Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Please recommend a router without need for a cloud account
137 points by hnthrowaway0315 on Dec 27, 2021 | hide | past | favorite | 198 comments
Hi friends,

I'm shopping a router and from what I read in the reviews, ALL mid-end family routers (those between $40 and $100) that I see need a cloud account to access the management page. I'm wondering if there is anything that does not need a cloud account? Thanks~~



Any system capable of running OpenWRT.

https://openwrt.org/supported_devices

You might find / inquire about specific devices at the OpenWRT subreddit:

https://old.reddit.com/r/openwrt/

The Turris Omnia is priced above your preferred range, but is effectively a small server and has excellent capabilities. It runs a specifically-tuned and live-upgradable version of OpenWRT:

https://www.turris.com/en/omnia/overview/


IMHO, skip OpenWRT. It is much more difficult to get working correctly than HN likes to admit. There’s a non-trivial chance you will spend hours and hours reflashing your router and reading forum posts until you eventually brick it. It’s just like Raspberry Pis. Theoretically the right choice but practically speaking a huge time sink and poor, unstable experience that is best left to hobbiest tinkering or networking professionals with a lot of spare time.


Forgive me if this sounds arrogant, but I think the general HN user is capable of handling the relatively simple UI based download and flash required to use OpenWRT. Likewise, using a raspberry pi is probably trivial for most developers. If not, I'm being under paid.


I think most people are capable. It’s whether it’s worth it. I loved learning more about Linux and networking with it, and loved having automatic cell failover, but at the end of the day, it was too unreliable.

So, forgive me for how this sounds, but the general HN user probably needs a reliable as possible internet link.


Again, it's a download and a 'flash' in a GUI. Probably couldn't be simpler. As for reliability, my house has two of the same routers - one runs openwrt, the other runs the factory default (unfortunately it's not mine, so I can't just change it at will). Can you guess which is unreliable? It's the factory default.

This is not to mention the security implications of having a non-open source router. Never trust a third party like that. Some even try to get you to use an app.


“Works on my machine” isn’t a very constructive response. You have a lot more work than that to do if you don’t get the right hardware. It’s decent if you don’t change the defaults, I guess but then what’s the point?! Try installing almost any package and sometimes it will just lock up.

An actual misconfigured/buggy router is a bigger security concern for me than a potential back door. Also, what makes you think open source software matters if the hardware is closed? Do you have a pine router or something?


I wish! That'd be rad.

There was an article just the other day about how google is sunsetting a mesh router they built. That's what you get if you don't take the frankly small amount of time to wrench control of your hardware from its parent companies. You're worried about security? Bad news, if you're not doing your own updates, your security can and will be sunset.

But I get it, you don't wanna. Not much more to be said than that I suppose.

... Does pine make a router?


Say you pick up an average HNer and if they couldn’t pick up a Pi make it do a barrel roll in couple days, you might be disappointed. But if you could give them an Amazon URL and he could set up a Wi-Fi infra with >95% SLA in 5 minutes, there can literally be cost difference measured at $10k range, for a minor detriment of having an annoying router in the household.

There are the other kind of HNer who are that pillar in xkcd Dependency comic, but for the former kind, OpenWRT as it is right now is just waste of their time.


I just don't believe this is true.


This is very different from my experiences. You need to spend a little time setting up any router, and the only meaningful added step for a basic working configuration when compared to stock is the flashing process. Once you have it working, in my experience, it's incredibly reliable.

Whatever issues you had are not the common path IMO. I've run openwrt essentially for as long as it's been a thing and the only instability I ever had was due to my ISP. I'm sure if you end up with some esoteric, poorly supported, or flaky hardware things can be different, but this is far from universal!


I don't really see what you're talking about. I've flashed all of my routers and _never_ had a problem.

Maybe the thing that took me the most time was to decide which version to use or whether I should use openwrt vs tomato vs other competitors


Your post history says you use Dvorak and Vim, and were tinkering with your school’s network at 15, so I think my point stands :)


I would second the parent, I installed and use OpenWRT on my router without much issue. Flashing and configuring was quite easy, and really the most difficult part was actually getting the router because the local shops (MediaMarkt) don’t have many/any compatible routers.


If somewhat recently, which model, because MediaMarkt is also my main local option (RIP, Conrad)


Well, indeed you're right on this point but on the second hand flashing a router is just selecting the firmware and clicking on "Flash". I never had a bricked router. I didn't flash a lot, but at least 6 or so. Maybe I was lucky


Everyone should strive to this level of competence, and I like that some of the posts here (like advice for installing OpenWRT) kind of force it

Breaking stuff and then fixing it is the fast track for learning

If you're not a smart computer guy then maybe this isnt the forum for you


Being efficient is part of being smart. Sadly the older you are the less time you have to spend time trying to fix things that you don't care about, and the less the knowledge you gain is worth to you (simply because you have less career- and life-span left to use it).

Yes, I've flashed routers in the past, including the Linksys WRT54G, and in some cases I've even built a dedicated PC to run as a router, back when that was a bit more in vogue.

But is it worth the time to do it yet again? Probably not. I'd rather get an Apple-like router that works perfectly out of the box, with sensible defaults and little configuration necessary, and which is regularly auto-updated with security fixes. That way I can spend my time on new things.


Tomato, is that still going strong? I remember using it for its MLPPP capability. The QoS never worked that well with it as I recall.


FWIW I've had the opposite experience. The stock firmware on my TP-Link router was awful. It was a pain to update and I frequently had to reboot the thing because it decided to stop working. Installing OpenWRT took maybe 15 minutes and an hour or so of fiddling and setting up my port forwarding and static IPs. Now my router's uptime is measured in months (and that's only because of power outages)


Nothing in life has a 100% success rate. But I think the fact that most people recommend OpenWrt, shows that most people don't have these crazy problems. Buy well-supported hardware, follow the directions carefully, and you'll be just fine.


