Does alternative firmware break your router?

[RMerlin]

Like others, I will have to re-read this article a few more times to fully digest it. A few comments I'd like to bring (too bad Tim won't get the chance to test these theories):

1) Both Asuswrt-Merlin and Tomato (Shibby build) have recently switched to a much newer version of Miniupnpd (the uPNP server they use). Would have been interesting to see if this new build resolved any of the noted issues (altho Tomato Shibby's latest release has a broken config file for miniupnpd)

As for DD-WRT, it uses a completely different uPNP daemon (I forgot its name).

2) By default both Asuswrt and Asuswrt-Merlin (don't know about Tomato's default state) have a SIP helper enabled by default, which is meant to help in the routing of SIP clients toward a remote (outside of your network) PBX. Disabling the helper is possible in Tomato and Asuswrt-Merlin (and possible in Asuswrt through a manual nvram setting change). I wonder if having this helped enabled by default might not be responsible for at least some of these failures.

Very nice article. As I said, I'll have to re-digest it a few times.

[scotde]

Quote:

Originally Posted by vnangia

Yup, definitely not. That's why I use stock. I've no idea how YeOldeStonecat got a higher performance out of Tomato than stock, but in general the open-source movement doesn't give priority to the "high speed" feature...

Well, if you still have the router in question to give it a shot, I think we'd all benefit from it.

Thanks for the testing. I would second a comparison of speed and coverage.
I use Tomato mainly for the parental controls (access restrictions), but I have a suspicion that Merlin gave more speed and coverage. It is not always easy to balance features with perfomance, so any further comparison would be greatly appreciated.

[eahm]

You must test Tomato Toastman and OpenWRT as well at least.

For the sake of the great Tomato community, you don't want to put Tomato Shibby in a representative position, also because his builds are the quickest updated of all.

Tomato Toastman and Tomato RAF tend to wait for updates, they don't have many addons like Tomato Shibby and the builds are also lighter.

[Mangix]

Quote:

Originally Posted by RMerlin

As for DD-WRT, it uses a completely different uPNP daemon (I forgot its name).

It's an implementation made by Broadcom. It's really buggy. And apparently has a vulnerability: http://blog.defensecode.com/2013/02/...ory-cisco.html

As far as I can tell, dd-wrt is still vulnerable.

I also would have liked to see OpenWRT as the firmware has a newer kernel and better code in general.

edit:

Quote:

Originally Posted by eahm

Tomato Toastman and Tomato RAF tend to wait for updates, they don't have many addons like Tomato Shibby and the builds are also lighter.

Completely irrelevant since both Tomato RAF and Toastman's builds will exhibit the same results as shibby's builds. The things that were tested are practically the same between all of those builds.

[RMerlin]

The firewall_2 failure is something I was aware of. A user reported me that behaviour a couple of months ago, and at the time I decided it wasn't really worth fully investigating because the only scenario where it might become an issue is one where the router would be fronting another LAN that you don't control, rather than your ISP. I forgot the details because it's been so long, but this could possibly be resolved with a single iptable rule.

I wonder if their demo would be actually usable to re-test the upnp and sip stuff... I could try adding a USB NIC to my laptop. The minimal configuration required by CDRouter is two NICs, plus a third for your lab (in this case, it would be the wireless). I'll have to bring home that age old Linksys USB NIC that's been gathering dust in my workshop.

[RMerlin]

Guess I'll forget about re-testing using the demo. The demo only offers these tests:

http://www.qacafe.com/static/7_2/tes...mmary-demo.htm

As opposed to the full suite:

http://www.qacafe.com/static/7_2/tes...st-summary.htm

At least I was able to create my own test case for the firewall_2 issue, using hping3 and two routers. Got that one fixed.

[thetoad30]

Quote:

Originally Posted by thiggins

The first thing CDRouter does in a test sequence is prompt you to restart the router, which I did.

Awesome. Good to know, but also leaves me baffled. Can't believe that holes like that exist...