Turris Shield vs TP-Link HomeShield

Hi there, I’ve tested Turries Shield in my home network over the last two weeks and gave up on it eventually in favor of HomeShield, a native firewall provided by TP-Link as a paid security add-on for their routers. I really like the idea of an open-source firewall, but eventually, the cons of Turris Shield outweighed its pros in my subjective opinion.

Turris Shield:


  • Cheaper solutions (ca 130 USD one-off investment)
  • Easy to use for non-geeks
  • Open-Source
  • Greylist and global attacks report/visualisation


  • It slows down the internet speed to half of its original speed: I tested the very same setups on 1Gb/s connection with and without Turris Shield multiple times and the speed difference is enormous. After reading through other users feedback I believe it’s a slow-down by design, not a bug:
  1. ISP modem (in bridge mode) > Turris Shield > TP-Link AX73 Wifi 6 (in access point mode) = 350-400 Mb/s (OpenVPN inactive of course)
  2. ISP modem (in bridge mode) > TP-Link AX73 Wifi 6 (in router mode) = 750-800 Mb/s
    /both scenarios measured on Speedtest iOS app/
  • No local attacks report



  • Firewall native to TP-Link routers, no conflicts
  • Easy to use for non-geeks
  • Reports of local attacks
  • Network analysis and optimizations


  • More expensive in the long run (ca 70 USD per year)
  • Proprietary solution as opposed to Open-Source one, but I guess it’s a matter of preference or philosophical attitude. Someone who is a hardline Open-Sourcer will always prefer this type of development even if the product is of lesser quality.

I’d be happy to hear your take on the Turris Shield vs HomeShield comparison! The speed issue was the real deal-breaker for me.

Sorry but open-source is not just a matter of preference. It is about transparency.

Can you now verify that HomeShield not spying your all traffic, not opening backports etc? Cannot if it is closed-source.

When something is hidden there is always reason behind it. Unfortunately today’s digital world is all about spying and data mining.

Regarding performance issue, don’t know why, and if these devices have comparable hardware. Turris should better compete in the market with newer products.

1 Like

Thanks for the feedback! You’re absolutely right. If I was Edward Snowden or Julian Assange, I would probably never use a firewall produced by TP-Link, essentially a Chinese company.

But I believe the question is always put in the sense of what you must sacrifice and what you get in return. And here I’m, an average Joe who just wants to protect his family network from most of the shite lurking online, but without the need of having PhD in computer science or compromising the (rather expensive) 1Gb/s internet speed too much.

So my point is basically: whom is Turris Shield aimed for? It’s clearly too basic for geeks and too impractical for average users…

Anyways, I’m still keen on testing the new upcoming Turris Omnia 2022. I might learn many new things about networking along the way, too :))


TP-link AX73 source codes.

https://static.tp-link.com/resources/gpl/Archer_AX73v1_GPL.tar.gz (603 MB)

1 Like

Seems like TP-Link is not as closed source as one might think…

1 Like

Sure, times are changing.

1 Like

Your results surprice me a bit. The shield is basicly a MOX with some sw and hw expansion limits. Same mainboard as far as I understand.

I have never layed my hands on a shield but have done a number of different throughput tests on a MOX with resuts far above your numbers (typical over 900mbps)

I strongly believe there must be another explanation to your results.

You mention speedtest.com, are you 100% sure you used the same server node?
To make sure you should manually chose a server node.

I would also suggest hooking up a wired computer directly to the shield to begin with. To rule out shield unrelated issues.

Testing by speedtest com is not reliable. Results vary a lot.

Basically it tests the speed of
YOUR_ISP + SomeEndPointServer
One of them or both can be bottleneck at any given time.

If you want test the pure performance of the device prepare a local test setup with iperf.


I agree, but if you pay attention to detailes you can get, let’s say, OK results with speedtest or oher easy browser tests.

There is a couple public available iperf servers if you chose that path

And sure pure perf is best done in a local test setup with full control of all parameters

I have no experience with MOX, but did the modules you tested have its own Wifi? If so, then I would suppose one can’t simply compare it to the setup I refer to (Wifi in an external router).

Unfortunately, I’m not able to test it anymore as I already returned Turris Shield back to the merchant. However, I’m sure I tested it at least a dozen times in the span of several days, also with Google’s speed test on my desktop device in close proximity to the router. I’m fairly positive about the results not being a random deviation of the speed test measurement.

I refer to this thread (in SK/CZ) describing a very similar issue. The author eventually resolved the problem by changing the ISP, but that’s quite a radical step to take. The solution should be figured out on the Turries Shield level, IMHO.

Also, I made sure Turris Shield was the only NAT and DHPC server in the network. Both, the modem and the router were in bridge mode.

No my MOX does not have a wifi module, I run an external AP in my setup.
That would not have made any difference if running the test with wire anyway, which imho is the only reliable way to test throughput of a router/firewall.

My point of manuallt force the same speedtest server node is so you at least have a chance to get comparable results.

But as I mentioned, I do not have a shield and I probably have a different ISP, so my test will not be relevant here.

I just have a hard time accepting throughput tests when there is to many moving parts. There is a risk others will read and make wrong conclurions

Just my 5 cents