Certainly. But I had a very difficult time. I purchased an ASUS router recommended by the OpenWRT website, followed directions but struggled for hours, and eventually bricked it only to find out later via searching forum posts that some routers with that model number are not supported if they were made in a specific year (of course, this was discovered via trial and error by other frustrated forum members, no one had updated the original recommendations to reflect this, and installing the recommended firmware destroyed the router irreversibly).


Really irreversible, or could it be reflashed via so called 'JTAG-cable', and serial terminal, tftp, or maybe even https://www.flashrom.org/Flashrom (but then with other cables and plugs, because most likely directly writing into the chip without any intermediaries)?


I would personally avoid ASUS as they tend to use Broadcom NICs, which never have good free software support. If one was recommended, maybe it was an exception, but I'd still try to avoid ASUS.

If you want a cheap rec that's easy to get OpenWrt on, get a Netgear R6220 off eBay. I've gotten 3 of them for $20 each or so.


This was exactly what happened to me. Certain tp-link routers made specifically for Italy got bricked if you installed OpenWRT on them.


If you manage to brick your router by messing with OpenWRT, you're maybe better of with the factory default 'for dummies' interface. Most cheap plastics have something like 'recovery' built in. It's like rescue 'BIOS' becoming active after a while, or via some reset button push code, where it is accessible on a default IP, and reflashable via browser. This seems to be the case since at about 10 years? What sometimes is lacking, is the documentation about the specifics of factory defaults for different devices and revisions thereof.

I never felt the 'instability', at least not when I limited myself to the basics a thing like that should do, and not trying to turn it into a server for all sorts of things.

(Edit: Though you can also do that, if you know what you are doing. That's the advantage of things like these!)

Depending on which hardware/SOC you have, DD-Wrt may be a better option.


I think you just need to go in with an understanding of what a router and related things (access point, switch, modem etc.) actually are. Too many people think router is just "that thing that gives me internet via wifi". If you are one of those, you might not have a good time with OpenWRT or Pfsense etc.


The Turris Omnia is preconfigured with OpenWRT, specifically tuned to the hardware, and auto-updates.

It's cloud-free, spyware-free, adware-free.

The default configuration works with the same basic configuration any consumer-grade system would require.

Extensive configuration capability is offered through either of two graphical front-ends, the basic Turris, the advanced Luci, or for those who prefer talking in words rather than gestures, a highly capable Linux system residing underneath.


OpenWRT is the only thing I would recommend - all the consumer routers have turned to trash.


Eero is an exception there. Their quality is terrific.


> IMHO, skip OpenWRT. It is much more difficult to get working correctly than HN likes to admit.

Does not match my experience at all. My router would regularly go offline with the stock firmware which never happened after I flashed OpenWRT.


took about q5 minutes to setup. perhaps you chose the wrong router.


I like the idea of running OpenWRT. I did it for years. I eventually grew tired of being my own Network admin. The risk of bricking my router, and having to review what felt like arcane update rules before every upgrade process made me finally cave and just get an Eero. I don't love the lack of features, and I really don't like Amazon owning the company, but it works for me.


The Omnia looks really nice. But in their advertising script they claim they have "LTE antennas", does anyone know what they mean by that claim? I had thought LTE was only a term used by the cellular telecommunications industry.


The way they phrased it could be clearer, but what they mean is that you can add an LTE modem and add 2 antennas on top of the regular 3 WiFi ones.


It's possible they mean exactly what they're writing - my ISP has an option (usually part of their business package but can be had for home users by talking to the right person) where you can rent their WiFi modem that includes LTE/5G hardware and service as a backup connection in the event the main coax line goes down.


Likely for a backup cell/LTE WAN connection. Sounds like a nice feature, if it's actually what I think.


Pretty sure this is the correct answer. I've had a D-link router in the past that could fail over from ADSL to 3G in the event that the ADSL stopped working.

If just one backup isn't enough for you then this article [1] about a developer at Gitpod who works remotely might be of interest. He has 6 redundant LTE and 5G connections on his van!

[1] https://ghuntley.com/internet/


There is a cellular LTE modem that can be used as a backup internet connection if the primary one goes down.


The device is hardware-hackable.

You can add additional rewritable onboard storage. And an LTE modem for mobile data.


I've had good experiences running OpenWRT on the TP-Link Archer C7. It's a popular router and I've been able to find plenty of them used for around $40


I've got a C7 and it doesn't even need a cloud account to set up


The default firmware on C7 is quite nice and is good enough for most users. I guess OpenWRT gives more options for power-users though.


I usually get a Mikrotik device when I'm going to use OpenWRT. Hardware support tends to be pretty good.


I'd personally recommend FreshTomato[0] over OpenWRT, as it has a more approachable UI, is still open-source, and (in my experience) tends to run a bit smoother while needing less babysitting.

[0]: https://freshtomato.org/


It has serious updating issues however requiring you to completely setup the router every time you update and the update process is entirely manual. I like FreshTomato I have used it for some years but the wifi performance sucks and the constant clearing of settings just grates over time.

This is something commercial routers get right, updates keep your settings. This requirement will cause you to delay if you use any of the complexity of the router and that leaves you open to attacks. IMO its not a great choice today due to this one fatal flaw.


That is also something Cisco gets rightest.

hostname# _

hostname# sho run

This is all it takes to backup ALL config. Also a short form of “show running-config”. If you follow best practices and take logs of all ssh connection it’s naturally there a second after.

Restoring? Just paste it on HyperTerminal. Cisco sues anyone who dares to replicate this exact behavior(e.g. Huawei-3Com), but similar commands exist for most professional network equipment such as Vyatta/VyOS’ `show configuration commands`.


Updating FreshTomato has never cleared out my settings, is it possible your install is broken?

Manual updates don't bother me, personally, but wifi throughput is definitely a pain point (my understanding is the lower speeds are due to FreshTomato doing more with the CPU than stock firmware does, which decreases the amount of CPU time that actual routing gets).


I'd never heard of the Omnia before, I'll have to check this out it looks pretty neat!


