[Osmium]

In particular, recommendations for consumer routers would be welcome. Last time this came up, the line seemed to be "consumer routers are trash, if you want security you have to use an enterprise router." There might be some truth in this, but it isn't helpful. Surely not all consumer routers are equally bad?

[zrm]

So there are two main issues with consumer routers. The first is that the hardware is garbage. This isn't universally true, but it's a strong general rule, and models get released and discontinued all the time so the short list of models that aren't garbage changes every year.

The main security issue is that the vendors stop issuing security updates after they stop selling the router even though people are still using it, and the software that comes on it is usually crap to begin with. The solution to this is to get one you can install OpenWRT or Debian or whatever you prefer on it, do that as soon as you buy it and then it doesn't matter what the vendor does. But note that not all routers are supported by the software you want to use.

Also remember that a router is just a computer with multiple network ports on it. Adding another network port to your old laptop is a time-honored tradition. The hardware will be faster, the drivers are usually better, it has a built-in battery to survive power bumps, etc.

[HankB99]

My first firewall was a Thinkpad 750Cs. ;) I can't recall the distro I was running at the time - likely Debian or Slackware. At one point I returned from vacation to find that the hard drive had failed a couple days earlier. Since the firewalling was in the kernel, all I lost was logging. IIRC the last log message was that it was remounting the root filesystem readonly. It continued operating for a couple more weeks until I could arrange to replace it.

[zanny]

I've always wanted to just use an old junk PC as a router instead of paying for what is basically an overpriced Pi with a 4 jack ethernet card attached. But the problem then is that getting enough ethernet ports in the thing to equal the average router is price prohibitive.

I wish there were $20-$30 PCI-E bridge cards of >2 1Gbit ethernet jacks but they don't exist.

[zrm]

> But the problem then is that getting enough ethernet ports in the thing to equal the average router is price prohibitive.

Unless you actually need the ports to do some kind of network segmentation, one solution is to just plug the inside port into a five port switch (~$15). Which is how a lot of the consumer grade routers are implemented internally anyway.

You also can find quad port gigabit cards around those prices. Currently $22: https://www.amazon.com/HP-NC375T-Gigabit-Ethernet-539931-001...

There are scads of used quad port cards for even less on eBay.

[untangle]

Dual-port start at $18 on amzn ($35 for Intel)? But single-port will do ($12). The add pfSense, Untangle, etc. to complete the solution.

[izacus]

I've found the ASUS RT-AC series to be pretty good (both 56U and 66U can route my gigabit internet connection and provide about 400Mbit worth of wifi). But for a bit more you can get a Ubiquiti router + AP for an even better experience.

[Osmium]

Are Ubiquiti decent? It looks like they have a consumer line (AmpliFi).

Cost is not a primary concern, within reason. Wanting a consumer focused router is more about wanting to minimize set-up time and maintainence. Frankly, I’m not sure I have the time or trust myself to set up OpenWRT correctly/make sure it’s updating regularly/I’m installing the correct version etc.

[wtallis]

> Frankly, I’m not sure I have the time or trust myself to set up OpenWRT correctly/make sure it’s updating regularly/I’m installing the correct version etc.

As long as you're not going out of your way to install a nightly build of OpenWRT and you just stick with the stable releases, it's no more difficult than installing new firmware from the manufacturer and configuring it. The web interface for configuring OpenWRT is comparable to what most consumer routers provide, except that OpenWRT's UI is shared across all hardware platforms instead of being laden with vendor-specific branding and snake oil features.

[untangle]

Yes, the AmpliFi line is excellent on the wireless side. I use a MictoTik wired router in conjunction with the AmpliFi to provide add'l features and security. Works well.

[gascan]

Also important, they are popular. Which means more continued support, and more forks.

[izacus]

Yes, I was surprised that my 1st gen 66U (which is now quite a few years old) is still getting security updates. The fact that it runs ddWRT by default also means that I don't have to flash it at all.

[auslander]

> consumer routers are trash, if you want security you have to use an enterprise router

These are trash too, full of closed code with backdoors. Buying small x86 mini PC and flashing it with OPNsense will take an hour. You get open source with GUI on FreeBSD, bulletproof.