Need Router Recommendation

zeoclang

Young grasshopper
Joined
Mar 11, 2014
Messages
74
Reaction score
16
Location
USA
My current network setup consists of the ISP supplied Gateway/Wi-Fi/Router combo and a Netgear JGS524PE 24 port Gigabit PoE switch. I like this minimal setup but I don't believe it is secure enough. I'm looking for a VPN router that has the ability to block all WAN traffic to my cameras. I am leaning towards a Ubiquiti EdgeRouter (X or Lite?) but it seems like it might be difficult to configure. Also, I think I would need to get an AP since I probably wont be able to use the ISP Gateway's Wi-Fi. Any easier to configure alternatives or suggestions?
 

hmjgriffon

Known around here
Joined
Mar 30, 2014
Messages
3,401
Reaction score
980
Location
North Florida
My current network setup consists of the ISP supplied Gateway/Wi-Fi/Router combo and a Netgear JGS524PE 24 port Gigabit PoE switch. I like this minimal setup but I don't believe it is secure enough. I'm looking for a VPN router that has the ability to block all WAN traffic to my cameras. I am leaning towards a Ubiquiti EdgeRouter (X or Lite?) but it seems like it might be difficult to configure. Also, I think I would need to get an AP since I probably wont be able to use the ISP Gateway's Wi-Fi. Any easier to configure alternatives or suggestions?
looks like the edge lite would be more than enough, didn't see what is has for vpn but it does say it has it.
 

yobigd20

Young grasshopper
Joined
Jun 23, 2016
Messages
45
Reaction score
24
Pfsense and OpenVPN. Ubiquiti Networks Unifi 802.11ac Dual-Radio PRO Access Point (UAP-AC-PRO-US) for your Wireless. NETGEAR ProSAFE GS728TPP 24-Port Gigabit PoE+ Smart Managed Switch 384w (GS728TPP) for 24 port PoE+ switch.



I have rules in pfsense firewall to block all outbound packets from my ip cams.


Sent from my iPhone using Tapatalk Pro
 

hmjgriffon

Known around here
Joined
Mar 30, 2014
Messages
3,401
Reaction score
980
Location
North Florida
Pfsense and OpenVPN. Ubiquiti Networks Unifi 802.11ac Dual-Radio PRO Access Point (UAP-AC-PRO-US) for your Wireless. NETGEAR ProSAFE GS728TPP 24-Port Gigabit PoE+ Smart Managed Switch 384w (GS728TPP) for 24 port PoE+ switch.



I have rules in pfsense firewall to block all outbound packets from my ip cams.


Sent from my iPhone using Tapatalk Pro
almost went with pfsense myself but ended up doing openBSD lol which is basically the same thing but no web interface to admin it.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,005
Location
USA
Most decent home routers can have DD-WRT or Tomato firmware flashed on them and either of those provide an OpenVPN server and client. Myself, I use an Asus RT-AC68U with Tomato and it can actually run two OpenVPN servers, two OpenVPN clients, a PPTP server and client, and a third option called Tinc. The one thing I don't like about Tomato firmware is it doesn't grant low level access to firewall rules. To block cameras and stuff from accessing the internet, I have to add each of their IP addresses individually to a list in the Access Restriction page. I can't add an IP range.



...

 
Last edited:

hmjgriffon

Known around here
Joined
Mar 30, 2014
Messages
3,401
Reaction score
980
Location
North Florida
Most decent home routers can have DD-WRT or Tomato firmware flashed on them and either of those provide an OpenVPN server and client. Myself, I use an Asus RT-AC68U with Tomato and it can actually run two OpenVPN servers, two OpenVPN clients, a PPTP server and client, and a third option called Tinc. The one thing I don't like about Tomato firmware is it doesn't grant low level access to firewall rules. To block cameras and stuff from accessing the internet, I have to add each of their IP addresses individually to a list in the Access Restriction page. I can't add an IP range.



...

so you have openvpn working on there? I bailed and built my own firewall because openvpn on tomato stopped working with the android app. tomato and dd-wrt also were not getting updated for shit and were full of holes, at least on the hardware I have, they now run as wireless AP's only.
 

spankdog

Getting the hang of it
Joined
Sep 2, 2016
Messages
204
Reaction score
78
Location
Atlanta
What made you switch from the ERLITE-3 to the USG?
Main reason is because it integrates with my unifi switch and AP. All of the traffic data and configuration you can do with the unifi controller does not work with the edgerouter. The USG gives me everything I needed that i couldn't do with my airport. From what I've read the hardware may be identical but the software is different between the two.
 

Camit

Pulling my weight
Joined
Feb 7, 2017
Messages
412
Reaction score
122
I like asus there making some good stuff,also the edge router but it will probably require some command line setup if you wanna get deep into it. I use the edgelite router but like I said it's a little more advanced set up then your normal asus,Netgear ect...
 

aristobrat

IPCT Contributor
Joined
Dec 5, 2016
Messages
2,982
Reaction score
3,180
Main reason is because it integrates with my unifi switch and AP. All of the traffic data and configuration you can do with the unifi controller does not work with the edgerouter. The USG gives me everything I needed that i couldn't do with my airport. From what I've read the hardware may be identical but the software is different between the two.
I spent the last hour or so reading up on the USG. This forum is going to cost me so much money... lol

I had been wanting the ERLite-3 because I saw a cli config where it could do WAN failover (and you could restrict which devices get out to the Internet when it's failed over). My home alarm system reports over Internet only, so I eventually want to get a cellular backup device to fail over to. FreedomPOP offers 200mb/month cellular data for free, so if the router could restrict everything but the alarm when the main Internet fails, that'd be perfect.