I was also recommending it here (posted before seeing the parent): https://news.ycombinator.com/item?id=29703321

I own one and it has not always been great. At one point their fork of OpenWRT was so different from upstream that upgrades were taking a long time and introduced lots of bugs.

Since the last major version or 2 though, they've upstreamed most of the drivers and custom code, so TurrisOS is just a few patches and packages on top of OpenWRT to better support the specific hardware and services, and it's been very stable.

One incredibly useful feature is BTRFS snapshots and the `schnapps` CLI to manage them. The hardware reset button can even be used to roll back to factory defaults, from where you can still access and restore any snapshot so it's very easy to unbrick the router if you make a mistake.

Add an M.2 NVMe card and you can run LXC containers (and in the next major release, even Docker).


the same, never heard about it


Does OpenWRT still mean that speeds are slower due to not having proprietary drivers?


Doesn't matter, because you cän OVERCLOQQ!1!!

https://openwrt.org/docs/techref/bootloader/pepe2k

https://github.com/pepe2k/u-boot_mod

No, seriously ;-) What you are thinking of is probably described here https://openwrt.org/docs/techref/hardware/switch and has a long history.

Basically it depends on having opensourced drivers, or at least specifications for the internals of the affected switcheroos, which wasn't the case for many chips for a long time, and still isn't for all of them.

Then there is the part of writing a unifying and usable abstraction for all of that, which also isn't fully there yet, at least not for every device under the sun.

Read up here: https://www.kernel.org/doc/html/latest/networking/switchdev....


Not to any significant extent AFAIA, though specifics will depend on the device, components, and drivers in question.

In almost all cases, OpenWRT extends rather than restricts device capabilities.

That said: choose your hardware based on OpenWRT support if at all possible.


I would also suggest dd-wrt as an alternative; it seemed a little easier to find a working build and I've eventually gotten used to the UI organization.


I've used dd-wrt for over a decade. Issues:

- Seems very badly out of date.

- Far more limited capabilities

- Much less clear upgrade capabilities / path.

If it works for you, then sure. I'd lean strongly to OpenWRT.

Much of my dd-wrt comments also applies to Tomato from what I've been able to sort.

dd-wrt and Tomato were built for systems as they existed a decade or two ago, notably the venerable Linksys WRT54G router. These work, but have highly constrained hardware.


None of my TPLink, Netgear, or ASUS routers have ever needed a cloud account - I guess this is a new/regional thing?

I use Mikrotik hAP2 (~£60/$80) - if you are comfortable with that sort of thing, otherwise I guess anything that supports OpenWRT as others have said.

Have you got examples of ones that need a cloud account? I'm intrigued now


Yea I just bought a netgear router and it didn’t require a cloud account. It did push creating one very heavily during setup.


Just to confirm, you don't need the cloud account for entering management page right? The reviews I read on Amazon could be from people who are not technical enough so they fell for the cloud acc trap.


I have a R7800 and they used to have an app for Android and iOS they didn't need account. They later removed that app and made the router refuse connections to it in favor of the new app that does require an account.

That being said, if you don't want the app you don't need an account.


Also using net gear. I suspect the vast majority of users here are savvy enough to get around the cloud requirement but non-technical users likely would not have figured it out.


in California I see that the AT&T supplied DSL-modem/router requires sign in (stored in firmware configs), and takes over the DNS functions (details forthcoming). I am very concerned about future "required" hardware like this.. the excuses will be around security, but look at the history of economic incentives.


I guess this is a new/regional thing?

Only if there's no Amazon in your region.

Amazon eeros require an account.

Apple's Airports did, too, when those were still being made. Not directly, but you needed an App Store account to download the setup utility.


Bought a netgear router and a tplink repeater within the last year. All the cloud account crap is only required to use the mobile apps. However they all offer web interfaces directly at their ip addresses. Just use that and bypass all the dark patterns.

It sucks that companies feel the need to cloudify everything.


All netgear routers can use routerlogin.net

Also have netgear with no cloud account required. Also don't use mobile apps.


New netgear stuff only works without a cloud account when you unplug it from the net. That means no remote admin through a local machine (have to be there to pull the plug), and no settings changes without disrupting internet.


I just logged into my new netgear router from 192.168.1.1 without unplugging anything.


I wonder, fall for the trick, setup cloud, and you are forever trapped?


I dunno, I've had netgear forever, before they ever had cloud logins, and I've just set it up the exact same way every time. Maybe if I was buying my first netgear today I would be suckered into the cloud stuff since I wouldn't know any better.


I don't even want a device, at all, if it has the capability for cloud management.

It obviously phones home, and has all sorts of additional exploit angles.

I bet there's a daemon listening 24x7 for incoming connects, too.

Ubiquity ERL already had a security issue with theirs.


Maybe I'm dense, but I could not figure out how to use my netgear wi-fi AP without registering your account. Same with TP-link. What's worse, is the TP-link didn't say "requires registration" on the box.


I bought a tplink wifi repeater years ago and it definitely required a cloud account to use. There may be a way to set it manually, but it was not obvious to me.


Get a separate router and AP. Router hardware is stable , but wifi tech improves every 5 years . Router/firewall config is also more complicated so you want more control and stability.

For The router get a mikrotik or ubiquiti. Then you can run small- business APs from Ubiquiti and TP link for example. Or convert an older router into AP with open source firmware .


For small family home deployments I've always used ASUS stuff flashed with AsusWRT-Merlin - https://www.asuswrt-merlin.net/ - has been super stable and I've never required anything other than a local account to set them up.


I agree this is the best ‘technical family’ solution. Good balance of easy-to-use, stable as well as some advanced features if needed.

OP : If you are technical you can buy a TM-AC1900 on ebay for $40 and flash it with the AC-68U

https://www.bayareatechpros.com/ac1900-to-ac68u/


Merlin supports ai.mesh. Very nice. The roaming support from the stock firmware works well from the small installations I've done. Have you made use of the feature in the Merlin variant?


