When this article says "router" it means "combination router and wireless access point". Which is fine—that's how most people think of these products—but they are available separately.
For my home, using Ubiquiti products has worked well. I have the EdgeRouter Lite and UAP-AC-PRO access points which support POE. It's been nice using products designed for professionals, and it's nice to be able to administer and upgrade the router independently from the access point. These products just work, and there's none of this dodgy "reboot the router" nonsense.
I hear a lot of good things about the many mesh networking setups (often combined routers/APs) now on the market but haven't tried any. They're almost certainly a better fit for a consumer who doesn't want to be a network admin. Ubiquiti has one (the "Alien"), and the Eero (now owned by Amazon) is often recommended.
I recently rebuilt my home network when switching ISPs and fell in love with Ubiquity. It's the first time I have ever been happy to use networking-related hardware. Dealing with Asus/Linksys/Netgear/etc in the past had always been a miserable experience, and I'd cringe every time my internet went out and was forced to deal with them again.
It's a shame that there aren't more "pro-sumer" products like this out there. A common warning I read when researching Ubiquity products was that they're not for people who aren't tech/networking professionals. I don't know where that came from, because setting it all up was a breeze. It was way easier than dealing with Asus's terrible "setup wizard".
>"It's a shame that there aren't more "pro-sumer" products like this out there"
Mikrotik is another company that has a good pro-sumer to pro ecosystem. Routers, APs, adapters, long-range point-to-point radio stuff. Most of their gear runs on variations of their RouterBOARD hardware and Linux-based RouterOS, and can be collectively managed through CAPsMAN, which can either run on one of their routers or on a desktop PC.
The configuration side is definitely less slick than what you get with Unifi, on the other hand you can configure everything in detail. You get an astounding amount of possibilities for your money, if you can accept the late-90s/early-2000s style web interface or just use the terminal interface instead.
The only thing I've found lacking is that they don't have any 4x4 or 802.11ax access points yet, but if you go modular (separate router, switch and AP), you can upgrade piecemeal when you need to.
> A common warning I read when researching Ubiquity products was that they're not for people who aren't tech/networking professionals.
There's still a lot of weirdness in Ubiquiti, even in their UniFi line, that'll throw the average user, but it's definitely a lot more user friendly than the EdgeMax line. I often find UniFi tries to be so friendly that it ends up making things harder. I had an auto-discovery issue that I spent a lot of time troubleshooting, mostly because I can't just tell it "this device with this MAC address is here now", it has to find it for itself.
The UDMP does a really good job just being "the central core of your network you plug stuff into", but it's also confusing because it has the device firmware itself and then the software for each function on it, including the firewall software, which is all very convoluted.
I have an EdgeRouter ER-8 (acquired secondhand; I do not need 8 router ports for my home network) and have been considering upgrading to an EdgeRouter ER-4 (fewer ports; much better throughput) because the ER-8 is actually a bottleneck on my 600Mbps cable uplink. The ER Lite is even worse and doesn't seem to be well suited to modern Internet speeds.
The EdgeRouter OS is essentially a Debian build and can run openconnect and other VPN software if you need something that is not included in the base install.
I would recommend the ERs to anyone with a bit of networking skill.
I've got a UniFi Dream Machine Pro and a UAP-AC-PRO, and it's everything I could ever need or want in a home network. I had an EdgeRouter X before the UDM Pro, which was also very nice but definitely lacked a lot polish and also just couldn't provide the full speed of my Internet connection (600mbps).
My parents have Eero, and it's definitely a really nice system that Just Works. Exactly as you described it, perfect for a consumer that wants quality without having to be a network admin.
Many of the items on the checklist are questionable. eg.
>Can the wireless network(s) be scheduled to turn off at night and then back on in the morning?
This seems almost tin-foil hat level security. Nobody is wardriving at 3am and hacking into your wifi.
>Is it limited to one logon at a time? It should be. The router should not allow multiple computers to logon at the same time using the same userid.
How does this improve security? I guess you can use it to catch an attacker on the rare chance that they get access at the same time you're on the admin page, but that's not really worth considering.
>Can the userid for the web interface be changed? Every router lets you change the password, a few let you also change the userid. This is most important when using Remote Administration. An October 2016 study of 12,000 home routers by ESET found that "admin" was the userid "in most cases."
I work on a product that allows "one user at a time". It's not a security issue, it's a "don't want to maintain a multi-user database for extremely small benefit" issue. There's no good reason to have multiple folks futzing with this thing's configuration, just like there's no good reason to have multiple folks futzing on your router. Most of the time my product or your router sits in an out-of-the-way place gathering dust, multi-user access is a laughably infrequent use case.