Didn't think the USG could do a config like that (when I first looked at them). But it looks like you can take a cli config that works on the ERLite-3 to run on the USG with some finagling. That's kind of awesome!
 
Last edited:

wantafastz28

Getting comfortable
Joined
Nov 18, 2016
Messages
550
Reaction score
253
Location
Phoenix, az
Asus RT-AC87U has been a problem free router so far... super simple to setup and forget it, does everything you're asking... internet blocking, VPN, also a free dyndns setup.
 

zeoclang

Young grasshopper
Joined
Mar 11, 2014
Messages
74
Reaction score
16
Location
USA
Thanks for the great suggestions. I researched every one thoroughly and they all seem like great devices once setup correctly. Here are my thoughts on them:
EdgeRouter - Hardest to configure due to needing to use the CLI, would need to purchase an AP
pfSense - Medium difficulty, the SG-1000 is somewhat expensive, would still have to purchase an AP
Asus Router - Easy, installing Tomato doesn't seem too difficult
I think I will get the Asus RT-AC56U. It supports Tomato by Shibby and AdvancedTomato. Asus has a $20 rebate available right now which brings the price of it down to $75. Since I don't need the faster wireless speeds in the higher end models, the RT-AC56U seems like the economical choice.
 

hmjgriffon

Known around here
Joined
Mar 30, 2014
Messages
3,401
Reaction score
980
Location
North Florida
Thanks for the great suggestions. I researched every one thoroughly and they all seem like great devices once setup correctly. Here are my thoughts on them:
EdgeRouter - Hardest to configure due to needing to use the CLI, would need to purchase an AP
pfSense - Medium difficulty, the SG-1000 is somewhat expensive, would still have to purchase an AP
Asus Router - Easy, installing Tomato doesn't seem too difficult
I think I will get the Asus RT-AC56U. It supports Tomato by Shibby and AdvancedTomato. Asus has a $20 rebate available right now which brings the price of it down to $75. Since I don't need the faster wireless speeds in the higher end models, the RT-AC56U seems like the economical choice.
I suggest verifying with someone who has one with tomato that OpenVPN actually works with the mobile apps right now, because it damn sure broke for me and that's when I ended up building my own damn firewall. Also I haven't kept up with those projects, make sure they are getting security patches and updates, if you care about that because I was running it for a long time knowing it was full of holes but when my VPN broke that was the last straw, just hate to see you come in here pissed off because VPN isn't working.
 

cornholio

Young grasshopper
Joined
Jan 24, 2017
Messages
71
Reaction score
16
Location
Bay Area, California
I have an ERX, with a linksys router in ap mode. the vpn server is on the blue iris pc and the cameras are connected to the router through a PoE switch. ERX setup wasn't as easy as setting up a typical home router but there is a wizard and it's not like I had to to everything manually. DDNS was a breeze though.

I probably should put the cams on a vlan and bridge the pc to it instead of leaving the cams on the same network as everything else.

Configuring an OpenVPN server manually is cumbersome on a PC. A CLI can make it even more cumbersome if depending your level of comfort. Never had any trouble once it was setup though. Certificate based connections (no user/pass) are relatively easy to work with.
 

hmjgriffon

Known around here
Joined
Mar 30, 2014
Messages
3,401
Reaction score
980
Location
North Florida
Yep, I've got all the certs in the .ovpn file, alls I have to do is import it into any openvpn client and off to the races!
 
Joined
Aug 3, 2015
Messages
3,791
Reaction score
12,182
Location
Charlotte
Thanks for the great suggestions. I researched every one thoroughly and they all seem like great devices once setup correctly. Here are my thoughts on them:
EdgeRouter - Hardest to configure due to needing to use the CLI, would need to purchase an AP
pfSense - Medium difficulty, the SG-1000 is somewhat expensive, would still have to purchase an AP
Asus Router - Easy, installing Tomato doesn't seem too difficult
I think I will get the Asus RT-AC56U. It supports Tomato by Shibby and AdvancedTomato. Asus has a $20 rebate available right now which brings the price of it down to $75. Since I don't need the faster wireless speeds in the higher end models, the RT-AC56U seems like the economical choice.
If you want a slightly better AC1900 router, get the TM-AC1900 from Amazon.com for $79.99 and hack it to Merlin or DD-WRT or Asus-WRT firmware. It's the exact same hardware as the top-rated RT-AC68U router, and once you tweak the firmware, it's a fantastic consumer-grade router.
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.

cainrand

Getting the hang of it
Joined
Mar 15, 2017
Messages
112
Reaction score
20
Location
Grand Rapids, MN
I use Untangle Firewall - it is an Open Source based operating system. They have a free version but for a full function home use version it is like $50 per year.
It lets you use just about any computer tower as your Router/Firewall/VPN Server, etc.
You will have to install a PCI Network Interface Controller.

I have two 4 port NICs installed giving me capability of 8 separate networks. I keep my security cams on their own network, my personal computers, printers on their own network, etc.

Screenshot of what the installed App panel looks like. Lot of great features here. For WiFi I just added an old Cisco E3000 to the switch.
untangle.JPG
 
Top