Ubiquiti's EdgeRouter X is relatively inexpensive, has plenty of features, and does not require a cloud account of any sort.


Yes, this is a solid router. Just be aware it’s not the most user friendly to configure. I’ve had one for personal use for about 5 years or so. After set up, it’s trucked along without issue though.


I'm using it as my router and it is working with absolutely no problem for the last two years. The management page is accessible over ssh and https.


That's what I would buy...but they do NOT include Wi-Fi. And I'd say they're more "Prosumer" market than "Family".


Apparently can also run OpenWRT, though I haven't tried and it's not clear to me if everything is well-supported.


I put OpenWRT on an ERPro-8. It worked very well and had more features than the stock firmware. USB modem support was what pushed me to OpenWRT. The storage took a dump in the router (soldered on) so it was fun while it lasted. The MikroTik RB5009UG+S+IN is looking pretty sweet.


I'm running openWRT on my edgerouterX, and so far (about 2 months) everything has been really well supported including hardware offloading of various features.

In most cases, I'm getting better than stock performance. UI is much better too. I'm a big fan.


I didn't know this was an option but I'm definitely going to look into it now. I just bought one of these for my home lab.


Cool. From what I find online, it seems like PoE and SFP (with the X-SFP) are both supported? Any experience with those?


Any router (or routerboard) that supports Mikrotik: https://mikrotik.com/

You don't have to buy from them the hardware.

I used to use OpenWRT (which is also a nice second option), but the robustness and flexibility of mikrotik is fantastic.


I strongly upvote Mikrotik with its open-source RouterOS software (which you can run on nearly any computer). I have used Mikrotik for years, from their low-end (but powerful) routerBOARD offerings through to their CCR1036-12G-4S optical router and their nRAY 60 GHz point-to-point wireless Internet.

I have supported dozens of router brands for clients since 1996, and I cannot say enough good things about Mikrotik. It allows you to work productively on Terminal CLI (but that is not necessary).


> I strongly upvote Mikrotik with its open-source RouterOS software (which you can run on nearly any computer).

Unless I have missed a few recent development, the RouterOS is open source only in the sense that it is build on a foundation of open source software. The source of the GPL parts is available upon request.

Running RouterOS on non-Mikrotik hardware requires the purchase of a separate license. Mikrotik hardware usually comes with a license already on the device.


I have had a Mikrotik device for about 5 years now and it doesn't require a cloud login but you better be ready to learn the nuances of the Mikrotik system. It is far too easy to accidentally open up your internal network through misconfiguration.

The wizards for network setup make this much easier but be ready for a steep learning curve.


Seconding this. Great firmware and I own some of their hardware and it works well.


I have been using Netgear WNDR3700 and similar routers for years with no problems and no cloud account. I keep one as a spare for family in case someone's gets knocked out by a power surge, or the power supply dies, or whatever. Had that happen several times. I've never had one be "flaky": they either work or don't.

I buy them at Goodwill for $5-10 whenever I see them there, which is fairly often.

They have two main features I like:

- separate main and guest networks. I put all my non-computer stuff like phone, TV, Roku, Tivo, etc on the guest network. There is a setting to isloate the guest network from the main network on separate vlans.

- they have a QOS setting for uploads (I only have 1Mbit up), so when I do online backups with HashBackup (I'm the author), the router will use the full upload bandwidth if there are no other connections uploading, but if there are other connections needing to upload, the router splits the capacity between the active connections. Without QOS, it was impossible to have an interactive ssh session during a bulk upload. With QOS it works fine.

You can buy these on eBay for $15-25. Get one with free shipping so that if you have trouble and have to return it (unlikely with a high feedback seller), you don't have to pay for shipping.


I would look for hardware that can run Opnsense or OpenWRT

See e.g. https://old.reddit.com/r/OPNsenseFirewall/comments/lemj0r/ha...

and https://openwrt.org/toh/start


This is a good solution but make sure to check the idle power consumption for PC hardware. It varies considerably. (Hardware like this will be idle nearly all of the time.)

If you don't have an AC watt meter, get one, they're inexpensive and pay for themselves quickly.


I don't know, how much they cost in US, but here are couple of solutions:

1. EdgeRouter X (ER-X) or EdgeRouter Lite (ERLite-3).

2. more userfriendly UniFi Security Gateway (USG) with controller (UCK) or UniFi Dream Machine (UDM)

- it propose creating cloud account, but __do not__ require it.

3. use devices capable to run OpenWRT or buy some hardware like Supermicro Embedded Solutions (later I can share models list) to run pfSense/OPNSense or VyOS.

4. other MikroTik soulutions (but I don't like them so my knowledge is not up to date; I don't know which solutions are good for you).


Be aware that Unifi's products sometimes require cloud accounts, depending on which update is installed. ALso, the dashboard is full of ads.

I definitely would recommend MikroTik, sold my Unifi stuff for MikroTik and would never go back.


I haven't seen ads in my Unifi dashboard at all, except possibly for some of their other products (they are so minor I struggled to recognize them as ads).


Personally, I do not classify that as minor: https://pbs.twimg.com/media/EzgB7QFX0AEAQIs?format=jpg&name=...


I probably don't see that because I have those devices, but yeah I can see that being annoying.


Any reason you don't like MikroTik? I've been a little turned off by Ubiquiti's latest moves so I was eyeing MikroTik for my next upgrade.


I think that MikroTik does everything to make managing their devices unclear as it's possible. WinBox for example, in some places looks okay (e.g. presenting data in tables or drawing charts) but filling forms or editing settings is terrible. It's not about Ubiquiti, but even pfSense does great job when it comes to presenting data and help to understand presented data (e.g. hide/show advanced options, providing comments and documentation to each option in forms, using padding and margins even help to understand visually your options).

