Router recommendations, not using wireless

D

doox00

2[H]4U
Joined
Aug 28, 2005
Messages
3,393
I have a few pc's I will be accessing remotely a few hundred miles away, because of this I need a reliable router, one I don't want to worry about freezing or needing power cycles etc. I will not be using wireless at all so any router I get wireless would be disabled. Or if there is a recommended easy to setup wired only router that would be good too. At home I have an R7000 nighthawk which I am happy with, have had no issues at all in the year I have owned it. I may get another one of those unless others have better/cheaper recommendations.

thanks all
 
TP-Link TL-WDR3600 (150d+ uptime without any issues at all) and/or D-Link DIR-860L (hw rev B1) would be two models I'd look for.
 
Edgerouter Lite or X.

Unless you need to set up something not handled by the Edgerouter GUI and aren't into dealing with a CLI, then maybe pfSense on a Supermicro board with a J1900 or C2358 CPU. Alternately, maybe there are some recent embedded boards that can run OpenWRT?
 
I would rather not have a cli interface if I can avoid it. I don't mind learning something new but I am on a time crunch and just looking for something easy to setup and most importantly needs to be reliable.
 
Dual port NIC in an old computer and Sophos UTM (free version).

ClearOS would also probably work fine as well since you aren't using wireless.

I am currently running Sophos and ran ClearOS before that.

Sophos has a much better GUI.

The only time either ever went down was when we had a power outage.

Either of those would be the cheapest route.

But the Edgerouter would also be a good choice.
 
@ doox00
The boxes I mentioned above runs OpenWRT which is WebUI if you want or CLI.
As an owner of the Edgerouter Lite (several) I would take the TP-Link over the ERL by far in terms reliability. The D-Link is pretty new but I've had great success with it so far and the extra performance is nice if you need it at all that is.
 
I would also caution against the edgrouter lite in this situation. If you browse the ubiquiti forums there are many counts of filesystem corruption on this unit when it isn't cleanly shutdown. I'm in the same boat as OP, I have a remote location 8 hours drive away and have always relied on pfsense running on something well built with the nanobsd embedded install. I've never had an issue.

If you don't need much throughput look at an alix board with pfsense (ebay). If you want to future proof things substantially more check out these systems from netgate: http://store.netgate.com/Desktop-Systems-C83.aspx You can also buy those directly from pfsense but there is a pretty big premium.

As long as you stick to the nanobsd pfsense installs there shouldn't be any worries about loss of power. I know this route is more expensive than an off the shelf consumer router but the hardware is pretty bulletproof instead of questionable.
 
BlueLineSwinger said:
Edgerouter Lite or X.

Unless you need to set up something not handled by the Edgerouter GUI and aren't into dealing with a CLI, then maybe pfSense on a Supermicro board with a J1900 or C2358 CPU. Alternately, maybe there are some recent embedded boards that can run OpenWRT?
Click to expand...

EdgeRouter X is a great little router box for a great price.
It requires *just slightly* more technical prowess to do a basic setup than a typical home router but it's still GUI.
 
Thank you all for the feedback, I appreciate it. I was looking at the pfsense options and I am really interested in going that route down the road. Since I only have about a week to get everything setup I went ahead and just ordered another R7000 in the meantime. Amazon has them for 200 bucks but includes an external seagate 1tb 2.5" usb hard drive. I am very impressed with how well mine has worked over the past year, and that is with many wifi devices using it as well as wired. I won't even be using wifi at all in my remote location so one less thing to cause issues. I think when it comes time to replace my R7000 though I will be looking at the pfsense options in the future.

thanks again all!
 
Last edited:
I'm going to wish you the best of luck with the R7000 esp since you're going to have a hard time keeping up with security updates. Be careful what you store on that Seagate drive, they haven't had good reliability for the last 2 years or so.
 
diizzy said:
I'm going to wish you the best of luck with the R7000 esp since you're going to have a hard time keeping up with security updates. Be careful what you store on that Seagate drive, they haven't had good reliability for the last 2 years or so.
Click to expand...

