# Awesome Home Networking ## Websites and Resources ### Theme Site - [acwifi.net router exchange](https://www.acwifi.net/) - [Minority: #networkequipment](https://sspai.com/tag/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87) - [What is worth buying: network equipment](https://post.smzdm.com/fenlei/wangluoshebei/) - [SmallNetBuilder](https://www.smallnetbuilder.com/) - [ServeTheHome](https://www.servethehome.com/) - [WikiDevi](https://web.archive.org/web/20191022065144/https://wikidevi.com/wiki/Main_Page): A Wiki about wireless chips, network equipment and other hardware, the website is currently closed - [fccid.io](https://fccid.io/): You can find manuals, photos, disassembly diagrams, etc. of various wireless devices - [INCREASE BROADBAND SPEED Tips and Guides](https://www.increasebroadbandspeed.co.uk/) - [StopLagging.com](https://www.stoplagging.com/) ### forum - [KoolShare](https://web.archive.org/web/20211011001020/http://koolshare.cn/): The site has been closed. Historical articles and firmware can be viewed at [KoolCenter](https://www.koolcenter.com/) - [Anywlan](https://www.anywlan.com/) - [Enshan Wireless Forum](https://www.right.com.cn/forum/forum.php) - [Digital Home: WiFi/Router] ([http://bbs.mydigit.cn/thread.php?fid=147](http://bbs.mydigit.cn/thread.php?fid=147)) - [V2EX: Broadband Syndrome](https://www.v2ex.com/go/bb) - [V2EX: Router](https://www.v2ex.com/go/router) - [Chiphell: Computer Discussion - Network](https://www.chiphell.com/forum.php?mod=forumdisplay&fid=36&filter=typeid&typeid=736) - [SmallNetBuilder Forums](https://www.snbforums.com/) - [Reddit: r/homelab](https://www.reddit.com/r/homelab/) - [Reddit: r/HomeNetworking]([https://www.reddit.com/r](https://www.reddit.com/r)/HomeNetworking/) - Discussion area on the official website of network equipment manufacturers ### Associated Organizations - [Wi-Fi Alliance](https://www.wi-fi.org/zh-hans) - [Broadband Forum](https://www.broadband-forum.org/) - [State Radio Monitoring Center] ([http://www.srrc.org.cn/index2018.aspx](http://www.srrc.org.cn/index2018.aspx)) ### YouTuber, Bilibili UP Master - [YouTube: Lawrence Systems](https://www.youtube.com/channel/UCHkYOD-3fZbuGhwsADBd9ZQ) - [YouTube: Crosstalk Solutions](https://www.youtube.com/channel/UCVS6ejD9NLZvjsvhcbiDzjw) - [YouTube: Willie Howe](https://www.youtube.com/channel/UCD-QkofF-bFBAcI83U8ZZeg) - [Bilibili: BIG Dongdong](https://space.bilibili.com/108142407) - [Bilibili: Sibotu](https://space.bilibili.com/28457) - [Bilibili: NGXHK](https://space.bilibili.com/30496941) - [Bilibili: Vedio Talk](https://space.bilibili.com/28459251) - [Bilibili: Wukong's Daily Life](https://space.bilibili.com/250915741) - [Bilibili: Sauce Purple Table](https://space.bilibili.com/11544017) ### Books, Tutorials - [Linux Advanced Routing & Traffic Control HOWTO](https://lartc.org/) - [Advanced Routing and Traffic Control for Linux HOWTO Chinese Version](https://lartc.org/LARTC-zh_CN.GB2312.pdf) ## hardware equipment ### Equipment type ### Wireless Router Our most common wireless router (SOHO wireless router) actually not only includes the function of a router, but integrates multiple functions such as a router, a firewall, a switch, and a wireless AP. The operation and setting are relatively simple and can meet the needs of most families. - [Wireless router - Wikipedia](https://en.wikipedia.org/wiki/Wireless_router) ### Wireless mesh system/distributed routing When a single wireless router cannot meet the coverage area, multiple devices can be networked to expand the wireless area. Multiple nodes of the wireless mesh system can communicate with each other to form a mesh network, and automatically select the best path during communication. At present, a large number of manufacturers have launched wireless mesh systems for home use. - [Wireless mesh network - Wikipedia](https://en.wikipedia.org/wiki/Wireless_mesh_network) ### Wireless AP Wireless APs generally only provide Wi-Fi access functions, and need to cooperate with switches and routers to build a complete wireless network. Compared with the home wireless mesh system, the networking of multiple wireless APs has advantages in terms of stability, speed, and coverage area. The disadvantage is that the installation is complicated, and it is mainly used in enterprises. When it is used in the home, it generally needs to be considered in the initial stage of decoration. - [Wireless Access Point - Wikipedia, the free encyclopedia]([https://zh.wikipedia.org/wiki/無線接��](https://zh.wikipedia.org/wiki/%E7%84%A1%E7%B7%9A%E6%8E%A5%E5%85) %A5%E9%BB%9E) ### switch Switches work at the data link layer and can connect multiple devices within the same network. For example, there are multiple computers, game consoles and other devices at home, but the number of network ports on the ordinary wireless router is insufficient, you can use a switch to expand the network ports to connect multiple devices. - [Network switch - Wikipedia, the free encyclopedia]([https://zh.wikipedia.org/wiki/網路交換](https://zh.wikipedia.org/wiki/%E7%B6%B2%E8%B7%AF%E4%BA%A4%E6%8F%9B) %E5%99%A8) ### Wired Router Routers work at the network layer and are used to connect two or more networks and forward data between multiple networks. For home scenarios, routers are generally used to connect operator networks and home networks, and are responsible for allowing devices at home to access the Internet. When ordinary wireless routers cannot meet the needs, you can use more powerful wired routers, combined with switches and wireless APs, to build a home network. - [Router - Wikipedia, the free encyclopedia](https://zh.wikipedia.org/wiki/%E8%B7%AF%E7%94%B1%E5%99%A8) ### Soft Routing Soft routers generally use general-purpose hardware platforms, such as routers built on x86 servers. Compared with ordinary routers, special hardware is rarely used to accelerate functions such as message forwarding, but it is processed in the form of pure software. Since the soft router uses general-purpose hardware, has a large memory, and mostly runs an operating system based on Linux or FreeBSD, it can expand more functions through software and has greater flexibility. In terms of performance, soft routers have more powerful CPUs, but ordinary routers can implement routing forwarding, QoS, NAT and other functions through specialized hardware, so simple comparisons cannot be made. - [What is soft routing? - Zhihu](https://www.zhihu.com/question/263523980) - [From hearing to getting started, a soft routing entry guide that everyone can understand - Minority](https://sspai.com/post/58628) - [OpenWrt (with soft routing) concise tutorial](https://larrywonss.github.io/) ### light cat Optical cats are used to convert optical signals into electrical signals. At present, most household optical modems also have the functions of routing and Wi-Fi. Optical modems are generally provided by operators and rented when broadband is installed. Some users who are pursuing the Internet will also choose to purchase by themselves, but different regions have different requirements for optical modems, and the setting methods are not necessarily the same, so you need to understand relevant information before purchasing. In addition, there are hardware such as PON Stick, which integrates optical modems into SFP+ modules, and can be directly used with routers or switches that support SFP+ interfaces, reducing the volume occupation. - [Abandon the optical cat esxi + optical card + gpon stick module to go online - KoolCenter](https://www.koolcenter.com/thread/170674) - [Dual-mode PON STICK ONU SFP-Shenzhen Natywish Technology Co., Ltd.](http://www.natywish.com/product/detail/219.html) ### Development Board At present, there are many development boards on the market, with single or multiple network ports, running standard Linux or OpenWrt, and some even support Wi-Fi, which can realize the following functions: - The performance of most development boards of self-made wireless routers may not be sufficient, or there is only one network port, and not many people do this - Using some home wireless routers as DNS server, proxy server, HomeBridge/HomeAssistant server, etc. can also realize these functions by installing software. However, considering performance and stability, it is a better choice to run related services through an independent development board - Connect sensors, display screens, relays, etc. to realize IoT and smart home related functions Most development boards have rich IO port resources and can connect more modules to realize IoT related functions Common development boards with network functions are as follows: - [Raspberry Pi](https://www.raspberrypi.org/) and other popular single-board computers, you can find a lot of resources on the Internet - [RouterPi](https://blog.zakkemble.net/routerpi-compute-module-4-router/): Gigabit router made with Raspberry Pi CM4 - [wrtnode](http://www.wrtnode.cc/) development board running OpenWrt - [Widora](https://wiki.widora.io/) development board running OpenWrt - [Arduino Yún](https://store.arduino.cc/usa/arduino-yun-rev-2) runs the development board of OpenWrt, and is internally connected with an AVR microcontroller to expand IO port resources and integrate Arduino at the same time And OpenWrt two ecology. More suitable for making DIY works related to the Internet of Things - [BPI-R1](http://www.banana-pi.org.cn/r1.html) development board with five network ports, SATA, USB - [Marvell ESPRESSObin](http://espressobin.net/#1479827193124-28c92b06-d318) development board with three network ports, SATA interface, and hardware forwarding chip - [NanoPi R2S](http://wiki.friendlyarm.com/wiki/index.php/NanoPi_R2S/zh) is a development board with two Ethernet ports, capable of running Linux, and compact in size. And the following soft routing solutions based on common development boards: - [OpenWRT Router built with Raspberry Pi Compute Module 4, Dual Gigabit Ethernet NICs, 4GB RAM/32GB eMMC - Seeed Studio]([https://www.seeedstudio.com/Dual-GbE-Carrier-Board-with-4GB-RAM](https://www.seeedstudio.com/Dual-GbE-Carrier-Board-with-4GB-RAM) -32GB-eMMC-RPi-CM4-Case-p-5029.html) Soft Routing DIY Kit Based on Raspberry Pi Compute Module ### Enterprise Class Devices For network enthusiasts, you can also consider enterprise-level network equipment, such as Aruba, Ruckus, CISCO, or equipment from domestic manufacturers such as Huawei, H3C, and Ruijie. Since this List mainly focuses on home networks, it will not organize too much knowledge about enterprise-level devices. ### other In addition to routers, switches and other devices, there are many auxiliary devices on the market to enhance the functions of the home network. - Wi-Fi Extender/Signal Amplifier - Intranet penetration tools such as [Peanut Stick](https://hsk.oray.com/device/) - [Fingbox](https://www.fing.com/products/fingbox): Stand-alone hardware that integrates functions such as LAN scanning, parental control, and bandwidth monitoring - [Circle](https://meetcircle.com/): standalone hardware with parental controls ### Purchase Guide - [How To Buy A Wireless Router - 2018 Edition](https://www.smallnetbuilder.com/basics/wireless-basics/33177-how-to-buy-a-wireless-router-2018-edition) - [How To Buy A Wireless Router - 2017 Edition](https://www.smallnetbuilder.com/basics/wireless-basics/33029-how-to-buy-a-wireless-router-2017-edition) - [2020 Life Manual Series: Home Network Configuration and Purchase Guide – Yachen's Blog]([https://yach.me/2020/10/06/2020-生活�%](https://yach.me/2020/10/06/2020-%E7%94%9F%E6%B4%BB%E6%25)89%8B%E5%86%8C%E7%B3%BB%E5%88%97%EF%BC%9A%E5%AE%B6%E7%94%A8%E7%BD%91%E7%BB%9C%E9%85%8D%E7%BD%AE%E4%B8%8E%E9%80%89%E8%B4%AD% E6%8C%87%E5%8D%97/) - [Shopping Guide-Router Exchange](https://www.acwifi.net/tag/%E5%AF%BC%E8%B4%AD) - [Purchasing Guide - Router Communication](https://www.acwifi.net/tag/%E9%80%89%E8%B4%AD%E6%94%BB%E7%95%A5) - [[Hardware upgrade] 802.11ax (wifi6) product recommendation in 2022 4.6 update 5G WIFI6 CPE NGA player community](https://bbs.nga.cn/read.php?tid=31122302&rand=939) ### Equipment manufacturers and brands ### TP-LINK / MERCURY / FAST TP-LINK is the most well-known wireless router brand in China. The price is relatively low. If you just want to quickly build a simple and stable home network, TP-LINK is a good choice. Of course, TP-LINK also has many models that support OpenWrt. In addition, TP-LINK has many differences in product layout and marketing strategies at home and abroad, and even the logos at home and abroad are different. On platforms such as Taobao and