Time to replace router.......

[Whach]

Hello all. So its time to replace my aging ASUS RT AC87U router. But with what is the question. I kind of want a brute force behemoth, like the ASUS ROG Rapture GT-AX11000. I am partial to Asus routers, but I don't particularly like the "gamer" aesthetic to the UI of the ROG line. That's why I'm also considering/curious about the Unify Dream Router for it's dashboard features & wifi6, and just to try a change. However, I've heard the Wi-Fi for this isn't particularly strong and the unit is underpowered CPU-wise. It may be a problem should I ever upgrade to Gigabit Fiber (currently on 650 up/down ATT).

To be be clear, I'm getting rid of my current unit because I need a bit more grunt Wi-Fi wise & I can tell its beginning to struggle in general use. I would separate everything out, but I generally want an all-in-one solution with the possibility of expanding it in to a mesh-like system later on ( I cant run a cable and stick an AP somewhere due to my Mrs.'s objections).

For context, I currently live in a densely wi-fi crowded neighborhood in a ground floor apartment (approx. 1000sq ft.). The building is from the 1930's, so everything is oooold. My current router has to be placed next to my TV/console/speakers so EM interference is an unfortunate situation. PC is wired, wifi is for iot / laptop / mobile devices.

Anyway, thanks for any input/suggestions. Cheers.

 

[SamirD]

With those type of speeds, and since you've gotten by on your current one, I would just get a pair of powerline adapters and add a second as an AP. Or you could get one of the new 'bugs' and it should cover 1000sq ft pretty easy. The problem you're going to run into is just massive noise of all the APs in a crowded apartment. We used to see 100+ APs when we lived in one.

 

[ND40oz]

If you're OK with using Unifi stuff and have the budget, you could get a Dream Wall. Easy to expand with it's built in POE switch to add additional access points later on. Even if you decide not to hardwire some POE runs, you can still use their mesh APs with it. It would be completely overkill and potentially triple the budget, but hey, that's why you're here asking for recommendations.

 

[Whach]

With those type of speeds, and since you've gotten by on your current one, I would just get a pair of powerline adapters and add a second as an AP. Or you could get one of the new 'bugs' and it should cover 1000sq ft pretty easy. The problem you're going to run into is just massive noise of all the APs in a crowded apartment. We used to see 100+ APs when we lived in one.

I did try powerline adapters, but the the wiring is just too crappy and fluctuates :/

 

[Whach]

If you're OK with using Unifi stuff and have the budget, you could get a Dream Wall. Easy to expand with its built in POE switch to add additional access points later on. Even if you decide not to hardwire some POE runs, you can still use their mesh APs with it. It would be completely overkill and potentially triple the budget, but hey, that's why you're here asking for recommendations.

I like overkill! But definitely over budget. Can’t make any wire runs in this place, not worth the effort.

 

[TheSlySyl]

I went overkill brute force and got the Asus AXE-16000 and have been more than happy with it. It handles my 1.4GB internet connection (Via WAN Aggregation) and my in house 10GB connections fine and has a surprisingly good range for my very wide house. I do have an AImesh setup with my old AC-5300 on the clear other side of the house so that I can cover my entire backyard though. I use Merlin-WRT and have a few super nice things installed on the router via amtm like Adguard Home, which also works as a DNS cache, making my DNS hits take 0.5ms on average, it's super fast.

Even with all my installed amtm extras and transferring giant files I rarely hit over 50% cpu usage, I did turn off AIprotection though and run without any QOS.

My up time is usually "whatever time between major router updates" but we had a power outage last night for 6 hours, so even the battery backup couldn't keep my router on that long.

 

[SamirD]

I did try powerline adapters, but the the wiring is just too crappy and fluctuates :/

Which ones did you try? The reason I ask is that there is practically an order of magnitude performance difference between generations. The other option is moca which can be quite fast at 2.5Gb if you've got some coax in the walls.

