How To Secure: Your Home Network

Hardware – A bit of boring history…

US. Robotics 8054

Going back in time, my first Wi-Fi router was the US. Robotics USR8054 802.11g Wireless Turbo Router with its 4x 100Mbit LAN and turbo Wi-Fi nobody else could (125Mbit) use and if I had >3 Wi-Fi users, it often died instantly (first Wi-Fi than LAN). It was a good router at the time and if nobody run torrents… At the time it was fine (especially, when I replaced original firmware with DD-WRT).

Linksys WRT300N

Then… it was the Linksys WRT300N… Didn’t last very long due to a position by the window it occupied… Died of condensation poisoning ūüėČ very dangerous sickness for any electrical device. Don’t remember to have any problems with it, it was working when it was alive…

Belkin 54g

Next was Belkin 54G, luckily in this version, I was able to replace the firmware with DD-WRT. Here, I was actually able to kill it with high demands. It was the beginning of time, where all those mobile devices start getting access to the internet over Wi-Fi and all my previous home routers start showing age-related illnesses.

Running on 300MHz CPU and having few MB ram wasn’t enough for more than¬†5 devices at the same time. Of course, having my desktops running Gigabit Ethernet but running in Fast¬†mode didn’t help either. So, I bite the bullet and ordered from Korea (¬£68 vs ¬£110 in the UK) the Speed Deamon: D-Link DIR-825 B1.

DIR-825_B1

It was THE router: 64MB RAM, 680MHz MIPS CPU, worked with DD-WRT, OpenWRT, Gargoyle firmware, 4x Gigabit Ethernet, 1x Gigabit WAN. Initially, this model was “bashed” on the internet about how bad it was (most of it correct for A1 and B1 versions running standard firmware).

However, soon after I replaced it with alternative (Gargoyle v1.8.1 is still running now), it was excellent, but‚Ķ The 5GHz range wasn’t as good as 2.4GHz, but I think it was due to D-Link trying to save a few quid and didn’t fit it with good power amplifiers for a higher frequency. Also, it was the beginning of 5GHz for consumers, and 11N in the draft2.0 on both bands didn’t help either.

Here, I was quite happy with it, and it has been good for me for a long four years. I probably wouldn’t change it, but I came across something like Virgin Media cable and its 30Mbits, 50Mbits, then 100Mbits and 200Mbits eventually and my router start getting bog down‚Ķ then I discovered that if I use VPN with encryption for the whole house, it will kill speed to barely 3‚Ķ 5Mbits‚Ķ

Disaster, when you do not have hardware AES encryption…

Archer-C5v1.20

Then I found TP-Link Archer C5 v1.20 (DD-WRT and OpenWrt capable, with the same hardware as C7 v2.0) for £49.00. I do not have to think twice… 128MB RAM, 720MHz Archeros with original firmware OK for more than basic setup, Gigabit Ethernets, 11AC, dual-band.

To run on Virgin Media (VM) 200Mbits more than I need it. Of course, I wanted to test it with the latest OpenWrt. Still, I discovered that unfortunately, there are two major problems (not a problem as per se, but…).

Firstly, because of not using hardware NAT (and thank you for that, seriously :-)), the WAN -> LAN speed was half of its original potential (but then even for my VM 200Mbits, it was still within its range of around 300Mbits).

Secondly, the 11AC Wi-Fi part was proprietary, and neither OpenWrt nor DD-WRT was able to get it right, there was always some problems, sooner or later.

So‚Ķ I have six mobile devices, TV with Wi-Fi, NAS, Satellite box, AVR with internet radio, 2x Desktops, Media Player‚Ķ not much, but what if I want to run OpenVPN for the whole house? 6..8Mbits max on Archer C5 and Gargoyle firmware‚Ķ Again, no hardware AES and what’s the point to have 200Mbits, but use 8??

