines, they can code on whichever device they want (as long as it runs chrome or ssh) because code is hosted on the server. This way, we don't have to deal with people's installation problems.

I didn't touch the router's firmware at all. Our server acts as a dns server. However, everybody would have to modify their dns records on their wifi settings to add our server's ipaddress.

> However, everybody would have to modify their dns records on their wifi settings to add our server's ipaddress.

Why can't you just push it over dhcp? (This is what I've always done for this use case...)

Thanks for the insight! Its my first time I've setup up something like this (coming from a front end dev background), so I didn't know about dhcp.

akerro8y ago· 2 in thread

Nice try NSA!

Omnia Turris, open hardware, OWRT by default, top tier hardware, HAC encryption, 2.4GHz and 5GHz.

Is it really worth the €330?

kogepathic8y ago

It depends.

Is the hardware worth 330€? Probably not. But IIRC everything is open source, including the hardware design, which you'd never get from a commercial router.

Is it worth 330€ as a router? CZ.NIC has put a lot of effort into the OS and updates. The router has 8GB of NAND and they are using btrfs to handle updates (snapshot, update, rollback if there are issues).

This kind of update feature doesn't exist in OpenWrt and LEDE, though mainly because most routers ship with 16MB of NOR flash and there simply isn't room to take a snapshot while upgrading. Some routers like the Xiaomi Mi 3 have 128MB of NAND and it would be possible if there was upstream support in LEDE (although that router has other issues with MediaTek WiFi).

So if you're looking for a reasonably secure router that auto-updates, I think it's worth it. Set it and forget it mentality.

If you have the technical skills and time to manage the router yourself, then just buy a low power PC (e.g. PCEngines APU, Solidrun ClearFrog, Marvell MACCHIATTObin) and install Linux/PfSense/OPNSense.

I don't own the Turis myself, I just saw some conference presentations of theirs about how they implemented the Turis.

nisa8y ago· 1 in thread

For OpenWRT - at the moment the current code is at the fork called LEDE - here is a ToH: https://lede-project.org/toh/start - both projects want to reunite but it seems progress is slow - use the 17.01.2 release for LEDE at the moment - it's the most stable current version.

As for the hardware - If you want to use OpenWRT/LEDE you have to be selective about supported WiFi chips. ath9k is battle tested but no ac wifi. ath10k should work reasonable well if you only want to have an access point. Broadcom / Mediatek and others can have issues - stability or signal strength depending on the driver.

Check out kmod-sched-cake and sqm-scripts for the latest in research regarding bufferbloat - https://www.bufferbloat.net/projects/codel/wiki/Cake/ together with airtime fairness - https://linuxplumbersconf.org/2016/ocw/system/presentations/... you can archive some crazy results in good wifi (only on ath9k / mt76 partly on ath10k).

If you want something off the shelf - Mikrotik and Ubiquity and to a degree TP-Link and Asus models get good reviews. In terms of hardware and antennas Mikrotik and Ubiquity are usally better.

You probably want 802.11ac and 5GHz - at the moment 802.11ac Wave2 is probably not worth the money because you need support on the client side and that is rare.

TP-Link Archer C50 would be my budget pick (30€) and runs LEDE - no Gigabit through. Archer C7 for Gigabit.

If you don't mind soldering a serial console and flashing LEDE using the bootloader get a used Cisco Meraki MR18 / MR24 without licence and wall mount kit for a few $ from ebay - top notch hardware and antennas (but ath9k not ath10k) and lot's of CPU / memory.

sml1568y ago

+1 For LEDE/OpenWRT, I'm running 17.01.02 (uname -a=Linux LEDE 4.4.71 #0) I am using a TP-Link TL-WDR4300 v1 and am very happy with it so far.

I would probably be more happy with ubiquiti unifi

nodomain8y ago· 1 in thread

Located in Germany where the company AVM has a very high market share. As a result, I use a Fritz!Box 6360 for Cable Internet (400 down, 25 up) with a Fritz!Repeater 1750E on every floor connected via gigabit ethernet. Manually set up 2.4 and 5 Ghz SSIDs to segregate devices like printer an other ancient stuff to the 2.4 SSID while using the 5 GHz SSID for my modern devices. I cannot imagine a better setup.