 

[Whach]

Which ones did you try? The reason I ask is that there is practically an order of magnitude performance difference between generations. The other option is moca which can be quite fast at 2.5Gb if you've got some coax in the walls.

I tried units from netgear, tp link and trend net (all latest releases I think). All had decent enough performance, just constant instability. I know the units were fine because I tested them at my family home to verify and make it want user error. The only coax/comms ingress to the place is in the living room behind the tv. No wires anywhere else. Old old place.

 

[Whach]

I went overkill brute force and got the Asus AXE-16000 and have been more than happy with it. It handles my 1.4GB internet connection (Via WAN Aggregation) and my in house 10GB connections fine and has a surprisingly good range for my very wide house. I do have an AImesh setup with my old AC-5300 on the clear other side of the house so that I can cover my entire backyard though. I use Merlin-WRT and have a few super nice things installed on the router via amtm like Adguard Home, which also works as a DNS cache, making my DNS hits take 0.5ms on average, it's super fast.

Even with all my installed amtm extras and transferring giant files I rarely hit over 50% cpu usage, I did turn off AIprotection though and run without any QOS.

My up time is usually "whatever time between major router updates" but we had a power outage last night for 6 hours, so even the battery backup couldn't keep my router on that long.

I think this is what I’ll do. Does the Merlin firmware get rid of the horrible rog skinned interface?

 

[TheSlySyl]

I think this is what I’ll do. Does the Merlin firmware get rid of the horrible rog skinned interface?

It can if you want, There's both an ROG themed skin and a non ROG themed skin for it in the zip file.
https://sourceforge.net/projects/asuswrt-merlin/files/GT-AXE11000/Release/
at least, that's how it is for the AXE-16000

 

[SamirD]

I tried units from netgear, tp link and trend net (all latest releases I think). All had decent enough performance, just constant instability. I know the units were fine because I tested them at my family home to verify and make it want user error. The only coax/comms ingress to the place is in the living room behind the tv. No wires anywhere else. Old old place.

Oh wow, yeah you seemed to have tried them all if they were all powerline 2000. The older units have more issues with bad wiring setups, but the newest are pretty awesome. They'll hit nearly 200Mb at one site with 1968 wiring, reverse polarity, and no grounding in some areas. And the two are connected one with ground and one without which I thought would have messed them up.

 

[Keljian]

Mikrotik RB5009 and Second hand ruckus AP with unleashed…

 

[uberjon]

I just upgraded my old unifi cloud key gen to the new unifi dream router your talking about. The reason I went with it over a dream machine and an access point is because my isp likely will never offer gbit speeds.

I've never used Asus routers so I can't speak for them.. but my new UDR was able to adopt my ancient unifi outdoor+ model access point. I thought for sure it would be so far EOL that it wouldn't adopt.. talk about long term support!

 

[Stugots]

I'm running an old Dell Optiplex SFF running pfSense. Easily handles 800-900Mbps without breaking a sweat. For an access point I have an aging Ubiquity AC-LR, and a used 24-port DLink managed switch to top it off.

 

[Whach]

I'm running an old Dell Optiplex SFF running pfSense. Easily handles 800-900Mbps without breaking a sweat. For an access point I have an aging Ubiquity AC-LR, and a used 24-port DLink managed switch to top it off.

I’d like to mess around with pfsense, just don’t have the time to do so unfortunately. All that will have to happen once/if I can finally buy a bloody house.

Looks like the ASUS “bug/spider” with Merlin is the way to go for now. Will just have to look for a good deal.

 

[Whach]

I just upgraded my old unifi cloud key gen to the new unifi dream router your talking about. The reason I went with it over a dream machine and an access point is because my isp likely will never offer gbit speeds.

I've never used Asus routers so I can't speak for them.. but my new UDR was able to adopt my ancient unifi outdoor+ model access point. I thought for sure it would be so far EOL that it wouldn't adopt.. talk about long term support!

I want to try the dream router, just wish it was more performant. I dunno. Might give it a go, return if acts slow I suppose.

