Slashdot Mirror
High-Security, Open-Source Router is a Hit on Indiegogo (Video)
The device is called the Turris Omnia, and its Indiegogo page says it's a "hi-performance & open-source router." Their fundraising goal is $100,000. So far, 1,191 backers have pledged $248,446 (as of the moment this was typed), with 49 days left to go. They've shipped 2,000 pieces so far but, says interviewee Ondej Filip, "95% of them are in the Czech Republic."
This is not only an open-source project, but non-profit as well. A big motive for it is heightened security, as the interview (and transcript) make clear. It's also apparent that the hardware here is overkill for a router; it can run a complete Linux distro, no problem, so it can function as a server, not just as a router. Interested? You might want to put a reservation in soon. This isn't the cheapest router (or even server) out there, but a lot of people obviously think a Turris Omnia, with its crypto security, automatic updates, and server functions would be nice to have.
This is not only an open-source project, but non-profit as well. A big motive for it is heightened security, as the interview (and transcript) make clear. It's also apparent that the hardware here is overkill for a router; it can run a complete Linux distro, no problem, so it can function as a server, not just as a router. Interested? You might want to put a reservation in soon. This isn't the cheapest router (or even server) out there, but a lot of people obviously think a Turris Omnia, with its crypto security, automatic updates, and server functions would be nice to have.
Or the company whichever goes up (or just fucks off for something better to do) in smoke first.
Is this router based on Linux, or one of the BSDs? How good is its IPv6 support, and does it have any IPv6 specific security features, such as not automatically assigning IP addresses to anything that may just be loitering about in the vicinity of the network?
What exactly is the hardware that this router is based on? Maybe it's not the cheapest, but I'd like to get an idea about whether the firepower of this router is worth it.
If you want a secure router just use pfsense.
High Security? Only time can tell. Until the router has been out in the wild for a bit and people have had a chance to look for vulnerabilities, it's impossible to say whether or not the router is actually secure. It's similar to the "Blackphone" which was touted for people who wanted a very secure phone. Once they released it, they found all sorts of security problems with it.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Wrong product, that is for the Turris Project which uses a different box, not the Turris Omnia.
Cause arm is sooooo cutting-edge secure.
You parallel my own thoughts. There have been a large number of "secure" router projects funded on indiegogo and kickstarter, but most (all?) proved to be laughably bad in that regard under competent close examination.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Great. So maybe this thing really is pretty secure out of the box. But if your going to stick something that capable\configurable on a business LAN, it is inevitable that some junior admin will be assigned to set it up and in the process create a gaping security hole. I have seen it happen on lesser devices. A secure router should have a limited set of well documented functions, not the ability to run Sendmail.
Brought to you by Carl's Junior.
Why would you assume you can only run pfsense on x86? Besides, if you have a successful FreeBSD hack you could make yourself famous by sharing it now. What processor you run has very little impact on security.
https://www.freebsd.org/platfo...
Any news on OpenVPN support or USB downloading? ie a download client for downloading torrent, web and NZB files. :)
Great to see an open-source project for the router side of the network
Thanks.
Domestic spying is now "Benign Information Gathering"
The problem PFSense has as compared to consumer routers is that running on normal Intel CPUs it needs more CPU power (and thus cost) to be able to forward a given amount of traffic. Plus all the NICs and such are separate silicon. Boradcom makes little all-in-one chips that have a couple of ARM cores that have acceleration for routing and so on. Also they have things like an ethernet switch and ethernet PHYs on the chip so they needn't be added. Have a look at a BCM4709A for an example that is popular in routers.
PFSense is good but it is not the most economical thing if you are talking features matching a consumer router, meaning gig routing, multiple ports, and wifi, you can have your costs go up a fair bit. Particularly if you also then want it to be fairly small and low power. If you hop over to PFSense's site it would cost about $575 for a SG-2440 with WiFi which would give features roughly on par with a consumer router.
While I'd much rather have that over a consumer router, a consumer router is in fact what I have because I didn't want to spend a ton of money for a home router.
With some types of projects, it takes way too many resources to have a working prototype before getting funding.
But with this particular project, this isn't their first router anyway, so there's not much of a question of whether they'll deliver or not.
There is nothing on this device that slapping openwrt on any freescale/arm device with wifi and a couple gigabit interfaces can't solve, and it's *still* twice the price of most of these openwrt-compatible devices: https://wiki.openwrt.org/toh/s... What's that? They have "threat detection"? You can also just run snort on many of those devices. The point you missed is that this project is re-inventing the wheel. Check yo'self.
Like this criteria:
Project creation is currently available to individuals in the US, UK, Canada, Australia, New Zealand, the Netherlands, Denmark, Ireland, Norway, Sweden, Germany, France, Spain, Italy, Austria, Belgium, Switzerland, and Luxembourg who meet the requirements below.
No Czech Republic listed there.
I get the idea that the project makes all of this pretty straight forward for less technically inclined users. Not totally clueless maybe but not elite hackers such as yourself. Sure, if you have the skills you can roll your own set up. This just gives you everything you need in a nice package. Not for everyone for sure.
The website discusses two things, the Turris Omnia with a link to their Indiegogo page and the rest is about their Turris project which is something different. The Turris router is not the Turris Omnia.
Is pFsense ported to the same variety of CPUs that FreeBSD is?
Right, because running the same code compiled for ARM or similar processors is any more secure?
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
I don't think 1GB & dual-core ARM is going to cut it for respectable NAS performance. That's pretty much what older versions of the LaCie NAS had under the hood and the performance was lame.
And they'd better get the security right. Nothing like having someone root your router AND have access to your porn stash in one hack.
Pain is merely failure leaving the body
There aren't any turn-key devices that run OpenWRT out of the box. There are some Buffalo devices that run DD-WRT, but that's not the same thing at all. DD-WRT's approach to security and updates is even worse than some router manufacturers.
Also, I did buy a Buffalo router with DD-WRT and Atheros chipset (so it would have open-source drivers), expressly so I could wipe DD-WRT and install OpenWRT. What I discovered is that customizing a router means lots of research, which you have to do again and again when it's time to install updates. This is because you can't really fit a proper system on only 32MB of flash, running on 128MB of RAM, so you have to reflash the whole thing every time. And this is actually a large amount of memory; my Netgear router with the same chipset has 8MB of flash and 64MB of RAM.
If you don't customize your router, then upgrading it is much easier, but then it still doesn't have automatic security updates and all the fun features.
The Turris router has 4GB of flash and 1GB of RAM. This is immense. You don't need to play tricks with minimal overlays on top of compressed ROM filesystems. You can install and maintain the router like a normal system.
Have a nice time.
No it's not a scam. As pointed out by other posters, the company behind this is CZ.NIC, the administrator of the .CZ top level domain. As a nonprofit, they have done extensive work on this, in large part as enthusiastic volunteers who are at the same time serious professionals. It's about as much scam as this "Android OS" which is just normal phone hardware with Linux installed on it :)
So when it arrives in the US, the box will be secured with tape that reads "This device was definitely not tampered with by any US TLA. Nope, nosirree bob. Nothing to see here."
You're bordering on insane! I like that. I'm gonna help you out. See, the same is true with an ARM CPU as well. What? You say!!! No way! They will let you view the source. True. That doesn't mean there's no other source that is purposefully kept hidden.
I think, if you want to be safe - safe enough to be this paranoid without being hypocritical, you should absolutely turn off your computer and stop using the internet. It's the only way to be sure! You're just asking to be hacked by using an ARM CPU that's providing an illusion of security by giving you a false sense of safety. The reality is that it'd be trivial to include code that you can neither access nor read on the chip. The same is true with every single chip out there. How do you know that FPGA is the size it says it is? That's the reported size. It may have hidden space and hidden code and the government would never tell you!
Seriously, I want to protect you from harm and you don't want them spying on your porn habits so you had better stop using your computer, entirely, and just plain forget about using the internet! You're just asking to get hacked!
"So long and thanks for all the fish."
I sometimes think that those that make the loudest complaints are those who've never actually done it and have no intention of ever doing so. Well, they may be fooling themselves and telling themselves that they're capable and that they'll get to it someday. But, the people who bleat the loudest aren't actually the target market and don't actually know what they're talking about. Instead, they once read a post where someone described something similar and they've extrapolated and concluded they're capable of doing so and thus have an informed opinion based on a blog article and reading a few comments.
You all make it sound like flashing and running ddwrt/tomato/openwrt is a huge management problem when it really isn't. All 3 offer various update mechanisms that do not require re-flashing. All 3 have proven themselves better than stock firmware and offer enough stability, performance and security to have stayed around many years. As I mentioned, the Turris Omnia hardware is cool, but the project itself has two factors against it: 1) it's claimed "security" remains to be seen 2) for what it does, it's expensive. They are aiming at the non-professional home enthusiast who "even cleans up the icons on your desktop" (quoted from their video). I doubt many of the buyers are going to be examining core dumps and tuning kernel parameters on this thing.
I'm a long time OpenWRT user and have been running it on 3 or 4 devices over the years. Admittedly it has been a few months since I have checked out the router hardware market, but last time I checked, you couldn't get comparable hardware specs to this (1.6GHz dual-core ARM, 4GB flash, 1GB RAM, gigabit on all ports, USB3, SATA) for anything close to $95 (half of the cost of this router). I'm doubtful you can get that today for even the full asking price of $189 although I'd be pleased to hear otherwise.
The Dude is a bit of proprietary Mikrotik software.. IIRC for router management and discovery?
He tried to kill me with a forklift!
Nope. PFSense only officially supports x86 and x64, and x86 is on the chopping block in the near future.
Does it have a jtag header so you can reflash in case you brick?
They should consider supporting some of the surviving CPUs used in routers - MIPS, SPARC and ARM.
You make a convincing point.
I've run a Turris (predecessor/prototype of Omnia) for a few months now and am very happy with it. Hardware is robust and software is OpenWRT with pushed updates & various mods. All the hardware and all the software is open. I've ordered an Omnia.
PFSense targets servers. The fact that you can use it at home is a coincidence. The most common type of server is x64, and most high end server hardware only uses a select few brands of NICs. They're a small group and focus their efforts with the biggest return.
I guess you folks didn't get the memo - the Internet doesn't like Flash. But even at a laptop which has Flash, the video still doesn't load.
Would you like help hosting the video?