To this date I still haven't found a product that is pro-consumer.
I WANT one of these smaller devices, they're efficient, they're cheap. I don't want to use x86 for my networking stack.
But I want them without an OS layer from anybody. I don't want to have to configure them through a website which distills dnsmasq's 8 options into 3 checkboxes on a website, none of which actually do what I want.
Ubiquity is nice, nice devices, and their UI is actually really nice. But what isn't in there just isn't possible.
You can't for example redirect DNS traffic to another IP.
You can't disable DHCPv6 (i.e. only use SLAAC) when doing IPv6-PD.
You can't disable broadcasting an IPv6 DNS when doing DHCPv6.
Synology:
When using SLAAC (Stateless) they still distribute the DNS via DHCPv6, but don't set the right tags. iOS picks up on the address, Windows does not.
But worse, you can't SET the DNS address, so it broadcasts the router's DNS, which isn't what you want when you have AdGuard / PiHole somewhere else.
Setting domains per network doesn't work. Last one wins.
Stateless does not require rDNS, nor DHCPv6. I have not found any router that supports this.
And neither Synology or Ubiquity support DD-WRT / OpenWRT.
And when you contact Synology with these bugs the first thing they do is ask access to your box to ... tinker around? WTF?
But, but, but.... some of their stuff ran OpenWRT! Or still does? Don't know exactly, other stuff runs that also, for less money, sometimes faster. less hot, and less ugly cases.
OTOH I still have a https://openwrt.org/toh/tp-link/tl-wdr3600_v1 running somewhere 24/7 since I don't even know exactly anymore. As 'managed' 5-port switch, the feeble WIFI only passively gathering information.
I bought into the Omada ecosystem in 2020, when Ubiquity was hard to buy and had also just had a major breach.
TP-Link has been good about deploying improvements to the ecosystem.
The flipside is those improvements are basic functionality that should have been present in a commercial product from v1. Like the ability to set firewall rules, which came in late 2021 or 22 iirc.
Other issues:
- The Safari interface issue she mentions is a major pain, and it’s a regression.
- All of their equipment has multiple “versions” under the same model number, and the early adopters like me get updates last for some reason.
- Documentation is ok, but logging and troubleshooting is difficult with the limited interface you get.
- DHCP IP reservation was broken until the last release.
I am glad the ecosystem is improving, and I appreciate having visibility into the network from a single pane of glass.
For a home network I can tolerate these issues. But I would be furious if I were trying to run a business network with it.
FWIW, I've been using an Omada switch and 2 APs for over a year with the controller in a docker container without any issues. I have preferred OPNSense as my router/firewall for years and it works well for me with omada gear.
- UI does not work in Safari. "Or, it'll prompt you to download a file CONSTANTLY."
- The DNS resolver stopped responding properly to a client Mac, though not 100% certain that was the issue.
- (UDP) NAT association tracking not working
- There is an SSH interface, but it's "completely neutered". "You don't even have /proc in there"
- Some speculation about missing IPv6 firewalling.
I don't understand the point about NAT. The source port gets mangled? You mean for listening? It randomizes configured forward ports, or what do you mean?
I WANT one of these smaller devices, they're efficient, they're cheap. I don't want to use x86 for my networking stack.
But I want them without an OS layer from anybody. I don't want to have to configure them through a website which distills dnsmasq's 8 options into 3 checkboxes on a website, none of which actually do what I want.
Ubiquity is nice, nice devices, and their UI is actually really nice. But what isn't in there just isn't possible.
You can't for example redirect DNS traffic to another IP.
You can't disable DHCPv6 (i.e. only use SLAAC) when doing IPv6-PD.
You can't disable broadcasting an IPv6 DNS when doing DHCPv6.
Synology:
When using SLAAC (Stateless) they still distribute the DNS via DHCPv6, but don't set the right tags. iOS picks up on the address, Windows does not.
But worse, you can't SET the DNS address, so it broadcasts the router's DNS, which isn't what you want when you have AdGuard / PiHole somewhere else.
Setting domains per network doesn't work. Last one wins.
Stateless does not require rDNS, nor DHCPv6. I have not found any router that supports this.
And neither Synology or Ubiquity support DD-WRT / OpenWRT.
And when you contact Synology with these bugs the first thing they do is ask access to your box to ... tinker around? WTF?