But in the same hand I need to say I am impressed with MikroTik CLI. It colorize each typed word! Even enterprise class Cisco devices don't do it. It's super useful for me and help me with understanding what's going on. Do you even imagine programming in notepad with note type of font and color today, like it was in the past with Windows Notepad? I don't think so. UX/UI is not only about pretty buttons. It's about usability, repeatability, predictability, stability, confidence and ease of access. A software with best features is useless when it doesn't provide any convenient and trusted way to reach this features.


https://www.gl-inet.com/products/gl-b1300/ No bs openwrt router has DoH and optional PoE support. Cheap


I've been using this particular model for about 6 month now, with a standard openwrt on it.

It runs a full AdBlock, ip-ranges blocking, and a wireguard server (with good enough bandwidth, I use it with steam link/gamestream).

Very nice small router


Synology RT2600 is quite cool, I adore it. It has also a free site to site vpn feature where you can connect various subnets over the internet if you have several lines/homes.

It can segment traffic by people (you record which MAC is who, segment away by theme, etc), host a custom DNS server very well, has nice firewalling features and there s no mandatory cloud account. I ve made a few custom scripts for it, and its linux base is good enough (old kernel a little bit). I paid around 300 USD for it I think, for 2 of them, and it's the best router I ever had, OpenWRT included.

The only thing I miss from openwrt is the custom vlan joining on optic fiber relay you can do with them to bypass your ISP fiber modem and just use an optical to eth converter. But that's not a huge overhead these days. Doubled the speed when the ISP's crappy boxes couldnt cool well enough for 500Mbps 10 years ago :D

The big advantage, for me, of Synology routers, over OpenWRT and its alternatives (I rmb one called Tomato something) is that it's so much clearer and easier to use quickly and climb from there. With OpenWRT in my old memories you were thrown in a discouraging mess that made me struggle a bit to find simple features (but it has them all).


I've been super happy with mine as well. It is a great balance of flexibility and usability. I had a MicroTik prior which worked well, but I was just tired of having to re-learn networking chops to make any changes. The Synology really has been a breath of fresh air, and have had no problems with it over the past year.


I also have this router and like it so far, but I haven't had it long enough to recommend it. In addition to the other features mentioned, it supports load balancing and failover, which is why I bought it. You can make a cloud account for it but that's by no means necessary.


I spend a LOT of time trying different routers. I've pretty much settled on the Asus routers - 58U, 88U. Out of the box they're pretty good, but once you load them with the Asus Merlin firmware, they're rock solid.

I've visited a lot of homes to help troubleshoot internet connections, and the ones I've converted to this combination have gone silent (much more stable connections/wifi).


Go to goodwill or Craigslist, there are a lot of routers, like 1080p monitors, the world doesn't need any more low or mid range routers purchased new. Save a bit of waste from going to a landfill.


FritzBox 7530. That's all I use. Cons: A bit above your stated price point; not sure what international availability is like.

https://www.amazon.de/-/en/Router-Supervectoring-Server-Suit...


When I got a FritzBox sort of by accident was when I stopped using an old PC as a router. FritzBoxes can really do a lot.


There's a few other router recommendations in these discussions from the past week:

- Hidden Networks in TP-Link Routers https://news.ycombinator.com/item?id=29641868

- MikroTik RouterOS v7 stable released https://news.ycombinator.com/item?id=29473704


Asus has been good for me. You could see what modern models are supported by asuswrt merlin or tomato firmwares.

http://freshtomato.org/

https://www.asuswrt-merlin.net/


Linksys Velop can be set up without a cloud account:

https://www.linksys.com/gb/support-article?articleNum=226218

Aruba Instant On might be possible too, but I am not sure.


OpenWRT is definitely the single best option, however there is very limited support for the WiFi6 routers. If you're upgrading to 6 or 6E, as I was this last month, I found few options for OpenWRT.

However, I already operate OPNSense as my primary router, and all WiFi "routers" on the network act as Access Points and do no routing. OPNSense provides granular control over the network, and offers all the services you would expect in at least a SMB-grade edge device (arguably enterprise), including routing, firewall, DHCP, DNS, IDS/IPS, etc.

Even in AP mode (routing disabled), the new WiFi COTS routers seem to phone home. My guess is a combination of checks for patching and some telemetry. I just block those lookups at the DNS layer for that device, which was effective enough at preventing the traffic. If I have to, I'll block outbound from that device specifically, though I admittedly haven't played around with the after-effects since its sort of the gateway for that specific NIC interface.


I have given up on trying to find a consumer all-in-one router/ap combo and just have a dedicated router and dedicated access points. You can simply block all the Internet traffic for your access points and you will have more options to pick from for the router part. I am now running on a NanoPi R2S with some TP-Link Omada access points and I didn't have to touch anything for almost two years since I decided on this setup :)


I have dedicated APs but don’t have a nice router.

I haven’t figured out if using APs for Wi-Fi and using my ISP’s router for routing loses me any speed. Does anyone think an additional NAT layer could improve performance?

I imagine it’s features vs performance


It's not really features vs performance. I don't know where you are based, but here in Europe ISPs must (I think?) put the router into bridge mode upon your request, from which point you can use whatever you want and the box from ISP acts mostly as a modem/media converter. I was even able to cut out this part by using an SFP GPON module I found!

Regarding speeds, it depends on what you are working with. Basically anything can do 100Mbit, most basic consumer gear seems to top out at around ~300Mbit and if you want to go higher, you need more powerful ARM SBCs or x86 based routers.


Thanks so much!

I’ve always had low cost and fast enough service. I moved outside of the wired service area and use 5G cellular home internet which while slow compared to global standards, it’s the fastest home internet I’ve had.


I don’t know that much about APs. They have to be wired into your router? I have some nearly-dead spots in my house, and so I think I need APs. Not sure that I could send wires around the house.

I use a buffalo airstation with dd-wrt.


It would be best to run wires with APs to those dead spots. If that is not possible, make it possible. If it is really not possible, then you have the option of powerline adapters or mesh networks, but those are a mostly inferior solution to running a cable and putting an AP there. I recommend not even thinking about repeaters if you are not desperate. Don't forget that the APs can be powered through PoE (Power over Ethernet) which relieves you from the need to have a power outlet at the spot you want to put your AP in.


