from socphoenix@lemmy.world to selfhosted@lemmy.world on 25 Mar 15:17
https://lemmy.world/post/44729750
the FCC ruling yesterday got me thinking about my router, it’s probably due for a replacement by the time the theoretical end of firmware updates baked into that (natural eol is likely around the same time) takes effect. I’m having trouble finding good options particularly in regards to openwrt at least.
We currently use two asus rt-ax3000 routers in mesh mode. One attached to the modem because it’s in a really shitty location, and one attached to our home server. I have 3 items that need 2.4ghz for smart home automation and everything else runs 5ghz, 2 laptops phones etc.
Everything I can get in local stores isn’t supported by openwrt (neither are the current routers). Looking at using older hardware we have spare (a MacBook Pro 2012 or rpi4) seem to have a track record of underperforming. What are the recommendations for upgrades from here?
Follow up question is am I overthinking it? Would the MacBook Pro or rpi4 with a second Ethernet nic running a firewall before the routers also fix the issue of not getting security updates?
threaded - newest
I bought this one last month when it was on sale for $39: www.amazon.com/dp/B0BRK3CYY3
Haven’t deployed it yet, but it’s fully supported by OpenWRT. I would only be using it as an access point, though. My router is a USFF Optiplex with an extra NIC and runs OpenWRT.
That was one of the things I was considering was whether running a router before the WiFi and then just using them as access points might be a better choice.
That’s what I’ve done for years. Makes managing things much easier, and I run multiple APs (all with the same SSID/PSK) and you can just roam to the best one. One upstairs, one downstairs, one in the weird dead zone in my office, and one on the back patio (it’s not hardwired and uses the mesh connection for uplink).
These are all old Aruba APs running OpenWRT but that’s the plan for this Cudy Model. I may pick up a few more and just replace all of my trusty but very old Arubas.
I use a 2012 Mac Mini running OPNSense. I use the Apple Thunderbolt to Ethernet adapter in addition to the built in Ethernet. You could probably do the same for the MacBook Pro. I have a separate switch and access point. It works really well. And it was cheap.
make sure to remove the battery if you use the MacBook as a server. the battery blows up like a balloon… I’m assuming because the server install doesn’t/can’t manage the battery properly. I’ve had this happen twice.
iirc battery function management is supposed to happen at a firmware level. So hypothetically it shouldn't be effected by what os you install. I think what you experienced was just a byproduct of keeping it plugged in 24/7
agreed.
either way remove the battery.
I looked into to using a laptop as a router a while back and decided against it. From what I read, the chip is designed for bursts of processing and isn’t designed to be under constant load like a router would be. That means the fan will always be running an you risk overheating, fan failure, and high power draw.
That’s my non professional recollection so take it with a grain of salt.
100%.
but $ for cpu+ram of old MacBooks makes it feasible. They are dirt cheap on ebay, and I don’t need the screen.
My bedrock server runs on a 2012mbpro. I take daily backups and have another mbp laying around when this one fails completely. The expanding battery warped the shell pretty bad, but it’s still functional.
At least for some laptops, you cannot just remove the battery. If the battery is removed, the performance may be throttled. This is true of very old MacBooks.
If I need to buy something off the shelf I’m looking at unifi.
I was very excited about open firmware and ran FreshTomato for a while. Eventually I decided it wasn’t reliable though (2.4Ghz wasn’t actually running on one router, occasional speed issues).
I switched to Unify and have had a great experience. Great visibility into link speed, which device is on which AP, able to SSH into each device and run iperf3, WiFiMan is a great debugging tool (which you don’t need their ecosystem to try), notifies me when the ISP is slow/down. There’s a bewildering array of hardware and it’s not cheap or always in stock, but there are some good guides around.
So, I’d like FOSS to be the right answer, but in this case I’m glad I switched to Unifi.
ETA: https://evanmccann.net/ubiquiti is the most useful guide. And a key aspect is Ubiquiti is the cloud services are an optional aspect, it won’t brick if they go under.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
[Thread #192 for this comm, first seen 25th Mar 2026, 15:50] [FAQ] [Full list] [Contact] [Source code]
I use Merlinwrt on my Asus router. They have a bit longer support and I think it’s open source. May be worth looking into.
They also list my current one as unsupported unfortunately, I think because of the Broadcom WiFi chip in it.
I have a GL-AX1800 and I’ve been happy with it; going to get another for my mum.
Opnsense any option for you instead of openwrt. I run an old hp with Intel Ethernet card and connected a unify AP to it. Works well since years
In what sense?
IIRC, OpenWRT tends to support older hardware. I once bought new hardware to run it, so I know that it’s been out there, but if you want something to run OpenWRT and aren’t too fussed about having the latest hardware, you can probably grab something off eBay or something, especially if what you care about isn’t the WiFi side of things, where things have changed over time. Might be possible to run a USB WiFi adapter or something, if you want the latest WiFi protocol.
