Fresh Tomato - Web Admin - Wireless Access

[retiredcaps]

I hesitated but one day I’ll have to do something to upgrade to dual band. My home internet is 30Mbps and up until recently when my family got Netflix, it was 30Mbps constant.

When looking for a new router or used router, I think it's best to get one that has support from Openwrt and dd-wrt, freshtomato, etc.  That gives you options on which to run.

For example, on an older dlink router, openwrt runs fine, but with dd-wrt, the 802.11n becomes unresponsive after several minutes or days.

I think you will have better luck searching your local kijiji or other online vs value village for a decent router.

Start with a filter for < $50 and see what is the "best".  Then offer 50% of the asking price.   Routers are usually not hot selling items on kijiji and many people would be happy to get rid of them for $10 or $20.

If you disclose which city you live in, I can help you narrow down the options.

[james_s]

Because Tomato is using closed drivers with all the issues they bring. It's just rehashing dead old firmware to feel good.

Fully supported open drivers would be nice, but the closed drivers work just fine. Tomato brings a vastly superior (IMO) user interface than the stock Netgear firmware and more features. It also lets me standardize across all the different routers I've used. When I upgrade, I upgrade to something that supports FreshTomato and it's already familiar. My current R7000 looks exactly the same as my old E2000 except that it's a lot faster. My router is an appliance, if it works it works, it's not something I use to make a statement for open source.

[Monkeh]

Fully supported open drivers would be nice, but the closed drivers work just fine.

Within their limitations. And running a 2.6.. Yeah, no, sorry. It's 2020, would you run XP still in a security role?

[james_s]

Within their limitations. And running a 2.6.. Yeah, no, sorry. It's 2020, would you run XP still in a security role?

I wouldn't have run XP in a security role back when it was new.

What sort of security issues are you concerned with? Can you find some cases of these being exploited? I'd like to see some quantifiable data comparing the security of fully open drivers vs closed source Broadcom drivers because it sounds like speculation to me. We're not talking about corporate use where there are high value targets, most consumers run weak passwords and I still occasionally see networks with no password at all. It's not hard to not be the low hanging fruit.

Either way I'm going to continue running the R7000 with FreshTomato for the foreseeable future, in close to 20 years I've never had anyone crack my network, I keep pretty close tabs on things.

[Monkeh]

Within their limitations. And running a 2.6.. Yeah, no, sorry. It's 2020, would you run XP still in a security role?

I wouldn't have run XP in a security role back when it was new.

What sort of security issues are you concerned with? Can you find some cases of these being exploited? I'd like to see some quantifiable data comparing the security of fully open drivers vs closed source Broadcom drivers because it sounds like speculation to me. We're not talking about corporate use where there are high value targets, most consumers run weak passwords and I still occasionally see networks with no password at all. It's not hard to not be the low hanging fruit.

Either way I'm going to continue running the R7000 with FreshTomato for the foreseeable future, in close to 20 years I've never had anyone crack my network, I keep pretty close tabs on things.

The point is, there are no eyes on this code. None. Haven't been for a decade. I'm not even talking about Broadcom's vomit-code, just the kernel.

It's time to move on.

[Miti]

The best price I found for an R7000 on Kijiji is $70 CAD. Still looking...

[cdev]

You can use a Raspberry Pi with a $5 USB dongle and run current code. Ralink dongles are very compatble and the drivers are open sourced. That would give you more opportunity for logging. As far as performance, if you use the RPI 2 or 3 with a USB3 ethernet adaptor for the uplink NIC, the Ethernet performance quadruples or more. With a modern, fast USB wireless dongle running as an access point, (you can use Raspbian or OpenWRT) the performance will be quite good, you can even use 5 GHz and you'll have far more memory and storage space for applications and logging.

[Miti]

You can use a Raspberry Pi with a $5 USB dongle and run current code. Ralink dongles are very compatble and the drivers are open sourced. That would give you more opportunity for logging. As far as performance, if you use the RPI 2 or 3 with a USB3 ethernet adaptor for the uplink NIC, the Ethernet performance quadruples or more. With a modern, fast USB wireless dongle running as an access point, (you can use Raspbian or OpenWRT) the performance will be quite good, you can even use 5 GHz and you'll have far more memory and storage space for applications and logging.

