Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: z1ts on July 20, 2020, 07:57:58 AM
-
Good day all you helpful peeps!
I have a requirement for a new router, but I don't know exactly what make/model etc. is best suited to my requirements.
In no particular order, this is my situation & requirements:-
- Currently on an EE FTTC package (this may change in the future, but I imagine will always be a FTTC of some flavour)
- No requirement for WiFi as this is handled by WAP's all around the house
- I use www.noip.com for DDNS to collect my public dynamic IP so native integration with NoIp would be almost essential (unless there's some other way of achieving the next point that I've missed!)
- This is the big thing my current router(s) can't achieve:- VPN, I use VPN on my work LAN and love the ability to access files remotely, remotely print, hop on to an RDP session and help a colleague out etc. etc. I would LOVE to replicate this on my home network (i.e. file access, remote print etc. etc.)
So there you have it! Is there anything out there that could do what I need 'out of the box'? I'm not that madly keen on PFSense & anything that requires 'flashing' etc. I'd prefer it to just plug in, configure & off I go!
Thanks in advance guys & girls
-
So there you have it! Is there anything out there that could do what I need 'out of the box'? I'm not that madly keen on PFSense & anything that requires 'flashing' etc. I'd prefer it to just plug in, configure & off I go!
Thanks in advance guys & girls
Have you looked at DrayTek router/firewall offering? Cisco RV340, perhaps ?
BUT, frankly I'd suggest either pfSense or OPNsense box :cool: Yes it takes some time to learn, but IMHO it's worth it...
-
I have a requirement for a new router, . . .
There are two questions that need to be asked --
- Do you mean a router, as in the true meaning of the word?
- Or do you mean a modem/router device?
-
Correct @burakkucat.....!
- Possibly I don't!
- Yes, I need a VDSL modem router ;)
;) ;)
Thankee!
-
Thank you. :)
Not knowing what modem/router you are currently using and the budget available for the new purchase, there are many possibilities . . .
Starting with devices from Cisco Billion all the way through to devices from ZyXEL (alphabetical ordering) could be appropriate. (I can't think of any manufacturer names beginning with A or B.)
[Edited to accommodate the adjustment suggested by 7lm.]
-
(I can't think of any manufacturer names beginning with A or B.)
Billion?
-
Billion?
Now why didn't that come to mind? :-[
-
Now why didn't didn't that come to mind? :-[
Probably because I have one (two actually) and you haven’t? :D
Anyway apols for the thread interruption, intended as humour. No implication that OP should focus attentions on Billion devices. :)
-
I recommend Draytek, still a steep learning curve but I found it easier than pfSense and information more readily available and easier to understand.
Starting with devices from Cisco Billion all the way through to devices from ZyXEL (alphabetical ordering) could be appropriate. (I can't think of any manufacturer names beginning with A or B.)]
Apple, ASRock, Asus, Amped wireless, AVM
Belkin, Buffalo
Ok, I did cheat https://www.google.com/amp/s/routerchart.com/brands
-
Thanks all (especially for the light heartedness that makes this place what it is!)
In answer to varying comments, currently running a TP-Link TD-W9980 (at least for a week or so) having move from an EE Brightbox...
Reason I swapped to it? I had it kicking around at work and thought that it had the functionality for VPN (it does but only with like-devices....... not 'dial-in' like some of the Drayteks do)
Budget:- sub £100 ideally, which should be achievable I believe as I don't need WiFi (I may be wrong!)
Interesting you mention Draytek @Ronksi..... That's what replaced the above mentioned TP-Link at my work...!
Seems like quite a good bit of kit so far.
-
Something to consider . . .
Will you want to (comprehensively) monitor the circuit's status i.e. make use of DSLstats? If yes, then you will need something that uses a Broadcom chipset.
Let's see what suggestions other members may make.
-
Interesting you mention Draytek @Ronksi..... That's what replaced the above mentioned TP-Link at my work...!
Seems like quite a good bit of kit so far.
I run pfSense at home but do struggle with it, I just don't dabble enough to learn how to use it properly and remember where/how things work. We had issues a year or so back at work with someone trying to hack the RDP connections, so I upgraded the router at work to a Draytek (HG612 modem), and it's been brilliant, still hard to configure, but not so hard and our ISP is very familiar with them.
-
I think the biggest thing that throws you with pfSense is that when you add things like port forwards, it adds the rules for opening up the firewall too. Obviously all routers do that, but with pfSense because they are listed in a completely different section it can be a little confusing at first.