Now why the author calls this out is anyone's guess. Sometimes someone sees a product like what I work on, sees single-user, assumes "aha! Better security!" No, we're just lazy. If there's any additional security, that's gravy and not a design decision.
I do think "one logon at a time" might be a good idea, just not for security reasons. I suspect these routers don't do well with concurrent updates.
Changing the admin id would have the benefit of culling out noise. An unsuccessful login attempt to "myuniqueadmin" catches your attention as something meaningful.
I think you can swap "old desktop" for some smaller new power efficient mini desktop, which at idle (for basic home needs lets face it it's pretty close to idle) it's likely to draw way under it's max... but if you are so carbon conscious consider the total environmental cost, buying new shit (new mini desktop or consumer routers) that constantly needs replacing incurs a carbon cost through consumption that people rarely try to quantify because it's not so easy - but it's often still very big. Saving an old PC from the rubbish is free of this cost, it not only saves manufacturing carbon cost but environmental pollution.
On Ebay you can find Dell R210 ii with Ivy Bridge CPU for 150 USD. These idles at 25watt, and are super quiet and small. I have not tested the R220 with Haswell, but I guess idle watt usage is less than 20watt as Haswell had much improved power efficiency when idling.
1 Watt continuous is $1 per year, as a typical USA rule of thumb (at $0.12 per kWh). Places like California are a lot more expensive.
So yeah, it's pretty expensive on an ongoing basis to convert an old desktop to a router.
I must confess, I run an OpenBSD firewall on an old Dell server. Fortunately the Intel CPU doesn't need to do much. So I'm only drawing about 70 W continuous. I keep meaning to replace it with something more power efficient but haven't.
I started thinking this route. 12 months and $2000 later I ended up with a 15U rack in my basement, Ethernet drops in most of my rooms, wifi that blankets my home and yard, 4K security cameras, and more. Contrary to what you might read from a vocal minority on Reddit, my UDM-PRO has been solid. It was a great investment for the work from home era.
Not saying it wasn’t worth it - it’s a huge step up in reliability from what I had, but I kinda feel like an EdgeRouter is a gateway into the wider Ubiquiti ecosystem.
I currently have Ubiquiti gear, bought about five years ago, and my APs are already EOL for a couple of years. They don't seem like a great choice for medium-term or long-term installations for this reason. They also don't seem to publish EOL or support timelines, or commit to supporting equipment for any term (as far as I can find - I'd love to see a support schedule if anyone know it).
On the flip side, the UAP-AC-PRO access point that I bought 5+ years ago is still supported and receiving updates to this day. And that's the case for the majority of their access points.
Glancing at their documentation, it seems that they've only EOLed the three early 802.11ac access points they released. Of course that doesn't help you or make your concern any less valid, but it's not like they're in the business of just willy-nilly cutting off support for their products. The one you bought just happened to fall into an unfortunate minority.
I agree, but they don't seem to release any information about how long a product will be supported. I could upgrade today and find the product EOL'd tomorrow.
PCEngines APU for DIY, or Mikrotik for a provided solution. If you need more ports or throughput, extend with a dedicated switch. Any stupid unmanaged switch is good enough for most SOHO use-cases, unless you want to get serious with segmenting your network with VLANs and ACLs.
As for what DIY OS/dist, I have used VyOS, IPFire, pfSense, OPNSense, and a handful of various xx-WRT derivatives. OpenWrt is still my recommendation without a doubt. I'm still not at all a fan of the update and package management of OpenWRT, but it's the best out there unless you configure a vanilla debian install yourself.
Keep WiFi APs as separate devices, regardless of if you mesh or not.
For fun, I'd make my own with a low-power Linux/BSD box (Atom or ARM-based). I guess performance would be totally acceptable comparing to consumer-grade routers (do we need ASIC-based routing at home anyway?)
For the full consumer router experience you should run it inside qemu-system-mips. Then it should also match up performance wise.
Of course it wouldn't be complete without hacking up your own, custom Linux system calls[1], or hacking up SquashFS to be big-endian for no reason and storing your own data structures in the compressor options[2].
For my home, using Ubiquiti products has worked well. I have the EdgeRouter Lite and UAP-AC-PRO access points which support POE. It's been nice using products designed for professionals, and it's nice to be able to administer and upgrade the router independently from the access point. These products just work, and there's none of this dodgy "reboot the router" nonsense.
I hear a lot of good things about the many mesh networking setups (often combined routers/APs) now on the market but haven't tried any. They're almost certainly a better fit for a consumer who doesn't want to be a network admin. Ubiquiti has one (the "Alien"), and the Eero (now owned by Amazon) is often recommended.