You gave me an idea, I don't have a newer R-Pi but I do have an Intel NUC DCCP847DYE collecting dust in my toy box. I see that Openwrt and DD-WRT have X86 images and I incline towards DD-WRT since is more...NOOB friendly,  but it requires "registered users" for Wi-Fi support, which translates into "paid". I wonder if I should try the public image and then, if I can make it work, pay 20 euros for the registered version to add Wi-Fi. I will need to find what dual band USB adapters would work with this image, they mention Atheros.

[Monkeh]

You can use a Raspberry Pi with a $5 USB dongle and run current code. Ralink dongles are very compatble and the drivers are open sourced. That would give you more opportunity for logging. As far as performance, if you use the RPI 2 or 3 with a USB3 ethernet adaptor for the uplink NIC, the Ethernet performance quadruples or more. With a modern, fast USB wireless dongle running as an access point, (you can use Raspbian or OpenWRT) the performance will be quite good, you can even use 5 GHz and you'll have far more memory and storage space for applications and logging.

You gave me an idea, I don't have a newer R-Pi but I do have an Intel NUC DCCP847DYE collecting dust in my toy box. I see that Openwrt and DD-WRT have X86 images and I incline towards DD-WRT since is more...NOOB friendly,  but it requires "registered users" for Wi-Fi support, which translates into "paid". I wonder if I should try the public image and then, if I can make it work, pay 20 euros for the registered version to add Wi-Fi. I will need to find what dual band USB adapters would work with this image, they mention Atheros.

He's now charging for basic functionality? Grand.

DD-WRT is a dead end project. Just don't go there.

[Miti]

I don’t get it. What do you mean by basic functionality?

[Monkeh]

I don’t get it. What do you mean by basic functionality?

Uh, wifi?

[Miti]

Read again please.

[Monkeh]

Read again please.

pay 20 euros for the registered version to add Wi-Fi.

Read again, still says 'pay for wifi'. This is basic functionality (as is allowing over 4096 states).

Now, to be fair, some other options also charge for AP capability, but those tend to bring more to the table. Like clear websites, documentation, support staff who speak English, hardware platforms to go with their OS.. An actual release in the last 12 years..

And all of this comes on top of the fantasy of using some cheap USB dongles and expecting to get a good AP out of the solution.

[retiredcaps]

I see that Openwrt and DD-WRT have X86 images and I incline towards DD-WRT since is more...NOOB friendly,

Openwrt is menu driven with luci interface.  It's like any other menu based system.

[retiredcaps]

The best price I found for an R7000 on Kijiji is $70 CAD. Still looking...

On my local kijiji, I can get a 64MB flash 64MB dram router with a recent (June 10, 2020) dd-wrt supported image for $5 CAD.  No support from open-wrt, otherwise I would be getting this router for myself.  Obviously, this is the best deal I found, but there's lots of options $20 CAD or less.

I already have enough free Cisco/Linksys routers with dd-wrt images.  My preference is openwrt.

[Monkeh]

The best price I found for an R7000 on Kijiji is $70 CAD. Still looking...

On my local kijiji, I can get a 64MB flash 64MB dram router with a recent (June 10, 2020) dd-wrt supported image for $5 CAD.  No support from open-wrt, otherwise I would be getting this router for myself.  Obviously, this is the best deal I found, but there's lots of options $20 CAD or less.

And what device is this?

[retiredcaps]

And what device is this?

Cisco/Linksys EA2700.  Specs at

https://deviwiki.com/wiki/Linksys_EA2700

dd-wrt image (June 10, 2020 image - build r43381) at

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/06-10-2020-r43381/linksys-ea2700/

No openwrt support.

https://openwrt.org/toh/linksys/ea2700

[retiredcaps]

And when I say recent dd-wrt build, I mean it's been compiled recently.  I don't mean it has a recent kernel like 4.x or 5.x.  It's going to be running kernel 2.x or 3.x.