Then, I moved away, and there is no Virgin Media, but SKY with its fibre 39Mbits. Ok, much slower, but I didn’t feel any difference, to be honest‚Ķ Strange‚Ķ

As you getting older and have kids, you start to see the internet as a place, where you need to take control of what’s going in and out from your network. I got to the point after having experience with many different kinds of consumer routers, that Wi-Fi routers cost more and more, have many useful features and hardware tricks. Still, they are five years behind everyone else. How?

My Mobile phone has 1GB RAM and dual-core 1.4GHz CPU and is from 2011, but I saw dual-core ARM 1.2GHz on the Wi-Fi router at the end of 2015 with its 256MB (1/4 of my mobile’s), and there are (in 2016) about few devices with dual-core and >128MB RAM‚Ķ

Disgrace and if you add to the insult, that firmware side of those devices, is often rushed and not complete or thoroughly tested, were proprietary drivers making it unsuitable for changing the firmware. You will end up with an expensive toy, all singing and dancing, but unusable for anything more complicated than the manufacturer anticipated.

If I want to, let say use OpenVPN, block pages via keywords or IP address (yeah.. I know, some of them can, but it’s usually limited to few words or web pages) or anything more… you are not looking at the consumer router at all.

All the time, I am running ARM or MIPS router systems due to low power. That’s all. There is nothing else to it. Crappy software, proprietary drivers, not able to upgrade with time, require you to buy new router all the time…

Having Media Player build on Intel CPU (in my case, it was Intel Celeron G1610) and fully featured ITX motherboard with full-width PCIe 3.0 x16 will give you something to think. This whole setup as a media player was (including PICO PSU 150W, 2GB RAM, 2.5″ hard drive) doing about 30W with full HD movie on.

OK, my router Archer C5 is doing max 5W, so I’m at a loss of 25W, but it cannot do what I want, next one will be Linksys WRT1200 based on Marvell (AES supported) but costing around ¬£120, if not more and pooling about 10W. It can run OpenWrt, but 11AC has its problems. So… What’s next?

Answer: PFSense. Simple. Running on x86 CPU like your standard PC… It just blows your mind this thing can do. Why? Let’s get to it: Why we buy ¬£100-¬£300 Wi-Fi router?

  1. It looks cool
  2. It has many antennas
  3. It is the fastest
  4. It only sips power from 5W-15W (depends on model)
  5. Has latest features (most of them are vulnerabilities and NOT features, unfortunately)
  6. It has good firmware/interface

After all my previous routers, I wanted something, that was working and had features I need:

  1. Looking cool? Don’t care. I got my case passed from NAS to Media Player to my PFSense router. It’s fine.
  2. Antennas? Don’t need one, still have my Archer C5, I’m using as an external Wi-Fi AP. Why? Looks cool, works fine as AP, doesn’t route anything, just transferring data. Simple. Even 200MHz CPU can do that now, and I got 720MHz. Great.
  3. Archer C5 does 5W max, Linksys WRT1200 will do 10W… my Router with Intel Pro 1000VT will do 40W… Probably. Who cares. The difference between power consumptions will be at max 35W and with my prices of 12 pence per KWh, will yield around ¬£3.50 per month. It will not change much because I have enough CPU power to overtake my network needs five times, so I will not buy any routers soon unless something breaks, but then anything can happen.
  4. PFSense is updated every so often including latest security patches, will your router get that? No way. Not possible.
  5. I can run PFSense or IPFire or anything else I wanted… Even Windows Server if I had the money for it.

Below is the table showing the real cost of running my PfSense 24h a day, 365 days per year. Here you can do your own calculations.

Power consumption 30W
Energy price0.18£ / kWh
Usage time24hours / Day
Power consumed0.72kWh / Day
Cost47.34£ / Year

In summary: you are trading easiness of customer router for security and flexibility of the custom solution. If you can do it, then go for it as once you know this stuff, you will never rely on the manufactures for updates, fixes etc. The only thing you will ever have to update is the software. The hardware will last you nearly forever. It will be done just by a few clicks of your mouse. The only problem is that it is not a plug-and-play solution. You need to know more or less what you want from your network and what you want to do with it, but judging by the need to change your router, You know what the options are.

You may also like...