John's Musings


Yeah, Me Neither

Best Router Deal in History with some caveats.

Ok the goal of getting on the internet at home usually involves having the cable company come out and give you a modem. You in turn need a router but you know deep down the cable company router is a screw job extraordinaire. So you go buy your own. You go to Walmart and buy the cheapest thing that says "REALLY REALLY FAST" on the box. And they advertise speeds that you can't actually achieve but that's a blog for another day!


Never mind.......I'll touch on it. I have a MacBook Air. Top wifi speed is 867 MBPS. I don't care how fast the router is..........the max speed I'm going to connect is 867 MBPS. See where I'm going with this? TEST QUESTION: So an AC 3200 MBPS router connects me at what speed? If you answered 3200 MBPS you are clueless and probably a democrat. The correct answer is 867 MBPS.


Also, look at the router box real close. See any discussion about security on it? Nope. You won't. Why? Because they aren't secure because the real goal is that the dumbest person who opens the box be able to connect to the internet without them paying a tech support person for an hour to help you on the phone. Isn't that swell?


So here's a banging banging deal on a router that nets you decent security as well. First of all we want a D-Link DIR-860L version B1. Go in any store that sells them and you'll likely get a version A1. We want the B1. Look carefully at the box. They're a little hard to find in the US but I found one on eBay for $40 here.





It looks different than most routers which are rectangular boxes. Now right off the bat I'm going to tell you that D-Link has HORRIBLE SECURITY but we're going to blast their router software and add our own. This propels the DIR-860L into beast mode.


We're going to use LEDE firmware. This is a little geeky but worth the effort. Go to this page and download this file:


Now I am having you download the Developmental version that has no graphical interface. There is a stable version that does have a graphical interface and that would make a lot of the steps below not necessary but we want to enable something called Smart Queue Management Quality of Service (SMQ QoS) which crashes on the stable version right at the moment of this writing (5 May 2017). So we use the bleeding edge version.



Now power up your router and connect to your computer through port number 1, not the one that says internet, the one that says port 1.


Now go to a browser after it boots and type this address in the bar. At this point do not hook the router to the internet. Crappy security, remember?


192.168.0.1


You'll see the router config page. It'll try to get you to configure the internet but just X out of all that and you'll land at this page:





Click on advanced and then UPGRADE. And make no mistake, LEDE is an upgrade!




Now flash that file you downloaded previously. It will take a few minutes and you won't really be able to watch it because the address will change from 192.168.0.1 to 192.168.1.1 Just let the page countdown to 100% and take a short break to be sure it gets flashed.


Now developmental versions don't have a graphical interface but it's no problem to install one. Open Terminal in Mac or Putty in Windows and go to 192.168.1.1. In Mac type this.


ssh 192.168.1.1 -l root


That's a lower case letter L before root.


It will bark at you because there is no password. Ignore for the moment. Get ready to copy and paste these commands then hook the router to the internet and pass these 4 commands one at a time.



opkg update

opkg install luci

/etc/init.d/uhttpd start

/etc/init.d/uhttpd enable


Now go to your browser and type


192.168.1.1


and then configure your password. You can type anything in for a password then it will take you to the password change screen where you can change it. Make it a strong password. While you are on the password page set dropbear ssh to LAN as shown below. Then at the bottom of that page (not shown below) click save and apply.






Now go to Network "Wireless" and configure your WiFi





The Wireless Security tab is where you set the password.




Use Force CCMP (AES) as that is most secure




Now you have a $40 router that is a bad mama jamma. Now here is a bad ass trick to deal with something called BufferBloat. Bufferbloat quite simply is this:



Bufferbloat is the undesirable latency that comes from a router or other network equipment buffering too much data.


So this is probably something you didn't even know you suffered from. Why? Because your router is set for the stupidest user like I said before. Not the fastest or most secure user.


So lets put the DIR-860L into Internet Beast Mode.


Go back to your terminal and type


opkg install luci-app-sqm


Now go to System > Startup




Scroll down to "sqm" and click the start button and make sure it is enabled.




Now go to the Network Tab and at the bottom should say SQM-QoS. Click on that.




Now I set mine up according to the screenshots below. Your Mileage May Vary and I may not have it set up perfect but I pass the Bufferbloat tests at DSLReports like a boss. Note that each picture is of each of the three tabs on the page.






Now test at DSLREPORTS Speed Test.



Forty Bucks Folks. Forty bucks. Secure AND FAST.

63,333