Again, my preference would be openwrt since it uses a 4.x kernel.

For now, I'm happy with my layered security defense approach and not too worried about running dd-wrt on my current free router.

If I was super concerned, I would just spend $20 CAD on an used router that supports openwrt.  I found a handful that have at least 8MB flash and 64MB DRAM (or better specs) in the $20 to $30 range.  I'm sure that I could get them for $20 or less since most of the ads have been up for 1+ month meaning no one is interested in them.

I realize that having a 4.x kernel doesn't mean it's 100% secure either.  Unknown/undiscovered bugs are always present and some patches may not be applied to the underlying hardware.

[Monkeh]

Ah, yes, impractical Broadcrap. Also N only, so no wonder it's $5.

[retiredcaps]

Cisco/Linksys EA2700.  Specs at

Just doing a project today and ran into some problems and when searching for a solution, I ran into this wrt to dd-wrt. Note, I don't keep up with all the various wifi router models and don't know all the caveats.  See below

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1069911

"Brainslayer has said of the e2500, e3200 and ea2700 that they use a shifty usb 5ghz card and he isn't going to support it."

[Miti]

Ok, I bought a Netgear R7000, paid $60 CAD for it, the best price I could find. I installed Fresh Tomato with VPN, I’m in process of (manually) transferring my settings from the old router. I tried going back and forth between Tomato and Netgear Genie, very easy process. I’ll see how it goes.

[retiredcaps]

Since your initial post, I downloaded fresh tomato source code, compiled it and loaded it on an old router and it works.  Very simple to do and it took about 20 minutes to compile on an older Core2Duo machine.

Just today and before your post, I'm downloading and trying to compile openwrt to see how it works.  Compiling and building the 2, fresh tomato and openwrt, are completely different.  Openwrt tries to be more user friendly.

PS. I picked up a Linksys EA6400 for $5.  Yes, I know it's broadcom based so I'm limited to dd-wrt if I want 802.11n, ac and 5Ghz, but I thought it was too good of deal to pass up.

I also see another $5 used router that supports openwrt (8MB DRAM, 128MB flash). The current openwrt flash size for it is 3.8MB so there's lots of room for future code.  The router and code supports 802.11n and 5Ghz, but the router doesn't support ac.

The reason why so many, IMHO, good used routers are so cheap is that more and more ISPs when they are replacing or upgrading the customer's dsl or cable CPE, the new ISP CPE are coming with wifi/router built in and customers are opting to use them instead of buying new $100 routers that support 802.11ac and 5Ghz. 

My old cable CPE didn't have wifi and router functionality.  My new cable CPE does support 802.1n, ac and 5Ghz, but I have it set to bridge mode and use my own router as I don't trust the cable provider to properly manage those settings and I have no idea what backdoors are present.

In my area, 80% the broadcast SSIDs are ISP1xxxyyyzzz, ISP2xxxyyyzzz.  So many are opting for the ISP routers and they aren't even bothering to changing the SSIDs and default passwords/keys on the front sticker of the CPE.

More on home router security since your initial post.

https://routersecurity.org/

[Miti]

Thanks for the link! Lots of good info there. Yesterday, I found another router by the side of the road. It is a Linksys E2500, 300MHz, supported by Fresh Tomato. I’m thinking I should make it wireless guest only. 

[retiredcaps]

The E2500 has the 5Ghz radio on the USB bus.  I got a E3200 for free from a friend and it also has the 5Ghz on the USB bus.

According to

https://www.linksysinfo.org/index.php?threads/linksys-e2500-v3-what-is-the-expected-throughput.72856/

The 5Ghz speed is limited because the CPU is at 99%.

The best throughput I can get is around 65Mbps in 5Ghz mode.  With nat acceleration (using bcm_nat), I can get around 82Mbps.

I don't use that much bandwidth on wifi so right now the E3200 is a backup router.

[Miti]

Finally I found the time to configure and install my new ( for me) router. Speed is good, range is... wooow.
I have a problem though. The routers’ place is close to a wireless PIR sensor for the stay zone of my alarm system. That zone is armed at night. Every time I access 5GHz network, that sensor triggers.