 

[Whach]

I just want to say I appreciate all the suggestion/advice so far. Keep em coming

 

[SamirD]

I’d like to mess around with pfsense, just don’t have the time to do so unfortunately. All that will have to happen once/if I can finally buy a bloody house.

Looks like the ASUS “bug/spider” with Merlin is the way to go for now. Will just have to look for a good deal.

If you like the pfsense type boxes, consider netgate and firewalla as they're basically the same except in a router sized box. You can also run sophos on regular hardware for home useage.

 

[uberjon]

I want to try the dream router, just wish it was more performant. I dunno. Might give it a go, return if acts slow I suppose.

I plan on trying either a 2k or 4k camera with mine. If I like the camera enough I might add their nvr. If not I might build a blue iris box. Idk?

 

[Dopamin3]

I'm running an old Dell Optiplex SFF running pfSense. Easily handles 800-900Mbps without breaking a sweat. For an access point I have an aging Ubiquity AC-LR, and a used 24-port DLink managed switch to top it off.

If you can live without pfBlockerNG, switch to OPNsense. Netgate/pfSense are childish and rushed a garbage tier wireguard kernel module and actually publicly released it on pfSense 2.5. The original developer of m0n0wall (the software from which pfSense originally forked from) recommends to use OPNsense.

If you like the pfsense type boxes, consider netgate and firewalla as they're basically the same except in a router sized box. You can also run sophos on regular hardware for home useage.

I would not support Netgate for the reasons above. I don't know enough about Firewalla to make any statements.

In general, chinese mini PCs are the way to go for making your own firewall. I'm a big fan and have ordered my third yet to arrive (first two were i5-7200U and N6005 based) . You can go on Aliexpress or Amazon, get a 4 - 6 NIC (Intel Gigabit or Intel 2.5GbE I226-V) mini PC with great CPUs for routing (N5105, N6000, N100, N305, etc...) I'd recommend a barebones option so you can put in decent SODIMM RAM and SSD, you probably get some pretty meh stuff if you buy it with the RAM and SSD already installed. You have the flexibility with these to not simply just run your firewall of choice bare metal, you can easily run it as a VM in a hypervisor. I'm virtualizing OPNsense on an N6005 unit right now on Proxmox and also run a few LXC containers and virtual machines. I just ordered an i5-1235u to get a little more horsepower and to experiment with Proxmox clusters lol. The crazy thing to me is all these boxes support Intel VT-d so you can do IOMMU passthrough on your individual NICs directly to your firewall, no overhead or complications for needing to make a bridge and you can do hardware offloading.

 

[Stugots]

I’ve been wanting to kick around Opnsense for a while. Just haven’t had the time. I do not like the update frequency (or lack thereof. ) from pfSense

 

[SamirD]

If you can live without pfBlockerNG, switch to OPNsense. Netgate/pfSense are childish and rushed a garbage tier wireguard kernel module and actually publicly released it on pfSense 2.5. The original developer of m0n0wall (the software from which pfSense originally forked from) recommends to use OPNsense.


I would not support Netgate for the reasons above. I don't know enough about Firewalla to make any statements.

In general, chinese mini PCs are the way to go for making your own firewall. I'm a big fan and have ordered my third yet to arrive (first two were i5-7200U and N6005 based) . You can go on Aliexpress or Amazon, get a 4 - 6 NIC (Intel Gigabit or Intel 2.5GbE I226-V) mini PC with great CPUs for routing (N5105, N6000, N100, N305, etc...) I'd recommend a barebones option so you can put in decent SODIMM RAM and SSD, you probably get some pretty meh stuff if you buy it with the RAM and SSD already installed. You have the flexibility with these to not simply just run your firewall of choice bare metal, you can easily run it as a VM in a hypervisor. I'm virtualizing OPNsense on an N6005 unit right now on Proxmox and also run a few LXC containers and virtual machines. I just ordered an i5-1235u to get a little more horsepower and to experiment with Proxmox clusters lol. The crazy thing to me is all these boxes support Intel VT-d so you can do IOMMU passthrough on your individual NICs directly to your firewall, no overhead or complications for needing to make a bridge and you can do hardware offloading.

