this post was submitted on 05 Aug 2023
55 points (93.7% liked)

Selfhosted

39937 readers
374 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Was rather shocked to find BT hubs don't allow you to change DNS servers anymore and force you to use their own ones, so I can't properly setup adguard.

What routers are people using now that are reliable and will let me control my own network configuration

all 46 comments
sorted by: hot top controversial new old
[–] [email protected] 26 points 1 year ago (2 children)

Check out the OpenWRT Table of Hardware, it has a list of firmware mod-able off the shelf WiFi routers that work with, you guessed it, OpenWRT. It's rather versatile as it's Linux based and can handle VLANs, multiple SSIDs, and of course, you can change the DNS servers.

[–] [email protected] 1 points 1 year ago

This!

If you want a Linux router instead of a BSD one for hardware compatibility, it will run on anything pfsense or opnsense will run and on much much more.

[–] [email protected] 19 points 1 year ago (1 children)

What I did is I bought a cheap small PC with an Intel chip (i5), some RAM and an SSD. You can find these with more than one NIC pretty easily from Amazon, and they are just normal computers: only small and quiet. Then go with a virtualization platform such as Proxmox, and to that, install opnSense as the router distribution and use the rest of the processing power to run everything else in your house in virtual machines: Home Assistant, media server, you name it... Just search Amazon with something like "router pc" and you get a long list of machines below and over 200 euros that are more than enough for your home. Computers like this one.

The great thing about opnSense is how it gets regular updates. And when you use a normal PC as your router, you run the latest FreeBSD kernel and get updates basically as long as opnSense is developed.

You probably also want a Wi-Fi. These boxes usually miss it, and even when they have a Wi-Fi card, opnSense is not really great for setting wireless networks. I just bought a few APs from Ubiquiti. They are a bit on the expensive side, but I just don't need to touch these things after setting them up and the network never fails on me. There are also much cheaper APs in the market, just get anything that fits to your budget and plug it to the router.

[–] [email protected] 8 points 1 year ago

I did this for a while, but decided to just run opnsense on bare metal, I didn’t want my whole network going down if I had to restart Proxmox or something. It’s way overkill but it’s running opnsense, adguard and will soon be running ngnix hopefully.

[–] [email protected] 18 points 1 year ago (5 children)

Mikrotik. The depth and breadth of a tiny Hex S is mind blowing.

[–] [email protected] 6 points 1 year ago

I converted everything over to Mikrotik earlier this year. Excellent hardware and software and cheap. But has a bit of a learning curve.

[–] [email protected] 2 points 1 year ago

I love my Microtik hEX S. It takes a minute to get used to the menus, but I really like how everything is laid out and managing using winbox. For 70 bucks it has a hell of a lot of features.

Before that I used a Ubiquiti Edgerouter X which I liked pretty well but I was not a fan of the web interface, it felt very dated; I also had issues with certain firmware updates that made the device pretty unstable. Eventually it kind of just died so I replaced it with this. I think I paid $50 for the ER-X, definitely recommend spending a little more for the hEX S.

One thing the hEX S can not do (at least that I have found) that the ER-X can that I care about is running a MDNS repeater. I have a couple subnets including one for IoT devices so this is necessary, as a slightly jank solution I ended up spinning up an Ubuntu server VM with separate NICs on the subnets I wanted to repeat between and running this binary to do the deed: https://github.com/geekman/mdns-repeater - if anyone knows of a better solution plz let me know.

[–] [email protected] 1 points 1 year ago

I got a hEX S a few weeks ago and I love it

[–] [email protected] 1 points 1 year ago

Been using my Hex S for 4 years and couldn't been happier. It's crashed on me the total amount of zero times.

[–] [email protected] 1 points 1 year ago (1 children)

I like mikrotik, but if you're not familiar with routers and their configurations, then it's going to be a steep learning curve.

The hex S is wonderful. I don't have one but I keep going back to look at it and weigh my options.

I don't need another router, I really don't. But it's so nice! But I don't need it!

I have Juniper, Cisco, watchguard, sonicwall, ubiquiti..... So many routers and firewalls, I really do not need another one.

But I want one.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Can confirm, I bit the bullet for a CR2004 last year and it took me a couple of weeks at least to set it up the way I wanted. Powerful, but steep with a capital S.

[–] [email protected] 6 points 1 year ago (1 children)

Opnsense or openwrt devices.

[–] [email protected] 2 points 1 year ago

This is the way. Love OPNsense!

[–] [email protected] 5 points 1 year ago (1 children)

If you don't want to go the route with building your own hardware there is also mikrotik with which I'm pretty happy. Something like the hex s is pretty cheap and has an sfp port if you have fiber.

[–] [email protected] 1 points 1 year ago

Excellent choice. I'm running a physical Routerboard and a virtual RouterOS inside my hypervisor for redundancy.
The license for virtual RouterOS is dirt cheap and has more features than you could ever dream of with any of the the big network device manufacturers.
The physical devices are very well designed for their relatively modest price and likewise fully featured. Perfect for any home lab or to play around with IEEE conform protocols.

