from njordomir@lemmy.world to selfhosted@lemmy.world on 06 May 20:08
https://lemmy.world/post/46516700
Seems like it might be time to build my next router before they become unaffordable. I’ve done some research, but I’d like to get the pulse of the community since other self-hosters may have a similar use care.
Should I use PFsense or OpenWRT? Should I use purpose built or minipc hardware?
This is for a home network (symmetric gigabit fiber). A few of the devices have 2.5LAN ports and it would be nice to make use of that speed locally. Primary uses include streaming Disney+ and YouTube, web browsing, and self-hosting a few services I connect to via wireguard. Sometimes I play games, but not competitively, so an extra ms of ping isn’t going to throw me into a rage. I do use a remote desktop feature like steam link to play gamed on my home office PC from my bedroom. Ping is currently acceptable according to the system with occasional slowdowns when my family is slamming the WiFi.
I will need to provide WiFi access. If my existing router(s) have an AP mode, I imagine I can just plug them in via ethernet?
What kind of wireless AP hardware do I need if I want connections to transfer between a basement and attic AP with minimal interruption?
For the router itself, I see people using what look like barebones routers and others using a minipc with dual LAN. What do you use and what advantages/disadvantages have you experienced as a result.
Can I set up a wireguard VPN server in either pfSense or OpenWRT?
Are there any enshittification risks or open-source purity concerns with either choice?
Is there a significant difference in popularity between pfsense and openwrt?
I will happily accept hardware recommendations for 2.5GB capable router hardware for a home network with 1GB fiber. It needs to be able to handle inbound and outbound wireguard connections. I’m overwhelmed by the many options between all the minipcs and purpose built hardware. Location is USA.
I appreciate any insight you may have. I’m a Linux guy, but networking has always been my weak point so I’m asking for help.
threaded - newest
There’s also opnsense.org, but I know little about it
Opnsense or pfsense are good options. Most people would suggest the former.
If you use your existing router as an AP you need to ensure it has a different IP address then your firewall and turn off DHCP.
If buying APs most would suggest unifi access points for their features and ease of use.
The *sense options let your use wire guard, openvpn, or others like tailscale, tinc.
For hardware any dual nic (in the speed you want) any n95, n100, n150 mini PC should more than meet your needs.
I’ll throw in my vote for pFsense. Pretty comprehensive package.
I wouldn’t recommend pfSense unless you’re already invested in it (e.g. already have a pfSense setup and want to transfer your config files and settings over). Netgate (parent company) has been moving towards their paid versions (pfSense Plus and TNSR), the Plus version is free if you buy their router otherwise will cost you some money for a subscription. And meanwhile they stopped providing current downloads of full installs/builds of the free community pfSense so actually getting the current 2.8.1 is a hassle now - you’re expected to download their Netgate installer that needs internet access to download the full install while installing the router software, or you need to download/install an older version of pfSense (2.7.0 I think) and then get online to update it to 2.8.1.
Just went through all that doing a re-install, it’s crazy that I need to have internet access to install the router that will provide internet access LOL.
OPNsense is a well known alternative. OpenWRT could work too but I haven’t used it personally.
This is good info. I remember hearing a little bit of that and someone set me straight on DDWRT vs OpenWRT as well. I think I’ll take OPNsense for a spin.
im in the same boat as you. tried opnsense for a week, but the webui is really not that friendly for a total beginner like me. im running ipfire right now, which offers less options but thats a + while im still learning the basics.
Glad to know I’m not alone! Sometimes it feels like everyone else has either figured it all out, or I’m charting new (and potentially silly) territory and nobody knows wtf I’m doing.
I’ve been doing Linux stuff for a long time, but I was still living under my parent’s roof back then so I never had to network anything, I just had the wifi password. After school, out in the world, I still didn’t have my own network for quite some time. Only in the last few years have I really started to grasp how it works well enough to actually do something useful with that knowledge. I’ll take a look at ipfire too. Luckily my current router is still functioning okay, so I have time to play around and see what software will work for me. Right now I have to make some sort of decision about hardware because I don’t have anything with dual ethernet on hand.
I’ve been running opnsense on a qotom mini pc for a couple years now and have no complaints. It has plenty of resources for my 1gb fiber connection.
Are you currently using a modem/router combo or are they separate units? If it’s one unit, you’ll need a way to connect your fiber. The qotom has 4 sfp ports that should work for this or you can use a media converter.