-
Will you want to (comprehensively) monitor the circuit's status i.e. make use of DSLstats?
Quite probably not!
Although I may ;)
!!
-
Thank you. :)
Not knowing what modem/router you are currently using and the budget available for the new purchase, there are many possibilities . . .
Starting with devices from Cisco Billion all the way through to devices from ZyXEL (alphabetical ordering) could be appropriate. (I can't think of any manufacturer names beginning with A or B.)
[Edited to accommodate the adjustment suggested by 7lm.]
And of course A is for ASUS
-
Having seen some quite attractively priced BT HH5a on fleabay, a quick question:- would one of these do what I need?
(I.e. is this caveat aimed at the extreme-end of noviceness??? This router with this software is not plug-and-play needs to be configured by the user. ?)
-
Having seen some quite attractively priced BT HH5a on fleabay, a quick question:- would one of these do what I need?
Probably not. They are ISP branded, give-away, devices.
As I understand it, your wish list is something like --
- VDSL2 modem/router/firewall, an all-in-one box.
- VPN able.
- DDNS able.
- ISP independent.
- Broadcom chipset.
- Cost not to exceed £100.
-
Something like the Billion 8900AX-1600 R2 or Asus DSL-AC88U would meet the OP's requirements, except that they're considerably more than £100. Otherwise if the OP can live without the VPN feature, then something like the Netgear D6400 would be an excellent choice - its around £100 from Amazon.
-
As I understand it, your wish list is something like --
- VDSL2 modem/router/firewall, an all-in-one box.
- VPN able.
- DDNS able.
- ISP independent.
- Broadcom chipset.
- Cost not to exceed £100.
I can't think of a single device that meets all those requirements anywhere near that price range.
-
Could be done with a 2 box solution if you are happy to go used. HG612+AC68U , but as noted above, what you want can't be done on your budget so you need to compromise on the spec or up the budget
-
- VDSL2 modem/router/firewall, an all-in-one box.
- VPN able.
- DDNS able.
- ISP independent.
- Broadcom chipset.
- Cost not to exceed £100.
I believe the TP-Link Archer VR600 v2 meets all these requirements. Indeed, my requirements were very similar hence why I bought one myself several years ago. A few things to note though:
The VR600 v2 has a built in OpenVPN server and PPTP VPN server, but the v1 does not. I got stung by this when I ordered one shortly after the v2 came out and ended up receiving a v1. I now use a raspberry pi as an OpenVPN server, so if you want to avoid this perhaps buy from somewhere with a good returns policy in case you get a v1 (unlikely though, the v2 has been out for a few years now).
While it does have a Broadcom chipset, the telnet cli is locked down so by default DSLstats and the like won't work. This certainly can be unlocked (instructions are on this forum) in the case of the VR600 v1 since this is what I have running now, so might be possible for the v2 too. I believe some members have successfully unlocked the telnet interface of the VR900 too. The VR900 also meets all your requirements, but is slightly more expensive for the benefit of faster Wi-Fi, but given that you have separate access points this is probably not a worthwhile upgrade.
I use my VR600 with the DuckDNS DDNS service, but there is a "NO-IP" option in the GUI too so this should work for you.
-
I can't think of a single device that meets all those requirements anywhere near that price range.
The Broadcom chipset (if that's a prerequisite to DSLStats etc.) isn't a must I don't think!
-
Probably not. They are ISP branded, give-away, devices.
Apologies - should have included "that has been flashed with OpenWRT"
Sorry
As I understand it, your wish list is something like --
- VDSL2 modem/router/firewall, an all-in-one box.
- VPN able.
- DDNS able.
- ISP independent.
- Broadcom chipset.
- Cost not to exceed £100.
That sums it perfectly - apart from perhaps the Broadcom chipset, not an absolute must!
-
The HH5a is a very weak device, its WiFi in particular doesn't get close to hitting the speeds it should do as its CPU bottlenecked.
-
The HH5a is a very weak device, its WiFi in particular doesn't get close to hitting the speeds it should do as its CPU bottlenecked.
I agree - they're not particularly mind-blowing!
(I don't actually need WiFi though as this is handled by 3 x IgniteNet WAP's)
-
As Draytek has been mentioned on here a couple of times, and I'm currently running a Draytek Vigor2862 at work (using the dial-in VPN feature successfully) I think I might take a look in more detail at the 2762 - as per the screenshot below (with the must-haves highlighted!) it includes all of the features I most want and comes in around £75 for the non-WiFi one, with a bit of careful shopping around.
Unless I'm missing something, shout if I am! Then I think this is quite a robust solution.