[–] [email protected] 4 points 1 year ago (1 children)

Pfsense is fantastic. Extremely flexible. I am contemplating switching to opensense when it's time for an upgrade (it's been running seamlessly for many years, but someday I'll need to).

Note that it's a router, not a wireless access point. For that I use a few Ubiquity APs (I forget the model).

[–] [email protected] 0 points 1 year ago (1 children)

pfSense is indeed fantastic. The best part about it is you can install it on pretty much anything, as long as you have a couple reasonably fast network interfaces and an okay-ish processor depending on the network load it will just work. Also has OpenVPN server baked in which is pretty cool

[–] [email protected] 1 points 1 year ago

It also comes with a dyndns-client built in. Very useful for updating the address of the OpenVPN server.

[–] [email protected] 4 points 1 year ago (2 children)

Surprised to see no mention of the Edgerouter X in this thread so far.

Honestly, if you're looking for a simple, highly customizable router that comes with its own hardware, and don't mind supplying a separate access point, you really can do a lot worse than the ERX. They're small, highly affordable, use very little power, and it's all just Debian under the hood so you can do an astonishing amount with them.

[–] [email protected] 3 points 1 year ago

Yeah this is what I've been running for the last few years. Incredibly stable and does everything that you want for a small network. Even has poe passthrough if your AP supports that

[–] [email protected] 2 points 1 year ago (1 children)

What AP would you recommend for use with it?

[–] [email protected] 2 points 1 year ago

Honestly, your average SOHO router can easily be turned into a good enough access point. I'm using an old Asus router for mine. A Ubiquity access point is also a solid choice for cost vs performance. Or give TP-Link a look, they're always a decent bet for wireless.

[–] [email protected] 3 points 1 year ago (1 children)

If you have a pi kicking around or a docker instance of pihole you can use it to take over dhcp of the router and then set the dns servers in pihole.

That’s what I do currently on my home hub

[–] [email protected] 1 points 1 year ago

That might be the way to do it. I'm somewhat unfamiliar with networking, what does DHCP do?

[–] [email protected] 3 points 1 year ago (1 children)

Literally anything that's not ISP provided should give you the flexibility to set your own network parameters, but if you want strong flexibility beyond that, I'm going to throw my recommendation to opnSense, it's a fork of pfSense and the only reason I like it over pfSense is that the interface is very different and to me, it makes a lot more sense in how it's laid out.

That's personal preference, YMMV.

For consumer gear, ubiquiti has some strong units, the ER-X is pretty reasonable, but the unifi line is somewhat more beginner friendly, but tends to bury advanced features a little bit, focusing more on usage and reporting of activity and such.

Lower end consumer, the usual contenders are tp-link, and Netgear, though I lean more towards stuff from Asus, or anything on the dd-wrt compatibility lists... I ran a Linksys WRT54GL for a long time because of dd-wrt. I haven't kept up with the "wrt" variants over time.... The last time I touched dd-wrt was on a relatively high end (at the time) Asus router and it did very well... Might be work looking into. There's usually a trick to getting wrt firmware into a router though, and it will likely void your warranty, so buyer beware.

Circling back... My biggest issue with opnSense and pfSense, is the choice of hardware, unless you're buying direct from pfSense's netgate product line, you'll have to source something to run it on, and my biggest issue with that, personally, is that I want something small, like a router, IMO, should be, at least smaller than most PC's, that's relatively inexpensive, with at least two built in ethernet ports, since I've found that USB ethernet options are generally not very reliable. And usually, I can find something small and cheap, but there's only one ethernet port, or I can find something cheap with plenty of networking, but it's not small, or I can find something small with plenty of networking, but it's not cheap.

So I'm running a sonicwall at home, because fuck all this other junk, I just want something that does what I want it to do without hiding all my options behind some garbage, or a system that can only work a particular way, and you don't get options to change it. Or something that's huge or expensive.... Or something I have to spend a lot of time setting up, maintaining, or fixing. For me, that's sonicwall.

[–] [email protected] 1 points 1 year ago

This is also similar reasoning and why I went with a mikrotik router. All the functionality I need, none of the bullshit, solid performance for price. Only downside is the setup isn't trivial, but if you're comfortable on the command line, it's a breeze.

[–] [email protected] 3 points 1 year ago (1 children)

I use Protectli hardware with Pfsense or Opnsense. Doing this at home and in 10+ small/medium environments. Never had any issues, I highly recommend Protectli hardware + pfsense/opnsense.

https://protectli.com/

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

You can also get cheaper mini PC's on Alibaba for cheap. I did this in 2017 and it's still going strong. No moving parts, all passively cooked with an Intel laptop chip that has hardware encryption built in (core i5).

Been using opnsense since the start and it's been rock solid.

[–] [email protected] 2 points 1 year ago

I've got a Mikrotik RB4011, and I couldn't be happier with it. It definitely has a learning curve, but once I got it setup how I want, it just works. I'm sure some other options have the same feature, but one of my favorite things is a script I have run every night that emails me a backup.

I've only ever had to use it a few times, but having a recent backup of my router on hand all the time is nice.