Pretty much, if you’re talking Internet-facing stuff. I mean, you might still want updates for, I dunno, NTP updates or something where the router talks to the Internet. And if it’s doing WiFi and there’s some vulnerability associated with that, theoretically you could be attacked locally. In general, I wouldn’t worry too much. There are probably a ton of unsupported, unupdated Internet of Things devices on LANs all over the place, so shrugs. It’d be nice to have maintenance and security updates for everything, but in practice, there’s probably a lot of stuff that is always going to be unmaintained on most LANs. Smart TVs, printers, whatever. Maybe we should change that, but as things stand, kinda the norm.
OpenWRT does support more recent hardware if you know what you are looking for
Many open source operating systems exist that can turn a computer with multiple NIC’s into a router or can be used in place of a hardware router OS. distrowatch.com/search.php?ostype=All&category=Fi… is a search on distrowatch.com that gives you a petty good list to get started.
I personally use OpnSense with a Supermicro motherboard a Xeon E3-1226 v3, and 16GB of RAM. It was all used server equipment bought on Ebay. I run Caddy, an ACME client, Intrusion Detection, Chrony, UnboundDNS, Wireguard as a VPN endpoint, and Wireguard as a client for IPv6 connectivity through Route64 because my ISP only has an IPv4 stack. For WiFi access I’m running a couple TP-Link Omada EAP-650’s with the OC200 controller using POE so I can place them in ideal locations.
Will a firewall prevent issues if the Asus devices have some sort of Spyware on them. It can but not by default. Generally firewalls are configured to stop anything coming in and let anything out. Since the RT-AX3000’s are on your internal network by default they can send data out. Something like Intrusion Detection can watch for bad things running on your network and help but you would have to set static IP’s on each one and null route them. You could also flash them to an open source firmware if you are worried but is a personal decision.
I avoid two things in networking, router modem combo devices and really cheap routers or access points. Honestly you should ask, “Why is this so cheap?” Then look at the reviews for those super cheap Chinese android tablets and computers and you should begin to understand my reasoning why.
Also used commercial grade hardware on Ebay is a great place to get a steal if you are building a homelab. Most of the time this stuff is pulled because it no longer is fast enough for a server farm and functionally obsolete. The firmware will generally be very stable and well tested. I’m running a 10Gbps fiber backbone for my network that connects my router, server, 48port ethernet switch (using 2 DAC cables), and desktop computer together.
I have a 1Gbps fiber connection and speedtest at 950Mbps while everything is up and running. The Ethernet connection at 1000Mbps is the limiting factor. A speedtest from my cell phone (S26) over WiFi I test at 680Mbps. My testing internally from my desktop to my server using openspeedtest runs around 8000Mbps.
I’ve always thought that combo devices are probably good for the average, casual internet user, but not high end, extreme users. I want the best (within reason of course) delivery mechanism that I can get to route the signal from the street to my devices. It’s worth the extra $$ to me.
I like my flint 2 router from GL.Inet. Uses openwrt on the back end but has a more normal interface in the frontend with the back end still accessible if you want it.
And you can install whatever firmware you want.
I’m overkill and use ubiquity but you can also use their entry level devices, I’m a fan of hardwiring the wifi points to a switch or the router itself thru poe so you don’t have to use a wifi band for the mesh.
Same. Got some leftover Fortinet from work that I’m using. Could be better, but my Fortigate 101E works miles better than my ISP default router. All I had to do was assign upstream wan to VLAN 10 and spoof the MAC address.
Right now using a pfSense router, it’s been working well but I’ll eventually replace it with hardware to run OPNsense (pfSense fork) when the time comes.
If you’re mainly just worried about wireless I’d just look into something to run OpenWrt or maybe FreshTomato if you’re sticking to older hardware. I have an older Linksys wireless router that is compatible with FreshTomato firmware so it’s been running on that and works well for my own usage, nothing fancy.
I use pf as the firewall on my server, what is the difference/reason for the opnsense fork?
Only use network gear for wireless. The hardware in client devices is not designed to work well as a AP and will perform poorly.
I would just pickup some used equipment and flash openwrt. It is relatively straight forward and should work decently well.
Which hardware is recommended? Trying to search through their list a ton of it is already on old-stable and seemingly ready to be eol-d. I’m not really interested in spending on new routers playing whack a mole with security updates every 2 years. I’d rather have poor performance and a longer lifecycle versus unknown likely marginal support window.
No. For most routers, this provides no additional protection to the router. Your router should not be accepting connections from the WAN side that would be blocked by the firewall, but consumer routers almost always initiate connections to the WAN side, indistinguishable from normal client traffic to your firewall, and accept connections from the LAN side, invisible to your firewall. If the firewall blocks all incoming requests, it would create problems for UPNP, effectively giving you CGNAT, even if the firewall does not perform address translation.
Some standalone WAPs for WiFi and PC based router. Depends on what you are getting you can get it dirt cheap. WAP also need firmware upgrades, but it is less a problem.