Hi there, I’ve tested Turries Shield in my home network over the last two weeks and gave up on it eventually in favor of HomeShield, a native firewall provided by TP-Link as a paid security add-on for their routers. I really like the idea of an open-source firewall, but eventually, the cons of Turris Shield outweighed its pros in my subjective opinion.
Turris Shield:
Pros:
Cheaper solutions (ca 130 USD one-off investment)
Easy to use for non-geeks
Open-Source
Greylist and global attacks report/visualisation
Cons:
It slows down the internet speed to half of its original speed: I tested the very same setups on 1Gb/s connection with and without Turris Shield multiple times and the speed difference is enormous. After reading through other users feedback I believe it’s a slow-down by design, not a bug:
ISP modem (in bridge mode) > Turris Shield > TP-Link AX73 Wifi 6 (in access point mode) = 350-400 Mb/s (OpenVPN inactive of course)
ISP modem (in bridge mode) > TP-Link AX73 Wifi 6 (in router mode) = 750-800 Mb/s /both scenarios measured on Speedtest iOS app/
No local attacks report
HomeShield:
Pros:
Firewall native to TP-Link routers, no conflicts
Easy to use for non-geeks
Reports of local attacks
Network analysis and optimizations
Cons:
More expensive in the long run (ca 70 USD per year)
Proprietary solution as opposed to Open-Source one, but I guess it’s a matter of preference or philosophical attitude. Someone who is a hardline Open-Sourcer will always prefer this type of development even if the product is of lesser quality.
I’d be happy to hear your take on the Turris Shield vs HomeShield comparison! The speed issue was the real deal-breaker for me.
Hello,
Sorry but open-source is not just a matter of preference. It is about transparency.
Can you now verify that HomeShield not spying your all traffic, not opening backports etc? Cannot if it is closed-source.
When something is hidden there is always reason behind it. Unfortunately today’s digital world is all about spying and data mining.
Regarding performance issue, don’t know why, and if these devices have comparable hardware. Turris should better compete in the market with newer products.
Thanks for the feedback! You’re absolutely right. If I was Edward Snowden or Julian Assange, I would probably never use a firewall produced by TP-Link, essentially a Chinese company.
But I believe the question is always put in the sense of what you must sacrifice and what you get in return. And here I’m, an average Joe who just wants to protect his family network from most of the shite lurking online, but without the need of having PhD in computer science or compromising the (rather expensive) 1Gb/s internet speed too much.
So my point is basically: whom is Turris Shield aimed for? It’s clearly too basic for geeks and too impractical for average users…
Anyways, I’m still keen on testing the new upcoming Turris Omnia 2022. I might learn many new things about networking along the way, too :))
Your results surprice me a bit. The shield is basicly a MOX with some sw and hw expansion limits. Same mainboard as far as I understand.
I have never layed my hands on a shield but have done a number of different throughput tests on a MOX with resuts far above your numbers (typical over 900mbps)
I strongly believe there must be another explanation to your results.
You mention speedtest.com, are you 100% sure you used the same server node?
To make sure you should manually chose a server node.
I would also suggest hooking up a wired computer directly to the shield to begin with. To rule out shield unrelated issues.
I have no experience with MOX, but did the modules you tested have its own Wifi? If so, then I would suppose one can’t simply compare it to the setup I refer to (Wifi in an external router).
Unfortunately, I’m not able to test it anymore as I already returned Turris Shield back to the merchant. However, I’m sure I tested it at least a dozen times in the span of several days, also with Google’s speed test on my desktop device in close proximity to the router. I’m fairly positive about the results not being a random deviation of the speed test measurement.
I refer to this thread (in SK/CZ) describing a very similar issue. The author eventually resolved the problem by changing the ISP, but that’s quite a radical step to take. The solution should be figured out on the Turries Shield level, IMHO.
Also, I made sure Turris Shield was the only NAT and DHPC server in the network. Both, the modem and the router were in bridge mode.
No my MOX does not have a wifi module, I run an external AP in my setup.
That would not have made any difference if running the test with wire anyway, which imho is the only reliable way to test throughput of a router/firewall.
My point of manuallt force the same speedtest server node is so you at least have a chance to get comparable results.
But as I mentioned, I do not have a shield and I probably have a different ISP, so my test will not be relevant here.
I just have a hard time accepting throughput tests when there is to many moving parts. There is a risk others will read and make wrong conclurions