The qotom has 5 2.5gb ethernet ports so you might be able to avoid adding on a switch. If you go the route of using a mini pc with dual ethernet, you’ll have to add a switch to the mix.
I have the fiber ONT straight from the wall. The tech support guys at my ISP gave me all the details I needed to configure my own current router (GLInet Flint 2). I’ve just been not trusting corporate solutions lately. I’m almost completely degoogled on my phone and the recent router banning drama is encouraging me to do this now instead of later when I had originally wanted to do it.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
6 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #277 for this comm, first seen 6th May 2026, 21:20] [FAQ] [Full list] [Contact] [Source code]
If you have a Soho router already and its compatible with openwrt, use that. Otherwise, build a cheap x86 PC with 2 or more nic ports and use OPNsense. pfSense is probably not a great option anymore for reasons already outlined in other comments.
Thanks for the reply.
I have devices I could use, but they’re earmarked for other projects. I’m looking at acquiring hardware specifically for this project. I could acquire it at a garage sale or a classified ads site. I don’t really want to spend more than $350 if I can help it and even then, I have to be able to justify that to myself somehow. (since that almost enough to add another 2TB of SSDs to my server). Having said that, if the features I want are only present in pricier hardware, I want to find that out now.
I have a 4g WiFi router I carry around when I travel that I call “the hocky puck”. It also has an ethernet port, so when I’m home, I take the battery out and attach it to my router as a backup in case the fiber fails. If I want to do the same thing on OPNsense, I would need to add an expansion card with more network ports, right? That would steer me from miniPCs to barebones router hardware or a small-form-factor PC build where I could add as many NICS as I have PCI slots.
Does wanting a 2nd WAN pretty much rule out mini-PCs for me?
Even in my God Tier build-dreams, I only have 2WANS a LAN and a management LAN. :D
I have seen 6 port minipcs like this one cwwkpc.com/products/mini-pc-firewall-c6 so number of ports is not an issue as long as you are prepared to pay for it. I think you’ll find more ports with similar keywords (industrial, firewall, fanless, etc).
My setup, which I think works well, is to have OPNsense on the miniPC as router/firewall, and separate WiFi APs. This setup has lasted me around 5 years now and will probably last as long as OPNsense and openWRT (for my APs) had decent support for my hardware. Well worth the money and effort in my opinion, and separating the router/firewall from the AP allows you much more flexibility.
OpnSense is amazing.
I’ve used it for over 10 years after using a ton of other stuff. I run a 10G fiber connection from my router to my 10G network backbone with multiple vLan’s. My ISP provides me a 1Gbps fiber connection to an ONT. I also use a Netgear LM1200 as a wired Cellular backup which OpnSense selects automatically when the fiber loses connectivity.
I am running mine using a Xeon E3-1226 v3 in a Supermicro X10SLL-F with 16GB of RAM and a 128GB Sata SSD. 10G is provided using a Mellanox ConnectX3 and an SFP+ module with OM3 Fiber.
I’m running a Quanta LB6M for my fiber backbone and a Dell PowerConnect 5548 for 1Gbps ethernet connections.
For WiFi I use a pair of TP-Link Omada EAP-650’s with the OC200 controller using POE. It hands over seamlessly as clients move around the house and I’m planning to add a 3rd AP upstairs when I have finished my solar install and competed the building of the master suite.
Sounds like you are pretty far along in your networking journey. I can appreciate the vLans and the 10G backbone, but a lot of the hardware you mention is over my head. :D I’d take the miniPC route, but like you, I’d like to attach my 4g router as a failover.
Yes, I’ve been tinkering for a while. The network piece I have had the longest is actually my 10G switch. Previously I had a couple 8 port switches but when I started wiring the house up I didn’t want to be playing any games.
I buy a lot of used enterprise equipment. If you are planning to have multiple access points that can use POE (power over ethernet) you can buy a new 5 port switch and be ok but if you are thinking about cameras a used 24 or 48 port POE switch from ebay well save you a ton in the long run. The Dell PowerConnect 5548 (48 port 1Gbps switch) I am using provides two 10G connections so that I can use a pair of DAC (Direct Attached Copper) Cables for a total of 20Gbps from my 10Gbps backbone. It’s overkill but it means even with multiple cameras, ap’s and wired clients I don’t have to worry about oversaturating the connection. My camera server also connects via fiber as does my NAS/media server.
