Looking for a Router 6E and Protection settings.

[Klemen]

I am looking at Asus's routers right now and was wondering which on to pick I want it to be 6E to be future proof for a while since I am upgrading my home with 6E devicing this year. 

I am also looking for something like protection or featuers with VPN and so on, I am working in crypto space and I'd like to have a bit more freedom on the interent. 

I also heard that if you have VPN you can "install" or have it on router and then any device which connects will be connected with the VPN. 

I also play games, but my interent is quite good with 750Mb/s wired - FIBER, other than that i have ISP device, forgot the word you use for modem+router+switch, think it is ISR and overall it lacks 95% of featuers and it's locked in a way. 

So that's the biggest take away for me to upgrade. I am looking for mid-range router, but any higher options are welcomed as well.

 

[Falcon1986]

11 minutes ago, Klemen said:

forgot the word you use for modem+router+switch

Internet gateway.

 

12 minutes ago, Klemen said:

overall it lacks 95% of featuers and it's locked in a way. 

They usually do.

 

What type of internet connection? Fiber, cable? Are you looking to replace the ISP unit or connect the new router to the ISP unit?

 

13 minutes ago, Klemen said:

but my interent is quite good with 750Mb/s weird

To be able to maintain such high WAN-to-LAN speeds and a VPN connection, you'll need something with a capable CPU. My go-to in this type of situation is either the Ubiquiti Dream Machine Pro or a pfSense appliance.

[Electronics Wizardy]

19 minutes ago, Klemen said:

I also heard that if you have VPN you can "install" or have it on router and then any device which connects will be connected with the VPN. 

Id probably stay away from a VPN here, it won't help you for most uses. What threats are you trying to be secure from?

 

20 minutes ago, Klemen said:

also play games, but my interent is quite good with 750Mb/s weird, other than that i have ISP device, forgot the word you use for modem+router+switch, think it is ISR and overall it lacks 95% of featuers and it's locked in a way

What features do you want that the ISP box doesn't have? Is the wifi slow? Are you hosting servers?

[heimdali]

You could run OPNsense in a VM (though running it direct on hardware is recommended), or buy one of their appliances.

 

Avoid pfsense, they're going too much towards non-free.

 

Avoid Ubiquity, they tie you to an account with them and that means they control the users of their devices and may turn off your internet whenever they see fit.  Their EdgeMAX products are quite something, but that product line is probably being discontinued soon.

 

Does the Asus router use free software?  If not, why would you consider anthing but free software, especially for a security device?  Same goes for Ubiquity.

 

[Lurick]

7 minutes ago, heimdali said:

Avoid Ubiquity, they tie you to an account with them and that means they control the users of their devices and may turn off your internet whenever they see fit.  Their EdgeMAX products are quite something, but that product line is probably being discontinued soon.

That's completely false. You ONLY need an account to monitor remotely, otherwise you can do everything locally.

[heimdali]

@Lurick

Without tieing the device to an account, you can't even get it to work.  They also have limitations on transfering ownership --- and there is no telling what other limitations they might come up with in the future.

 

At least that's what I found out --- I don't have one.  Do you have one, and can you confirm that you can take the pro version (I wouldn't bother with the non-pro anyway) out of the box, connect it to your internet connection and set up your firewall and anything else you need without a remote account?  Can you also confirm that if you want to sell the device, you can just do that and neither you, nor the new owner would have issues, and no account is required for that?

 

Besides, why would I need an account for remote montoring?  Can't I just connect to my network via VPN, wireguard or ssh and monitor or configure in which ever way I see fit?

 

[Klemen]

2 hours ago, Falcon1986 said:

What type of internet connection? Fiber, cable? Are you looking to replace the ISP unit or connect the new router to the ISP unit?

Fiber. I don't think COAX even reaches these speeds

[Klemen]

2 hours ago, Electronics Wizardy said:

Id probably stay away from a VPN here, it won't help you for most uses. What threats are you trying to be secure from?

Mostly I want to hide the identity on the interent, since I am dealing with countless people everyday and applications that record your time, locations and ip... 

