Networking Hardware
Information and guides related to home networking and computer hardware, including Routers, PCs, devices, and appliances.
Router Firmware for SOHO Equipment
Router custom firmware information for common models of Small Office/Home Office router equipment, such as Netgear, Asus, and Linksys routers.
Fresh Tomato
FreshTomato is a firmware project based on Linux, targeting home and SOHO routers. FreshTomato is distributed on the GPL license.
FreshTomato supports Broadcom based systems.
I currently run Fresh Tomato firmware on several Netgear Nighthawks. The R7000 and R8000 are my current preferred routers for Fresh Tomato firmware.
It is far superior in both security and features than the original Netgear firmware that came with these routers. Unlike Netgear, updates for the router firmware to address security vulnerabilities or correct bugs are available on a regular basis. Netgear would usually take well over a year to address security issues, if at all.
Installing on a R8000 Router
Since I use Netgear Nighthawk R8000 routers in my environment, I thought I would outline the process I use to flash fresh Tomato firmware to them. Fresh Tomato supports other broadcom based routers as well. If you have another make and model of router, you can check if yours is supported by going here.
Be sure to read the installation information for your model of router. This installation guide is simply the way I install the firmware on my R8000 routers. I do not imply any guarantee this will work for yours. You are responsible for taking the risk.
I will get the instructions in here as soon as time permits. A bit busy with life at the moment.
Fixing a 'Bricked' R8000 Router
Recently, I decided I wanted a router as a "shelf spare" in the event one of my production routers failed. Since I have previously flashed many R8000s for myself without issue, I proceeded to purchase a used R8000 from eBay. This particular router, however, 'bricked' on me when I attempted to flash Tomato firmware to it.
“Bricking” essentially means a device has turned into a brick. It may be an electronic device worth hundreds of dollars, but it’s now as useful as a brick (or perhaps a paperweight). A bricked device won’t power on and function normally. A bricked device cannot be fixed through normal means.
Anyway, I thought I would detail the steps and requirements I used to 'unbrick' my router and get it working with Tomato firmware.
I will get the instructions in here as soon as time permits. A bit busy with life at the moment.
DD-WRT
DD-WRT is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.
DD-WRT Control Panel
OpenWRT
The OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
Open Source Router Software
Software for building your own router/firewall/IDS/IPS appliance.
OPNsense
OPNsense is an open source, FreeBSD-based firewall and routing software.
Installed on appropriate hardware, it replaces SOHO routers with a much more robust, effective and powerful appliance to protect your home network. Using built-in and available add-ons, you can build a feature set as simple or complex as you require. Integrations such as intrusion detection/prevention, DHCP and DNS services, VPN services, Firewall with aliasing just to name a few, come standard with OPNsense. Add-ons, both free and subscription-based are available. Using the add-ons, referred to as plug-ins in OPNsense, you can setup proxys, reverse-proxys, web caching, and much more.
As an example, I have my OPNsense appliance setup with extra security measures using Crowdsec, Maltrail, Country Blocking and Zen Armor (Formerly Suricata). I also have a Wireguard VPN setup to permit secure access to my internal devices and servers should I need to access them remotely. I utilize OPNsense's built-in Unbound DNS application to manage and secure my domain name services.
Frankly, I had been using consumer routers (NetGear, ASUS, etc) with custom firmware (DD-WRT, Fresh Tomato, etc) for years. They just couldn't keep up with the demands placed on them and they had very little in the way of firewall and no instrusion detection/prevention ability. Using OPNsense, I have essentially future-proofed my home network from most bad actors and have noticed a SIGNIFICANT improvement in throughput as well. You are really only limited by the hardware you choose to run it, which, even on low end hardware, is substantially more powerful than any high-end consumer (SOHO) router.
While OPNsense's default Lobby dashboard is pretty good, I'd recommend using a combination dashboard that utilizes InfuixDB, Grafana and Telegraph or Ansible. A really good example of this is Brendan Smith's implementation shown in the pic below and instructiions for this dashboard can be found on his website "How to Configure an OPNsense Dashboard"
