I wouldn’t normally pay so much, but if it does receive updates way past the lifespan of other consumer routers, then it would probably cost less in the long run.
I also like the monitoring and notification functions (attempted intrusions, etc.), as well as its open source/Linux chops.
They still support their kickstarter model.
They not only update, they announce updates in their forum with details regarding what the changes are. Rollbacks are also pretty easy and pre-update there are multiple release candidates which the bleeding edge customers download and test.
What’s your experience with the “phoning home” that the review I linked mentioned? I suspect it’s just something innocuous, checking for updates, etc. Turris’ privacy policy seems legit.
I think that review is an honest reporting of experience by someone not an expert in networking in general, routing in particular (neither am I). He also does not seem to have much linux knowledge or cli inclination. I think some of his negative impressions reflect personal preferences.
As near as I can tell, there are 2 sorts of “phoning home”, checking for updates (enabled by default) and (optional) data collection for product improvement. When automatic updates are disabled, data collection is as well, but can be separately disabled. IMHO they genuinely try to be privacy respecting
I think the company is part of a Czech Republic (government?) ISP and and is under resourced and also has had some layoffs, but seems to be in better shape than Purism.
From my POV there are some “what were they thinking” and “why hasn’t this been fixed yet?” things. They tout the ability to add mSATA storage but the new user encounters multiple stumbling blocks. There are 3 miniPCI slots, 1 occupied by a full length 5 GHz wifi card and 1 by a half length 2.5GHz wifi card. But only 1 slot supports mSATA, but not the empty one. When the cards are swapped around, some of the cables between the antennas and the cards don’t reach. (Cables and the tool to gently remove tham are readily available online. The tool is probably handy for use with the Librem 5.) I also had to disconnect the motherboard from the case to move some of the standoffs around because of the mix of half length and full length cards.I got one of the dozen in stock at amazon earlier this year and it came with TurrisOS 3.x; they were at 6.x then and are at 7.x now. I’m guessing that the wifi6 model has whatever initial version that supports the wifi6 hardware. Web searches turn up very old documentation, which hasn’t been updated to point to the new tree. Navigating frpm the company home page didn’t always get me to where I need. Usually roaming the forum turns up a link to a new page.
The openWRT version on the Omnia is a major version behind the current openWRT version. Some customers are able get the current openWRT running, but I doubt it is easy,
The LUCI openWRT web admin GUI is available, but the Turris written ReForris web GUI is as well. Both can be used simultaneously (as I do). ReForris is probably easier (and safer) for most people. A few times, it has been easier for me to do something by ssh to the router.
I would recommend that a new owner browse the forum a bit, play with ReForis a bit, Then (or maybe before doing anything else download the latest stable “medkit” (flashable image) and flash it when ready. I don’t recommend a newbie trying to do a web update across major versions. Doing the firmware flash from a thumb drive is pretty easy. So don’t do a lot of customization that will be lost in a reflash. There are utilities to back up configurations, but restoring across versions might (probably IMHO) not work well or at all.
One thing I’m glad I did was move the cards and add the mSATA before ever turning the Omnia on because doing the moving and adding later would cause device renaming without automatically changing the relevant config files. Maybe that is trivial to do, but I wasn’t looking for yet another required task that I might screw up.
True for most of us(!) but … specifying your threat model includes an assessment of who your threat actors are, what their level of sophistication is, what their level of desperation is, what their motivation is, what they might be after / what you are protecting, what they might already have access to - and, related to all that, whether it is a targeted attack or an untargeted attack.
I review my logs. I see hundreds of attacks every day. It is my judgement that they are untargeted. There would be a wide range of actors, with a wide range of sophistication. Anything from a script kiddy to someone informally acting on behalf of a foreign nation state, to someone literally acting on behalf of a foreign nation state.
It is my judgement that their desperation level is low (i.e. probe and if unsuccessful, move on - because there’s always an easier target on the next IP address) and my security practices encourage that (e.g. temporary source IP address block against some unsuccessful attacks and e.g. correlate similar unsuccessful attacks that aren’t blocked by IP address).
Could I be doing more? Of course. But right now my threat level is not so severe.
