I am planning to eventually build my own home server, and when I do I will hook it up via ethernet. But I do want to switch away from the generic FIOS router and use my own for more control over my data and security. Any recommendations?
I like the fritzbox ones but I think in USA the best is the base Unifi one (dream router)
Or a cheap decommissioned thinkcentre tiny m700 with opnsense
if you run a router on a computer like you suggest, can you also do other stuff with the computer like file serving? or is it a single function device for reasons of security or system resources?
theoretically you can install it as a VM on a computer that does many other stuff, but the more stuff it does, the more chances you need to take it down to reconfigure, reinstall, install updates and so on. When that computer is down, you’re offline
Can you give us some details about your house?
My house was built in the golden age of having voip landlines that needed CAT 5e cable but before cell phones were the norm so I have a wired backhaul mesh.
Edit: it occurs to me you probably mean like a router-router being that this is self hosted lol. So disregard haha
I live in a town house with relatively good Wifi signal coverage with no extenders needed. I am planning on eventually paying a professional to get wall Ethernet ports installed so I can hook up my most network dependent devices (gaming desktop, gaming devices) and use the router with the rest that wouldn’t make sense to hook into Ethernet.
Mikrotik RB5009 is my router.
Moving to OPNsense
I don’t know if it’s the best one, but I’ve been using Mikrotik Hex S for years and it’s been a great experience so far.
Here is something I wrote previously under a similar post: “Check out the OpenWRT Table of Hardware, it has a list of firmware mod-able off the shelf WiFi routers that work with, you guessed it, OpenWRT. It’s rather versatile as it’s Linux based and can handle VLANs, multiple SSIDs, and of course, you can change the DNS servers.” As I said, OpenWRT is very versatile and runs on many different routers, just find one you like and install it! Many of the supported routers provide Gigabit switching, and some even have multigit for your server connection.
I’m a noob, but I’m running a Frirzbox router and it seems great to me. 0 problem in configuration and happened to have lots of useful features now that I’m exploring self hosting (it support woreguard VPN natively and have automatic wakeonlan feature for my server)
I always found the software updates of AVM - the manufacturer of those "Fritz!Box"es - to be of questionable quality. If you take a look at the source code that they have to release upon request of the GPL’ed source code they use, you’ll notice that they use ancient versions of the Linux kernel, Busybox and other tools. By ancient, I mean many years old, unsupported by upstream for years. Also, they only publish those sources manually when someone asks for them, which doesn’t bode well for their internal development processes. If they used CI/CD pipelines, they could easily push out updates of those sources with every new release…
Same with a lot of manufacturers, unfortunately. This is not uncommon. The manufacturers get the base software from the manufacturer of the SOC (system on a chip) used by the router. This software is usually from when the chip series was first in development, and they never update it.
TP-Link make great hardware that works well, but even their newest routers are based on a version of OpenWRT from 5+ years ago with a Linux 4.x kernel.
but what is nice, many tp-link hw can run regular openwrt, which is way better than the thing they provide…
I don’t think their Omada routers support OpenWRT, unfortunately :(
The Omada probably not. But many other tp-link routers support it, especially the low spec ones. I mean, if we are getting to something more performant and feature rich, there are probably much better options, like Turris Omnia, some Microtik stuff and many other.
I’m a professional in software development, sometimes tasked with administration stuff.
At home I love my FRITZ!Box. The only thing I’m missing is DNS rewriting, but I can work around that. If you don’t know what that is you don’t need it anyway.
Yes! I asked their support several times for that, but without success :(
I’ve used this with much success (NanoPi r4s). It’s a mini board based off raspberry pi like system with an extra Ethernet out. It does not have Wi-Fi so you’d need to get an AP, but it’s swappable if you ever want to upgrade. With that and a switch for more Ethernet it’s fully open and customizable to put things like OpenWRT or whatever else you may want. Plenty of storage too.
My main router here is a RPi4 with 4GB memory, Debian and an USB interface for the connection to internet. The switches are Netgear (324 and a gifted 724) and tthe main server is an RPI 4 as well, but with 8G mem.
It depends your necessity but If you want a reliable and secure router is a good option a router that is compatible with OpenWRT for example.
If you want the full control use https://opnsense.org/ on a mini pc or in a VM on your home server.
Can this work with the “off the shelf” mesh routers.
This seems like it’s geared toward higher power hardware that’s not generally available on a consumer-grade router.
You could buy a $300 consumer router and it would be worse than just using an old PC with OPNsense.
