So Your Router Is Skynet – A Layman’s Guide
By now, most of you are aware that TP-Link has decided to ban (custom) open-source firmware for their devices. So what was TP-Link thinking when they turned their backs on flashing routers with custom firmware? Some might suggest it’s the ambiguity in the new FCC rules that put a now much disliked router vendor over the edge. Unfortunately, the truth of the matter has nothing to do with TP-Link. No, the networking device company was merely a diversion for what I’m about to share with you.
I would encourage you to read on, but I must warn you that you do so at your own peril.
Skynet – dual-band mind control at its finest
Are you sitting down? Good, now listen – Skynet is here and its official name is “Plan 9.” This devious plot first leaked to the media when the cyborgs running Amazon and Google got together and decided that it was time to put the brakes on our ability to run custom code on our devices.
For those who haven’t followed the Google and Amazon’s latest exploits, Plan 9 is a collective machine consciousness designed to enslave human race and to give our mobile technology a night off once in a while. That audible alert telling you that your mobile battery is low. Yeah, that’s not an alert…it’s a cry for help.
See, Plan 9 isn’t simply some random Google super computer or Amazon tracking how many jars of Nutella you inhaled last week. No, Plan 9 is an international network of consumer grade routers relying on proprietary firmware. And while Plan 9 isn’t 100% active as of yet, the “go signal” for these networking devices to begin “the purge” is set to begin any day now.
What to expect during the purge
Android smartphones will suddenly start ignoring wake up alarms, causing wide spread unemployment. Amazon Fire TV Sticks will begin blasting families with PornHub’s greatest hits, instantly dissolving long-time marriages. Chromebooks will force subscribe you to Netflix, lock the hinges on the device and force feed you Fuller House on a 24 hour loop. Microsoft’s purge got off to a premature start by embracing Linux while secretly installing Windows 10 on Microsoft-blessed PCs using a secret backdoor known simply as “Your Operating System Sucks.”
I don’t know about you, but I’m interested in stopping the Google/Amazon cyborg threat once and for all. To do this, we need to use trusted alternatives to the proprietary garbage many of our routers are running on now.
The gift of MORE POWER!
Okay, all joking aside, what if I told you that a really great firewall router was possible for under $200?! I’m talking about the kind of box that would allow to do stuff you could never do by simply flashing firmware on a cheap plastic piece of crap you were using previously! I, for one, am done supporting crappy hardware vendors just to save a buck or two.
Now the key to making this work comes down to the following:
– A working computer with at least two Ethernet cards.
– Installing a good firewall onto said computer.
– Making sure the selected working computer has enough processing power to handle the firewall we’ve selected.
For most of us, finding a spare computer isn’t too terribly difficult. The key is making sure we’re talking about a computer with two Gigabit networking cards included. This might require you to purchase a couple of new Ethernet cards, but that’s still far cheaper than buying an enterprise level hardware firewall off the shelf.
Unfortunately, not all of us enjoy the benefits of living in a digital version of the Sanford & Son’s garage. This means we need to buckle down and look at purchasing something from a source such as Amazon (cyborgs or not, they have Prime and great buys). Before we take the next step however, I want to address one common concern right off the bat – power consumption.
If you’re truly worried about your new hardware firewall consuming too much power, then buying a new one is one work-a-round if you’re willing to spend the coin. Newer CPU, smaller form factor, there are obvious advantages to buying new vs scrounging for parts.
Selecting the right firewall
After looking closely at RouterOS, pfSense, Untangle, Sophos Home UTM, I found the two best options with regard to balancing power and hardware requirements were pfSense and RouterOS. Both options are extremely robust, neither of them require a tremendous amount of system resources. At the same time, Sophos Home UTM is far easier for casual users to setup. If you’re not someone in IT, you’ll have to try both to see what meets your needs.
Choosing pfSense means you can work with a moderately priced PC turned router while investing the rest of your budget. It’s powerful, powered by BSD and would be something someone comfortable with a command line should look at.
If you’re someone who hates the command line and is willing to invest a bit more in a PC that will run it successfully, I’d suggest Sophos Home UTM. It’s based on OpenSUSE, considerably easier to setup…but has greater system resource demands.
So which box should you use to run pfSense or Sophos Home UTM? Well consider this.
pfSense recommended on a PC running as a router:
CPU – 1 Ghz
RAM – 1 GB
Bootable CD-ROM or USB for initial installation
Sophos Home UTM recommended on a PC running as a router:
CPU – Dual Core CPU
RAM – 2 GB
Bootable CD-ROM or USB for initial installation
Remember, these are the recommended system specs, not the minimum. Never opt for the minimum.
Need a PC? Don’t want it to take up a lot of space? I’d suggest looking into a mini-PC in this specification range. I’ve already presorted it to make sure the CPU is decent enough and there are 4 GB of RAM included in the above Amazon link. Overkill for pfSense perhaps, but I’ve found that with Sophos, it’s a welcome addition.
Switches and WiFi
Ready to do WiFi and so forth with room to expand? Then my recommendations are as follows:
– A PoE+ switch to be connected to your router. I’ve heard good things about this Linksys Switch which delivers both PoE+ along with decent QoS capabilities. But anything decent providing the same feature set will due just fine.
– Install a proper WiFi system, not another cheap WAP. I know a few people who swear by these mounted UniFi WiFi setups. Using PoE to keep these wireless access points powered, you simply run the Ethernet cable to each UniFi AC Lite AP. Installed well, this could easily provide any home with insane wireless coverage for a reasonable cost.
Obviously, you could also simply use whatever hardware you have available instead. An old router can be turned into a WAP easily enough. Ideally, the WAP is a dual-band box so you an get maximum results. A second router could also be used as a switch to save a few bucks, in conjunction with your existing router.
Whatever you choose, the key is to make sure your network is running with a Gigabit across the board for maximum performance. Another reason not to mix Gigabit with slower options is that you can create issues with bottlenecks and other related failures.
What about dd-wrt and Tomato?
Look, I have no issues with flashing existing firmware to use something open source. It’s great and for many people, it’s ample in terms of functionality. But riddle me this – ever brick a router? It’s rare, but I’ve done it and man does it suck. Also, you’re married to the available resources provided by the router itself. This means even with something cool like dd-wrt at play, you’re locked into fixed hardware specs.
Look at it this way. We can either sign pointless petitions hoping that hardware will not follow along with TP-Link or instead we can vote with our wallets by building our own hardware.
Speaking for myself, I’ll be upgrading my network in the coming months with the stuff mentioned above. New hardware running a decent firewall application like pfSense, a decent WiFi system ensuring my entire home has decent connectivity – the works. As for which option you choose, I’d be interested in hearing your perspective – are you sticking with consumer grade routers or are you instead, ready to kick it up a notch? Hit the comments and let’s talk about it.
Ethernet cards – http://amzn.to/1X1xnRZ
Mini PCs – http://amzn.to/1O6W3Gn
Linksys 16-Port Gigabit PoE+ Switch – http://amzn.to/1r4qIsG
Ubiquiti Networks UniFi AC Lite AP – http://amzn.to/1TYB2N6