Xianyu, you can buy some foreign versions of hardware. - [TP-LINK domestic official website](https://www.tp-link.com.cn/) - [TP-LINK International Official Website](https://www.tp-link.com/us/) - [MERCURY official website](https://www.mercurycom.com.cn/) - [FAST official website](https://www.fastcom.com.cn/) Recently, TP-LINK has also launched some hardware products with excellent industrial design, as well as some innovative software functions, such as "paper routing" products, and extended functions through Docker: - [TPLINK Qingzhou 6088 - the first experience of using new docker functions_router_what is worth buying](https://post.smzdm.com/p/a4pnzgkl/) - [TL-XDR6000 Easy Edition AX6000 Dual Band Wi-Fi 6 Wireless Router (A5 Paper Routing) - TP-LINK Official Website](https://www.tp-link.com.cn/product_2532.html) ### ASUS ASUS ASUS wireless routers have a relatively rich product line, ranging from entry-level 100-yuan models to high-end models above 4,000 yuan, and there are also special models such as ROG player country. AiMesh is a signature function of ASUS routers, which can perform mesh networking among different types of devices to reduce costs. ASUS's ASUSWRT operating system is feature-rich, and the asuswrt-merlin modified version system can also be easily installed. For a detailed introduction to ASUSWRT, please refer to the "Operating System" section below. - [ASUS Wireless Router Official Website](https://www.asus.com.cn/Networking/) - [ASUSWRT](https://www.asus.com.cn/ASUSWRT/) - [ASUS Router App](https://www.asus.com.cn/asus-router-app/) - [AiMesh home mesh system](https://www.asus.com/Microsite/AiMesh/cn/) - [RT-AX88U](https://www.asus.com.cn/Networking/RT-AX88U/): Classic model [RT-AC88U]([https://www.asus.com.cn/Networking/RT](https://www.asus.com.cn/Networking/RT) -AC88U/) Wi-Fi 6 upgrade - [RT-AX89X](https://www.asus.com.cn/Networking/RT-AX89X/): Support Wi-Fi 6, high-end model with dual 10GbE ports - [ASUS ROG Gaming Routers](https://www.asus.com/ROG-Republic-Of-Gamers/Wireless-Routers-Products/) - [ASUS Lyra home mesh wireless router](https://www.asus.com.cn/Networking/Lyra/) ### NETGEAR Netgear is a manufacturer of network equipment. Its home equipment also covers different models from low-end to high-end, and some models support special functions such as Plex Media Server. Compared with ASUSWRT, etc., the built-in firmware has some shortcomings in terms of function and ease of use. However, many models of NETGEAR are friendly to OpenWrt, and can easily flash OpenWrt and other third-party systems. Among them, the NETGEAR R6300v2, although it has been a product for many years, is loved by many users because of its performance and ability to flash asuswrt-merlin. - [Netgear Official Website](https://www.netgear.com.cn/) - [R6300v2](https://www.netgear.com/support/product/R6300v2.aspx) - [A generation of artifacts in the routing world: Netgear R6300v2 out of the box](https://post.smzdm.com/p/366708/) - [NETGEAR Orbi](https://www.netgear.com.cn/orbi/): mesh Wi-Fi system for home use - [Nighthawk X10 R9000](https://www.netgear.com.cn/home/products/networking/wifi-routers/R9000.aspx): A wireless router that supports Plex Media Server ### Linksys Linksys Linksys was founded in 1988 and was later acquired by CISCO. But in 2013 CISCO sold Linysys to Belkin. Among them, Linksys' WRT54G is a home wireless router that used Linux earlier in history, so its firmware needs to be open source according to the GPL agreement. Many enthusiasts have modified and added functions based on the open source firmware of WRT54G. The well-known open source router operating systems OpenWrt, DD-Wrt, etc., all have more or less certain origins with WRT54G. At present, Linksys still has many competitive products, such as the mesho system Velop. - [Linksys official website](https://www.linksys.com/en/) - [WRT54G](https://en.wikipedia.org/wiki/Linksys_WRT54G_series) - [Velop](https://www.linksys.com/en/velop/): Home mesh Wi-Fi system ### Phicom It is well known by everyone because of the "0 yuan purchase" model. Common models are K2P, K3C and K3. At present, it can be bought at a lower price on some second-hand trading platforms. The overall configuration and workmanship of Phicomm routers are good, and many people have adapted open source firmware for it. However, you need to pay attention to the difference between different versions of hardware when purchasing, such as version A and version B of K2P; models such as K3 may need to modify the hardware by yourself to avoid problems such as "oil leakage". If you like to toss, you can buy it when the second-hand price is relatively low. - [Phicomm official website](http://www.phicomm.com/cn/) - [K2P](http://www.phicomm.com/cn/index.php/Products/family_details/cateid/18/id/122.html): AC1200, depending on the version, supports OpenWrt, Padavan or asuswrt- merlin etc. - [Difference between K2P version A and version B](https://www.acwifi.net/3761.html) - [K3](http://www.phicomm.com/cn/index.php/Products/family_details/cateid/18/id/121.html): AC3150, supports OpenWrt and asuswrt-merlin - [K3 flash memory bad block problem](https://www.right.com.cn/forum/thread-252057-1-1.html) - [K3 Oil Leakage Improvement](https://www.right.com.cn/forum/thread-326035-1-1.html) - [K3C](http://www.phicomm.com/cn/index.php/Products/family_details/cateid/18/id/124.html): AC1900, support asuswrt-merlin - [K2T](http://www.phicomm.com/cn/index.php/Products/family_details/cateid/18/id/125.html): AC1200, split design, suitable for use as AP ### new route newifi From Lenovo, it was once popular due to its mining function and good performance, and supports flashing open source firmware. It is currently out of production and can be bought on second-hand trading platforms at very low prices. - [newifi official website (archive)](https://web.archive.org/web/20171215072313/https://www.newifi.com/) - [A brief review of Lenovo's new router 3 newifi 3, is the simple slag worth 100 yuan worth buying?](https://new.qq.com/omn/20191014/20191014A0OL7F00.html) - [Comparative test between Newifi D2 and Phicomm K2P](https://www.acwifi.net/5638.html) ### Tenda Domestic wireless router brand, the price is relatively low, and some models can flash OpenWrt. - [Tenda Official Website](https://www.tenda.com.cn/) ### Millet Xiaomi routers are developed using the "Internet model". The official firmware provides a wealth of functions (such as launching remote downloads in cooperation with Thunder), and the UI is relatively more modern and beautiful. But at the same time, there are also problems such as hijacking "404 page hijacking". - [Xiaomi Router Official Website](http://www.miwifi.com/) - [The story of Xiaomi router hijacking users' browsers](https://www.infoq.cn/article/2015/06/xiaom-hijack) - [How do you view the 404 webpage hijacking of Xiaomi routing?](https://www.zhihu.com/question/30358197) However, most models of Xiaomi routers without hard drives can better support OpenWrt, Padavan and other systems; they have certain advantages in industrial design, hardware configuration, and cost performance. Consider using third-party systems after purchase. Xiaomi's recently launched Wi-Fi 6 series routers have improved in software and gained a better reputation. At the same time, the latest version of the firmware starts to support running third-party software through Docker: - [Introduction to Docker Functions of Xiaomi Router AX9000 Developer Version - Xiaomi Community](https://www.xiaomi.cn/post/32988534) ### Huawei, Honor Huawei's original business mainly focused on operator networks, and it launched home wireless routers late. The main features include support for the HiLink smart home platform, and some models use self-developed chips. However, the use of self-developed new products also brings certain difficulties to support systems such as OpenWrt. Since there are many models of Huawei and Honor home routers, the differences between different models are large, and the specific functions, performance, stability, etc., it is recommended to search online to understand and judge by yourself before purchasing. - [Huawei home router official website](https://consumer.huawei.com/cn/routers/) - [Honor Home Router Official Website]([https://ww](https://ww/)[w.honor.cn/products/home-internet-media/](http://w.honor.cn/products/home-internet-media/)) ### H3C H3C H3C's original business mainly focused on enterprise networks, and launched home wireless routers later. According to official promotional materials, H3C home routers use the MINIWARE operating system (the same name as the operating system used by some of H3C's commercial wireless APs), and support security functions such as IPS. The system mainly focuses on basic network functions, the interface is relatively simple, and the functions are not as rich as the home routers of Internet manufacturers. But it also theoretically guarantees a certain degree of stability. The industrial design of the Magic B1 and other models on the hardware is quite unique. In addition to wireless routers and mesh systems, its product line also includes household AC+AP sets, etc. No third-party systems such as OpenWrt have been found so far. - [H3C official website](http://www.h3c.com/cn) - [H3C Magic B1](http://www.h3c.com/cn/Products___Technology/IntelligentTerminalProducts/Standard-Network/B/H3C_Magic_B1/): split design, the appearance is relatively simple - [H3C H5](http://www.h3c.com/en/Products___Technology/IntelligentTerminalProducts/Intelligence-Home/H/H5/): AC+AP set The newly launched NX15000 router achieves large-area coverage with a single router through three sets of directional antennas. It is a more distinctive product recently: - [H3C Magic NX15000 10 Gigabit Wi-Fi 6 Router-H3C Group-H3C](https://www.h3c.com/cn/Products_And_Solution/IntelligentTerminalProducts/Star_Products/Home_Network/NX15000/) ### D-Link Network equipment brand, providing routers, switches, wireless network cards and other equipment. - [Dlink official website](http://www.dlink.com.cn/) ###360 Home routers developed in the "Internet mode" are sold with "security" features. However, its marketing concepts such as "pregnant woman mode" have been disgusted by many people. - [360 Home Router Official Website](https://luyou.360.cn/) - [How to evaluate the "pregnant woman mode" of 360 security router?](https://www.zhihu.com/question/31207364) ### Synology NAS manufacturers entered the field of wireless routers late. At present, three products are launched: RT1900ac, RT2600ac, and mesh router MR2200ac. It features its own Synology Router Manager (SRM) operating system. SRM is based on Synology's NAS operating system [DSM](https://www.synology.com/zh-cn/dsm), which has a friendly user interface and has certain NAS functions after connecting an external hard disk. And supports [File Station](https://www.synology.com/en-us/knowledgebase/DSM/help/FileStation/FileBrowser_desc), [Download Station]([https://www.synology.com](https://www.synology.com/) /zh-cn/knowledgebase/DSM/help/DownloadStation/DownloadStation_desc), [Media Server](https://www.synology.com/zh-cn/knowledgebase/DSM/help/MediaServer/application_mediaserver_desc) three software. SRM is more active in the application of new technologies, such as WPA3, DNS over HTTPS, etc. The parental control/access control features on SRM, as well as the Suricata-based IPS feature, are among the best in its class. In addition, SRM has the function of installing third-party software to a certain extent. Some DSM software has been modified to run on the SRM. It is also possible to install optware/entware on the SRM, and install more software through the `opkg` command. However, as a new manufacturer of home routers, Synology has insufficient experience in software development and release processes. I have encountered a situation where multiple versions were released on the same day to completely solve a problem, and the new version caused the previously set scheduled tasks to be invalid and needed to be reset (refer to [this link]([https://www.synology.com](https://www.synology.com/) /en-uk/releaseNote/RT2600ac), as described in version 1.2.3-8017-4). In addition, in the process of personal use, I have also encountered the problem that the network is unstable and can only be recovered after restarting the router. - [Synology Official Website](https://www.synology.com/zh-cn) - [RT2600ac](https://www.synology.com/en-us/products/RT2600ac) - [MR2200ac](https://www.synology.com/en-us/products/MR2200ac): mesh router - [Synology Router