I'm from Germany too and am using a Fritz!Box 7490 behind a cable modem (200 down/12 up). The router let's you set up one wireless network with both 2.4GHz and 5GHz so devices automatically get switched onto the band with higher Tx rate. Currently pretty happy with the setup.

kenrick958y ago· 1 in thread

I'm using TP-Link WR802N [1] and installed OpenWRT on it. Its small form factor is quite useful for me since sometimes I took it when I traveled back to my hometown (to easily have my local wifi network).

[1] http://uk.tp-link.com/products/details/cat-9_TL-WR802N.html

eps8y ago

WR802N is excellent out of the box.

Unlike newer models it allows created your own WiFi access point that is routed to the Internet via another WiFI network. Very useful when travelling with multiple iPads and such - no need to connect them all one by one to a hotel WiFi (no need to configure them at all as a matter of fact) and you get your own isolated subnet with working broadcast and multicast.

frik8y ago· 1 in thread

What access point/repeater with 2+ antennas (visible) can you recommend?

ktta8y ago

Often people go about doing this the wrong way.

It is better to get two cheap routers and use one as an AP only. The AP only can be placed where ever you want so it'll have better coverage than a multi-antenna router any day.

MrZipf8y ago

Mikrotik wAP ac [1] positioned in center of home with a Mikrotik Hex POE [2] as the main router and DHCP server. There is TP-Link HomePlug [3,4] between router and WiFi base station.

The wAP ac has a stronger and more reliable signal than any other WiFI unit I've tried (various Linksys, Asus, and BT units).

The Mikrotik gear is rock solid, but not exactly what I'd call consumer friendly. Great if you know or want to know something about real routers. I got fed up with buggy consumer routers and decided to go with either Mikrotik or Ubiquity rather than struggle to get the right hardware and firmware combo for Tomato et al. Nothing wrong with these, but none of my existing hardware had an image on the various options.

[1] https://mikrotik.com/product/RBwAPG-5HacT2HnD, $89

[2] https://mikrotik.com/product/RB960PGS, $79

[3] http://uk.tp-link.com/products/details/cat-18_TL-PA4010KIT.h...

[4] Always, always change the HomePlug network name and password :-)

xmodem8y ago

PFsense on a Dell Optiplex FX160 running a router-on-a-stick configuration with a Cisco switch (router-on-a-stick refers to pulling the external and internal interfaces over a single ethernet cable on separate VLANs)

manmal8y ago

Currently 1 Unifi AP with Long Range, with a RPi 3 as controller (docker image). Setup was done in 30 minutes, and I'm just amazed how well it all works. I'll soon buy another 1-2 APs for the other floors in the house, and expect perfect wifi signal everywhere. If I need to, I can let the RPi run things like dnsmasq, printer server or whatnot.

Apart from the Unifi centric hardware, I have an Asus router that currently handles all the routing (also DHCP), and a cable modem.

r3vrse8y ago

Netgear R7000 [1] with AdvancedTomato [2], which is Tomato but with a pretty UI. It runs DNS, nginx as a reverse proxy, SSH gateway and some other bits & pieces with minimal fuss. Pretty sure I've never had to reboot it outside of testing configuration changes. I even managed to upgrade to a significantly newer firmware version without blowing away the NVRAM/other settings and having to redo everything from near scratch as is IME so common with custom router FW builds (note: YMMV).

It has USB 3, GigE, wireless speed has been fine etc... certainly one of the best home tech purchases I've made in the last couple years.

[1] http://www.netgear.com.au/home/products/networking/wifi-rout... [2] https://advancedtomato.com

5_minutes8y ago

I had a quite pricey $120 Asus n66u as primary router and a cheap, TP link router, as backup, lying in the closet.

At one point, the Asus started to become unreliable and unstable so I disabled it and put the $40 TP Link instead.

Now, about 3 years later, I completely forgot about my router setup and this TP link is rocking it every day. I'm really impressed by the brand. I only had to pull the powercord to quickly reset it once, during several years. I can not say this of most other brands I've worked with in the past.

You can run OpenWRT etc on it. It's quite similar to the legendary WRT54G.

I also bought a Wifi 4G portable router from TP Link later, and this is also high quality hardware at affordable prices.

https://www.amazon.de/TP-Link-TL-WR1043ND-Ultimate-Anschluss...

cloudengineer8y ago

Ubiquiti Edgerouter + two Unifi UAP-AC-Pro

I've been using ASUS routers with the Asus Merlin[1] firmware for a very long time -- they're just fantastic if you want customizability.

Current router: ASUS AC3100

[1] https://asuswrt.lostrealm.ca/

PfSense on passively cooled j1200 celeron [1] running to a netgear PoE switch hooked to 3 ubiquiti unifi pro ac.

