Hi-end Xiaomi router, they have WiFi ax and enough ram and support open wrt so you can host your things on it, better yet, do DIY router on orange pi board, there’s tutorials you can follow

I have a mesh system made up of Asus Zenwifi ET8s, and I have been very happy with them. They have a lot of cool features, such as having a VPN server and VPN client, with the VPN client allowing me to apply the VPN to only selected devices. It has tons of customization options for those that are knowledgeable about that sort of thing. For example, I can tweak at what signal strength AP steering happens. It has WiFi 6E and 2.5 Gbps wired backhaul.

When I first got it, it was very buggy, and some features straight up didn’t work. But they eventually got all the bugs that I found fixed. It’s in a really good state right now.

To address your desired features, it does have wireguard. I don’t know about DDNS, but it does not have pihole built in. It has adguard built in, but it doesn’t really seem to do much, tbh. Then again, pihole didn’t really do anything for me either. I ended up shutting off my pihole because I didn’t even notice a difference.

I recently bought an x86 passive cooled box from Topton, an aliexpress merchant, that was recommended by ServeTheHome, a great youtube channel/blog that reviews all kinds of networking equipment for homelabs. Since it’s x86, you can pretty much install anything on it, in my case OPNSense. I recommend you watch some of their videos/read their blogs and see what fits!

I’ve been very happy with Opnsense running as a VM on both ESXi, and now Proxmox. Lots of configuration options and able to setup some complicated firewall rules easily.

I have been using opnsense on a very cheap celeron nuc for a few years, very happy with it

How much bandwidth and flexibility do you want? OpenWRT is what I use on consumer hardware but many people here also swear by custom hardware with opnsense

I use an entry level router ASUS RT-AX53U with OpenWrt. WiFi 6, IPv6, Guest VLAN, DNSCrypt (DoH), Adblock, Firewall are few things I have configured with OpenWrt.

Even if you don’t buy ASUS, make sure your router is supported by OpenWrt. It’s a Linux distribution that runs on routers and PCs to configure home networking.

Fritzboxes are rock stable, and support Wireguard from FritzOS 7.5 onwards, see https://avm.de/service/vpn/wireguard-vpn-zur-fritzbox-am-computer-einrichten/

(Apparently NOT the cable versions!)

What nags me most with them is that you have no separate Firewall controll over their WiFi, and the WiFi range is not really great. So probably consider going with dedicated APs instead.

I have had basically no issues with my setup: Edgerouter 4 (overkill, had a lower end Edgerouter earlier with no issues except the power adapter died, other hardware was fine). Some pretty basic unifi AP. As well as some cheap dumb gigabit switches. Can basically fire and forget them. Relatively easy to do most things I need on it. Never needed a reboot outside of upgrades. No stability issues, unlike basically all other home grade all in one stuff I have experienced in the past.

I personally would flick through the OpenWRT supported devices and pick the best supported device with 802.11ax.

I went tplink omada router, switches, and aps, very happy.

I am using NanoPi R5S. I am using debian system but there is also openwrt image for it, if you are not experienced Linux admin.

Works for over a year without problems. It runs PiHole and Wireguard client on docker, ddclient, unbound and reverse proxy.

When I reached your situation, I started rackmounting which has saved me a lot of time.

I got a 1u dell poweredge r210 and slapped in a 10Gb network card. Loaded up OPNsense onto it. OPN sense was not easy to learn how to use, for me at least. Struggled to get everything running smoothly. But I am very happy I went with rack mounting instead of adding to the rat’s nest.

I’ve been super happy with mikrotik, currently running mikrotik hex s, and ubiquity u6-lr for wifi, have had 0 issues, no need to reboot etc. Plenty of customizing if desired. A learning curve tho if you do want to start messing around

Adding another Mikrotik recommendation with the standard warnings – a bit of a learning curve, although it has a default configuration that “just works”. If you mess something up you can just apply the default config to get back online.

Don’t buy from Amazon. For whatever reason people have problems with those units. Fakes maybe? Who knows. If you’re in the US buy from streakwave, roc-noc, ISP supplies, Double Radius, or Getic (international shipping).

The RB5009 series is very good if you want something beefier with more ports.