Thanks, that was a really useful reply. I could probably run a wire (once I figure out where).

Do you recommend a router that doesn’t use wifi, and the wifi comes only from APs? This is not something I had ever considered prior to reading the comments in this post. I’m concerned this is going to be a rabbit hole..


It really depends on what you want/need. Since I realised that I don't need to only have a single device, it just makes sense to me to have them separated. When you want faster wifi, you upgrade the access points. If you need router with better capabilities, you buy a new router and still have your perfectly well functioning wifi.

I like OpenWRT and not needing to research whether some device's wifi will work is a plus for me. You can of course still have a router with wifi capabilities, I just found that separating them makes upgrading to new devices easier. I can also keep using my older devices - I used an ASUS NT-14U router for a few years. It was great, it had plenty of RAM and flash for the time, OpenWRT run great on it. Then I wanted to upgrade to 5GHz wifi, but I just run into problems with router+wifi combos having inferior wifi performance on OpenWRT compared to stock device - usually only half the speed an sometimes even unstable. Then I realised I could just buy new 5GHz APs and keep using my old router. I have been mostly happy with my home network since that realisation. I bought some TP-Link Omada "small business" APs (EAP245 and EAP225-outdoor) and knock on wood I didn't have any problems that I can recall for a few years already. People also usually recommend Ubiquiti APs and devices, but I have never really gotten into that and the TP-Link offering seems to be a better bang for my buck.

If you are able to run a wire, do it, even if it means some more initial work or it being a little ugly at some spot. It is just simply more reliable than the other options. Your future self will not thank you, because he will not even realise how smoothly everything is running ;)


I don't recommend custom router firmware to anyone that isn't 1) confident in their ability to troubleshoot problems you will definitely have and 2) at least somewhat intrigued at the prospect of spending several hours troubleshooting their router.


Even though I still maintain my hacker mindset, as I get older, the more I fall into "I just want it to work."


I said those exact words after sinking the better part of a weekend into trying to get WAN failover working on my (now useless) dd-wrt router. Once it stops being fun I'm ready to reach for my wallet.


Mikrotik is nice too, if you need a bit more, I would check it out. I have been using one at home for a few years. Fantastic software and hardware but more on the advanced side.


Turris Omnia [0], although if you can you might want to wait for the 2022 model [1].

Alternatively, build your own out of Turris MOX modules [2].

[0] https://openwrt.org/toh/turris/turris_omnia [1] https://forum.turris.cz/t/turris-omnia-2022/15995 [2] https://www.turris.com/en/mox/overview/


Here is a company that offers refurbished routers with DDWRT installed https://www.flashrouters.com .

Note -- I didn't realize this when I originally bought mine -- they bundle support in with the starting price, and you have to have 3 months of support minimum, after which you can cancel. So assume you have to pay an extra 60-90 dollars on top of the hardware price.

But then you own a router with open source firmware that you can manage locally.


It really depends on the functionality and performance you want. Given the price range the performance side will be on the low end.

I would recommend moving up your price-point (if at all possible) and buy something slightly more capable that will last, potentially, longer.

Protectli [0] and Qotom [1] are popular among the OPNsense[2] / PFsense[3] / Untangle[4] firewall distros with respect to small form factor devices.

If all you want is a cheap "router" with a bare bones feature set for Internet edge routing I'd recommend a Ubiquiti EdgeRouter X [5]. At $59 it's the best piece of hardware you're likely to get for the money with total control and less big-brother.

If you can't find one email me at my HN username at counterbrea dot ch. I have a few different unused EdgeRouters I could send you for the cost of shipping.

[0] https://protectli.com/ [1] https://www.qotom.net/product/list-58.html [2] https://opnsense.org/ [3] https://www.pfsense.org/ [4] https://www.untangle.com/ [5] https://store.ui.com/products/edgerouter-x


I've had a fanless Qotom running pfsense for wire-speed (gigE) routing for several years. Set-and-forget, no moving parts. The wifi runs separately, using Unifi atm.


Exactly. I've got both units running in different locations for different (personal) networks. I'd say the quality of the Protecti unit is a bit higher where as you get a bit more for your money in terms of hardware with the Qotom. I was leery of both at first but so far no problems with either brand.


I am very happy with the ThinkPenguin mini router.

https://www.thinkpenguin.com/gnu-linux/free-software-wireles...

It uses LibreCMC--a really well supported Libre branch of OpenWRT.

https://librecmc.org/faq.html

Everything just works, and there are regular updates patching vulnerabilities.


If they had a 1gbps version, I'd buy it.


I messed with OpenWRT on consumer gear for years. I hated the hardware. So many had "all the features" (802.11 coolest, gigabit NICs), but didn't have enough actual compute power/memory to get the performance out of them, or the NICs were "gigabit". OpenWRT works, but turned into a hobby in itself and I just don't have the patience for that anymore.

Since 2017 I've run pfSense and love it. Originally started on a fanless x86 machine with good NICs (until it eventually committed suicide), and now run an actual NetGate appliance. The appliance is even nicer to me, since FreeBSD/ARM isn't a likely drive-by target for a 0-day.

No cloud. Real OS, good feature set, regular updates, great performance.

Unfortunately I haven't found an access point I love without cloud accounts. Running Uniquiti APs now. I do like that they hand off devices between each other well, push IoT to 2.4Ghz and real stuff to 5GHz, etc. I'd never run their router exposed to the internet, but.. yeah.