I remember hearing about these issues with pfsense and netgate, but most of the public will care less.

And in a similar vein to avoiding netgate, I would never, ever, never, never recommend hardware like this as hardware for a firewall.

There are others that produce similar designs that can be used and there's always the tried and true repurposing a thin client for firewall duty.

 

[Dopamin3]

I’ve been wanting to kick around Opnsense for a while. Just haven’t had the time. I do not like the update frequency (or lack thereof. ) from pfSense

OPNsense is great, the only thing really missing is an equivalent to pfBlockerNG which I think is the #1 reason people won't try it. The hilarity of the pfSense updates is they are using FreeBSD 14.0-CURRENT as a base whereas OPNsense is using FreeBSD 13.2-RELEASE. You can lookup the difference between RELEASE and CURRENT and decide for yourself which one would be better suited for a base.

I remember hearing about these issues with pfsense and netgate, but most of the public will care less.

The drama and bad faith people won't care about, but I think with the Wireguard implementation people should be genuinely concerned.

And in a similar vein to avoiding netgate, I would never, ever, never, never recommend hardware like this as hardware for a firewall.

There are others that produce similar designs that can be used and there's always the tried and true repurposing a thin client for firewall duty.

Does the concern come from potential backdoors, low quality hardware or...? That's for sure true on repurposing old thin clients, but you it's generally hard to beat the price/performance on these mini PCs.

 

[SamirD]

OPNsense is great, the only thing really missing is an equivalent to pfBlockerNG which I think is the #1 reason people won't try it. The hilarity of the pfSense updates is they are using FreeBSD 14.0-CURRENT as a base whereas OPNsense is using FreeBSD 13.2-RELEASE. You can lookup the difference between RELEASE and CURRENT and decide for yourself which one would be better suited for a base.


The drama and bad faith people won't care about, but I think with the Wireguard implementation people should be genuinely concerned.

Does the concern come from potential backdoors, low quality hardware or...? That's for sure true on repurposing old thin clients, but you it's generally hard to beat the price/performance on these mini PCs.

I wouldn't know the difference as most people wouldn't, but you're right there's a big difference between release and 'current beta'. True that if someone is going to be using the wireguard implementation they would want to know the caveats.

Yep, backdoors. I'd go into more detail but I've already gotten into trouble for that once so I'll just leave it at that. Any backdoors on thin clients are more carefully vetted since major companies paid for those designs so I would be less concerned there even though realistically it's a bigger target since there would be a bigger 'benefit' to such back doors.

 

[Dopamin3]

I would separate everything out, but I generally want an all-in-one solution with the possibility of expanding it in to a mesh-like system later on ( I cant run a cable and stick an AP somewhere due to my Mrs.'s objections).

Unless you specifically need something advanced (VLANs, complex firewall rules, etc...) I would just stick to a consumer all in one router/switch/AP. I kinda went off topic when I saw pfSense come up. Running your own firewall (OPNsense, pfSense, VyOS, IPFire, Untangle, etc...) is rewarding and gives you networking experience but unnecessary for 90% of households. You'll end up needing to split your AIO router into a separate firewall, switch, and access point. If you do need those advanced features look into something that supports after-market firmware (DD-WRT, FreshTomato/AdvancedTomato, OpenWRT, there may be others but I'm a bit rusty on this). I would avoid Unifi routing stuff. Given the budget on what you were originally looking at, I'd recommend the Netgear RAXE300. Design is better? than the Asus, well it's still a little cheesy but it doesn't scream GAMER quite as much as that Asus.