Manager (SRM) Operating System](https://www.synology.com/zh-cn/srm) - [Network Security/IPS](https://www.synology.com/en-us/srm/feature/secure_network_foundation) - [Building an intrusion prevention system for small businesses and homes](https://blog.synology.com/building-an-intrusion-prevention-system-for-small-businesses-and-homes/) This article introduces how Synology Optimize Suricata so that it can run smoothly on home routers - [DNS over HTTPS: things to consider when you go “private”](https://blog.synology.com/dns-over-https/) This article introduces SRM’s support for DNS over HTTPS - [Access Control/Parental Control](https://www.synology.com/en-us/srm/feature/device_content_control) - Install third-party software - [RT1900ac Router Toss Notes: Installing Homebridge and Plex Media Server](https://blanboom.org/2017/plex-on-rt1900ac/) A blog post of mine on how to install entware and DSM suites on SRM - [nelek's soapbox - A blog about creating packages for Synology DSM](https://synopackages.wordpress.com/) is a personal blog that regularly shares software compiled by myself and suitable for DSM/SRM (but not open source, please determine whether there is a security risk) ### Ubiquiti A network equipment manufacturer whose founder is a hardware engineer for the Apple AirPort series. Its UniFi series provides commercial Wi-Fi systems with low prices (compared to CISCO, Aruba, and Ruckus), and is also favored by some personal/home users because of its industrial design and ease of use. Subsequent Ubiquiti Labs also launched the AmpliFi series of home products. In addition, Ubiquiti's products are excellent in the user interface and user experience of the software (web interface and mobile app), and can also support Dark Mode in the first place. - [Ubiquiti Official Website](https://www.ui.com.cn/) - [UniFi Series](https://unifi-network.ui.com.cn/): Mainly commercial wireless AP, with supporting switches, routers, cameras, NVR and other hardware, which can be managed uniformly through UniFi Controller - [EdgeMax Series](https://www.ui.com.cn/products/#edgemax): Mainly focus on enterprise-level network equipment, including routers and switches, with rich configurations, and some management functions can be realized through free UNMS - [AmpliFi Series](https://amplifi.com.cn/): Focusing on home mesh systems, the concept of "home mesh routers" was proposed earlier. Excellent industrial design - [Evolution of Home Wi-Fi](https://blog.ui.com.cn/post/evolution-home-wi-fi/) ### Aruba Networks HPE completed its acquisition in May 2015 so Aruba became a subsidiary of HPE Since the Aruba AP 1xx product line will end support on August 1, 2020, the second-hand price is extremely cheap, and it is quite a bargain to experience Aruba AP products see [[https://www.arubanetworks.com/en-hans/support-services/end-of-life/](https://www.arubanetworks.com/en-hans/support-services/end-of-life/)]([https://www.arubanetworks.com/en-hans/support-services/end-of-life](https://www.arubanetworks.com/en-hans/support-services/end-of-life) life/) ### Apple AirPort Apple's wireless router, featured features include: Apple's industrial design, tight integration with macOS and iOS, support for Time Machine wireless backup, support for connecting speakers for AirPlay music playback, support for wireless printing, etc. In addition, AirPort Extreme also earlier supported networking and roaming between multiple routers, although Apple did not publicly promote it with the "mesh" selling point. At present, the AirPort series has been discontinued, and the Apple Online Store in some countries and regions is still sold, and it can be purchased on second-hand trading websites in China. - [AirPort Official Support Page](https://support.apple.com/zh-cn/airport) - [AirPort Express (archive)](https://web.archive.org/web/20150613231653/http://www.apple.com/airport-express/): Compact, AirPlay-enabled - [AirPort Extreme (archive)](https://web.archive.org/web/20150616190421/http://www.apple.com/airport-extreme/): Powerful - [AirPort Time Capsule (archive)](https://web.archive.org/web/20150613231648/http://www.apple.com/airport-time-capsule/): Based on AirPort Extreme, built-in hard drive, support Time Machine wireless backup - [Wi-Fi base station: Setting up and configuring roaming networks](https://support.apple.com/en-us/HT204616) - [Simple and affordable seamless roaming home network - AirPort Extreme × 3](https://www.chiphell.com/thread-1772731-4-1.html) ### MikroTik MikroTik is the developer of RouterOS, a well-known soft routing operating system, and also launched its own brand of hardware. Its hardware products officially support RouterOS and come with a RouterOS software license. - [Mikrotik Official Website](https://mikrotik.com/) - [MikroTik SOHO Wireless Router Series](https://mikrotik.com/products/group/wireless-for-home-and-office) - [MikroTik Audience](https://mikrotik.com/product/audience): home mesh router - [The strongest home router: RB4011](https://zhuanlan.zhihu.com/p/58247964) ### Competition cloud Originally sold at a high price under the name of "Blockchain Router", it can now be purchased at a lower second-hand price and installed with a third-party system. - [I love picking up trash: Jingdouyun G-DOCK TTL flashing tutorial for 100 free shipping X-wrt is very useful!](https://post.smzdm.com/p/amm5355p/) - [Jingdouyun 2.0 finally found the original model and firmware.](https://www.right.com.cn/forum/thread-776593-1-1.html) ### Love Fast iKuai Aikuai is the developer of iKuai OS, a soft routing operating system, and has also launched its own brand of hardware, including wireless routers, enterprise routers, switches, wireless APs, etc. - [ikuai8 official website] ([https://www.ikuai8.com/](https://www.ikuai8.com/)) ### Leike For network equipment manufacturers, the QoS function of their routers is quite distinctive. I have cooperated with 360, Tencent and other manufacturers to launch customized wireless routers. - [Netcoretec Official Website](http://www.netcoretec.com/) ### eero Home wireless router manufacturer, has been acquired by Amazon. The appearance is small and compact, the main function is mesh, and there is a paid subscription eero Secure service. - [eero official website](https://eero.com/) - [eero Secure](https://eero.com/shop/eero-secure) ### Google Nest Wi-Fi A wireless router from Google with the main mesh function. Its mesh node integrates microphones and speakers, supports Google Assistant, and can be used as a smart speaker at the same time. - [Nest Wifi in Google Store](https://store.google.com/product/nest_wifi) ### Nokia Nokia The mesh Wi-Fi system from Nokia. - [Nokia Wi-Fi official website](https://www.nokia.com/zh_int/node/76546/) ### FiberHome FiberHome A central enterprise originating from the Wuhan Academy of Posts and Telecommunications, it specializes in the field of optical communications. There are a large number of optical modems, set-top boxes and other equipment in the operator's network. In recent years, it has started to enter the consumer field with the MIFON brand, focusing on the mesh function. - [Fiberhome official website](https://www.fiberhome.com/) - [MIFON Official Website](https://mifon.com/) ### Chip manufacturers The SoC in most home wireless routers generally comes from major chip manufacturers such as MediaTek/Ralink, Broadcom, Qualcomm/Atheros, Realtek, Intel, and HiSilicon. - [Broadcom Inc. | Connecting Everything](https://www.broadcom.cn/) - [Wireless Technology & Innovation | Mobile Technology | Qualcomm](https://www.qualcomm.com/) - [Mediatek - Global Advanced Fabless Semiconductor Company](https://www.mediatek.cn/) - [Home - Realtek Semiconductor](https://www.realtek.com/zh/) - [Intel - Smart and Connected Home Products](https://www.intel.com/content/www/us/en/products/devices-systems/home-networking.html) - [Hisilicon-enabling intelligent terminals in all scenarios](https://www.hisilicon.com/cn/) - [After reading it, you will understand the top ten original Wifi chips! _Embedded_whatnamecaniuse column - CSDN blog](https://blog.csdn.net/whatnamecaniuse/article/details/80358415) - [Hey, why is the WiFi broken again? Choosing the right router chip is critical! _Value Guest Original_What is worth buying](https://post.smzdm.com/p/746035/) - [What is the difference between MTK routers and Broadcom routers? Has there been any improvement in the use of Broadcom? - Phixom wireless routers and other Phixom network equipment - Enshan Wireless Forum - Powered by Discuz!](https://www.right.com.cn/forum/thread-219324-1-1.html) - [Wireless Router CPU Analysis MT7621A, BCM47189 Who is stronger? _Embedded_lightrain0 blog-CSDN blog](https://blog.csdn.net/lightrain0/article/details/84979245) - [In the future of wireless routers, are you optimistic about Broadcom, Qualcomm or MediaTek? - Network equipment - KoolShare - from players to serve players](https://web.archive.org/web/20190916034709/http://koolshare.cn/thread-23553-1-1.html) ## operating system This section mainly introduces general-purpose network operating systems (supported to run on devices of different brands). For proprietary operating systems such as Synology Router Manager, please refer to [device manufacturer and brand](about:blank#%E8%AE%BE%E5%A4%87%E5%8E%82%E5%95%86%E4%B8 %8E%E5%93%81%E7%89%8C) part. ### OpenWrt OpenWrt is the most well-known open source wireless router operating system. It has supported routers from a large number of manufacturers and brands, and also supports running on x86 computers/servers. In 2016, OpenWrt forked the LEDE project, but in 2018, LEDE was re-merged back into OpenWrt, continuing to use the OpenWrt name after the merger. OpenWrt currently has a wide range of applications. Many individuals and teams have launched modified firmware based on OpenWrt. Some commercial companies' wireless routers, wireless APs and other equipment are also developed based on OpenWrt. The OpenWrt community has also made many contributions to the open source community, such as the congestion control algorithm CAKE, which was first used on OpenWrt and later entered the Linux mainline. OpenWrt uses the opkg package management system, which supports extending functionality by installing software. - [OpenWrt official website](https://openwrt.org/start?id=zh/start) - [Reasons to use OpenWrt](https://openwrt.org/zh/reasons_to_use_openwrt) - [Relationship between OpenWrt and LEDE](https://openwrt.org/start?id=zh/about) - [OpenWrt supported device list](https://openwrt.org/toh/start) - [Tsinghua University OpenWrt Software Source Mirror](https://mirrors.tuna.tsinghua.edu.cn/openwrt/) - OpenWrt third-party modifications - [OpenWrt Koolshare modified version](https://www.koolcenter.com/category/openwrt) provides a "Software Center" to facilitate the installation of featured software from Koolshare and third-party developers. - [OpenWrt Lean modified version](https://github.com/coolsnowwolf/lede) code is open source. On the basis of adding special functions suitable for Chinese users, keep it as simple as possible. - [Gargoyle](https://www.gargoyle-router.com/) is often called "gargoyle firmware" in China, and has powerful QoS functions. - [Linino](https://www.linino.org/) is an OpenWrt-based operating system with built-in `cpu-mcu-bridge`, which can facilitate communication between OpenWrt and MCU, and is more suitable for IoT applications. ### ASUSWRT ASUS router official firmware. Also exists the well-known asuswrt-merlin modified firmware. - [ASUSWRT Official Website](https://www.asus.com.cn/ASUSWRT/) - [AiProtection](https://www.asus.com.cn/AiProtection/) - [AiCloud](https://www.asus.com.cn/AiCloud/) - [AiMesh](https://www.asus.com/Microsite/AiMesh/cn/) - [Asuswrt-Merlin](https://www.asuswrt-merlin.net/): Modified firmware based on ASUSWRT, often called "Merlin firmware" in China - [Koolshare Modified Merlin Firmware](https://www.koolcenter.com/category/merlin): On the basis of Asuswrt-Merlin, add Koolshare features such as software center - [Review: ASUSWRT router firmware](https://www.ctrl.blog/entry/review-asuswrt.html): A review about ASUSWRT, pointing out some shortcomings and security weaknesses of the system ### padavan/rt-n56u The router firmware is developed based on the open source code of ASUS RT-N56U and other models of routers, and supports a large number of wireless routers based on MT7620 series chips. It is often called Padavan or Lao Maozi firmware in China. - [padavan/rt-n56u official Bitbucket repository](https://bitbucket.org/padavan/rt-n56u) - [Modified version