I've been pretty happy with MikroTik routers. I have an extra HapAC2, if you cover shipping it is all yours (I'm based in US).


is there a good guide on the firewall and routing config? i’m interested in this unit and want to set up separate vlans, NaT, multiple dhcp servers


I've found their Wiki to be quite helpful anytime I have questions https://wiki.mikrotik.com/wiki/Manual:TOC. I


IF you're willing to do the work, an option would be get an HP T730 from eBay, add a low profile Intel quad port I340 or I350 adapter and perhaps add a little more RAM (depending on the T730 you get 4GB-8GB is more than sufficient), and then install pfsense, opnsense, DD-WRT, openwrt or anything else on it. You will have a great little router/firewall that is much more capable than almost anything else in this price range.

NOTE: this is effectively a thin client PC, so you can try different router/firewalls to pick which works best for you. There are also commercial options that people prefer such as Untangle, Sophos and so on. Sophos even has a free home version.

There are other alternates to HP T730, but you may have to look around.

It should come to around ~$100-$120 depending on luck, since it's eBay.


I have this, no cloud needed, OpenWRT compatible if you wish to use that https://www.tp-link.com/us/home-networking/wifi-router/arche...


Never needed one for my Asus.


I second this.

OP, I don't know what kind of research have you done, but Asus routers certainly do not need any cloud account.


I wouldn’t trust the people in the reviews know what they’re talking about.

I just bought a new Netgear router, I’ll be returning it, but it doesn’t require a cloud account.

Outside of Google Nest or Eero I don’t think many require a cloud account unless you want particular features like remote management, etc.


ASUS. Runs WRT. No account needed. Not a Chinese company.


Protectli boxes running OPNsense seem good. A bit more expensive though.

I advocate separating APs and WiFi from router.


this is what i would consider if i wanted to go full alpha nerd about it. although these days could also just run linux.

everything else has the equivalent of a cloud account via automatic firmware updates.


May I ask why you advocate for such separation?


a) all-in-one is often a compromise, e.g. people might like a a relatively plain Linux or BSD to do routing - best on "boring" hardware, but you don't get the best WiFi performance on such hardware. Whereas APs/integrated routers don't necessarily run such OSes best, have driver issues for newest standards etc.

b) incoming internet connection is often in a corner somewhere. Best position for an AP is elsewhere. If that's a problem depends on how you get internet and what the place looks like.


Routers are security sensitive and are long lived. Much like the unix philisophy, do one thing and do it well. A GigE router has been plenty for many years and will likely be fine for most people for many more. Ideally routers are kept as simple as possible and as secure as possible.

WIFI APs however are changing quickly, beam forming, MIMO, 802.11ac, 802.11n, wifi6, 802.11g, etc. Not to mention ideally APs are placed for optimal propagation and might even having more than one per home.

So ideally you don't have to throw away your router to get the current gen WIFI or to add a second AP. Similarly with separate AP and router you don't have to throw away your AP because you need more/faster ports, better buffer bloat mitigation, or improved QoS on your router. When troubleshooting it's really nice to be able to tell if it's an AP problem or a router problem.


I am using Ubiquiti Unifi hardware.

You can run it without cloud account if you wish so. You do not loose any very important functionality.

In particular the Cloud Key actually does not require cloud to function, it is actually a webapp running locally that lets you manage your local infrastructure.


I bought the TPLink Archer A7 and did not need a cloud account for it: https://www.amazon.com/gp/product/B079JD7F7G/


I've also had one for a year now, and I'm happy with it. You can connect to the router's admin interface just by opening 192.168.0.1 in your browser.


The Unifi Dream Machines allow you to set them up without a cloud account since the latest update: https://community.ui.com/releases/UniFi-OS-Dream-Machines-1-...

The Dream Router falls within your price range but is hard to get ahold of right now: https://eu.store.ui.com/products/dream-router-ea

Should be able to set it up and manage it over the local network via their mobile apps or via browser.


Take a look at TPLink equipment. They support cloud accounts, but they're not required. And their equipment is fairly good in my experience. I use the Archer C20 in my house, but in the $40-100 range I'd take a look at the Archer AX20.


Any random Linux distro or Free/OpenBSD install doesn't need an account of any kind. Unless you need an awkward modem which is hard/costly to get (e.g. cable internet, VDSL2+), almost everything can be a decent router. Commercial routers often have some kind of hardware offloading for routing built into their SoCs, but you don't really need that per se at residential internet speeds (<=1 GBit/s).

I'd recommend to separate router and wifi AP because this lets you pick the optimal place for the wifi AP regardless of where the internet cable is. Somewhat more costly but likely worth it for anything bigger than a three-room flat.


Linksys WRT3200ACM is what i recommend. supports openwrt. my 3200 is at my parents being used as an AP only. their router is a Cisco 1921 with zone based firewall and some poe 3750 switches.

My setup here is a Cisco ASA 5512x firewall, catalyst 3750GBe poe switch, WLAN2504 controller and several CAP3702 APs. this requires quite a bit of experience to setup, but works very well. the wlan controller and two APs will probably cost about $300. that alone could be used behind your ISP modem if desired. i’ve got gigabit fiber up/down from ATT and use their modem but pass thru the IP to my asa.


I second this, it's a very capable wifi AP and router that supports openWRT that flashes and installs without any issues (last I tried it about a year ago).


https://openwrt.org/toh/views/toh_available_16128?dataflt%5B...

Enjoy.


MikroTik hAP AC2 is decent. Supports a boatload of features and doesn't really support a cloud account (it'll phone home with it's serial if you use their builtin DDNS feature though).

Routes 1G, wifi is only 2x2 MIMO though so you won't get "amazing 9999 Gbit wifi) which you'll never get in real life anyways because of airtime congestion.

They have a noob UI, "pro" UI and CLI.

Both UI and CLI has all features (9x%, some features are hidden from gui while in beta).


Can't go wrong with MikroTik. I set my family/friends up with these along with a current gen access point. Been running strong for 8 years or so.


GL.iNet routers (https://www.gl-inet.com/products/) have been on my radar for a long time for similar reasons. No experience with their products yet, but they do look impressive with much more positive reviews than I could ask for.


What about a linux box with Smoothwall, and a switch? If you’re unhappy about cloud routers (as I am) perhaps build your own.