Pretty much any "mid-range" or higher consumer router will be able to route at full hardwired Gigabit speed if you upgrade your Internet. Don't expect that on wireless, but you should get decent enough speeds (although you legit might be able to get basically Gigabit if you have a 6E client). You can add additional mesh beacons or access points that support this mode to any WiFi, so the brand router you pick won't limit your choice down the road. I quite like the TP-Link Omada APs and they support this mesh mode. I run two EAP660 HDs for a duplex. Unifi access points are pretty good too, while I would avoid anything from their routing/switching line the standalone APs are good and also support mesh mode.

Given you're going to be adding more mesh APs, you might want to consider jumping into a mesh system (Netgear Orbi, TP-Link Deco, etc...) but you'll get a bit more flexibility with a separate router then adding additional mesh APs down the road. Hopefully WiFi 6E stuff comes down in price and we see more clients supporting 6GHz.

 

[Whach]

Unless you specifically need something advanced (VLANs, complex firewall rules, etc...) I would just stick to a consumer all in one router/switch/AP. I kinda went off topic when I saw pfSense come up. Running your own firewall (OPNsense, pfSense, VyOS, IPFire, Untangle, etc...) is rewarding and gives you networking experience but unnecessary for 90% of households. You'll end up needing to split your AIO router into a separate firewall, switch, and access point. If you do need those advanced features look into something that supports after-market firmware (DD-WRT, FreshTomato/AdvancedTomato, OpenWRT, there may be others but I'm a bit rusty on this). I would avoid Unifi routing stuff. Given the budget on what you were originally looking at, I'd recommend the Netgear RAXE300. Design is better? than the Asus, well it's still a little cheesy but it doesn't scream GAMER quite as much as that Asus.

Pretty much any "mid-range" or higher consumer router will be able to route at full hardwired Gigabit speed if you upgrade your Internet. Don't expect that on wireless, but you should get decent enough speeds (although you legit might be able to get basically Gigabit if you have a 6E client). You can add additional mesh beacons or access points that support this mode to any WiFi, so the brand router you pick won't limit your choice down the road. I quite like the TP-Link Omada APs and they support this mesh mode. I run two EAP660 HDs for a duplex. Unifi access points are pretty good too, while I would avoid anything from their routing/switching line the standalone APs are good and also support mesh mode.

Given you're going to be adding more mesh APs, you might want to consider jumping into a mesh system (Netgear Orbi, TP-Link Deco, etc...) but you'll get a bit more flexibility with a separate router then adding additional mesh APs down the road. Hopefully WiFi 6E stuff comes down in price and we see more clients supporting 6GHz.

I’m definitely going a single device solution for now. I considered the netgear, but it has features like parental control behind a subscription. Not right to me.

I think I’ll skip WiFi 6e for now. Not much call for it given the premium. I don’t have any devices for it anyway. Seems to be a small step given WiFi 7 is out already in a limited way.

Gigabit over WiFi isn’t really an issue (only a future consideration for wired use) Mesh, however, is definitely on my radar. The ASUS can do it to a degree from what I understand.

 

[TheSlySyl]

I’m definitely going a single device solution for now. I considered the netgear, but it has features like parental control behind a subscription. Not right to me.

I think I’ll skip WiFi 6e for now. Not much call for it given the premium. I don’t have any devices for it anyway. Seems to be a small step given WiFi 7 is out already in a limited way.

Gigabit over WiFi isn’t really an issue (only a future consideration for wired use) Mesh, however, is definitely on my radar. The ASUS can do it to a degree from what I understand.

I've been using Asus AImesh for 3 or 4 routers now. Great stuff. Definitely part of why I've stayed with asus, my old routers can turn into APs in just a few minutes of setup.

WiFi 6 and 6e has pretty much been worthless for my household thus far, but the only devices we have that support it are our cellphones.

 

[Whach]

Just an update. Bought the ASUS bug. Solved for my use case. All is well in network land….for now.

 

[Meeho]

OPNsense is great, the only thing really missing is an equivalent to pfBlockerNG which I think is the #1 reason people won't try it.

Most of the pfBlockerNG functionality can be replicated in OPNsense via its built in tools.