2 hours ago, Electronics Wizardy said:

What features do you want that the ISP box doesn't have? Is the wifi slow? Are you hosting servers?

Ofc WiFi is slow. Doesn't have WiFi 6. It an ISR device which packs 3 things together and in which in nothing excels well. It's locked, doesn't have any featuers other than to change SSID and password and from automatic IP or static. that's all the featuers. 

I don't have any server, mabye in the future when i get more things on my hand. 

[Electronics Wizardy]

5 minutes ago, Klemen said:

Fiber. I don't think COAX even reaches these speeds

What types of fibre? You often have to use their modem/ont for fibre.

 

1 minute ago, Klemen said:

Mostly I want to hide the identity on the interent, since I am dealing with countless people everyday and applications that record your time, locations and ip... 

Quote

VPNs really won't help much for a lot of this. Location is using far more than VPN, and the websites can still see almost all the same info about you with a VPN. I wouldn't both with a VPN from what you have listed.

 

Id probably just get some wifi aps here. How big is your house? The included router on the ISP device seems to be fine for your use and you mostly need better wifi.

[Klemen]

6 minutes ago, Electronics Wizardy said:

What types of fibre? You often have to use their modem/ont for fibre.

 

VPNs really won't help much for a lot of this. Location is using far more than VPN, and the websites can still see almost all the same info about you with a VPN. I wouldn't both with a VPN from what you have listed.

Nah I wouldn't really bother with WiFi since I won't be using that much, others might or if I am on the laptop which usually i am not in house. But since i am on a run for a new one i might as well get everything today's market can offer me. 

Quote

Id probably just get some wifi aps here. How big is your house? The included router on the ISP device seems to be fine for your use and you mostly need better wifi.

I don't know how can it be fine. It's totally locked away. I mean primary function is yes to kinda plug and go, but messing with anything besides that is impossible since settings arent even there. 

 

Maybe i am asking the wrong question. Is or are there any settings in unlocked routers you buy that you can benefit from? Or am i looking in the wrong place? 

I want to know more and go around annoying sites and apps that record everything of you. 

Basically, i am trying to be more anonymous than I am today. 

 

[Electronics Wizardy]

1 minute ago, Klemen said:

I don't know how can it be fine. It's totally locked away. I mean primary foncution is yes to kinda plug and go, but messing with anything beside that is impossible, since settings arent even there. 

 

Most of the ISP routers Ive used have a good amount of settings, they let you do things like port forwarding, change DHCP and DNS settings and toehrs. 

 

2 minutes ago, Klemen said:

Maybe i am asking wrong question. Is or are there any settings in unlocked routers you buy that you can benefit from? Or am i looking in the wrong place? 

I want to know more and go around annoying sites and apps that record everything of you. 

Not really for average home use. The defaults are pretty good. 

 

Apps recording info about isn't affected by the router, the router just passes it between your pc and their servers, you can't really easily block it on a router as its all encrypted anyways.

 

You can setup something like a pi-hole for a dns filter that can help some, but most privacy improvements are from using different services and settings, not by a different router or VPN.

[Klemen]

2 hours ago, heimdali said:

You could run OPNsense in a VM (though running it direct on hardware is recommended), or buy one of their appliances.

 

Avoid pfsense

 

Ubiquity 

 

Their EdgeMAX products are quite something

Do they require more resources on a computer? 

2 hours ago, heimdali said:

Does the Asus router use free software? 

I think it has its own software that you don't have to pay for since it comes like all in one. I think that's quite common practice for Asus routers other than if there are in partership with VPN provider WTFAST

2 hours ago, heimdali said:

If not, why would you consider anthing but free software, especially for a security device?  Same goes for Ubiquity.

I don't follow. You trying to tell, Paid = more secured? 

[Klemen]

1 minute ago, Electronics Wizardy said:

 

You can setup something like a pi-hole for a dns filter that can help some, but most privacy improvements are from using different services and settings, not by a different router or VPN.

I see. Will look into everything that you and others suggested.

