[Discuss] Reviving topic-Secure Wireless Router

[richb at pioneer.ci.net (Rich Braun)]

The postings about setting up a "secure wireless router" flew by and I didn't
pay attention at the time because, well, wifi worked fine enough for me.

But I've now got a new housemate who works for Apple and is in that age group
that never had to deal with 10BaseT thin-net networks or RS-232 patch panels.
We also happen to live in one of those neighborhoods where most people have
already ditched DSL as the cable/fiber/wireless providers tout speeds of
50-100-250 and now full gigE at prices between $30 and $100/mo.

My housemate's complaint: "it has been very slow for me", lamenting that
speedtest.net reported "only" 10-15Mbps which I would've thought was fine. Two
years ago to this day, I bought a Netgear WNR2000v5 router that I had to toss
in the parts bin yesterday.

So on that other topic, future-proofing, I wanted to point out to any of you
who are contemplating router swaps that we're in the midst of a rather abrupt
arms-race among home Internet providers, which is forcing a re-think of the
wifi problem.

For me it started at the office. Now that I'm no longer running an ISP or data
center myself, I was out of the loop as we suffered increasingly-terrible wifi
connectivity at my office circa 2015-16 as we tripled headcount. After moving
into a new building in May 2016, and the bugs were wrung out after a couple of
building-wide wifi outages, suddenly everything got vastly faster and more
reliable. I no longer care so much about the IT Services nazis who refuse to
activate the hardwired ports without signatures in blood from two
vice-presidents; wifi's gotten better.

There seem to be two basic varieties of wifi routers on the home-networking
shelves of Best Buy (and their virtual counterparts at Newegg / Amazon):
meshed and (for lack of a better word) traditional. At the office we have the
enterprise meshed products from Cisco; so far the home-products purveyors are
missing one Cisco feature I'd like to have (shared SSIDs with backhaul over
hardwired connections) but my home is just barely covered dequately by the
router I bought this week: same brand as before, but with gigE and 5GHz at 3x
the price I paid in 2015: Netgear R6400v2.

Alas Netgear has yet to resolve one security issue I care about: providing a
separate subnet and a separate internal set of DHCP settings for the guest
network. Guest connections only work when I tell it to make the whole LAN
visible on the guest SSID; the only way to provide full isolation would be to
define a VLAN and set up dnsmasq services on a separate container/VM instance,
which is beyond what I feel like fooling with right now. (Most Netgear
customers presumably don't run their own DHCP / DNS like I do, so the feature
request must be way down on Netgear's roadmap priorities.)

So if you've done an upgrade to 5G wifi in the past couple years, I'd love to
hear about your experiences with these products. The meshed ones seem like a
niche that will improve quite a bit over the next few years, with new
contenders like Google (they make hardware?!), Eero, Luma, Securifi, a
separate product line Orbi from Netgear, Ubiquiti, et al. Even Samsung has
jumped into the market, trying another angle on the whole
connected-home/home-automation thing that started just over four decades ago
with X10.

With the new router, my Apple guy downstairs reports: "That totally fixed it!"
Now we get a hundred megs through our wi-things. But it's a tad more
complicated: I had to dig through the somewhat-expanded Netgear menus and to
find separate SSID and auth settings for 2.4G and 5.0G internal components. I
now have four SSIDs broadcast where I once had one.

-rich