Your favorite router OS

terrorgen

For those who don't want to use cisco/Juniper/Ubiquiti grade hardware, what is your go to router OS when you need a gateway/router/firewall?

I started with flashing dd-wrt on Linksys wireless routers, then flip-flopped between OpenWRT and OPNSense. Right now settled on OpenWRT.

OPNSense is feature rich, but sometimes confusing to use. Being based on BSD its boot time is long. It also uses much more resources than OpenWRT.

OpenWRT is lightweight and have a good sized package repository as well. However many of those packages don't have GUIs so you'll be spending time with BusyBox.

So what is your preference? Do you use a special purpose BSD/Linux distro for the job, or use plain CLI-fu?

tgl

I like/use Endian OS, there is also a community version, and its based on Linux.
OPNSense and pfSense are great but not that easy to setup and as you said a little confusing in handling things, and also its BSD, so if something goes wrong, if you are familiar with Linux, even if it seems to be the same thing, its not, the same goes for Juniper OS.

Mr_Tom

I used to use just CLI, then started with stuff like IPcop years ago.
Most recently used pfsense. Currently since moving just using ISPs router but I am looking to replace that, as port forwarding seems 50/50 if it works or not lol.

flips

Favorite router OS is Router OS (Mikrotik)

beagle

pfSense works well for me. More than enough features for my needs.

InceptionHosting

back in the last e90's early 00's I used to use Astaro, it was epic, probably turd these days but that was he only thing considered secure enough for the customs work we did.

goinsj2010

If you have a more powerful system, Debian & Shorewall are a great combination. I run them inside a virtual machine and share the same server for other tasks. For my access points and other lightweight hardware I use OpenWRT.

luis

Have always used OpenWRT. Usually configure openvpn, an ad blocker plugin and some firewall rules. Works great!

terrorgen

@goinsj2010 said:
If you have a more powerful system, Debian & Shorewall are a great combination. I run them inside a virtual machine and share the same server for other tasks. For my access points and other lightweight hardware I use OpenWRT.

I run OpenWRT in a VM as well. It is blazingly fast!

Hogie

I use to do openbsd gateways. Now it would be pfsense.

cybertech

Microtik is good. Thankfully for home use there is no longer such a need since new products came up. TP-Link with broadcom is good enough.

Anyone has experience with ubiquiti? It looks like nice and modern

dahartigan

Smoothwall on a 486 with a dialup modem.

terrorgen

@dahartigan said:
Smoothwall on a 486 with a dialup modem.

that must generate you a lot of potassium.

foxone

Openwrt is comfy, i like the semplicity and extensibility. pfSense/OpnSense and all the other distros are way too complicated for me.

InceptionHosting

@dahartigan said:
Smoothwall on a 486 with a dialup modem.

Ooh a morning hit of nostalgia... better than coffee.

Neoon

stockROM, but I buy a decent ROUTER.

Mr_Tom

@dahartigan said:
Smoothwall on a 486 with a dialup modem.

For a couple of years in the early cable days (512kbps) I ran a 486 running IPcop, along with a P100 running Win95 for stuff like WinProxy and an old mIRC bot.

terrorgen

@cybertech said:
Microtik is good. Thankfully for home use there is no longer such a need since new products came up. TP-Link with broadcom is good enough.

Anyone has experience with ubiquiti? It looks like nice and modern

I switched to x86 routers 6 years ago because ARM at that time cannot handle crypto that well. Had a 20mbps connection with my ISP but can only do 5mbps with a VPN provider. Switched to x86 and I can get near the speed of not connected to any VPN at all.

Is current ARM routers powerful enough for crypto?

pike

I like to use FritzOS which is developed from AVM as firmware for their enduser routers. They use good hardware (Intel Atom + ARM CPU), their software allows a lot and there's a modding scene around their OS.

vimalware

I don't trust my ISP freebie router. So I just VPN 24/7.

I used to run Tomato on my trusty old Asus RT-N16 before the flood in Aug 2018.

terrorgen

@pike said:
I like to use FritzOS which is developed from AVM as firmware for their enduser routers. They use good hardware (Intel Atom + ARM CPU), their software allows a lot and there's a modding scene around their OS.

Looks like a good product. I like that they give you a periodical report on how internet was used.
I don't think the OS is available for general use?

Mr_Tom

@pike said:
I like to use FritzOS which is developed from AVM as firmware for their enduser routers. They use good hardware (Intel Atom + ARM CPU), their software allows a lot and there's a modding scene around their OS.

Didn't realise any of that. I've currently got a FRITZ!Box router from my ISP. Thought it just default proprietory thing on it. It seems okay but I have 2 port forwarding rules, both setup in the same manner (other than port) and one works the other doesn't lol.

pike

@terrorgen said:
Looks like a good product. I like that they give you a periodical report on how internet was used.
I don't think the OS is available for general use?

It is really nice, since FritzOS 7 at least. And AVM in general is the most reputable company when it comes to home routers in germany. Also they provide 5 years warranty.
The firmware files for different routers are downloadable, I could even get you the source code of the firmware for my cable modem (6591) but I doubt it has been ported to any other hardware than AVM.

@Mr_Tom said:
Didn't realise any of that. I've currently got a FRITZ!Box router from my ISP. Thought it just default proprietory thing on it. It seems okay but I have 2 port forwarding rules, both setup in the same manner (other than port) and one works the other doesn't lol.

Yeah, AVM supports branding and also modifications of the firmware, in that case the provider is responsible for managing software updates. For most routers however there are tutorials on how to unbrand them/flash a stock firmware in order to get full functionality. Most of the time this involves accessing the EVA console via FTP during the first 10 seconds of box bootup. And if youre flashing firmware anyway, there's the freetz package that allows nice features like having an OSCAM or OpenVPN server.

dahartigan

@terrorgen said:

@dahartigan said:
Smoothwall on a 486 with a dialup modem.

that must generate you a lot of potassium.

It would generate some great potassium these days if I had kept that machine (originally purchased new in 1993)

@AnthonySmith said:

@dahartigan said:
Smoothwall on a 486 with a dialup modem.

Ooh a morning hit of nostalgia... better than coffee.

I am very nostalgic when it comes to 90's era computing. I also ran a popular abandonware site back in the late 90's (back then the abandonware was legitimately old DOS games and apps)

@Mr_Tom said:

@dahartigan said:
Smoothwall on a 486 with a dialup modem.

For a couple of years in the early cable days (512kbps) I ran a 486 running IPcop, along with a P100 running Win95 for stuff like WinProxy and an old mIRC bot.

Those were the days Before cheap SBC like Raspi existed, we repurposed "ancient" computers for the tasks. Good old days indeed.

jureve

RouterOS (Mikrotik)

xyphos10

+1 for pfsense as a vm using vmware and microtik's router os

SpryServers_Tab

Pfsense for remote access server and gateway for in data center wifi.

FlamingSpaceJunk

I have some OpenWRT stuff around that I would really like to deprecate. These days I'm using OPNsense wherever I can. It doesn't run some weird config system on top of a Unix-like OS, and it has everything I want out of the box, like LDAP auth.

I have a Netgear Orbi system at my house, and while the wireless works really well, the gateway portion is feature poor. I'm probably going to turn the Orbis into APs and offload everything else to OPNsense. I'd like to run an OpenBSD gateway, but I need to workout how to do that first.