Appreciate your help & input guys & girls!
-
I'm a bit suspect at it saying SSL VPN, literally any router with full iptables access (granted, not entirely common for consumer hardware) should handle that I think but I don't think it works as well as a proper VPN.
-
Alex, interesting! I'm learning more along this journey than I thought I would!
From the Draytek website:- "SSL VPNs provide a method for teleworker to central site VPNs, providing great convenience, low TCO and simplicity where other methods may not be possible. SSL VPN hosting - i.e. acting as the receiving endpoint for a remote user is supported on many DrayTek models."
I assume/hope that this is what I will use!
I basically want to sit in front of my laptop anywhere where I've got an internet connection and enable the 'home VPN connection' and access all the things on my home network, i.e. NAS, printer, CCTV, SWMBO's laptop, kid's laptops etc.
Cheers for your guidance.
-
Looks like they use their own client so I guess it should work.
-
Hi
We use a lot of draytek and in vpn encrypted mode on both lan to lan and dial in
It does not require their own client software to use vpn although they do have their own easy to use software for dial in users if preferred
Many thanks
John
-
It does not require their own client software to use vpn although they do have their own easy to use software for dial in users if preferred
John
Thanks, yes we use the Windows built in one at work. Seems to work quite well.
Not sure if there's any massive advantage to the Draytek supplied software!
-
I can endorse Johns comments. I’ve never needed the Draytec VPN software. I have used native clients on Apple, Android and Windows without any issues ( as long as you don’t use ppp)
I’ve several Draytecs with LAN-LAN running constantly to Azure and dial in for clients.
They are very configurable albeit a bit overwhelming in the GUI. Cisco features at a fraction of the price.
Tony
-
As Draytek has been mentioned on here a couple of times, and I'm currently running a Draytek Vigor2862 at work (using the dial-in VPN feature successfully) I think I might take a look in more detail at the 2762 - as per the screenshot below (with the must-haves highlighted!) it includes all of the features I most want and comes in around £75 for the non-WiFi one, with a bit of careful shopping around.
I think that will probably be perfectly adequate for your usage. If you can purchase from a site that will accept returns (just in case) then there is nothing to loose by testing one.
-
I will probably get in trouble for saying this; please be kind, am genuinely trying to be helpful.
When I was doing his kind of thing every day right across the country, I used Windows’ Remote Desktop to access WinXP boxes. I used the VPN protocol available in my Netgear DG834v3 router’s which worked really well. What was an utter pain though was the use of NAT. I hate NAT like poison but most people are used to it and do not mind it at all, so mine is a minority opinion.
This minority opinion says don’t use NAT, insist on a proper internet connection from your ISP. Either use IPv6 in which case the question goes away - yay but then there are other minor difficulties instead - or get an ISP that gives you enough IPv4 addresses for your needs.
Of course this may very well not be relevant to you as the networks you are talking to may not be ones that you control so you don’t have a choice and in this case I apologise.
I’m just pointing out my own experience when I decided to remedy things and got an upgraded network connect which had plenty of aipV4 addresses, enough for my needs. Before when I was using NAT I had got used to logging on to the remote router first to tell it to redirect the NAT translation for the firewall hole to the correct machine’s IPv4 address (no IPv6 at this time). When NAT was gone, then there was no problem of having to choose which machine I was going to talk to and then connecting to it as a second step.
If using IPv6 there is the issue of how to handle addressing of the remote machines - you have to somehow identify them so you can talk to them; that’s a subject for another thread though.
-
Weaver,. If your using a VPN to access the remote network then surely NAT is irrelevant, you just enter the IP address of the machine you want to access. Prior to using a VPN I would just use different port numbers and set up forwarding rule's in the router.
-
Hi
+1 for ronski
VPN/nat is much safer for RDP due to no open firewall port and if vpn encrypted, no additional RDP ssl (if end point is a terminal server)
@weaver - there is not enough ipv4 for everyone (AA would quickly run out if all their clients were given same number of ipv4 as yourself) and ipv6 is very slowly increasing but I am sure there will be holes/bugs which would be exploited if everyone uses ipv6 which are not yet known or published
Many thanks
John
-
Ah. It seems that I wasn’t using a very sophisticated router or rather my customer wasn’t. Anyway, either it didn’t have that trick about per-port selected redirection or I had not thought of it. :-[ Any way, mea culpa maxima. Probably because I wasn’t used to NAT that approach hadn’t occurred to me. :'( The other option might have been to re-flash the router with some more sophisticated software.