I am planning to eventually build my own home server, and when I do I will hook it up via ethernet. But I do want to switch away from the generic FIOS router and use my own for more control over my data and security. Any recommendations?
Mikrotik RB5009 is my router.
Moving to OPNsense
Any specific reason to move from a Mikrotik to OPNsense?
I just want to hate my life again when setting it up. But I’d also like to reconsolidate my VMs. Currently running a server and the router. My server hosts a few networking services.
I’d rather be able to turn off the big server when I’m out for work to save power.
So if I can run a lower powered router the the ability to run containers and VMs for network essential tasks, and then turn off my power hungry server for trips that can span a few weeks.
Mikrotik hex are stupid cheap for the speed and features you get
Big fan of Mikrotik, but it helps to have some experience.
Haven’t tried hex, but RB2011 would be my default recommendation, and I’ve seen RB4009 for ~£120 (bargain of the century!)
Anyone tried out the L009UiGS-RM? Seeing that it could also run my pihole seems like a big advantage. My edgerouter lite is getting old.
Raspberry Pi 4 with a UE300 and OpenWrt can comfortably do 1 gig with SQM. I don’t know if it’s the most cost effective way to do it but it’s one way and it’s working well in 3 setups I’m looking after.
I don’t know if it’s the best one, but I’ve been using Mikrotik Hex S for years and it’s been a great experience so far.
Here is something I wrote previously under a similar post: “Check out the OpenWRT Table of Hardware, it has a list of firmware mod-able off the shelf WiFi routers that work with, you guessed it, OpenWRT. It’s rather versatile as it’s Linux based and can handle VLANs, multiple SSIDs, and of course, you can change the DNS servers.” As I said, OpenWRT is very versatile and runs on many different routers, just find one you like and install it! Many of the supported routers provide Gigabit switching, and some even have multigit for your server connection.
I’m a noob, but I’m running a Frirzbox router and it seems great to me. 0 problem in configuration and happened to have lots of useful features now that I’m exploring self hosting (it support woreguard VPN natively and have automatic wakeonlan feature for my server)
I always found the software updates of AVM - the manufacturer of those "Fritz!Box"es - to be of questionable quality. If you take a look at the source code that they have to release upon request of the GPL’ed source code they use, you’ll notice that they use ancient versions of the Linux kernel, Busybox and other tools. By ancient, I mean many years old, unsupported by upstream for years. Also, they only publish those sources manually when someone asks for them, which doesn’t bode well for their internal development processes. If they used CI/CD pipelines, they could easily push out updates of those sources with every new release…
Same with a lot of manufacturers, unfortunately. This is not uncommon. The manufacturers get the base software from the manufacturer of the SOC (system on a chip) used by the router. This software is usually from when the chip series was first in development, and they never update it.
TP-Link make great hardware that works well, but even their newest routers are based on a version of OpenWRT from 5+ years ago with a Linux 4.x kernel.
but what is nice, many tp-link hw can run regular openwrt, which is way better than the thing they provide…
I don’t think their Omada routers support OpenWRT, unfortunately :(
The Omada probably not. But many other tp-link routers support it, especially the low spec ones. I mean, if we are getting to something more performant and feature rich, there are probably much better options, like Turris Omnia, some Microtik stuff and many other.
I’m a professional in software development, sometimes tasked with administration stuff.
At home I love my FRITZ!Box. The only thing I’m missing is DNS rewriting, but I can work around that. If you don’t know what that is you don’t need it anyway.
Yes! I asked their support several times for that, but without success :(
Another thing I don’t like about my fritz box is that the DHCP server for some reason assigns a single DNS server to the computers in the network
I’ve used this with much success (NanoPi r4s). It’s a mini board based off raspberry pi like system with an extra Ethernet out. It does not have Wi-Fi so you’d need to get an AP, but it’s swappable if you ever want to upgrade. With that and a switch for more Ethernet it’s fully open and customizable to put things like OpenWRT or whatever else you may want. Plenty of storage too.
servethehome.com has a series about these fanless, multi-gigabit firewall for a while, might be interesting if you have a 200-300 USD budget?
https://www.servethehome.com/tag/firewall/
I’ve used a very similar setup in the past (J1900 CPU, 4x1 Gbps network ports) and I only replaced it due to reasons. Not noticed any performance bottle necks with that setup.
The latest N100/N200/N300/N305 CPUs from Intel looks really interesting, similar performance as my workstation but at a 10th of the power usage. N305 also has 8 cores in a passively cooled case, amazing stuff!
My main router here is a RPi4 with 4GB memory, Debian and an USB interface for the connection to internet. The switches are Netgear (324 and a gifted 724) and tthe main server is an RPI 4 as well, but with 8G mem.
It depends your necessity but If you want a reliable and secure router is a good option a router that is compatible with OpenWRT for example.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point DNS Domain Name Service/System NAT Network Address Translation PiHole Network-wide ad-blocker (DNS sinkhole) RPi Raspberry Pi brand of SBC SAN Storage Area Network SATA Serial AT Attachment interface for mass storage SBC Single-Board Computer SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL Unifi Ubiquiti WiFi hardware brand VPN Virtual Private Network
13 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.
[Thread #26 for this sub, first seen 11th Aug 2023, 15:25] [FAQ] [Full list] [Contact] [Source code]
Good bot
Off the shelf something like and EdgerouterX is great,
I cannot recommend any consumer router brand, at least not with stock firmware, because any of them don’t have guaranteed update policy. Further, some of the stock firmware contains insecure protocols, like telnet (yes, still), outdated ciphers (SSL, TLS 1.0), and some feature you want is always missing. Further they often lack innovative features like WireGuard in updates, mostly bug fixes and security patches.
That’s why I would urge you to consider using one of the router/ gateway distributions listed below.
Depending on your requirements, I can recommend the following router OS:
- OpenSense (router without WiFi)
- OpenWRT (router with WiFi)
If you have an old laptop or pc to spare, you could at least give those two a try.
Someone already mentioned it, OpenSense runs only on x86 / PC Hardware (and MiPS). OpenWRT can be flashed onto a lot of consumer routers as well as be installed on traditional x86 / PC hardware.
OpenWRT has a hardware table on their website for supported models. Some of them come cheap if you buy them used and are pretty decent.
If you like more flexibility, I can recommend building your own router. Used thin clients, Iike for example Fujitsu Futro S920. Thin clients are basically low-powered PCs, which are often cheap on the used market and provide a variety of hardware interfaces. Most use Intel NICs, some have secondary NIC, can hold SATA disks, provide interfaces for WiFi (pice, miniPCIe, m.2) or extension cards, have high efficient power supplies and are in majority are passive cooled. Or get some SBC/ Low-Powered board with the interfaces you need. It doesn’t need to be new hardware.
I second OPNsense and Fujitsu Futro S720/920 (from €20/30 on eBay) with secondary NIC (or even router on a stick with VLAN enabled switch). I’d leave WiFi to a dedicated AP.
Firewalla is also great if you want most things setup for you.
I like the fritzbox ones but I think in USA the best is the base Unifi one (dream router)
Or a cheap decommissioned thinkcentre tiny m700 with opnsense
if you run a router on a computer like you suggest, can you also do other stuff with the computer like file serving? or is it a single function device for reasons of security or system resources?
theoretically you can install it as a VM on a computer that does many other stuff, but the more stuff it does, the more chances you need to take it down to reconfigure, reinstall, install updates and so on. When that computer is down, you’re offline