without lights in the wilderness](https://80x86.io/page/padavan) - [hiboy modified version](https://opt.cn2qq.com/padavan/) - [The Past and Present of Open Source Firmware](https://www.right.com.cn/forum/thread-215106-1-1.html): Some history about ASUSWRT and padavan ### RouterOS The wireless router operating system from MikroTik, which can run on general x86 hardware (soft router), as well as MikroTik's own hardware. To use RouterOS on an x86 soft router, you need to purchase a software license. However, most of MikroTik's own hardware comes with a RouterOS license, which can be used for free. RouterOS is powerful, but it has high barriers to entry and needs special learning to operate proficiently. - [RouterOS Official Website](https://mikrotik.com/software) ### pfSence/OPNSense base Compared with the open source network operating system of FreeBSD, the firewall function is relatively powerful. The built-in package manager can easily install more software and expand functions, such as Suricata IPS, ntopng traffic statistics tool, etc. Since pfSense/OPNSense is based on FreeBSD, it is also convenient to install FreeBSD packages, such as running UniFi Controller after installing java. - [pfSense official website](https://www.pfsense.org/download/) - [OPNSense](https://opnsense.org/): Originally a fork of pfSense, created due to dissatisfaction with changes to the pfSense open source license - [pfSense® CE vs OPNsense®: technical comparison](https://www.firewallhardware.it/en/pfsense-vs-opnsense-technical-comparison/) ### VyOS An open source router/firewall operating system, based on Vyatta, with powerful functions, but it only supports configuration through CLI and does not support graphical interface. - [VyOS Official Website](https://www.vyos.io/) - [Vyatta - VyOS Wiki](https://wiki.vyos.net/wiki/Vyatta) ### EdgeOS A network operating system from Ubiquiti, also based on Vyatta like VyOS, but with a graphical interface and support for centralized management via [UNMS](https://unms.com/). EdgeOS can only run on Ubiquiti's own [EdgeRouter](https://www.ui.com.cn/edgemax/edgerouter/) hardware. In addition, the operating system of [UniFi Security Gateway](https://www.ui.com.cn/unifi-routing/usg/) is also based on the old version of EdgeOS. - [EdgeOS User Guide](https://dl.ubnt.com/guides/edgemax/EdgeOS_UG.pdf) ### Love Fast iKuaiOS Free soft routing operating system with powerful flow control functions. In some old versions of iKuaiOS, many people reported problems such as traffic hijacking. - [iKuaiOS Official Website](https://www.ikuai8.com/product/rjcp/routersystem.html) - [Strongly condemn the hijacking of Aikuai. Quick to test](https://www.anywlan.com/thread-393451-1-1.html) ### Tomato An easy-to-use open source router operating system. - [Tomato Firmware | Polarcloud.com](http://www.polarcloud.com/tomato) - [Tomato by Shibby » Alternatywne oprogramowamie na routery](https://tomato.groov.pl/) - [AdvancedTomato :: Open Source Broadcom Firmware](https://advancedtomato.com/) - [Modified version of Tomato Koolshare](https://web.archive.org/web/20210303210226/https://koolshare.cn/forum-102-1.html) - [Tomato - Wikipedia, the free encyclopedia](https://zh.wikipedia.org/wiki/Tomato) - [Fresh Tomato](http://freshtomato.org/): Friendly to old models, still updating, supporting Multi-WAN, IPv6, QoS, etc. ### DD-WRT - [DD-WRT Official Website](https://dd-wrt.com/) ### Gao Ke Compatible with K2P, newifi 3 and other wireless routers, featured functions include network management flow control, content protocol identification, client access URL query, etc. shortcoming: 1. If you want the network type to be NAT1, you need to pay for an authorization 2. IPv6 is not yet supported - [Gocloud Official Website Forum Firmware Release Area](http://www.gocloud.cn/bbs/forum-51-1.html) ## Network related ### mesh network, wired backhaul A mesh network interconnects multiple wireless routers to improve Wi-Fi coverage. - [The difference between the definition of Mesh wireless network and WiFi]([https://www.mr-wu.cn/mesh-wu-xian-wang-luo-de-ding-yi-yu-wifi-de-qu-bie](https://www.mr-wu.cn/mesh-wu-xian-wang-luo-de-ding-yi-yu-wifi-de-qu-bie) /) - Mesh between different types of equipment Some manufacturers' different types of equipment can be used for mesh networking, so that old equipment can be fully utilized and costs can be saved. A typical example is AiMesh from ASUS. - [AiMesh](https://www.asus.com/Microsite/AiMesh/cn/) - Mesh between devices from different manufacturers - [EasyMesh](https://www.wi-fi.org/zh-hans/discover-wi-fi/wi-fi-easymesh) is a standard developed by the Wi-Fi Alliance, which aims to make devices from different manufacturers interoperable , Devices certified by the Wi-Fi Alliance EasyMesh can work together to form a network. As a relatively new technical standard, there are not many supported devices at present. The manufacturers concerned in China mainly include Huawei, ZTE, Fiberhome, and D-Link. - Wired backhaul Most manufacturers' wireless mesh systems support wired backhaul. That is, the communication between mesh nodes is carried out by wire, which further increases bandwidth and stability. Definitely requires re-complicated wiring work. - [Mesh Router Wired Backhaul Wiring Solution](https://xoyozo.net/Blog/Details/mesh-wired-backhaul#) - The high-end wireless router models of some tri-band mesh manufacturers have an independent 5GHz frequency band, which is used for communication between mesh nodes and does not occupy the frequency band for communication between wireless routers and terminals. Doing so can also improve bandwidth and stability to a certain extent, and reduce the trouble caused by wiring. - [A must-have 2200Mbps tri-band Mesh router for a luxury house: Linksys Velop 3-piece set review](https://post.smzdm.com/p/akmr7wq4/) ### Wired Router + AC + AP Through the way of wired router + AC + AP, the best speed and stability can be guaranteed. However, such a solution requires more complicated wiring and is generally used in enterprises, hotels, shopping malls and other places. Home use needs to be considered before decoration. The AC + AP solutions of most manufacturers are not for home use, and the general configuration is more complicated. However, manufacturers such as TP-LINK and H3C have also launched home AP sets, which integrate the router and AC into a single device, which can be directly placed in a weak current box to save space. In addition, Ubiquiti's wireless AP solution is also loved by some home users because it does not require an AC, is simple to configure, and has a friendly graphical interface. In addition to being placed on desktops and cabinets, wireless APs can also be panel-mounted or ceiling-mounted, so as to better integrate into the decoration style and save space. - [Difference Between Access Point and Router](https://www.ligowave.com/difference-between-access-point-and-router) - [The difference between wireless AP, fat AP and thin AP?](https://www.zhihu.com/question/59991119) - [How to set up a perfect home wireless Wi-Fi network?](https://www.zhihu.com/question/35789817) - [A common saying, to build a wireless AP, the bottom panel or the ceiling is better] ([https://www.chiphell.com/thread-1930326-1-1.html](https://www.chiphell.com/thread-1930326-1-1.html)) - [Ceiling AP mounted on the wall or placed on the table, which effect is better?](https://www.koolcenter.com/thread/123920) ### FTTR Recently, some domestic operators have started to promote the FTTR solution. FTTR can realize whole-house optical fiber networking, ensuring that every room in the home can have a relatively ideal network speed. FTTR equipment is generally installed by operators, and users do not need professional network knowledge to use it. But it will also prevent users from "tossing" their own network equipment. - [FTTR Innovation Solution - Huawei](https://www.huawei.com/cn/technology-insights/inspiration-lab/fttr-solution) - [Bringing gigabit optical fiber into every room, can the FTTR solution become the "new favorite" of operators? _Wi-Fi](https://www.sohu.com/a/420662765_610727) ### VLAN division By dividing VLANs, one network cable can be used to transmit the traffic of multiple networks. For example, the same network cable realizes the multiplexing of Internet and IPTV traffic. - [IPTV single-line multiplexing toss - new ideas nearly perfect solution 0812 update] ([https://web.archive.org/web/20190913002020/https://koolshare.cn/thread-120569-1-1.html](https://web.archive.org/web/20190913002020/https://koolshare.cn/thread-120569-1-1.html)) ### One-arm routing For devices with only one network port (such as ordinary home computers, Intel NUC, Raspberry Pi development boards, etc.), if you want to use it as a router, you can use one-arm routing to achieve it. One-arm routing is equivalent to creating multiple sub-interfaces on an interface, and different sub-interfaces correspond to different VLANs, so that one interface can be used as multiple interfaces. - [[Tutorial] LEDE one-arm soft router installation experience](https://nipgeihou.com/router-on-a-stick/) ## Technical concepts ### MU-MIMO MU-MIMO is a feature added in 802.11ac Wave 2, which enables multiple devices to communicate with the wireless router at the same time, improving wireless utilization efficiency and throughput. However, MU-MIMO requires the support of terminal equipment and has many limitations. Currently, the improvement of network experience is not obvious. In Wi-Fi 6, MU-MIMO has been enhanced and may become more practical as Wi-Fi 6 becomes more popular. - [Multi-user MIMO - Wikipedia](https://en.wikipedia.org/wiki/Multi-user_MIMO) - [TP-LINK's MU-MIMO introduction page](https://www.tp-link.com/common/Promo/en/MU-MIMO/MU-MIMO.html) - [Why You Don’t Need MU-MIMO](https://www.smallnetbuilder.com/wireless/wireless-features/33100-why-you-don-t-need-mu-mimo) ### Wi-Fi 6, Wi-Fi 6E, Wi-Fi 6+ Wi-Fi 6 is the latest generation of Wi-Fi standard, based on IEEE 802.11ax, which improves the stability and throughput under multi-user access through multiple technologies. Many wireless routers launched after 2019 already support Wi-Fi 6. - [What is 802.11AX (WI-FI 6)?](https://www.arubanetworks.com/assets/_zh-hans/so/SO_80211ax.pdf) - [Wi-Fi CERTIFIED 6](https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-6) - [How does Wi-Fi 6 help our daily life | Popular Science - Minority](https://sspai.com/post/60464) Wi-Fi 6E extends Wi-Fi 6 to the 6GHz frequency band. - [Wi-Fi Alliance® brings Wi-Fi 6 into 6 GHz]([https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-brings-wi-fi-6-into](https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-brings-wi-fi-6-into) -6-ghz) - [Wi-Fi 6E: The Basics - SmallNetBuilder](https://www.smallnetbuilder.com/basics/wireless-basics/33227-wi-fi-6e-the-basics) Wi-Fi 6+ is Huawei's Wi-Fi 6 solution, adding features such as dynamic narrow bandwidth, which can automatically adjust bandwidth, taking into account throughput and coverage. There are not many public documents for specific technical details. Wi-Fi 6 Release 2 adds more features to Wi-Fi 6, including MU-MIMO for the uplink, improved power management, and more. - [Wi-Fi CERTIFIED 6™ Release 2 adds new features for advanced Wi-Fi® applications | Wi-Fi Alliance]([https://www.wi-fi.org/news-events/newsroom/wi-fi-certified](https://www.wi-fi.org/news-events/newsroom/wi-fi-certified) -6-release-2-adds-new-features-for-advanced-wi-fi-applications) ### Wi-Fi 7 The next-generation Wi-Fi standard may be based on IEEE 802.11be. The relevant standards are currently being revised, and the draft and final standards have not yet been released. - [Wi-Fi 7 hardware demos herald next-gen wireless networking | Ars Technica]([https://arstechnica.com/gadgets/2022/01/wi-fi-7-demos-begin-promising-speedy-connections-for](https://arstechnica.com/gadgets/2022/01/wi-fi-7-demos-begin-promising-speedy-connections-for) -demanding-apps/) - [IEEE 802.11be - Wikipedia, the free encyclopedia](https://zh.wikipedia.org/wiki/IEEE_802.11be) ### 160MHz bandwidth 802.11ac and Wi-Fi 6 support 160MHz bandwidth. Using 160MHz bandwidth can greatly increase Wi-Fi bandwidth. However, due to compatibility and interference issues, the actual effect will be affected by various factors and needs to be tested by yourself. - [160 MHz Wi-Fi Channels: Friend or Foe? - SmallNetBuilder](https://www.smallnetbuilder.com/wireless/wireless-features/33210-160-mhz-wi-fi-channels-friend-or-foe) - [160 MHz Wi-Fi Channels: Revisited - SmallNetBuilder](https://www.smallnetbuilder.com/wireless/wireless-features/33212-160-mhz-wi-fi-channels-revisited) ### PA/LNA/Amplifier When reading router reviews and product introduction pages, you often see concepts such as PA and LNA. Among them, PA is a power amplifier, which is used to enhance the power of the transmitted signal, and LNA is a low noise amplifier, which is used to enhance the received signal. A wireless router/AP with a PA/LNA for better signal. - [What is PA and what is the difference between it and LNA-Electronics Fans Network](http://m.elecfans.com/article/711953.html) - [Understanding the Basics of Low-Noise | DigiKey]([https://www.digikey.com/en/articles/techzone/2013/oct/understanding-the-basics-of-low-noise-and-power-amplifiers](https://www.digikey.com/en/articles/techzone/2013/oct/understanding-the-basics-of-low-noise-and-power-amplifiers) -in-wireless-designs) - [amplifier - What is a PA/LNA? - Electrical Engineering Stack Exchange](https://electronics.stackexchange.com/questions/237267/what-is-a-pa-lna) ## Software and hardware functions ### UPnP/NAT-PMP/Port Mapping When the router accesses the Internet through home broadband, the operator will assign it an IP address. However, there will be various devices such as computers and mobile phones in the family, and multiple devices need to access the Internet. At this time, the router assigns an intranet IP to each device, and accesses the Internet through network address translation (NAT). However, through NAT, devices in the intranet can only actively initiate external connections, but cannot act as servers to receive external connections. In this case, it will become more difficult to access devices such as NAS at home from the outside, and remotely control computers at home. At the same time, the upload and download speeds of P2P sharing tools such as BT and eMule will also be affected, and the connection quality of some voice/video call tools may also be affected. For this situation, port mapping can be used to map the port of the internal network device to the public network to achieve external access. Most home routers support manual configuration of port mapping, and also support automatic port mapping through UPnP/NAT-PMP. - [P2P network core technology: UPnP and SSDP protocols](https://zhuanlan.zhihu.com/p/40407669) - [NAT Port Mapping Protocol - Wikipedia]([https://zh.wikipedia.org/zh-hans/NAT端口映射](https://zh.wikipedia.org/zh-hans/NAT%E7%AB%AF%E5%8F%A3%E6%98%A0%E5%B0%84) %E5%8D%8F%E8%AE%AE) - [RFC6886 - NAT Port Mapping Protocol (NAT-PMP)](https://tools.ietf.org/html/rfc6886) ### DDNS DDNS is also a common function that most home routers will have. Since the public network IP of the home broadband is not fixed, every time the router is restarted, a new IP address may be obtained. Through DDNS, devices in the home network can be accessed from the outside through a fixed domain name. - [Dynamic DNS - Wikipedia](https://zh.wikipedia.org/zh-cn/%E5%8B%95%E6%85%8BDNS) - [DDNS Simple Tutorial](https://zhuanlan.zhihu.com/p/46580280) ### Traffic shaping and QoS In household scenarios, some applications require relatively high bandwidth but are not sensitive to delay (such as online video, P2P download, etc.); some applications do not require high bandwidth but are sensitive to delay (such as online games, voice/video calls, etc.) ). At home, P2P downloads often occupy a large bandwidth, which affects the smoothness of online games, audio and video calls and other applications, and even normal web browsing will slow down. This problem can be solved by QoS. Most mid-to-high-end home routers provide QoS function, which can manually set the priority of different devices and different applications, such as increasing the priority of a certain game or a game console at home. In addition, algorithms such as fq_codel and CAKE have gradually been applied on home routers, which can intelligently manage traffic without complex configuration. This feature is called SQM in OpenWrt, and options such as "Smart QoS" and "Smart Queue" in other router firmware generally refer to this feature. - [Quality of Service - Wikipedia](https://zh.wikipedia.org/zh-cn/%E6%9C%8D%E5%8A%A1%E8%B4%A8%E9%87%8F) - [Introduction - Bufferbloat.net](https://www.bufferbloat.net/projects/bloat/wiki/Introduction/) - [OpenWrt Project: QoS (aka Network Traffic Control)](https://openwrt.org/docs/guide-user/network/traffic-shaping/packet.scheduler) - [OpenWrt Project: SQM (aka Smart Queue Management)](https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm) - [How "Smart Queue" Improves Your Home Network Quality - Minority](https://sspai.com/post/64870) - [Experience on using various qos (sqm, gargoyle, qosv4, nft-qos, emong-qos) under openwrt - OPENWRT Special Edition - Enshan Wireless Forum - Powered by Discuz!]([https://www.right.com](https://www.right.com/) .cn/forum/thread-511173-1-1.html) - [Traffic Shaper — Configuring Traffic Shaping | pfSense Documentation](https://docs.netgate.com/pfsense/en/latest/trafficshaper/traffic-shaping-guide.html) Traffic Shaping Configuration Guide in pfSense - [How I Maximized the Speed of My Non-Gigabit Internet Connection](https://www.speedtest.net/insights/blog/maximized-speed-non-gigabit-internet-connection/) An article by a [speedtest.net](http://speedtest.net/) engineer Blog post, introducing how the author configures QoS on the pfSense router at home ### Captive Portal Captive Portal provides a webpage authentication page, and the password can be entered in the webpage to access the network. In the home network, Captive Portal is often used in the guest network. Visitors need to enter the password in the web page to connect, preventing the Wi-Fi password from being leaked by software such as "Wi-Fi Master Key". At the same time, you can also add usage instructions, disclaimers and other content on the Portal page, and the user can only connect after agreeing; if it is used in a store, you can also use the Portal page to place advertisements. The Captive Portal function is commonly found in commercial and enterprise-level devices, and not many home routers support this function. For open source systems such as OpenWrt, tools such as WiFiDog can be used to implement Captive Portal. - [WiFiDog](http://dev.wifidog.org/) - [OpenWrt Project: WiFiDog captive portal](https://openwrt.org/docs/guide-user/services/captive-portal/wireless.hotspot.wifidog) - [UniFi - Guest Network, Guest Portal, and Hotspot System – Ubiquiti Networks Support and Help Center]([https://help.ubnt.com/hc/en-us/articles/115000166827-UniFi-Guest-Network-Guest-](https://help.ubnt.com/hc/en-us/articles/115000166827-UniFi-Guest-Network-Guest-) Portal-and-Hotspot-System) ### Intranet Penetration Due to limited IPv4 address resources, some operators will not allocate public network IPv4 addresses to home broadband users. At this time, if you need to access services in the home network, you need the intranet penetration function. There are two common intranet penetration methods, one is to transfer through the server, but generally you need to purchase a VPS server and set up the environment yourself. Or buy a dedicated business service. The other is through NAT hole punching. The advantage of this method is that the devices can communicate directly, avoiding the consumption of server traffic, and improving the speed to a certain extent. The disadvantage is that NAT hole punching generally uses the UDP protocol, and the speed may be limited by some ISPs in the case of large traffic. - Intranet penetration tool realized through server transfer - [SSH port forwarding](https://www.ibm.com/developerworks/cn/linux/l-cn-sshforward/index.html) - [ngrok](https://ngrok.com/) - An intranet penetration tool that supports both NAT hole punching and server transfer - [ZeroTier](https://www.zerotier.com/): It mainly focuses on NAT hole punching, and the success rate of NAT hole punching is relatively high. After hole punching fails, it falls back to the server for transfer. - [frp](https://github.com/fatedier/frp): Intranet penetration tool that supports multiple protocols - [nps](https://github.com/ehang-io/nps): Intranet penetration tool that supports multiple protocols - [Peanut Shell](https://hsk.oray.com/): commercial service, including DDNS and intranet penetration, easy to operate - [Tailscale](https://tailscale.com/): Similar to ZeroTier, based on WireGuard® - other - [Synology QuickConnect](https://www.synology.com/zh-cn/knowledgebase/SRM/help/SRM/RouterApp/internet_quickconnect): External access service in Synology router/NAS through Synology server Transit, only supports access to some applications in routers and NAS - [UniFi Remote Access](https://help.ubnt.com/hc/en-us/articles/115012240067-UniFi-How-to-Enable-Remote-Access-for-Remote-Management): In Ubiquiti UniFi Controller The external access service, through NAT hole punching or Ubiquiti server for transit, only supports access to UniFi Controller ### Parental Controls The parental control function can control the online time of specific devices to prevent children from spending too much time online. The parental control function of some routers can also restrict devices from accessing inappropriate websites, and at the same time forcibly open Google Search and YouTube’s safe search functions to prevent children from being exposed to inappropriate content. And Synology Safe Access provides more powerful parental control. In addition to controlling the duration of the Internet and restricting access to content, it also has powerful analysis and statistics functions, which can analyze the Internet habits of different people in the family based on statistical information. - [Synology Safe Access](https://www.synology.com/en-us/srm/feature/device_content_control) - [ASUS AiProtection](https://www.asus.com.cn/AiProtection/) - [eero Secure](https://eero.com/shop/eero-secure) ### Content filtering Through the content filtering function, you can filter malicious advertisements, malicious websites, trackers, adult websites and other content according to the rules to protect security and privacy and obtain a better online experience. At the same time, it can be combined with parental control to restrict minors from accessing content that is not suitable for the current age. - DNS based filtering tool - [Pi-hole](https://pi-hole.net/) - [AdGuard Home](https://adguard.com/zh_cn/adguard-home/overview.html) - The advertising filtering function of most routers is also implemented based on DNS - Proxy server-based filtering tools Proxy server-based filtering tools have better filtering effects, but require HTTPS man-in-the-middle attacks to implement more complex filtering rules. In terms of security, you need to understand how it works and choose whether to use it. - [KoolProxy](https://web.archive.org/web/20190413181314/http://koolshare.cn/thread-64086-1-1.html) (maintenance stopped) - Legal/moral issues of advertising filtering Some people believe that it is the user's freedom to choose whether to filter advertising; some people believe that advertising filtering will have an adverse impact on the Internet ecology. Regarding whether advertisement filtering should be performed, please refer to discussions on the Internet. ### IPS/IDS The IPS/IDS function records and blocks packets with security risks by analyzing the contents of the packets to improve the security of the home network. Compared with other domain name/DNS based schemes, IPS/IDS can identify more security threats, but also consumes more CPU and memory resources. The common open source IPS/IDS software includes Snort and Suricata, and the official firmware of some routers also provides IPS/IDS functions. - [Snort](https://www.snort.org/) - [Suricata](https://suricata-ids.org/) - [Synology Threat Prevention](https://www.synology.com/en-us/srm/feature/secure_network_foundation) - [UniFi Threat Management](https://help.ubnt.com/hc/en-us/articles/360006893234-UniFi-USG-UDM-Configuring-Internet-Security-Settings) - [ASUS AiProtection](https://www.asus.com.cn/AiProtection/) - [Norton Core Router](https://us.norton.com/core) ### Traffic Statistics/DPI The traffic statistics function can analyze and count the traffic usage of each device in the network. However, due to the need to occupy CPU and storage resources, some low-end routers do not have this function. Some routers have DPI-based traffic statistics. In addition to counting the traffic usage of each device, it can also count the traffic of each application, thereby providing