> Folks - these routers are secure. There is nothing to see here, move along.
If experience is any guide, they are not.
Consumer routers have horrible track of embarrassing, easily exploitable vulnerabilities. That are not patched for a long time or ever.
And exposing your router to public like that suggests the owner knows very little about security. This typically goes in hand with other neglect. Tell me, how many home users that are not security conscious keep their routers regularly patched and will replace the router when the manufacturer stops supporting them?
Buy something well supported by OpenWRT; that typically correlates to at least OK hardware that is known to work well enough. Ideally you'd also install OpenWRT on it, or another choice of OSS rather than factory firmware.
Funny enough, I recently purchased one of the latest TP-Link Archer 5400x (AX73) routers. Ended up not needing it, so I opened it up and connected via UART.
Once you log in it appears to be running a version of OpenWRT, although they don't specify that on their website.
Is it too much to ask to have competently built hardware with competent software for a reasonable price enabled by mass production?
I mean, just don't make stupid things like open access to it from a single point of failure where a single engineer can loose their AWS key and enable attackers to access million networks?
Or build devices that overheat placed on an open shelf in home office in truly unreasonably hot Polish climate?
It depends on your experience. For me it didn't require much time at all. You might also consider it a valuable learning experience so worth making the time. I would highly recommend being on top of your own home network as you really never know when networking skills will come in handy.
I have some ops experience but that was 20 years ago. Nowadays if I need to do something like that I have to do a bunch of research and spend a lot of time on it. Which I would prefer spending, for example, with my son teaching him programming.
I can sympathize with people that don't have technical background -- these are practically defenseless.
I'm willing to invest time once to get something better working. I'm not willing to invest time on an on-going basis to keep my router secure. My normal router is a !@#$%, but the company does push out security updates.
Most of the DIY projects I've seen require me to do it manually.
Yeah, I love the older Ubiquiti stuff (Edgerouter) and the Unifi access points, but all their new routers (like the UNMS ones) seem to require cloud hook-in which I really don't want.
When the EdgeRouter-4 I have dies, I suspect I'm going to need to find a new hardware brand, this time preferably running OpenWRT. Potentially it could get to the point where I'll have to look for an ARM based server with low enough power usage and a few independent network interfaces and just run pfSense or VyOS or something...
Yeah, I’ve used Microtik gear, and I never liked their software. I hear the performance has improved a lot though (that was a big selling point of the Ubiquiti gear when I got into it with their hardware acceleration).
I expect I will eventually move to embedded server hardware (even maybe Xeon-D) on a machine running vSphere or something with a router VM and other VMs for stuff I want to run. Just have a few separate NICs and pair it with a separate managed switch (which I already have anyway).
I've had good experience as a basic home user with Fritzboxes. I can't vouch for them in terms of security or unusual and fun uses that people here may have for their home network though.
If experience is any guide, they are not.
Consumer routers have horrible track of embarrassing, easily exploitable vulnerabilities. That are not patched for a long time or ever.
And exposing your router to public like that suggests the owner knows very little about security. This typically goes in hand with other neglect. Tell me, how many home users that are not security conscious keep their routers regularly patched and will replace the router when the manufacturer stops supporting them?