[1] https://www.amazon.com/dp/B01AJEJG1A/

fencepost8y ago

I'm still using an old WNDR-3700 (gigabit ports, dial band, agn) with OpenWRT, though the 2.4 wifi has gotten pretty spotty lately and I now have it set to do nightly reboots.

I'll likely replace it with one of the newer Mikrotik routers soon, mostly because we've started using them at work and for clients and it'd be good to have another spot to get and stay familiar with them. That said, while RouterOS is powerful it has a not insignificant learning curve. I've also seen firmware images and wiki entries indicating that you can run OpenWRT on some models, but I'm not sure how well supported that is.

untog8y ago

The ASUS Google OnHub. I used to face a router that reach DD-WRT and customised all the options... then I got sick of it all. The OnHub just works, and updates itself. It's not glamorous, but neither are my requirements.

Mikrotik hEX RB750Gr3 5-port Gigabit Router feeding an AmpliFi Mesh Wi-Fi System (router plus two meshpoints). Performance, configurability, and reliability have been excellent. ~$350 total cost.

laughfactory8y ago

We're using Google WiFi. Not super (or at all) customizable as you'd like to do, but it does work very well. It's stable and offers really good performance throughout our 1000 sq ft apartment (even given all the numerous networks around us). In the new home we're buying, I plan to use the mesh network (buy more Google WiFi units) capabilities to blanket the whole home.

jakelazaroff8y ago

Didn't have the patience to sort through who knows how many options, so I just read The Wirecutter's comparison [1] and bought the one they recommended: TP-Link Archer C7 (v2).

[1] http://thewirecutter.com/reviews/best-wi-fi-router/

pdxpatzer8y ago

Router is a PC Engines APU2 (apu2c4) running OpenBSD, wireless APs are Buffalo and run OpenWRT in plain bridging mode.

I use a couple TP-Link Archer C7 v2 (dual band ath9k and ath10k) running OpenWRT. 1 of them acts as the router and the others are just bridge over Ethernet to extend wireless coverage and provide local switch ports. Works pretty well for me.

I would also suggest Ubiquiti and/or pfsense if you want an out-of-box experience.

jtl9998y ago

A rackmount pfSense router built from an old Core i3 desktop from circa 2010 and a Intel 4-port NIC. I have 150/150 FTTH at home. Might have 250/250 or 1000/250 by the end of the year (the router can handle 800mbps WAN->LAN with about 50-75% CPU usage)

UAP-AC-LR for the wireless.

sashk8y ago

I'm using eero (1st gen) and with the latest update I've became less happy, as I now have to reboot it once every two weeks to get performance back. And speeds became slower as well. Disappointed, but hope it's a bug, not a way to force me to gen2 model.

colept8y ago

There was a black friday deal for the following router:

https://support.t-mobile.com/docs/DOC-10864

Which was easy to upgrade the firmware and then override so I could install Tomato.

tlb8y ago

At home, 3 Netgear WNDAP360s to cover 2 floors and a detached garage. I've needed to reboot a few times in 2 years.

At work, a Ubiquiti EdgeRouter. Fast and trouble-free so far, and easier to set up than the Netgears.

Aloha8y ago

I've got Comcast Business Class, so I have one of their routers (Cisco/Technicolor) as the actual router - but I run my own DHCP and DNS - I use an Apple Airport as the access point itself.

qubex8y ago

AirPort Extreme with a couple of peripheral units acting as a Wireless Distribution System (WDS). I'm heartbroken that Apple won't be developing any new units.

KiDD8y ago

PF-Sense on a SuperMicro server in a VM. Ubiquiti Unifi AP Pro HD

cdevs8y ago

Have a peplink and typically like peplink or tp-link devices

hossbeast8y ago

Amplifi HD mesh, base station plus 2 APs

akulbe8y ago

Unifi ER-X-SFP from Ubiquiti Networks.

pdonis8y ago

Netgear WNDR3700 running OpenWRT.

mongol8y ago

Mikrotik

hungerstrike8y ago

I have an (awesome) ASUS RT-AC5300 router but I use my Synology DiskStation to run a DNS server.

Everything worked out of the box. No custom software installation, no messing around. I love them both, they're very powerful.

It's easy to install dnsmasq on Synology but now you don't have to do that manually anymore, they have their own package system now which includes a DNS Server built upon dnsmasq.

j / k navigate · click thread line to collapse