more detailed traffic statistics. For open source systems, tools such as ntopng can be used to implement traffic statistics: - [ntopng – ntop](https://www.ntop.org/products/traffic-analysis/ntop/) ### Multiple WAN ports, multiple dialing Some routers have multiple WAN ports, which can be connected to multiple broadband to realize bandwidth superposition. And realize switching to another broadband when one broadband fails. In addition, there is a router that can connect to an LTE network card through a USB interface, or use the USB network sharing function of Android and iOS to achieve Internet backup using a 4G/LTE link when broadband fails. For systems such as OpenWrt and RouterOS, multiple PPPoE sessions can also be established on one WAN port to achieve "single-line multi-dial" and increase bandwidth. However, some operators do not support multi-dial. For details, please refer to the agreement signed with the operator when applying for broadband. - [OpenWrt Project: Multiwan](https://openwrt.org/docs/guide-user/network/wan/multiwan/multiwan_package) - [LEDE/OpenWrt uses macvlan and mwan3 to achieve single-line multi-dial | Acris’ Blog](https://acris.me/2017/06/25/Load-balancing-multiple-PPPoE-on-LEDE/) - [VLOG | You want to know how ROS realizes single-line multi-dial, multi-line access superimposed broadband, and easily achieves gigabit network speed. – Vedio Talk - VLOG, technology, life, music sharing](https://www.vediotalk.com/archives/3040) - Internet backup via 4G/LTE - [Synology's USB/3G/4G Tethering](https://www.synology.com/en-us/compatibility?search_by=category&category=usb_3g_4g_dongles&p=1) - [Ubiquiti | UniFi | Manageable LTE WAN Failover](https://unifi-lte.ui.com/) ### Bandwidth Boost Some routers claim to have the function of "enhancing physical bandwidth", which is actually achieved through cooperation with operators. Operators can dynamically adjust the bandwidth limit and automatically increase the bandwidth after payment. "Xunlei Kuaibird" is a relatively well-known network acceleration service. At the same time, a third-party developer has ported it to the router, which can easily open the speed-up service on the router. - [Xunlei Fastdick Xunlei Network Accelerator For Router](https://github.com/fffonion/Xunlei-Fastdick) - [Xunlei Kuaibird - Bandwidth Acceleration Artifact Plug-in - KoolShare](https://web.archive.org/web/20200215124208/http://koolshare.cn/thread-34888-1-1.html) ### Game Acceleration Game acceleration is also a major selling point of many home wireless routers. Generally, it is achieved by increasing the QoS priority of the game. At the same time, it has built-in services such as "Netease UU Accelerator", and connects to a higher-quality network through a proxy server provided by a third party to achieve online game acceleration. - [Netease UU online game accelerator - router plug-in](https://uu.163.com/router/direction.html) - [NetEase UU Online Game Accelerator - Cooperative Router](https://uu.163.com/router/crossover.html) - [Recommended Routers & Controllers | NVIDIA GeForce NOW](https://www.nvidia.com/en-us/geforce-now/recommended/) ### Smart Home Integration Smart home is an emerging field. Different manufacturers have different ideas for integrating smart home related functions in routers. - Apple: Automatically sets strict firewall rules for HomeKit devices for increased security. Also supports PPSK authentication to avoid leaking the main Wi-Fi password - [HomeKit Routers - Apple Support](https://support.apple.com/en-us/guide/security/seccab60e931/1/web/1) - [Apple lists the cameras and routers that will be compatible with the latest HomeKit features - 9to5Mac]([https://9to5mac.com/2019/11/27/apple-lists-the-cameras-and-routers-that-will](https://9to5mac.com/2019/11/27/apple-lists-the-cameras-and-routers-that-will) -be-compatible-with-the-latest-homekit-features/) - [eero Now Supports Apple HomeKit](https://blog.eero.com/eero-now-supports-apple-homekit/) - Xiaomi: Mijia devices can connect to Wi-Fi without entering passwords, which improves the convenience of setting up devices for the first time; at the same time, it provides independent frequency bands for smart devices to avoid too many smart devices slowing down the network speed - [Xiaomi AIoT Router AX3600](https://www.mi.com/r3600) (refer to the description of "Smart Device Access") - Google: Integrate voice assistant Google Assistant; previous OnHub products can also act as ZigBee gateways to control Phillips Hue smart lighting systems - [Exclusive: New Google Nest Wifi adds an Assistant speaker - 9to5Google](https://9to5google.com/2019/09/17/exclusive-google-nest-wifi-assistant/) - [Google OnHub | Philips Hue](https://www2.meethue.com/en-ca/friends-of-hue/google-onhub) - Huawei: Enhanced QoS priority for smart home devices, enabling devices to respond quickly; also supports setting firewall rules for automatic smart home devices - [Huawei Router A2 - Huawei Mall](https://www.vmall.com/product/10086534540521.html) (refer to the description of IoT devices in the page) - Integration of HomeBridge and Home Assistant For the open router operating system, it is also possible to run HomeBridge on the router, or connect the router to Home Assistant. - [RT1900ac Router Toss Notes: Installing Homebridge and Plex Media Server – Blanboom](https://blanboom.org/2017/plex-on-rt1900ac/) - [OpenWRT - Home Assistant](https://www.home-assistant.io/integrations/openwrt/) - [misenhower/homebridge-unifi-led-control](https://github.com/misenhower/homebridge-unifi-led-control): Control LEDs on UniFi devices via HomeBridge ### Run third-party applications Many router operating systems can run third-party applications in a certain way, expand the functions of the router, and make the router more "smart". - Package management system Like many Linux/UNIX distributions, some Linux/UNIX-based router operating systems also have their own package management systems. - [OpenWrt's Opkg Package Manager](https://openwrt.org/docs/guide-user/additional-software/opkg) OpenWrt completely uses Opkg as its package management system, the entire system, including kernel modules and drivers, Both are managed by Opkg. - [pfSense's package management system](https://docs.netgate.com/pfsense/en/latest/packages/package-manager.html) pfSense is based on FreeBSD, in addition to installing pfSense's own software packages, you can also easily Install the FreeBSD package. - Software Center Many router operating systems have a software center with a graphical interface, which can easily add software in a graphical way. However, there are also some routers, such as some models of TP-LINK, whose "software center" is just a series of switches for built-in functions, and it is impossible to install third-party software to expand functions. - [KoolCenter Software Center](https://www.koolcenter.com/posts/55) comes from the software center of KoolCenter (formerly KoolShare Forum), which mainly supports Asuswrt-Merlin and provides special software suitable for domestic users. - [Synology SRM Package Center](https://www.synology.com/en-us/srm/packages) The software center that comes with the Synology Router Manager (SRM) operating system, currently only has a small amount of software from Synology. But some software from Synology DSM, after modification, can also be manually installed in SRM Software Center. - Entware/Optware Many router operating systems, such as Asuswrt-Merlin, DD-WRT, Synology Router Manager, etc., do not support the installation of third-party software by default, or have limited support for third-party software, which can be installed through Entware/Optware software. - [Entware/Entware: Ultimate repo for embedded devices](https://github.com/Entware/Entware) - [Optware/Optware-ng](https://github.com/Optware/Optware-ng) - [Entware RMerl/asuswrt-merlin Wiki](https://github.com/RMerl/asuswrt-merlin/wiki/Entware) - [Installing Entware - DD-WRT Wiki](https://wiki.dd-wrt.com/wiki/index.php/Installing_Entware) - Because docker partially supports the router operating system of Docker, it can also run containers through Docker to run third-party software. - [Persistent PiHole via Docker on UDMPro : Ubiquiti](https://www.reddit.com/r/Ubiquiti/comments/dvik8g/persistent_pihole_via_docker_on_udmpro/) ### Virtualization Some router operating systems have certain virtualization functions, and can run other containers or operating systems in the router. A common application that utilizes the Metarouter function of RouterOS to run OpenWrt, and realize the characteristic functions of using RouterOS and OpenWrt on one device at the same time. - [RouterOS KVM](https://wiki.mikrotik.com/wiki/Manual:KVM): Run a virtual machine in the router - [RouterOS Metarouter](https://wiki.mikrotik.com/wiki/Manual:Metarouter): A lightweight virtual router that can run RouterOS, OpenWrt and other systems ### Mobile App Many of the current mainstream home routers support the use of mobile apps for control. But for some of the more popular open source router operating systems, some third-party developers will develop apps for them. The quality and security of these third-party apps may not be guaranteed. Before using them, you need to have a preliminary understanding of the app's functions, authors, and open source status. - [Pada router app, mobile phone control app adapted to Padavan Lao Maozi firmware - Enshan Wireless Forum](https://www.right.com.cn/forum/thread-315066-1-1.html) - [WinboxMobile](https://septudio.com/winboxmobile) - [‎DD-WRT on the App Store](https://apps.apple.com/us/app/dd-wrt/id897098616) ###SNMP A small number of home router operating systems (such as Synology Router Manager), and most commercial/enterprise-class network devices support SNMP. Through the SNMP protocol, centralized management and monitoring of devices can be realized (for example, using Cacti to collect traffic statistics). - [UniFi enables snmp function for network traffic monitoring tools to capture UniFi-AP data- Shenzhen Jielian Communication Technology Co., Ltd.]([https://wiki.edcwifi.com/index.php?title=UniFi��](https://wiki.edcwifi.com/index.php?title=UniFi%E5%BC) %80%E5%90%AFsnmp%E5%8A%9F%E8%83%BD%E5%8F%AF%E4%BE%9B%E7%BD%91%E7%BB%9C%E6%B5%81 %E9%87%8F%E7%9B%91%E6%B5%8B%E5%B7%A5%E5%85%B7%E6%8A%93%E5%8F%96UniFi-AP%E6%95%B0 %E6%8D%AE) ### Network storage, media center There are many routers with USB ports, which can be connected to USB mobile hard disks to realize functions such as network storage. In addition, there are also wireless routers with SATA interface and M.2 interface, which can directly install the hard disk into the router, and the appearance is more compact: - [Xiaomi Router HD](http://www.mi.com/miwifihd): hard disk with built-in SATA interface - [ASUS BRT-AC828](https://www.asus.com/Business-Networking/BRT-AC828/): Built-in M.2 interface, can install SSD with M.2 interface In terms of function, after connecting the hard disk, the wireless router completes the following tasks: - File sharing via protocols such as SMB/AFP/NFS - [OpenWrt Project: Samba](https://openwrt.org/docs/guide-user/services/nas/cifs.server) - Time Machine (Mac computer backup) - [OpenWrt Project: AFP Netatalk Shared Configuration (aka Apple Time Machine).](https://openwrt.org/zh/docs/guide-user/services/nas/netatalk_configuration) (this tutorial uses the AFP protocol to implement Time Machine , but the AFP protocol is currently outdated, you can refer to the tutorial content and use the SMB protocol instead) - WebDAV Many apps support using the WebDAV protocol to synchronize files (such as DEVONthink note-taking software). Through WebDAV, you can use your own router as a file synchronization service. - [Sharing files via WebDAV on OpenWrt – lookas2001]([https://lookas2001.com/openwrt-上通过-webdav-共%](https://lookas2001.com/openwrt-%E4%B8%8A%E9%80%9A%E8%BF%87-webdav-%E5%85%B1%25) E4%BA%AB%E6%96%87%E4%BB%B6/) - OwnCloud / NextCloud OwnCloud and NextCloud are multifunctional network disk/personal cloud software, which can be used to build personal network disks and support the installation of plug-ins to expand functions. - [OpenWrt Project: OwnCloud or NextCloud](https://openwrt.org/docs/guide-user/services/nas/owncloud) - Remote download Through the remote download function, the router can be used as a download machine, without the need to open the computer for a long time to download. - [OpenWrt Installation and Configuration Aria2 Tutorial | Mi V Mi]([https://www.mivm.cn/o](https://www.mivm.cn/o)penwrt-aria2/) - [OpenWrt Project: Transmission