[Electronics Wizardy]

2 minutes ago, Klemen said:

Do they require more resources on a computer? 

you would set these up on a computer to work as a router. Normally a seperate pc.

 

2 minutes ago, Klemen said:

I think it has its own software that you don't have to pay for since it comes like all in one. I think that's quite common practice for Asus routers other than if there are in partership with VPN provider WTFAST

Id stay away from a VPN here with your use case, it won't really help, and now the VPN provider and their ISP can snoop on your traffic.

 

2 minutes ago, Klemen said:

I don't follow. You trying to tell, Paid = more secured? 

Normally open source = more secure, but really depends.

[heimdali]

36 minutes ago, Klemen said:

Do they require more resources on a computer? 

Ubiquity makes devices that run their software on the device and not on your computer, so they don't require resources there.  You can run OPNsense, PFsense or other router software on your workstation or on your server in a virtual machine, which would require resources.  Or you can buy dedicated devices from the makers of OPNsense or PFssense running the software on them, or you can run the software on a dedicated computer.  Running OPNsense on my server in a VM instead saves me a lot of money ...

Quote

I think it has its own software that you don't have to pay for since it comes like all in one. I think that's quite common practice for Asus routers other than if there are in partership with VPN provider WTFAST

I don't follow. You trying to tell, Paid = more secured? 

No, I'd think that open source is more secure.  Everyone can check out the sources to see if there are security issues and can modify the software according to their needs if they want to.  That also involves not controlling the users by limiting their use and whatever they do with the software and not spying on them.  That's what free software is about, it's about freedom.  Non-free software is usually not open source, and the users can't do anything that the manufacturer doesn't want them to.  If you have a router (or other software) that  isn't open source, you never know if the manufacturer has built in some back door to allow access to your network, or other ways of spying on you like telling the manufacturer which web sites you make contact with --- there are lots of possibilities.   If the manufacturer decides that they discontinue their product, you will be left entirely without support and likely need to switch to something else.  That doesn't happen so easily with free, open source software because it's somewhat likely that other developers will take over when one leaves the project, and you may be able to help yourself.

 

So I don't see why anyone would accept any non-free software at all.  I don't need to be controlled by others through software and become their puppet.  Since you are concerned about your privacy, you may want to switch to free software.

 

For anonymity, you can try to use the tor network.  Unfortunately, too many sites are blocking that.  That kind of blocking should be illegal ...

 

Have you heared that Apple is planning total surveillance and to rape their customers without limit?  See https://www.fsf.org/news/a-wake-up-call-for-iphone-users-its-time-to-go

If you have any device from Apple, you need to get rid of it.  That's the blessing of non-free software, and it's simply unacceptable.

 

[Klemen]

17 minutes ago, heimdali said:

 

 

For anonymity, you can try to use the tor network.  Unfortunately, too many sites are blocking that.  That kind of blocking should be illegal ...

I don't really need a web browser since i am dealing with applications :x

Quote

 

If you have any device from Apple, you need to get rid of it.  That's the blessing of non-free software, and it's simply unacceptable.

 

From some guys I hear how more secure they are and keep their privacy for themselves and what you are doing on it. Ofc they can prob see, but they will block anything that tracks you or anything like that without your permission, that's at least how I heard. 

 

Running on my server would be very cool ofc. I want to build one day a server cos i am hungry for experience and all, but going immediately into that can be overwhelming. There are many things you'd need to consider it's not a small task als if you are playing with subnets and all. In general i have no idea how everything really works, I have some knowledge from school when we were forced to calculate subets etc... that was funny but it was over too soon and I never had to use it again and I also didn't have much money to spare in school :x now i have a bit more to play around c: 

[heimdali]

You could buy a used server to learn with.  Put OPNsense on it and go from there ...

 

[Falcon1986]

4 hours ago, heimdali said:

Without tieing the device to an account, you can't even get it to work.

IIRC, there is a toggle switch during setup to disable cloud access and enable local access.

 

If you don't want Ubiquiti to host your cloud controller, you can host locally (on a Cloud Key or UDM-Pro), your own server (local or cloud) or even something like Hostifi.

