Router Security Turris Omnia Router Website by     
Michael Horowitz 
Home | Site Index | Bugs | News | Security Checklist | Tests | Resources | Stats | About | Search |
See my June 17th blog: Debunking the New York Times on Router Security and VPNFilter
 

In June 2018, I was lent a Turris Omnia to kick the tires on. This page will be update as I learn more and try it out...

Introduction

The Turris Omnia may have been the first router sold for its security features. It is fully open source, both the hardware and software. The OS is called TurrisOS and its based on OpenWRT. It is from CZ.NIC, a non-profit organization in the Czech Republic.

The Omnia may have been the first router that self-updated its firmware. It includes NAS features and can serve as a DNLA (Digital Living Network Alliance) server. It is said to analyze the data traffic and identify suspicious data flows. It then alerts the home office of a possible attack. Data from other Turris routers is collected to asses the security status of the detected traffic. If its something bad, updates are sent to all the routers. It is also multi-WAN.

In April 2018, cz.nic introduced a new Safe router but it was only available to Czech institutions.

Random Observations

The target audience of the Omnia is very similar to that of the Pepwave Surf SOHO, techies. You don't have to be a networking or hardware expert, but their documentation assumes you know what a pigtail and a diplexer are.

Turris, like many other routers, can collect data. Peplink does not do this. But while other vendors may do it for marketing reasons, Turris does it to research attacks. Quoting their description of this optional feature:

"If you own the Turris Omnia router, you can join the research project called Project:Turris and ... contribute your data. In return you can check the statistics about your connection and attacks to your router. We will also contact you if ... our analyses reveals a potential threat in your network ... If the data collection is enabled ... either disable the emulated services (so-called minipots, which emulate services that are a common target of internet attackers) or you can choose whether you opt-in for the collection of credentials entered by the attackers."

Comparing the Omnia with the Surf SOHO

Compare and contrast the two routers on big things:

  1. The Surf SOHO is cheaper, roughly $200 vs. $350.
  2. The Omnia can handle much faster ISP connections. The Surf SOHO maxes out at about 120Mbps, the Omnia is said to be full gigabit Ethernet.
  3. The higher end hardware in the Omnia lets it do many functions besides normal routing. The Surf SOHO is just a router.
  4. The Omnia only has one copy of its firmware, the Surf SOHO has a backup copy of the firmware that you can boot into.
  5. The Omnia can self-update, the Surf SOHO can not. And, if you don't want auto-updating, you can disable it.
  6. You can plug a USB storage device into the Omnia and use the router to share files. The USB port on the Surf SOHO is only used for 4G/LTE antennas that provide Internet access.
  7. Both routers deserve praise for the way they handle problems. The Surf SOHO can generate a diagnostic report that you can send to Peplink to debug a problem. You will see this in the Status Tab -> Diagnostic Report. There is a link to download the report. Turris has documentation on how to report a problem, and their operating system can also generate diagnostics. See a screen shot.

Compare and contrast the two routers on small things:

  1. The Omnia supports two different User Interfaces, a simple one called Foris and an advanced one called LuCI. The Surf SOHO has just one interface, but sections of it have advanced options that are not enabled or displayed by default. For example, by default, the Surf SOHO does not enable or display anything about VLANs.
  2. To logon to the Omnia, you only need a password. The Surf SOHO requires both a userid and a password. Plus, the Surf SOHO lets you change the userid, you are not locked into "admin"
  3. The Surf SOHO supports two userids, one is an administrator the other is a read-only user. The Omnia supports three different passwords, for Foris, LuCI, and SSH. The three passwords can be the same or different.
  4. Both routers can save the current configuration to a file. Turris points out that their backup does not contain any passwords. Not sure about Peplink backups.
  5. Both routers can send you an email when certain bad things happen. The Turris has an advantage, in that they provide their own (optional) email sending service, Peplink does not.
  6. The front of the Surf SOHO has two small and dim lights. The back has two fairly bright lights on each Ethernet port. These lights are great to have, they come in handy when debugging some problems, but in a dark room some people may find them a bit too bright. There is no way to dim or disable the Ethernet LED lights. The Omnia is quite different. All the lights are in the front, there are no LEDs embedded in the Ethernet ports in the back. There is a button on the front that you can push to dim the lights. There are maybe a half dozen or so different brightness settings, including completely off.
  7. The Omnia has two USB ports, the Surf SOHO only one
  8. Both are ugly

Buying the Omnia

Shipments were initially expected to start in April 2016, then in Oct. 2016, then in Dec. 2016. By May 2017 it was for sale in roughly 25 countries, including Germany, Ireland, Greece, Austria, Switzerland, Spain, Belgium, Denmark, France, Finland, Italy, Poland, and England. As of June 2018, it was available all over Europe, but not in the U.S.

Like Eddie Murphy in the 1988 movie, the Omnia router is Coming to America. In June 2017, the company said they were working on FCC certification for the U.S. They guessed, at the time, that it would go on sale in the U.S. in the Fall of 2017. As of June 2018, FCC approval is expected in October 2018. Union Technology Cooperative of Middleton, WI plans on selling it in the US, after FCC approval. They plan to localize it for the US, test it and ship it with the latest software. They expect to sell it for $349 (not sure if thats with 1GB or 2GB of ram).

Vendor Documentation

One clump of documentation is at doc.turris.cz/doc/en/start

Another clump of documentation is at doc.turris.cz/doc/en/howto/start

Video Tutorials are at doc.turris.cz/doc/en/howto/video

Links to all the manuals are at: doc.turris.cz/doc/en/howto/omnia_manuals

First thing: doc.turris.cz/doc/_media/en/howto/omnia_manual_en.pdf. Four pages of initial hardware setup, an overview of the lights, ports and connectors and instructions for a factory reset.

Initial setup and Foris: doc.turris.cz/doc/en/howto/foris. Foris is the name of the simple web based user interface. There is a second interface with advanced features called LuCI.

Troubleshooting: doc.turris.cz/doc/en/troubleshooting/start

There are three different generations of the Omnia router. See what they look like at doc.turris.cz/doc/en/howto/turris_versions

Turris offers to answer questions emailed to info at turris.cz

Reading List

I have found very few reviews of the Omnia router. If you know of any not shown here, please let me know by emai (see bottom of the page).

  1. Review: Turris Omnia (with Fiber7) by Michael Stapelberg March 25, 2017.
  2. December 2015: Open source router makes all other routers look woefully behind the times By Jack Wallen at Tech Republic. It does not look at all like the picture in this article. At the time, it cost $190 with 1GB of ram.

Finally, the Omnia can also run the Next Generation Firewall, Untangle. The Home edition of Untangle costs $50/year to license. It runs on PCs, their own appliances, the Omnia and the Linksys WRT1900ACS. (thanks to Joe for the heads up)


Top 
This page was last updated: July 9, 2018 6PM CT     
Created: June 23, 2018
Viewed 337 times since June 23, 2018
(12/day over 27 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Changelog
Copyright 2015 - 2018