Let’s say that you retain your old router and actually use it, and disable routing by not connecting the WAN side and disable switching by only connecting one LAN port and use it only as an extra, live wireless access point. Let’s say that there is a security flaw in the WAP functionality that is being exploited in the wild but which will never be fixed.
You can be attacked by anyone within WiFi signal range (which for most people would be a non-empty set) and it may not require a great deal of sophistication or desperation. The opportunistic wardriver could pick it up.
Now compare that with an alternative config where the old router has routing and WAP disabled and is being used solely as a switch i.e. to get a few more ethernet ports, and there is an unpatched known vulnerability in the switch functionality.
Realistically that is more difficult to exploit, requiring greater sophistication, because it probably requires a blended attack (one attack, a different attack, to get access to the local network and then the specified attack against the switch) or it requires physical access to the premises - and the vulnerability at your house is not readily detectable in the first place.
All that sounds quite complicated. 
If you want to simplify your pool of product candidates, focus on listing your necessities and dealbreakers.
Indeed. For starters, is the requirement for a pure router or is the requirement for an omnibus router + switch + WAP?
Thanks to amarok for create this thread, i got motivated to upgrades my 3 LibreCMC Routers from Gnu Linux v4.14 to v6.6, API v1 to API v3 WG, Etc.
I’m now leaning toward just buying a newer Asus router compatible with Asus-MerlinWRT again, to keep things simple and familiar, and to preserve present functionalities/setup.
If it ain’t broke.
Planned obsolescence wins, unfortunately. 
If you live in Europe, I really like my Turris router. It comes with a modified version of OpenWRT out of the box which is was the primary reason why I bought it. Sure there are some wifi chip blobs, but otherwise it’s fully open source. Has some cool additional features on top of standard OpenWRT too, some that are really nice and some that are a little bit gimmicky but you don’t need to have those enabled. The only drawback IMO is that it’s usually a year or two behind the official OpenWRT upstream (probably because they have so many additional features), but that’s not too bad.
I have 3 Turris Mox connected together with ethernet. One “master” with an additional fiber module for WAN and then the other two as extenders with PoE (I don’t trust mesh networks).
They also sell to other countries, including the U.S., where I am located. And I’ve already confirmed that the VAT is removed when shipping to the U.S. (We pay U.S. local tax instead, based on the delivery address.)
I certainly like this router as a concept.
I’m guessing that you already got another Asus or similar, but just in case and for future reference, the OpenWrt One which has (forked) OpenWrt out of the box by the Software Freedom Conservancy for 89 USD (Tom’s HW says $99 at amazon) and $10 of every purchase goes to OpenWrt development. One of its 2 ethernet ports is 2.5Gbps capable.
Not sure why the OpenWRT is a fork since it is supposedly the “First Router Designed Specifically For OpenWrt”. I also don’t know how OpenWRT differs from Asus-MerlinWRT.
Discussion at
says that the GL mt-6000 is “similar in price” and more powerful. It also comes with OpenWrt. I’m not finding much information about it, but the manufacturer site does list extensive specs.
Purism, come out with a router, please! Obviously, I know it’s kind of fanciful for me to make such a request and think it will make much difference, with all the planning and development that would need to go into bringing such a product to market, but it can’t hurt to ask! 
I would buy one. This is a space majorly lacking software freedom. @francois-techene
After reading the background discussion
Everyone is invited to participate in the Purism router poll who hasn’t done so already:
I notice that the OpenWRT One (thanks @j_s) not only supports 2.5 Gbps Ethernet, but can power itself off of it. That could allow one to leave the power adapter at home, potentially. It (or one of its premium derivatives) strikes me as an ideal reference board upon which a putative Purism Router would be built. Not to mention the legal advantages of copyleft licensing.
I fyou buy this one, of couse you should flash stock openWRT, and not GL.inet partially foss that is very bloted.
Not yet. I just received another AsusWRT-Merlin update, so I’m not sure how urgent the need for replacement is. Still planning to replace the router soon, though.
Of all the routers suggested so far that potentially receive very long-term updates, I like the Turris Omnia most, as it originates from the EU. If I dont buy another Asus (out of convenience), then I’ll probably get the Turris.
(Unless Purism throws a new option into the mix, of course. 
)