For my home firewall and server I used to have an old laptop running Debian. It was a source of geek pride that I had configured by hand all of the necessary services (DHCP, DNS, iptables, Apache, Samba) and knew how everything worked. When that laptop died, I decided I was too lazy to keep maintaining all the settings myself, and looked for help. I deployed Zentyal on an Ubuntu server, and it worked really well for me. Though I prefer Debian to Ubuntu, Zentyal was a reliable, flexible, and easy-to-use configuration tool that met all of my common needs and didn't get in the way of my doing other things on the server. Everything ran smoothly for over a year.
One morning my server stopped forwarding traffic. I could access the Internet from the server, but my internal network couldn't get out. I hadn't changed any configuration in months, there were no log messages, no recent updates, no clues. Resetting the network interface solved the problem, and it didn't happen again for about a month. Then it started happening regularly and I couldn't figure out why. It was always in the morning, it seemed related to my leaving my VPN client running all night on my work machine, and restarting the networking service would temporarily solve the problem. I triple checked my configuration, trawled the Zentyal and Ubuntu bug trackers, researched on Google, and had my ISP look into things on their end. I was still puzzled, and the problem got worse. It would happen weekly, then daily, then multiple times a day. The software hadn't changed, so I swapped out network cards and everything was reliable again. I was relieved that I finally had it fixed. But a few months later, it happened again, and again, and again.
I work from home, so I have to have a stable network connection. This problem was really stressing me out. It could be a bug in Zentyal (I was running the pre-release of 3.0 in production against their advice). It could be a bug in the networking layer of the kernel. It could be a hardware problem that was frying network cards. It could be a problem with my ISP. None of it seemed likely. I gave up trying to find the root cause and decided that I needed to simplify my system by buying a pre-configured gateway/router. I hoped to get back to a stable state quickly even if I had to give up some control.
I had previously tried a consumer level wireless router before I tried Zentyal. I purchased the expensive DLink Xtreme N Duo Wireless N Access Point (DAP-1522) and it was a horrible experience. The hardware seemed okay, but the software was amateur in the extreme. When I turned it on and found that it could only be configured from Internet Explorer, I realized it was a piece of junk and immediately tried to return it. Unfortunately Office Depot won't accept hardware back once the box is opened even after I explained that the box didn't say anything about it being Windows-only (I haven't spent any money there since). I needed a quick solution, so I fired up a virtual machine and tried to configure the router. It was painful to use, and the device kept freezing. DLink support was awful to work with. The router was a total waste of money, and I don't by DLink products anymore.
That experience taught me to never buy a router that didn't support flashing my own open source firmware. So this time around I started by reading about the various open source firmware projects and reviewing the routers they recommended. There were too many options. The whole point was to get up-and-running quickly, but doing the research to find compatible hardware and software for a good price was not quick. Then I found Easy Tomato.
The Easy Tomato project was created by Relief Labs International as a way to help non-technical responders to a disaster quickly set up a network. It is based on the Tomato firmware, and they have configured it specifically for the Asus RT-N16.
The Asus RT-N16 is a great wireless access point and router. (I took the photo off of the Asus web site and I hope they don't mind.) The hardware is affordable, reliable, and flexible. It has nice extras like a USB port for running as a media server or print server. Every Asus device I have purchased has been well designed and had great Linux support, so I have confidence in their products. I also found the out-of-the-box firmware to be pretty decent: it has lots of features, looks like a variant of tomato, and the source code is open. Following the recommendation from Easy Tomato resulted in a great purchase.
Even though the out-of-the-box Asus firmware seemed decent, the UI was clearly designed be an engineer. I was itching to try Easy Tomato's interface targeted at non-geeks. Flashing with Easy Tomato proved to be a great choice. It is a well documented and easy process. The basic configuration is super easy, and the advanced configuration has every option I could want to tweak and more. However the advanced configuration is also well organized and most options have good in-screen help that clarified what it does. The firmware is not 100% complete, but it has worked great at my house for the last 6 months. I am using the router for DNS, DHCP, port-forwarding, and basic access control / content filtering (most of my filtering is done by OpenDNS). Everything else is handled by my former firewall that has been reliable as a Debian web server, media server, and general project box.
Easy Tomato is a really great project, but there are three weaknesses:
- It is unfinished. This isn't a big weakness because all of the functionality I need is reliable, but there are some non-functional screens that should be hidden until they work. I have also had to reboot the router twice in six months which might be due to its "beta" status. After today's reboot I decided to upgrade to the October 2012 firmware and see if that helps.
- The documentation isn't finished and there are a few options that still don't have help text. Again, this isn't a big weakness because all the common options have help text and the documentation for installation and upgrades is great.
- There is no way to preserve settings through an upgrade. This is also not a big weakness so long as you keep good notes and budget a little time to re-configure everything.
I highly recommend this approach. I am grateful for the Easy Tomato project and am very happy with my Asus RT-N16 gateway.