Except that the old PC is probably less efficient at a lower clock than an AR based consumer router. You’ll get more performance and features, but it will be more expensive to run.
The Fujitsu Futro S720 consumes about 6 Watts and it’s great for OPNsense!
No, off the shelf routers are usually ARM and opnsense is x86 only.
Please don’t host a router on a Hypervisor VM. That does not benefit security. First of all a router is an integral part of the (home) network, therefore it should not be dependent on anything, like a hypervisor. You want to be able to replace or update your server/ hypervisor independently from each other, for example in 5 hrs your router might be still rocking all data, but you would want to upgrade your home server / hypervisor. Furthermore all those OpenWRT, PFsense, OpenSense kernel/ OS hardening is more effective on the hardware itself, especially all RAM/ Memory based security measures. Also if you truly want to be more secure, you use dedicated hardware for multiple reasons, performance is dedicated to only routing/ firewall processing (no other service/ VM can block or slow down packet processing), reducing the attack surface (less software, less attack surface), easier to update.
Pfsense or opnsense are really powerful options.
You’ll need a wireless access point as well, but those two are quite powerful and can run on quite powerful hardware.
You already have some good suggestions, so i just want to mention openWRT which can be flashed on off-the-shelf router combo (just check their supported devices first, if you go this route)
Love OpenWRT!
As a networking noob I spent more than a week configuring it to get it right, including needing to SSH into it because I flashed the wrong firmware (do not get NA and EU confused, the difference is enough to flat line your modem).
But in the end, I eliminated my bufferbloat with SQM; a feature the stock device lacked. I also set up a USB to act as expanded storage to install more software.
My TP-Link ER8411 can’t be flashed with OpenWRT even though their software is based on a very old version of it. :(
I have 10Gbps internet and can’t find any 10Gbps routers that support custom firmware. Building a pfSense system that supports 10Gbps would be much more expensive and use more power than a router that has a purpose-built SoC.
Have you thought about getting something like this?
Here is an alternative Piped link(s): https://piped.video/a3EMMYTdOYo
https://piped.video/a3EMMYTdOYo
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
I just got a MikroTik RB5009UPr+S+in and I’m loving it so far. I’m going to pair it with their AX ceiling wireless AP if I can ever catch it on sale again.
I think this is the best homelab router out there. If you are new to Mikrotik there is definitely a steep learning curve.
Openwrt is fairly good too, but I think documentation can be lacking and confusing for some edge applications. My other concerns with openwrt is performance since it is compatible with a wide variety of hardware is difficult to know how it will perform without testing it.
I want that router, but I don’t have a good reason to give my wife why our RB4011 needs to be upgraded…lol
I’ve had amazing luck with the Synology routers. You can start with one then if you want/need you add more to create a mesh network. I find the interface easy as well. My 2 cents of course…
Another vote for Synology here. I have 2 RT2600 and 1 RT1600 between myself and my parents houses. They have been completely bullet proof and the oldest one is going on 7 years old now.
I cannot recommend any consumer router brand, at least not with stock firmware, because any of them don’t have guaranteed update policy. Further, some of the stock firmware contains insecure protocols, like telnet (yes, still), outdated ciphers (SSL, TLS 1.0), and some feature you want is always missing. Further they often lack innovative features like WireGuard in updates, mostly bug fixes and security patches.
That’s why I would urge you to consider using one of the router/ gateway distributions listed below.
Depending on your requirements, I can recommend the following router OS:
- OpenSense (router without WiFi)
- OpenWRT (router with WiFi)
If you have an old laptop or pc to spare, you could at least give those two a try.
Someone already mentioned it, OpenSense runs only on x86 / PC Hardware (and MiPS). OpenWRT can be flashed onto a lot of consumer routers as well as be installed on traditional x86 / PC hardware.
OpenWRT has a hardware table on their website for supported models. Some of them come cheap if you buy them used and are pretty decent.
If you like more flexibility, I can recommend building your own router. Used thin clients, Iike for example Fujitsu Futro S920. Thin clients are basically low-powered PCs, which are often cheap on the used market and provide a variety of hardware interfaces. Most use Intel NICs, some have secondary NIC, can hold SATA disks, provide interfaces for WiFi (pice, miniPCIe, m.2) or extension cards, have high efficient power supplies and are in majority are passive cooled. Or get some SBC/ Low-Powered board with the interfaces you need. It doesn’t need to be new hardware.
I second OPNsense and Fujitsu Futro S720/920 (from €20/30 on eBay) with secondary NIC (or even router on a stick with VLAN enabled switch). I’d leave WiFi to a dedicated AP.