configuration](https://openwrt.org/docs/guide-user/services/downloading_and_filesharing/transmission) - [Download resources using aMule on OpenWRT](https://butui.me/post/amule-on-openwrt/) - Media center Through the media center, the router can be used as a media server, and the video in the hard disk of the router can be played directly on mobile phones, tablets, TVs, game consoles and other devices. - [OpenWrt Project: DLNA Media Server](https://openwrt.org/docs/guide-user/services/media_server/dlna) - [RT1900ac Router Toss Notes: Installing Homebridge and Plex Media Server – Blanboom](https://blanboom.org/2017/plex-on-rt1900ac/) (Due to the insufficient performance of most home routers, it is not recommended to install Plex Media Server) - [Easiest Plex Set-Up Ever: Nighthawk X10 R9000 Router by NETGEAR](https://www.netgear.com/landings/plex/): The official wireless router that supports Plex Media Server - Install the third-party software on an external storage device Most wireless routers generally have a small built-in storage space, which can be expanded through an external storage device, and the software can be installed on an external storage device. - [OpenWrt install software to external storage (U disk/mobile hard disk) - short book](https://www.jianshu.com/p/5549241429d0) ### Third-party service integration Some wireless routers can integrate third-party services for more advanced automation. - [IFTTT](https://ifttt.com/) - [ASUS Router works better with IFTTT](https://ifttt.com/asusrouter) - [TP-Link Router works better with IFTTT](https://ifttt.com/tplink_router) - [z-george-ma/openwrt-iot: IoT support for OpenWRT based router](https://github.com/z-george-ma/openwrt-iot) - [iOS Shortcuts](https://support.apple.com/en-us/guide/shortcuts/welcome/ios) - [‎DS router on the App Store](https://apps.apple.com/us/app/ds-router/id963699443): Mobile App for Synology Router Manager, supports iOS shortcuts -Alexa - [ASUS ROUTER: Alexa Skills](https://www.amazon.com/ASUS-ROUTER/dp/B07285G1RK) - [Amazon Alexa Smart Home Connected Routers by NETGEAR](https://www.netgear.com/landings/amazon-alexa/) - [What is the TP-Link Router Alexa Skill and how do I use it?](https://www.tp-link.com/us/support/faq/1569/) - [Amazon Alexa | D-Link](https://us.dlink.com/en/alexa) - [eero now works with Amazon’s Alexa](https://blog.eero.com/announcing-eeros-alexa-skill-available-today/) ### Bonjour/mDNS Through the Bonjour function, Apple devices can directly access the router through the `.local` domain name, without having to remember complex IP addresses. In addition to Apple devices, there are currently many smart home devices (such as Mijia's Wi-Fi devices), as well as Chromecast, etc., have also begun to use the Bonjour protocol. If the home network is complex (for example, there are multiple subnets/multiple VLANs), you can use the Bonjour gateway function to realize device discovery through Bonjour between multiple networks. - [OpenWrt Project: Zero configuration networking in OpenWrt](https://openwrt.org/docs/guide-user/network/zeroconfig/zeroconf) - [Need Bonjour across VLANs? Set Up an Avahi Reflector!](http://chrisreinking.com/need-bonjour-across-vlans-set-up-an-avahi-gateway/) - [UniFi - Best Practices for Managing Chromecast/Google Home on UniFi Network – Ubiquiti Networks Support and Help Center]([https://help.ubnt.com/hc/en-us/articles/360001004034-UniFi-Best-Practices-](https://help.ubnt.com/hc/en-us/articles/360001004034-UniFi-Best-Practices-) for-Managing-Chromecast-Google-Home-on-UniFi-Network#create) ### Campus Network The campus networks of different schools have different authentication methods, and some schools also use private protocols. For the campus network, it is recommended to find out whether the school’s campus network can be connected and authenticated on devices such as OpenWrt in communities such as school forums. - [liuqun/njit8021xclient: Nanjing Institute of Technology 802.1X client (Linux version compatible with H3C/iNode V2.40-F0335)](https://github.com/liuqun/njit8021xclient): 802.1x authentication - [MentoHUST (Simplified Chinese) - ArchWiki]([https://wiki.archlinux.org/index.php/MentoHUST_](https://wiki.archlinux.org/index.php/MentoHUST_)(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96% 87)): Ruijie certification - [drcoms/drcom-generic: Dr.COM/DrCOM now covers dpx version 3.](https://github.com/drcoms/drcom-generic) : [Dr.COM](http://dr.com/) certified - [An idea of router authentication campus network | Damon Lee's blog]([http://blog.zhenglee.top/2018/08/09/路由��%](http://blog.zhenglee.top/2018/08/09/%E8%B7%AF%E7%94%B1%E5%99%25) A8%E8%AE%A4%E8%AF%81%E6%A0%A1%E5%9B%AD%E7%BD%91%E7%9A%84%E4%B8%80%E4%B8%AA% E6%80%9D%E8%B7%AF/index.html): Portal authentication ## safety ### related articles - [Home Router Security Report 2020](https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf) ### Open Source Firmware vs Closed Source Firmware If possible, try to use open source firmware, or use reputable closed source firmware/original firmware. The following are the "featured functions" that some commercial firmware/closed source firmware may have: - Hijack 404 pages - [How do you view the 404 webpage hijacking of Xiaomi routing? - Zhihu](https://www.zhihu.com/question/30358197) - Advertisement inserted in the webpage - [Webpage tampering, full screen advertisements, your Phicomm router has been kidnapped! - Zhihu](https://zhuanlan.zhihu.com/p/51273981) - Collect statistics/telemetry data, even directly collect user's private data - [Ubiquiti adds phone-home to the access point firmware | Hacker News](https://news.ycombinator.com/item?id=21430997) - [Landian News collects user privacy data, users should use third-party firmware immediately|Landian](https://www.landiannews.com/archives/21406.html) - Vendors have no incentive to fix some security vulnerabilities in a timely manner - [Several Netgear Router Models Are Vulnerable to Hackers | WIRED](https://www.wired.com/2016/12/ton-popular-netgear-routers-exposed-no-easy-fix/) ### Official Firmware vs Modified Firmware There are quite a few people and many organizations who will make modifications based on open source systems such as OpenWrt, Padavan, Asuswrt-Merlin, or official firmware from some manufacturers, so that they conform to the usage habits of more people. Generally speaking, in terms of security, it is the safest to use officially released firmware, or compile it yourself based on open source code. The quality of the modified firmware is uneven, which may solve some security problems in the official firmware, but may introduce new security risks. In terms of security, a simple judgment can be made from the following points: - Whether the modified firmware is open source The modified firmware remains open source, which is beneficial for users to ensure that relevant modifications do not introduce security vulnerabilities by checking the source code and other methods. For example, [coolsnowwolf/lede](notion://www.notion.so/coolsnowwolf/lede) has released the modified source code based on OpenWrt on GitHub. - Familiarity/number of users of the modified firmware. If the modified firmware has a large number of users, if there are security holes, it will help to be discovered and exposed faster. This facilitates timely repairs. - Is the modified firmware released in a safe way? If the firmware is downloaded via HTTPS and HASH and GPG signature verification is provided, it will help ensure that the firmware download process is not attacked by man-in-the-middle. However, firmware downloaded through HTTP download, Baidu network disk, etc. may cause the download process to be attacked by a man-in-the-middle, resulting in the download of the replaced firmware. - Whether the modified version of the firmware follows the main project, and the latest security update of the main project can be synchronized into the main project. You can use the version log, Git commit log, etc. to observe whether the modified version of the firmware follows the main project in a timely manner, and perform security-related updates and modifications. - Check if the default settings of the modified firmware are safe - Whether the firewall rules allow access to services in the router from the outside by default - Whether to use insecure protocols (HTTP, telnet, etc.) 10237-1-1.html), it can be seen that the remote Telnet function of the Koolshare Merlin firmware is implemented through the HTTP protocol, which may have security problems. But at present, Koolshare lshare Merlin firmware has adopted other methods to achieve remote login) - Whether the system update, software center and other functions are downloaded using an insecure protocol, and signature verification is not performed. Generally speaking, the system update or software center and other functions need to implement HTTPS download or signature verification to avoid man-in-the-middle attacks. Koolshare software center [the old version used the HTTP method] ([https://web.archive.org/web/20190814205504/http://koolshare.cn/thread-60134-1-1.html](https://web.archive.org/web/20190814205504/http://koolshare.cn/thread-60134-1-1.html)) to download, but it has been in time repair. - Some relatively small functions, it is recommended to use after evaluating the security risks - For example, if there is a function that needs to be decrypted through HTTPS, it can only be used after installing the certificate on the computer - Or is there a file sharing feature using unencrypted protocols like FTP, HTTP WebDAV ### Software update Manufacturers and firmware developers can fix security vulnerabilities through software updates and other methods. When choosing firmware, you need to consider whether the firmware is updated securely in a timely manner and whether it is updated in a secure manner. - For commercial firmware/closed source firmware - Confirm whether to use encryption or signature verification during automatic update - From the update log, observe whether the software update is timely and whether there are security holes - In [CVE List](https://cve.mitre.org/cve/search_cve_list.html), [National Information Security Vulnerability Sharing Platform]([https://www.cnvd.org.cn/flaw/list.htm](https://www.cnvd.org.cn/flaw/list.htm) ?flag=true) and other websites to search and investigate, and observe whether the relevant vulnerabilities are repaired in time - For open source firmware, some open source firmware does not include an automatic update function, and you need to pay attention to its software updates in a certain way. The main way to concentrate is as follows. - Regularly pay attention to the Release Notes of the system - Subscribe to the mailing list of open source projects to get information about security updates by email - Watch the corresponding open source project in GitHub, and receive notifications of project updates in time ### Application of Linux Security Features Many home routers do not apply the security features already provided by the Linux kernel such as [ALSR](https://en.wikipedia.org/wiki/Address_space_layout_randomization). It must be worn on the belt to weaken the security of the device. - [Build Safety of Software in 28 Popular Home Routers](https://cyber-itl.org/assets/papers/2018/build_safety_of_software_in_28_popular_home_routers.pdf) This article analyzes the application of 28 most popular home routers to Linux-related security features , and give buying advice. ### KRACK KRACK is an attack method on the WPA2 protocol. When purchasing a wireless router or selecting firmware, you need to consider whether the corresponding router or firmware contains a fix for KRACK. - [KRACK Attacks: Breaking WPA2](https://www.krackattacks.com/) - [KRACK - Wikipedia, the free encyclopedia](https://zh.wikipedia.org/zh-hans/KRACK) - [WPA2 "KRACK" vulnerability introduction and reproduction](https://paper.seebug.org/512/) ### FragAttacks - [FragAttacks](https://www.fragattacks.com/) ### WPA3 WPA3 is a new Wi-Fi security protocol that improves some of WPA2's security weaknesses. At the same time, WPA3 supports Wi-Fi Enhanced Open mode, which provides an encryption mechanism for open, password-free Wi-Fi networks, which enhances security to a certain extent, and is suitable for Wi-Fi networks in public places such as libraries and shopping malls. Currently, a small number of wireless routers support WPA3. In addition, some wireless routers (such as Synology RT2600ac) and terminal devices (such as iPhone) have supported WPA3 through software updates. - [Security | Wi-Fi Alliance](https://www.wi-fi.org/zh-hans/discover-wi-fi/security) - [What Is WPA3, and When Will I Get It On My Wi-Fi?]