Smoothwall & Co are nice alternatives. But it can sometimes be tricky to find good hardware that has two Ethernet ports and are quiet, small, etc.


Good point, to clarify, I was thinking you could take a cheap PC, a couple of nic cards, and spend less than $100. Size would be a problem. I’m thinking a small mini desktop.


My TP-Link router asks you to make a cloud account but you don't need one to to use the web interface at 192.168.0.1


You can't really go wrong with Mikrotik.

They are affordable and have a lot of powerful features.

I have been using the "hAP ac" (2.4/5ghz) model for ~5 years now, and some other 2.4ghz model for another 5 years before that. Whenever I need to upgrade, I'll go with them.


What are the indications that you need to upgrade (aside from "device has broken")?

I've been the same using an 802.11n (2.4 GHz and 5 GHz) since 2014, as well as the same modem since 2014. Aside from flashing a newer version of dd-wrt every four years, I don't think about my modem/router much and I don't know what I'm missing! Speed at my house is fine for my needs - however, my coverage doesn't seem perfect (notably, multi-room speakers have trouble staying in sync). I simply don't know if I'm in the market for a new router! Like, perhaps the coverage issue should be resolved with AP/extender/mesh (and I have no idea which one of those).


I suspect I will upgrade when I go from 1 GbE to 100 GbE for local network. After looking at storage speeds and other things, it seemed like I should just skip 10 Gigabit altogether (cheaper to get additional faster NVMe SSD drives for local devices). And the AC wifi is completely sufficient for my needs. Upgrades won't be needed until all the ISP's finally start offering >1GbE at home. Who knows how many years it will take.

And when it comes to software updates - I still receive them. Even my 10 year old Mikrotik router got upgraded to the new v7, with Wireguard support, etc.


Thanks. I have a Mikrotik HAP AC2 on order to (hopefully) replace my Buffalo Airstation wzr-600dhp (an ancient N). Once that proves itself I’ll get perhaps another AC2 to act as an AP. And will also look into replacing my Arris SB6141. Baby steps.

I haven’t delved into local speeds very closely. My home “server” is simply a pi4 with a WD mounted and shared across my network. I have navidrome on the pi for music and just use the file explorer for video. I sometimes have an issue when watching vids over wifi where the band simply stops being responsive and I have to switch over to 5ghz (or the other way). It’s strange, and my assumption is usually “spectrum is suspicious of something.”


I have an asus AX3000 bought last year. I don’t remember there being any cloud account associated with it, but it is out of the price range ($150) you’re asking for.

It could be the budget options are reducing prices in exchange for the ability to gather data, similar to smartTVs


Thanks everyone for making recommendations. I never expected so many answers :D Happy holiday!


Edgerouter X


MikroTik has some fantastic products in your price range. Could wholeheartedly recommend them myself. https://mikrotik.com/products


Used Ruckus AP/router from eBay. Ridiculous reliability and performance for a home setup. Downsides are missing the absolute latest tech, it being EOL gear, and no warranty if it somehow dies.


What other requirements do you have? Wireless? How fast is the connection? How many devices will be on it, and what kind of performance do they require? Is this for you, or your Grandma?


Not quite and off-the-shelf product, and also largely out of stock, but many people like to get a PC Engines APU2 and run OPNSense or OpenWRT on them.


Note for ddwrt enthusiasts that some gigabit or faster routers (eg asus) will perform an order of magnitude slower than with the stock firmware.


>need a cloud account to access the management page

Do they? Zyxel don't, Huawei don't, Netgear don't, Asus don't etc etc..


Microtek hands down the best value for money.


Only if you like to get p0wned (they have terrible security track record)


Therey're 10x as careful now, probably. Mikrotik is great at releasing patches, so even if you have old device, you are covered.


I've had very little contact with Mikrotik products, but that's the amazing thing about them, to me.

Any old Mikrotik device can run the absolute latest firmware (at least as far as I could tell, and I've got a 8+ year old Mikrotik device).


I presume you mean Mikrotik?


Yea :) autocorrect is not my friend


How so?


You can pick up a hAP2 for ~£60 which gives you a LOT of configuration for the money. You can make it as simple or as complicated as you like.

The only downside is it's not exactly a point and click GUI - but for what you get for your money they are worth it


Do they comply with the GPL though?


Anything listed here: https://ryf.fsf.org.


https://www.pfsense.org


How about a custom built solution?

Protectli Vault FW4B - 4 Port with OpenBSD and a Ubiquiti AP.


Sounds good, just waiting for an updated flavor with 2.5Gbit ports. I keep routers for a long time and 2.5G is pretty common for the last few years. Seems like in the last few years many motherboards and Comcast modems come with 2.5G. Even some Intel chipsets are supporting 2.5G these days.

Currently I have a EdgeRouter 6p + 2 Ubiquiti APs. But I'd like to update the router to something with at least 4x2.5G, or maybe 2x10G and a few 2.5G.


My Arris modem/router combo didn't need a cloud account.


Normally I go to eBay and search openwrt, there are several models


Mikrotik HAP AC2. Great value, great power, easy setup.

OpenWRT also great option.


how comfortable are you with swapping the firmware out? DD-WRT or Tomato (or any of the other options) should all be local only.


OP obviously used a new throwaway (presumably one-time use) account. Does anyone know what might be the reason for this?


Maybe he doesn't want to create a permanent record of the router/AP hardware that they are using, that could easily be found by someone Googling their username?


EdgeRouter-X


Mikrotik


Mikrotik.


Ideally you should get one wired router, Cisco and Juniper are famous. Depending on your configuration, you might want one 24-port switch as well. 10GE support is going to be a nice future proofing but adoption is still lagging. Add as many wireless APs as necessary per each 10-20ft radius to cover and you're good. ok I'm 82.5% joking. I'm not doing anything fancy as that, just an EdgeRouter X and a whatever AP.

Are you sure it's cloud account? All routers need ID and password but usually it's local and only ever stored on router itself.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: