When I reached your situation, I started rackmounting which has saved me a lot of time.

I got a 1u dell poweredge r210 and slapped in a 10Gb network card. Loaded up OPNsense onto it. OPN sense was not easy to learn how to use, for me at least. Struggled to get everything running smoothly. But I am very happy I went with rack mounting instead of adding to the rat’s nest.

I find DrayTek devices to work quite well.

One more for mikrotik (I run the VM version on a small linux box).

I tested a ton of those (pf/opn-senses, VyOS, even Cisco), and noone of the free ones can handle IPv6 in a reasonable way in 2024, which is slightly bizzare. Mikrotik has some annoyances, but it’s rock solid as a router.

I don’t use its container features and instead run podman in a vm next to it. Works great.

You haven’t mentioned what sort of access link or speed you have, that seems very relevant here.

For my 1Gbit/s fiber connection the Edgerouter 6P has been pretty good. It has an SFP port and can route 1 Gbit/s of traffic without issue and my dual-stack setup works well too.

The only significant downside is that its switching is slow, it has no hw support. So I put my NAS on a separate subnet instead so that the traffic to it can be routed instead.

I can kind of recommend Firewalla. They run all open source software under the hood, but their UI is their own. I’m not super impressed with some of the decisions they’ve made, but it works and has almost every feature a firewall/router device needs.

Things I like

• VPN client support with selective VPN routing. Beats having to manually maintain a routing table for a VPN interface.

• SSH access with sudo to root

• comes with an Ad blocker, but can run pihole in a docker container. I find the onboard ad blocker paired with NextDNS via TLS is good enough.

Things I don’t like:

• UI is a phone app. WebUI is neutered. You will require all three (SSH included) to set up any advanced configs

• SSH access is a pain to use.

• Firewall rule creation is kind of a nightmare. I can see what they were going for, but they missed.

• You can’t easily configure the onboard IDS or Adblocker. You can dive into the filesystem if you want, but I don’t wanna.

I’ve been super happy with mikrotik, currently running mikrotik hex s, and ubiquity u6-lr for wifi, have had 0 issues, no need to reboot etc. Plenty of customizing if desired. A learning curve tho if you do want to start messing around

Adding another Mikrotik recommendation with the standard warnings – a bit of a learning curve, although it has a default configuration that “just works”. If you mess something up you can just apply the default config to get back online.

Don’t buy from Amazon. For whatever reason people have problems with those units. Fakes maybe? Who knows. If you’re in the US buy from streakwave, roc-noc, ISP supplies, Double Radius, or Getic (international shipping).

The RB5009 series is very good if you want something beefier with more ports.

pfSense on an old PC with two NICs should do well. You could buy dedicated hw like a protectoli. Ive had one for 6 years now no issues.

Hi-end Xiaomi router, they have WiFi ax and enough ram and support open wrt so you can host your things on it, better yet, do DIY router on orange pi board, there’s tutorials you can follow

I guess maybe too mainline for everyone here but I use an Asus router flashed with the Merlin OS (a painless easy process) and it works excellently. No issues setting up all the things you mentioned.

How much bandwidth and flexibility do you want? OpenWRT is what I use on consumer hardware but many people here also swear by custom hardware with opnsense

How much wifi and open-source do you really want?

If you are willing to go with commercial hardware + open source firmware (OpenWrt) you might want to check the table of hardware of OpenWrt at https://openwrt.org/toh/views/toh_available_16128_ax-wifi and https://openwrt.org/toh/views/toh_available_864_ac-wifi. One solid pick for the future might be the Netgear WAX2* line or the GL.iNet GL-MT6000. One of those models is now fully supported the others are on the way. If you don’t mind having older wifi a Netgear R7800 is solid.

For a full open-source hardware and software experience you need a more exotic brand like this https://www.banana-pi.org/en/bananapi-router/. The BananaPi BPi R3 and here is a very good option with a 4 core CPU, 2GB of RAM Wifi6 and two 2.5G SFP ports besides the 4 ethernet ports. There’s also an upcoming board the BPI-R4 with optional Wifi 7 and 10G SPF.

Both solutions will lead to OpenWRT when it comes to software, it is better than any commercial firmware but be aware that it only support wifi hardware with open-source drives such as MediaTek. While MediaTek is good and performs very well we can’t forget that the best performing wifi chips are Broadcom and they use hacks that go behind the published wifi standards and get it go a few megabytes/second faster and/or improve the range a bit.

DD-WRT is another “open-source” firmware that has a specific agreement with Broadcom to allow them to use their proprietary drivers and distribute them as blob with their firmware. While it works don’t expect compatibility with newer hardware nor a bug free solution like OpenWRT is.

There are also alternatives like OPNsense and pfSense that may make sense in some cases you most likely don’t require that. You’ve a small network and OpenWRT will provide you with a much cleaner open-source experience and also allow for all the customization you would like. Another great advantage of OpenWRT is that you’ve the ability to install 3rd party stuff in your router, you may even use qemu to virtualize stuff like your Pi-Hole on it or simply run docker containers.

I have a Unifi router, switch and four access points. My setup works fine. Stable.

I see other people from work say they get dropouts over the work VPN but I have no issues at all. I’m not saying the hardware is their cause but ISP provided all in one boxes are just that. An all in one solution.

I have had basically no issues with my setup: Edgerouter 4 (overkill, had a lower end Edgerouter earlier with no issues except the power adapter died, other hardware was fine). Some pretty basic unifi AP. As well as some cheap dumb gigabit switches. Can basically fire and forget them. Relatively easy to do most things I need on it. Never needed a reboot outside of upgrades. No stability issues, unlike basically all other home grade all in one stuff I have experienced in the past.

you can convert really any computer into a little router using the help of an ethernet card. I’m planning to do exactly that for my homeserver