([https://www.howtogeek.com/339765/what-is-wpa3-and-when-will-i-get-it-](https://www.howtogeek.com/339765/what-is-wpa3-and-when-will-i-get-it-) on-my-wi-fi/) - [Wi-Fi CERTIFIED Enhanced Open™ delivers data protection in open Wi-Fi® networks]([https://www.wi-fi.org/news-events/newsroom/wi-fi-certified-enhanced-open-delivers](https://www.wi-fi.org/news-events/newsroom/wi-fi-certified-enhanced-open-delivers) -data-protection-in-open-wi-fi-networks) ### Firewall configuration In an environment where the public network IP can be obtained, properly configure the firewall to prevent the services in the router from being accessed by the outside, which is conducive to improving security. - [Telecom IPv6 network and firewall configuration for home scenarios](https://zhuanlan.zhihu.com/p/40836019) - [Ask: The correct posture for IPv6 "intranet" devices to expose to the public network - V2EX](https://www.v2ex.com/t/530084) ### Do features such as SSID hiding and MAC address filtering improve security? Hiding functions such as SSID and MAC address filtering has limited effect on improving security, so it is not recommended to open: - [Recommended settings for Wi-Fi routers and access points - Apple Support](https://support.apple.com/en-us/HT202068) ## Network quality optimization - Adjustment and optimization of wireless network related parameters - [802.11 wireless network parameters clearing](https://beijinglug.club/wiki/doku.php?id=docs:wifi) -AirTime Fairness - [Airtime Fairness On or Off](https://routerguide.net/airtime-fairness-on-or-off/) ## infrastructure ### Decoration and Wiring - [Comparison of Cat5/Cat5e/Cat6/Cat6e/Cat7](https://network.51cto.com/art/201801/563938.htm) - [Renovation That's a Bad Thing Part 3: Outer Fans — Network Cables That Were Trapped - What's Worth Buying](https://post.smzdm.com/p/560761/) - [10 Gigabit optical fiber network deployment strategy, let the optical fiber cover your home!](https://www.bilibili.com/video/av59732534/) - [For digital controllers, what good designs are there in terms of decoration? - Zhihu](https://www.zhihu.com/question/21170551) - [Home 10Gbps Network Construction Guide – Yachen's Blog]([https://yach.me/2020/08/29/家庭-10gbps-网�%](https://yach.me/2020/08/29/%E5%AE%B6%E5%BA%AD-10gbps-%E7%BD%91%E7%25) BB%9C%E6%96%BD%E5%B7%A5%E6%8C%87%E5%8D%97/) ### Weak current box, cabinet - [Battle to Rescue Weak Electricity Boxes at Home - What to Buy](https://post.smzdm.com/p/427001/) - [There are so many fans, you can do whatever you want. Weak current box sorting - what is worth buying](https://post.smzdm.com/p/alpoe0k0/) - [The first post of the new year: Home network cabinet and network topology - Chiphell](https://www.chiphell.com/thread-1209486-1-1.html) ### Other Ideas - [Use LEGO bricks to build a UniFi rack](https://community.ui.com/stories/How-my-Mini-Lego-Unifi-Rack-came-to-be/5eaabfb6-390c-4db0-a323-7ed938a5b651) - [3D Printed UniFi Rack](https://otichi.com/from-asus-to-unifi.html) - [Ubiquiti Unifi Dream Machine Wall Mount](https://www.d3d.shop/listing/779073493/ubiquiti-unifi-dream-machine-wall-mount) ## Network diagnosis and debugging tools - [Speedtest by Ookla](https://www.speedtest.net/) Well-known speed test tool - [DSLReports Speed Test](http://www.dslreports.com/) Network speed test tool, supports bufferbloat test - [Flent](https://flent.org/) Multifunctional network testing tool, packaged `netperf`, `iperf` and other tools, can be used to test bufferbloat - [Fing App](https://www.fing.com/products/fing-app) LAN scanning and speed measurement tool - [iPerf](https://iperf.fr/) command-line speed measurement tool, which can be built on the cloud for ISP speed measurement, or built locally to test the maximum throughput of routers, switches, and Wi-Fi - [WiFiman](https://blog.ui.com/2018/12/11/introducing-wifiman/) Wi-Fi scanning, LAN scanning, speed measurement tool - [BestTrace](https://www.ipip.net/product/client.html) a graphical `traceroute` tool that can display traceroute results on a map - [nali](https://github.com/meteoral/Nali) adds Chinese location information for `ping`, `traceroute`, `nslookup` and other commands - [WiFi Magic Box](https://wis.ruijie.com.cn/wmg/static/homepager/index.htm) is a multifunctional Wi-Fi detection tool that can Conduct a Wi-Fi Roaming Test - [AirPort Utility](https://apps.apple.com/cn/app/airport-%E5%AE%9E%E7%94%A8%E5%B7%A5%E5%85%B7/id427276530) Wi-Fi scanning and signal strength detection tool (due to system limitations, this is the only tool that can achieve related functions on iOS) - [iStumbler](https://istumbler.net/) Wi-Fi scanning tool on macOS - [WiFi Explorer](https://www.adriangranados.com/) Wi-Fi scanning tool on macOS - [Hurricane Electric Network Tools](https://networktools.he.net/) A network toolbox for iOS and Android, including DNS query, interface information, iPerf, Bonjour browser, etc. - [Rumble Network Discovery](https://www.rumble.run/) powerful LAN scanning tool - [Wireless Diagnostics that comes with macOS Broken]([https://support.apple.com/zh-cn/guide/mac-help/mchlf4de377f/mac](https://support.apple.com/zh-cn/guide/mac-help/mchlf4de377f/mac)) macOS comes with a "Wireless Diagnostics" tool that can scan Wi-Fi, view Wi-Fi logs, and recommend the most Best Wi-Fi frequency band, Wi-Fi performance monitoring, packet capture and other functions - [TP-LINK Online Treasure Box](https://apps.apple.com/app/id1502063951) - [Netool.io - Network Engineer Tool](https://netool.io/) Small and portable network diagnostic tool - [PingTools](https://pingtools.org/) Portable network scanning tool on Android - [geerlingguy/internet-monitoring](https://github.com/geerlingguy/internet-monitoring) Monitoring a home network with Docker and Prometheus - [iOS View Wi-Fi Details - V2EX](https://www.v2ex.com/t/821659) Apple's official description file, after installation, you can view Wi-Fi channel, strength, delay and other information ## Operators ### Carrier Selection Different regions and different operators have great differences in network quality. If there is a high demand for network quality, it is recommended to know the situation of the local operator in advance. In addition, operators in some regions also provide services such as "International Boutique Network", which can speed up access to foreign websites. - [Which broadband is better between Telecom, China Unicom, and China Mobile? - Zhihu](https://www.zhihu.com/question/30744052) - [The difference between China Unicom and Telecom Broadband - V2EX](https://www.v2ex.com/t/566413) - [What is the use of China Telecom's international boutique network business? - Zhihu](https://www.zhihu.com/question/20749587) - [Spit about China Mobile's broadband. DNS pollution is not just a little bit... - V2EX](https://www.v2ex.com/t/452546) - [Why is the same mobile network, mobile 4G and mobile broadband experience so different? - Zhihu](https://www.zhihu.com/question/54220923) - [What is operator traffic penetration? - Zhihu](https://www.zhihu.com/question/52390237) ### Acquisition of public network IP and IPv6 address At present, IPv6 is becoming popular in China, and more and more operators are beginning to allocate IPv6 addresses, which can be allocated after setting up routers. However, IPv4 address resources are even more scarce, and many areas have been unable to obtain public network IPv4 addresses. If the IPv6 address cannot be obtained, or there is no public network IPv4 address, you can try to call the operator's customer service number to apply for a public network IP or IPv6 address. However, due to limited IPv4 address resources, even if you call customer service, you may not be able to apply for a public network IP. In addition, some areas can obtain public network IP through a special user name, or through paid purchases. - [Guangdong Telecom dial-up plus pub is the public network ip-Vision Forum](http://bbs.pcbeta.com/forum.php?mod=viewthread&tid=1789805) ### Change optical modem to bridge, use router to dial In the case of insufficient NAT performance of the optical modem, the optical modem can be modified to bridge mode, and the router can be used to dial up to improve performance. In most areas, you can call the operator and ask the operator to remotely modify the optical modem to bridge mode. You can also find or crack the super password of the optical modem on the Internet according to the model of the optical modem, and modify it to bridge mode in the management page. However, for gigabit broadband in some areas, after the optical modem is replaced with a bridge, the bandwidth will decrease instead. - [How to change China Telecom Tianyi light cat to bridge mode | Yeboyzq Blog](https://www.yeboyzq.com/luyoujiaohuan/984.html) - [Shanghai Telecom's gigabit bridging will limit the speed? It seems that I accidentally cracked it? - KoolShare](https://web.archive.org/web/20210508155134/https://koolshare.cn/thread-151416-1-1.html) ### IPTV related - IPTV single line multiplexing - [Network Equipment Part 1: Home Network Transformation - Summary of Single Line Multiplexing Practice_Value Customer Original_What is worth buying](https://post.smzdm.com/p/alpzdxpo/) - Convert multicast to unicast to watch TV on computers, iPads and other devices - [udpxy+xupnpd, IPTV+ Smart TV Perfect Solution - Short Book](https://www.jianshu.com/p/3f9018c6d2bf) ### Relevant policies and complaint methods - Home broadband is not allowed to provide external web services - [Home broadband private web was detected, Modu Telecom was suspended broadband - V2EX](https://www.v2ex.com/t/608821) - Complaints from the Ministry of Industry and Information Technology - [How to complain to the operator faster and better? - Zhihu](https://zhuanlan.zhihu.com/p/22405071) - [Ministry of Industry and Information Technology of the People's Republic of China](http://www.miit.gov.cn/) ## DIY related - [Home 10 Gigabit Network Guide 6 - Dual-port 10 Gigabit network card that is cheaper than network cable. How to flash or backup firmware for Mellanox network card - Zhihu](https://zhuanlan.zhihu.com/p/114822136) ## Common Misunderstandings, Q&A ### The terminal only supports 2x2 MIMO, there is no need to choose a wireless router with 3x3 MIMO or 4x4 MIMO? At present, most mobile devices only support 1x1 MIMO or 2x2 MIMO, but many high-end home routers already support 4x4 MIMO. Many people think that it is not necessary to choose a wireless router with 4x4 MIMO. But in fact, the radio transmission power of routers and terminals is fixed, and wireless routers that support 4x4 MIMO can receive and send the same data through multiple antennas to improve throughput and Wi-Fi coverage. For details, please refer to the introduction in the following link: - [How To Buy A Wireless Router - 2018 Edition - SmallNetBuilder](https://www.smallnetbuilder.com/basics/wireless-basics/33177-how-to-buy-a-wireless-router-2018-edition) - [Diversity gain - Wikipedia](https://en.wikipedia.org/wiki/Diversity_gain) - [Spatial multiplexing gain - Wikipedia](https://en.wikipedia.org/wiki/Spatial_multiplexing_gain) ## Comprehensive case - [Unifi Family Bucket Advanced Networking Solution](https://bbs.ui.com.cn/t/unifi/48147) - [Tour of Home Network 2020 - The 8-Bit Guy](https://www.youtube.com/watch?v=Ev0PL892zSE) - [EP19 - Install and configure pfsense to configure a safe and reliable home gateway - NGXHK](https://www.bilibili.com/video/av15823557/) ## welcome to participate Welcome to [Submit Issue](https://github.com/blanboom/awesome-home-networking-cn/issues/new), or [Submit Pull request]([https://github.com/blanboom/awesome-home](https://github.com/blanboom/awesome-home) -networking-cn/pulls) to contribute to this document. This document adheres to the [Contributor Convention](notion://www.notion.so/code-of-conduct.md), in addition, when making contributions, please note the following: 1. This document complies with the CC BY agreement, please ensure that the new content is compatible with this agreement, and avoid adding copyrighted content 2. This document does not accept content that violates the laws and regulations of the People's Republic of China, or that is not suitable for public discussion in mainland China 3. This document mainly focuses on home network equipment, and does not consider too professional enterprise equipment for the time being ## License This work is licensed under the [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0/).