Slashdot Mirror
High-Security, Open-Source Router is a Hit on Indiegogo (Video)
The device is called the Turris Omnia, and its Indiegogo page says it's a "hi-performance & open-source router." Their fundraising goal is $100,000. So far, 1,191 backers have pledged $248,446 (as of the moment this was typed), with 49 days left to go. They've shipped 2,000 pieces so far but, says interviewee Ondej Filip, "95% of them are in the Czech Republic."
This is not only an open-source project, but non-profit as well. A big motive for it is heightened security, as the interview (and transcript) make clear. It's also apparent that the hardware here is overkill for a router; it can run a complete Linux distro, no problem, so it can function as a server, not just as a router. Interested? You might want to put a reservation in soon. This isn't the cheapest router (or even server) out there, but a lot of people obviously think a Turris Omnia, with its crypto security, automatic updates, and server functions would be nice to have.
This is not only an open-source project, but non-profit as well. A big motive for it is heightened security, as the interview (and transcript) make clear. It's also apparent that the hardware here is overkill for a router; it can run a complete Linux distro, no problem, so it can function as a server, not just as a router. Interested? You might want to put a reservation in soon. This isn't the cheapest router (or even server) out there, but a lot of people obviously think a Turris Omnia, with its crypto security, automatic updates, and server functions would be nice to have.
Is this router based on Linux, or one of the BSDs?
OpenWRT based per the project's site, which should answer a number of your question, albeit not all of them. I'm curious for more details as well.
"Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
If you want a secure router just use pfsense.
Great. So maybe this thing really is pretty secure out of the box. But if your going to stick something that capable\configurable on a business LAN, it is inevitable that some junior admin will be assigned to set it up and in the process create a gaping security hole. I have seen it happen on lesser devices. A secure router should have a limited set of well documented functions, not the ability to run Sendmail.
Brought to you by Carl's Junior.
Why would you assume you can only run pfsense on x86? Besides, if you have a successful FreeBSD hack you could make yourself famous by sharing it now. What processor you run has very little impact on security.
https://www.freebsd.org/platfo...
The supplier is CZ.NIC, a non-profit organization that runs the .CZ top level domain of the Czech Republic.
This is their second Turris, and they probably will be around for day or two.
davecb@spamcop.net
It runs OpenWRT which supports OpenVPN, USB and bittorrent.
Aaron Z
"Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote
Like this criteria:
Project creation is currently available to individuals in the US, UK, Canada, Australia, New Zealand, the Netherlands, Denmark, Ireland, Norway, Sweden, Germany, France, Spain, Italy, Austria, Belgium, Switzerland, and Luxembourg who meet the requirements below.
No Czech Republic listed there.
It is an open system, in the case of the company going under there is nothing to stop a group of users continuing to support each other. I think that the design is very well thought out, if you can trust them with that level of access to your "digital front door", but even that is partly addressed with the containers idea.
There aren't any turn-key devices that run OpenWRT out of the box. There are some Buffalo devices that run DD-WRT, but that's not the same thing at all. DD-WRT's approach to security and updates is even worse than some router manufacturers.
Also, I did buy a Buffalo router with DD-WRT and Atheros chipset (so it would have open-source drivers), expressly so I could wipe DD-WRT and install OpenWRT. What I discovered is that customizing a router means lots of research, which you have to do again and again when it's time to install updates. This is because you can't really fit a proper system on only 32MB of flash, running on 128MB of RAM, so you have to reflash the whole thing every time. And this is actually a large amount of memory; my Netgear router with the same chipset has 8MB of flash and 64MB of RAM.
If you don't customize your router, then upgrading it is much easier, but then it still doesn't have automatic security updates and all the fun features.
The Turris router has 4GB of flash and 1GB of RAM. This is immense. You don't need to play tricks with minimal overlays on top of compressed ROM filesystems. You can install and maintain the router like a normal system.
Have a nice time.
Err... I just ran HTOP a minute ago to see what was spiking a CPU core. I snapped a screen shot with Shutter just to make a record of it. I stored it on an ext4 formatted disk drive. I used inxi -Fxz to check some specs a little while before that. Slurm is giving me a nice display of my network activity. Leafpad is open with my notes. Terminator stands idle awaiting my commend.
Nope, you're right, in practice that doesn't happen. None of that open source code is ever maintained and nobody ever puts any work into helping the community. Those old hacked wifi drivers that didn't initially work? Those were written by underpants gnomes or magic - I don't know which. They keep updating those realtek drivers to work with the newer versions and that hardware is still useful. Hell, I just clone git and use a little make magic and I'm good to go. But no, you're right! It never, ever, happens.
"So long and thanks for all the fish."