I actually already sold the seagate drive for 50 bucks.. had no need for it. Which security updates btw? My R7000 has not had a firmware update available for awhile now. The new one came with the latest installed already as well.
 
diizzy said:
According to this page, the last firmware was released 2015-06-10
https://community.netgear.com/t5/Ni...w-R7000-Firmware-Version-1-0-4-30/td-p/510110

You've had several OpenSSL vulns reported after that date,
https://www.openssl.org/news/vulnerabilities.html#y2015 which I presume they use for OpenVPN etc and even if they used PolarSSL (mbedTLS) they still have vulns in their firmware that should be addressed for instance.
Click to expand...


I just checked, I do have that version firmware installed. I do not run any servers of any kind and have no port forwarding going on, not sure if that matters or not. I will have 443 open for this new remote location forwarding to one device, not a pc, just a remote kvm switch.
 
Last edited:
...and since you have old encryption libraries with vuls it'll help a bit but far from being secure.
 
Well they will need to be able to get through my raritan dominion kx III kvm switch security/login, then be able to log onto a win 10 machine.. and when/if they do get that far.. there is not anything there really for them.. no sensitive data to steal lol. All ports are closed off in the router (my entire home network is not secure then I guess too, since I have the same router), the vpn I setup only connects to a network with just the kvm switch, the 2 pc's are on different subnet (looking at setting up a vlan for this, need to learn how to do it, 2 pc's on the one vlan and kvm switch on another). Right now I have the pc's on 192.168.1.x 255.255.255.0 and kvm 192.168.0.x 255.255.0.0 both same gateway 192.168.1.1. Reason is I do not want the pc's seeing any other device on the network. Not sure this will do that or not.. but I think vlan will?
 
Last edited:
vlan won't isolate the two pcs from the rest if you have to enable intervlan routing to have the kvm connect to them.

For what you are trying to do (which I've had implemented for a few years now) the easiest and most secure thing to do is set up some site-to-site vpns. The cheapest route would be to use IPCOP on some old hardware as your routers at the end points (your 'spokes') and then replace your r7000 with a router that also does vpn or a IPCOP install with more beefy hardware (your hub). You then set up site-to-site vpn connections between all the sites. Each site would need to be on its own subnet (like 192.168.1.x, 192.168.2.x, 192.168.3.x, etc) and traffic should not flow from one site to another without you expressly setting up tunnels that do that.

This would allow you to have a 24x7 secure connection to all your sites. And since IPCOP has a reboot scheduler built-in, you could set that for an interval you feel comfortable with and it would reboot regularly on its own, if even necessary.
 
Okay, I used an old core 2 duo box I had lying around and setup pfsense, put an intel gbit nic in it for a 2nd nic. Everything is setup and working on it great. (debating using this or the r7000, I am heading to install all this stuff on Tuesday to the remote location).

So with the way I have it setup now.. using pfsense, I have ssh port open so I can remote into the pfsense box if needed and have 443 open so i can remote into my raritan still.. Is this a better option then just using the r7000 with port 443 open? I also had setup openvpn in the r7000 router so I would be creating a vpn from my home pc to the r7000.

Would I still want to setup a vpn with the pfsense box and home? Is this a more stable/secure setup over the r7000?

Again, I do not have any sensitive data on any of the remote pc's I will be accessing.


Also with pfsense is there a way I can setup so only a certain domain can get in through port 443 and 22? I do not have a static ip at home but could use noip or something and if you can say only x.noip.com is allowed through then I think that would be helpful.

thanks all
 
A site to site VPN is just, well, easy. You basically access IPs like they were already on your network. Once you set them up, you forget that they're hundreds of miles away except when you're thinking 'why is this so slow?' oh yeah, it's running over a 2Mbps link...
 
You must log in or register to reply here.
Back
Top