 

4 hours ago, heimdali said:

They also have limitations on transfering ownership

Although I've never been in this scenario, I can easily reset any device by "unprovisioning" it and use it at another site. Setup starts from scratch. There's no license to be concerned about either.

[Alex Atkin UK]

Bear in mind there is very little WiFi 6e hardware right now, I'd not worry about that and just get a WiFi 6e Access Point later on once they are available.  I'm personally waiting on Zyxel to come out with one as while it will cost as a much as a router, them being business APs they are far more reliable than consumer equipment and built to last.

 

As for VPNs, if you do decide to use one bear in mind you're probably not going to get more than 300Mbit or so out of one, as its not cost effective for them to offer faster due to how few customers they can service per server at those speeds, particularly if they are using OpenVPN.

[heimdali]

5 hours ago, Falcon1986 said:

IIRC, there is a toggle switch during setup to disable cloud access and enable local access.

I have read that you can turn off using the account only _after_ you created it and tied the device to it, and when you have disabled using that you can't transfer ownership of the device anymore.  Besides all others issues with that, it means you didn't buy the device but only rented it.  Even when it's a one-time payment, it means you don't own your hardware.  And you don't know if Ubiquity suddenly decides that using the account all the time is required and that users have to pay some subscription fee.

 

And what about your privacy?  It's not in any way where, how, when, for what, and so on, Ubiquitys business what you do with your hardware.  But that you can't use "your" hardware without notifying them is a massive rape of your privacy.

Quote

If you don't want Ubiquiti to host your cloud controller, you can host locally (on a Cloud Key or UDM-Pro), your own server (local or cloud) or even something like Hostifi.

 

Although I've never been in this scenario, I can easily reset any device by "unprovisioning" it and use it at another site. Setup starts from scratch. There's no license to be concerned about either.

That isn't the point.  An UDM isn't their so-called cloud key.  It is a device that you pay for and yet it isn't yours as they keep control over it, not you, and it rapes your privacy.  It is an entirely non-free device.  That is not a device which I would want to allow to control my internet access, or anything else.

 

Besides, Ubiquity has always been extremely bad on documentation, and that didn't really change, though they tried to improve the documentation over time (but it still sucks).  That means you have to keep asking questions on their forum and hope that maybe you get answers eventually.  Many times you don't and that means you simply can't do what you need to.

 

For someone like the OP who seems to be interested in learning, I can point to routers and switches HP makes (or used to make) because they come with excellent documentation.  The documentation is so good that you can learn from it.  Compared to Procurve and Aruba switches, Ubiquitys EdgeMAX switches and routers are total crap because their configuration and administration is more like a nightmare than anything else, whereas Procurves and Arubas are extremely easy and a sweet dream to handle.  The only thing that does speak for Ubiquity is their relatively low price and that their hardware has advantages in that it usually doesn't run its fans and consumes less power than the HP (relatively old) switches.  HP may have improved on power consumption, I don't know.  HP has a lifetime warrany on some products, and they do replace your 15 year old switch, when broken, under warranty, even though you bought it used off ebay for 20 with a practically new one, and they even pay for the shipping.  As to Ubiquitys Unifi switches, you can't manage them without all the infrastructure and their management software running somewhere and accessible, and that makes their switches practically useless.  I need to be able to manage a switch by itself, especially since switches are infrastructure devices that need to work and do their part before the infrastructure is in place.  OTOH, HP has gone bad with their support because you have a hard time to get firmware updates without a support contract, which is something you don't get.  Cisco is much worse, so never buy anything from Cisco (or linksys).  That has been an advantage with Ubiquity as they don't give you trouble with firmware, but when they discontinue the EdgeMAX products, they will make no longer make any relevant products.

 

Having that said, I'm not entirely happy with OPNsense or PFsense because neither support zone base firewalls.  Yet that is someting I can live with, and what other option is there short of installing Fedora or the like and making your owner router with that.  I've done that 20 years ago with Debian, and it has become easier since.  If you really want to learn, make your own firewall from scratch with iptables and go from there.