Router Review - Linksys WRT3200ACM
I need another router like I need a hole in the head or an STD. That being said I stumbled across the router deal of the decade for a refurbished Linksys WRT3200ACM for $119. It's a great deal because retail is roughly double that and it's a brand new state of the art router.
All that being said, it's still a Linksys router and the home router market is just not as secure as you'd like it to be. The goal of the router manufacturer is that the dumbest customer they have open the box, plug it in, and get it working. That's not exactly built with security in mind.
For more details go to this website RouterSecurity.org.
You personally couldn't get me to run a home router directly off of a cable company modem. I run my home network behind a hardwire firewall. You should too. I use a pfSense SG-2220. You don't have to buy an appliance from there to have a pfSense firewall. It is open source software. You can buy an old rack mounted server on eBay for next to nothing with a Pentium Xeon chip and install pfSense which is free. You can use an old computer as well with 2 network cards. Only problem with that scenario is that you want an appliance that sips electricity, rather than gulps it. That's why an appliance with no fans and such is desirable. You can build your own as well with a mini ATX motherboard and CPU with passive heat sink. Throw a stick of RAM in and a hard drive and you're all set. Buying old on eBay is your least expensive route though.
Also I don't run stock firmware on my routers. I use Open Source Firmware which I believe to be more secure, faster, and just a better all around experience. They have plenty of added features that the stock firmware doesn't have. For example you can configure Ad Blockers, or set up a VPN server or client, or make a cool page where users have to log in like you see in hotels and such.
The Linksys WRT3200ACM claims to be OpenSource Ready and while that's kind of true, let me clue you in on something. Linksys is owned by Belkin and while they do support Open Source the Wifi Chips in this router are made by Marvel and their Open Source driver development is ages behind their proprietary drivers. The DD-WRT and OpenWRT forums are rife with problems with wifi right at the moment (APR 2017).
What's that mean for you? It means if you run DD-WRT or OpenWRT right at this moment you're going to likely experience wifi issues. Common problems reported are "IT WORKS AWESOME" then two days later you see "MY WIFI SPEED CHOKED DOWN TO NOTHING AND I HAD TO REBOOT THE ROUTER"
When I bought this routers cousin, the WRT1900ACS which I'm currently running the exact same scenario played out. It was about a year before the wifi drivers were good enough for daily usage. My WRT1900ACS is rock solid stable and has been for some time.
So I'm counting on Marvel to come through so the Open Source Firmware guys can incorporate those new drivers in their builds. So I opted to buy the WRT3200ACM at $119 knowing the problems will be resolved soon (hopefully).
But because I run behind a hardwire firewall it SHOULDN'T be an issue for me to run the Linksys Firmware for a bit until they get it resolved.
My home network is a bit more complicated than most as you can see. It's a conglomeration of hard wired ethernet and 2 wifi Access Points. Clients are not depicted. Thank goodness. The page isn't large enough :)
One of the best key features that no one knows about except super geeks is that there are two boot partitions. What that means is that your router comes with Linksys firmware and if you upgrade to DD-WRT Firmware that in reality BOTH FIRMWARES RESIDE ON YOUR SYSTEM. So let's say you muck up DDWRT real good or even you think you might have bricked the router you can turn it off on the switch on back, then turn it on three times until the lights come on, then turn off again. I think on the 4th boot it will revert to the other boot partition.
Or you telnet into the box and can run the following commands:
ubootenv get boot_part # this returns a number 1 or 2
ubootenv set boot_part 1 # this would set your partition to 1, change it to 2 for 2
ubootenv get boot_part # check it to make sure
reboot # restart to the partition you want to boot into.
One thing you don't want to do is update DDWRT from DDWRT because then it resides on both partitions. ONLY INSTALL OR UPDATE DDWRT FROM THE LINKSYS FIRMWARE. There is no DDWRT to Factory Firmware .............yet. The WRT1900ACS has one but the WRT3200ACM does not have a revert file yet.
It's not impossible to get it back but you end up using a TTL to serial converter and cracking open the router case. Not something you really want to do.
Anyway the WRT3200ACM came with the latest firmware (and oh by the way today Linksys announced there were 10 exploits that are unpatched found in their firmware)
The Linksys Stock Firmware is adequate and even has an OpenVPN setup in it which is quite easy. I found that things like Dynamic DNS are hidden or at the least not very intuitive to find. Whatever happened to the left hand link called "ADMINISTRATION"?
It isn't tremendously attractive but I managed to install a variant of OpenWRT firmware called LEDE. Great Open Source Project, very, very powerful firmware but not for the faint of heart. It's fairly geeky. But I'd say it's fairly secure as well. Power and geekiness doesn't always equal polished.