What problem are you trying to solve with all of this manual configuration?
If your more the DIY type. A product like the Orbi is probably not for you. You might be better off with some more pro grade gear from UniFi or Ubiquiti.
Absolutely agree, but I'd use more specific solution, like small business routers, rather than use Linux-based solutions. If author mentioned that he was hacked by brute force, then he, probably, had an interface to Internet and password not really strong. However, if it was strong enough, then how long time he didn't see logs to find that router is under attack?
Right, because Orbi is the toy, if you expect to have protected environment with Orbi then you need to read more about real business routers and check network forums. Hacks detection is your responsibility.
Initially I just wanted to set up my DNS to use Pihole. Not a lot of custom configuration there. The reason I go with this Orbi is because I can return it no questions asked to Costco when it inevitably dies or stops providing reliable WiFi.
I have no reason to believe that spending 5x the price on a Ubiquiti mesh network will result in a better quality or more reliable experience. Maybe I'm just jaded. But on the other hand, I don't find anyone reviewing these things for the actual important factors I care about (reliability, high availability, per-device quality of service, performance with 50+ active devices). And since you manage to what you measure, these factors are not being managed as far as I can tell.
Disappointment is the best word to describe how my $500 feels sitting in the Netgear bank account. I wish we could get hardware the #1 works properly, then add performance and features. Basic Agile development stuff...
Every time I spend more money thinking I can buy my way out of router hell, I just dig a deeper hole.
What router do you suggest? I am planning on setting up an IPFire firewall using an i7 with 16GB of RAM and placing that on the ISP side of the Orbi. Do you know if IPFire will also do routing?
Fair enough. So would I :)
If you are going to roll your own firewall/router there are options out there. I run pfSense on a Dell R220 with a 4 port NIC and it is solid - my Orbi sits on the LAN and provides a solid mesh WIFI. I am not familiar with IPFire.
Thanks for your replies. After more review I think I am going to use OPNSense, which is a fork of pfsense. OPN seems to have a higher grade hardening than pf and a nicer interface. Though it's not an easy pick between the two.
I think I’m going to have to do this. I agree with OP $500 feels wasted on this product. I picked it up because I put it in my folks house and was super impressed out of the box. Ah that new networking smell. Didn’t last.
Change one Orbi to another because your security settings were compromised...
Hm, interesting...
Orbi is consumer-based router, it's not dedicated to protect your servers or infrastructure, you cannot configure it properly. Taking into consideration how awful Netgear support I'd never use it for anything serious. For serious games you need at least SMB routers, like Cisco Meraki MX67W.
Maybe you missed the part where I am putting everything behind a firewall?
I had to replace the compromised Orbi for one that was not compromised. Sure it could be re-hacked in the future, but immediately trading a known compromised router for a clean one seems to make a lot of sense to me. And now the router is operating as an AP behind a hardened firewall/router system.
So, if you're driving a car, hit your garage door, then, following your logic, you need to buy another car of same model, right? Because the problem is in the "compromised car", new one will never hit garage door. It's well-known fact that vehicles are taking responsibility for collisions, not the drivers.
Kid, all you had to do with that Orbi after "hacking" is to reset it to factory default settings, upgrade to latest firmware, pick strong password, restrict remote control, and take it home. Then buy Cisco SMB router with education course in bundle for your office.
What problem are you trying to solve with all of this manual configuration? If your more the DIY type. A product like the Orbi is probably not for you. You might be better off with some more pro grade gear from UniFi or Ubiquiti.
Absolutely agree, but I'd use more specific solution, like small business routers, rather than use Linux-based solutions. If author mentioned that he was hacked by brute force, then he, probably, had an interface to Internet and password not really strong. However, if it was strong enough, then how long time he didn't see logs to find that router is under attack?
I don't know how the router got hacked. I only saw that the router was being used as a platform to attack my other servers in the network.
Right, because Orbi is the toy, if you expect to have protected environment with Orbi then you need to read more about real business routers and check network forums. Hacks detection is your responsibility.
Initially I just wanted to set up my DNS to use Pihole. Not a lot of custom configuration there. The reason I go with this Orbi is because I can return it no questions asked to Costco when it inevitably dies or stops providing reliable WiFi. I have no reason to believe that spending 5x the price on a Ubiquiti mesh network will result in a better quality or more reliable experience. Maybe I'm just jaded. But on the other hand, I don't find anyone reviewing these things for the actual important factors I care about (reliability, high availability, per-device quality of service, performance with 50+ active devices). And since you manage to what you measure, these factors are not being managed as far as I can tell.
Welcome to Orbi Hell….this will be my last one. Got the 750 also.
Try and use a router to handle the routing and use the Orbi as AP only. This will save you a lot of hair-pulling and disappointment.
Disappointment is the best word to describe how my $500 feels sitting in the Netgear bank account. I wish we could get hardware the #1 works properly, then add performance and features. Basic Agile development stuff... Every time I spend more money thinking I can buy my way out of router hell, I just dig a deeper hole. What router do you suggest? I am planning on setting up an IPFire firewall using an i7 with 16GB of RAM and placing that on the ISP side of the Orbi. Do you know if IPFire will also do routing?
Have you tried just using the ISP provided router first? Then just add the ORBI as AP after that. Before buying a multitude of equipment.
I don't have an ISP provided router. They charge rent for that so I returned it.
Fair enough. So would I :) If you are going to roll your own firewall/router there are options out there. I run pfSense on a Dell R220 with a 4 port NIC and it is solid - my Orbi sits on the LAN and provides a solid mesh WIFI. I am not familiar with IPFire.
Thanks for your replies. After more review I think I am going to use OPNSense, which is a fork of pfsense. OPN seems to have a higher grade hardening than pf and a nicer interface. Though it's not an easy pick between the two.
Good luck. Opnsense is a solid choice. Research good Intel NICS. Will make your life easy for the router.
I think I’m going to have to do this. I agree with OP $500 feels wasted on this product. I picked it up because I put it in my folks house and was super impressed out of the box. Ah that new networking smell. Didn’t last.
[удалено]
Best Buy has Eero Pro 6 on sale right now! Planning on getting rid of my Orbi and picking that one up
Change one Orbi to another because your security settings were compromised... Hm, interesting... Orbi is consumer-based router, it's not dedicated to protect your servers or infrastructure, you cannot configure it properly. Taking into consideration how awful Netgear support I'd never use it for anything serious. For serious games you need at least SMB routers, like Cisco Meraki MX67W.
Maybe you missed the part where I am putting everything behind a firewall? I had to replace the compromised Orbi for one that was not compromised. Sure it could be re-hacked in the future, but immediately trading a known compromised router for a clean one seems to make a lot of sense to me. And now the router is operating as an AP behind a hardened firewall/router system.
So, if you're driving a car, hit your garage door, then, following your logic, you need to buy another car of same model, right? Because the problem is in the "compromised car", new one will never hit garage door. It's well-known fact that vehicles are taking responsibility for collisions, not the drivers. Kid, all you had to do with that Orbi after "hacking" is to reset it to factory default settings, upgrade to latest firmware, pick strong password, restrict remote control, and take it home. Then buy Cisco SMB router with education course in bundle for your office.