Mini pc’s are great right up to the point where you want to expand beyond what they are capable of. Without a PCI Express slot upgrading the network will require the use of a USB adapter but they can be more of a pain than it’s worth. You can find stuff with more ports but there is a point where it will probably be cheaper to just get something you can expand with.
For failover to 4G the Netgear LM1200 has the option to go between your current internet connection and your router and negotiate the connection and automatically switch. I just use it like an ONT (Optical Network Transceiver) or Cable Modem and let OpnSense control the switch over because then I get accurate measurement of the data used and length of downtime. But that also means I need a minimum of three ethernet connections two for WAN and one for LAN.
I purchased my router parts used on Ebay. A similar setup in a 1U format (which I wouldn’t recommend unless you have a place where you can keep it and not hear it in your day to day life, are deaf, or are wrong to swap it into a new case with a different cooler) can be picked up as of right now for 185.00 plus tax and about 35 shipping.
If you have questions though please feel free to ask.
Just go with OpenSense. Fully FOSS and comparable with corporate software feature-wise.
I’ve got pfsense on a VM, works great. Opnsense is good too and easier to deal with than digging out a download from Netgate, but doesn’t have pfblocker integrated.
I used pfSense for years and switched to OpenWRT. I highly recommend OpenWRT. pfSense is kinda trash IMHO. I tried to set up traffic shaping, so I could play games while my roommate was watching Netflix, and it just doesn’t work as advertised. I tried like 20 different configurations for the traffic shaping, following all the documentation, guides, countless forum threads, etc, and none of it worked properly when you actually test it. At the end of the day, I concluded that nobody understands how to configure traffic shaping on it and even the developers didn’t realize it was broken.
OpenWRT, on the other hand, just works better out of the box, and has the right level of customizability for home use. It has a way better ecosystem around it where you can download extra packages with GUIs… it’s just much nicer to use, and doesn’t have the QA problems I had with pfSense.
@GameGod @njordomir 🤨
I have several networks which rely on traffic shaping on a daily basis. It’s not broken or else I’d be getting phone calls about network issues.
Packages are right in the GUI on pfSense as well. It’s been there since I can remember. How long ago were you using it?
Thanks for the reply. At this point, I’ve decided I’ll need to try both. Fortunately my old router still works. I just need to make some hardware decisions now as I don’t have any hardware with multiple lan ports to try it out on. I don’t want to buy twice, so I’m trying to figure out what I’m going to need to overshoot my requirements a bit but not go crazy overboard and overspending for unused specs. My current router is the GliNet Flint 2 which has an open-WRT advance mode that I’ve messed with a little bit.
Opnsense. You can buy Protectli if youbdon’t want to build.
If you’re a masochist and have a managed switch, you can make do with a device that only has one NIC, by putting WAN and LAN traffic on separate VLANs on the same physical interface…
Been using OpenWrt on a Pi 4 for many years now. It’s been flawless. I’m using Ubiquiti APs. I’ve now replicated this setup in 4 more households with similar results.
Funny you mention. Ran pfsense as a router for years (still do.)
I had a Ubiquiti AP but hate shaving to run a VM or own separate hardware just to properly configure it. Especially considering it was the only ubiquiti gear I had.
Ended up installing openwrt on it and ended up with what I actually wanted out of an access point.
I use dlinks and what not now, whatever is cheap, has a decent radio, and supports openwrt.
My choice is OpenWrt and specialized hardware. It is much better suited for home use and has much lower power consumption (i.e. silent). Right now I’m looking for replacement for my home router and going to by one of Banana Pi boards. However in the US the optimal choice may be different.
opnsense is the way. Dedicated mini pc while you figure it all out. Eventually you can virtualize it, but run bare metal to learn.
I’m very happy with my Omada APs and their roaming. I have one in my garden shed in mesh mode, and it gives me a LAN port for a poe switch and cameras.
Any roaming capable AP is going to need a controller, so think about where that VM is going to live.
When I got 10 Gbit internet at home I didn’t like the prices of any of the 10G routers for sale so I built my own out of a $80 used ThinkCentre Tiny, $7 PCIe riser, and $20 dual-10G Intel NIC.
Initially I tried opnSense (and pfSense) but no matter what I did I couldn’t get 10G throughput, so I switched to OpenWRT which has been working great. I feel like the Linux kernel will have better support than FreeBSD since it has a bigger user base.
For a 1G/2.5G network you can probably get a way with even cheaper hardware.