[–] [email protected] 2 points 1 year ago

I bought a cheapish small PC with 4 Nics and ran pfsense for a long time, that's your best best. I've ended up with a Ubiquiti Dream Machine, less time to tinker and higher need for production with working from home

[–] [email protected] 2 points 1 year ago

I use pfsense on my own metal. I can recommend it- never caused me any issues in the 4 years I've been using it, now. Even seamlessly updated major version twice.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Lots of good suggestions. The down side to a pc running opnsense is going to be electricity costs. If that's a concern.

Any of the Asus routers supported by Merlin will do what you need. (That's what I'm currently doing). It has a feature called DNS control that will intercept DNS lookups and send them to the servers you define.

Edit: opnsense not nonsense.

[–] [email protected] 3 points 1 year ago

There are mini pcs running atom or celeron with impressive specs and Gbit capability that use <15w

[–] [email protected] 2 points 1 year ago (1 children)

I run OpenWRT on a RaspberryPi and it's great. Happy to answer questions.

[–] [email protected] 2 points 1 year ago (1 children)

Where did you attach the second ethernet NIC?

[–] [email protected] 1 points 1 year ago

I used USB Ethernet adapters in both USB ports. TP-Link UE300, been rock solid.

[–] [email protected] 1 points 1 year ago

Does the bt hub let you turn off DHCP? I had a similar issue with my ISP router, but it let me turn off dhcp and then I ran pihole which can run its own DHCP server

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

That's depend on how deep you want to go with router customization. Most casual enthusiasts would do fine using an Asus router. Out of the box, the firmware is based on an opensource firmware (Tomato) and has a lot of features and options compared to their competitors. Feature-wise, it already blows other consumer-grade routers out of water. And because the firmware's source is available, third-party firmware (asuswrt-merlin) is thriving and can be flashed with zero risk while adding a whole bunch of new features and customization options.

If you want something more, then your only options are using enterprise-grade routers (e.g. mikrotik, ubiquity, etc). Just note that these enterprise gears usually don't have latest WiFi tech (or even WiFi at all!), so you'll still need to buy another wifi access point and hook them downsteam of the router.

[–] [email protected] 1 points 1 year ago

For me personally... I use VyOS in a VM running on a proxmox host (optiplex, SFF) with a 4-port NIC passthrough. This solves the issue of power for me, as the host has plenty of ram allowing me to run other services without needing an additional machine (although I do have one as a spare). VyOS doesn't currently have a GUI (one is in development), however, it has been very solid for me (also based on debian, which is nice).

[–] [email protected] 0 points 1 year ago (1 children)

Just wanna put in a good word about GL-iNet routers ... they are more travel- and pro-sumer focused than a lot of what's been mentioned here. They run a proprietary front end on top of OpenWRT, but if you don't like that, most of them have full support in vanilla OpenWRT.

These are definitely more for the tinkerer market, their documentation and firmware can have quirks, but that being said (and as somebody who wouldbe wary at that caveat) I have been using GLi routers with manufacturer firmware as a daily driver for 3+ years and once you get them set up they are very solid.

Might be a good option for the digital nomads among us who need a smaller device which can connect to a host network and then send all traffic over a VPN with very easy setup.

[–] [email protected] 0 points 1 year ago (1 children)

Do they have mesh options?

[–] [email protected] 1 points 1 year ago

Good question, I'm not entirely sure as I have never used mesh features per se.

I do currently use a GLi Creta as a wifi extender to a GLi Slate AX, but that's likely not what you're asking about (I believe it's a layer 3 (?) bridge from WWAN to WLAN/LAN). It does work pretty well in this role, all factors considered.

[–] [email protected] 0 points 1 year ago (1 children)

pfSense on a ZimaBoard 216 works astonishingly well and it's easy to setup and manage. Toss in a Mikrotik CSS610 and you have a vlan ready setup in under an hour.

If you don't like the ZimaBoard, you can go with any of the Topton style router PCs from AliExpress for a couple hundred and have a 2.5Gb router running in proxmox with docker in a separate VM.

[–] [email protected] -1 points 1 year ago

pfSense is great!!! I bought a Netgate router which comes with pfSense Plus.

OP, consider buying a Netgate router if you want no hassle, or if you're up for installing an OS then you can put pfSense on a custom platform like ZimaBoard or Protectli.

[–] [email protected] 0 points 1 year ago

Lot of good choices:

One of the 4 port atom pcs on Amazon, or even one of the arm ones, the key is ethernet ports and remember you'll need to handle your wifi. Put debian, pfsense, openwrt, whatever you like, it'll be great.

One of the openwrt systems, a high end glinet isn't bad, just any of the better ones.

Had a freebsd server that run a vnet jail for routing, was glorious, no notes, jut perfect.

Running a unifi dream machine se right now, mostly because I want someone else to handle security (I know it's not much, I just don't have any bandwidth for that now). Works fine, but I'm using unifi wifi so it's a tie-in there.

If you want a retail system, either openwrt or unifi, I know why people have issues with ubiquiti, but it's probably the best prosumer hardware and software you can get without using your own. I haven't used pfsense much, maybe that would change my mind.