Seems like it might be time to build my next router before they become unaffordable. I’ve done some research, but I’d like to get the pulse of the community since other self-hosters may have a similar use care.
Should I use PFsense or OpenWRT? Should I use purpose built or minipc hardware?
This is for a home network (symmetric gigabit fiber). A few of the devices have 2.5LAN ports and it would be nice to make use of that speed locally. Primary uses include streaming Disney+ and YouTube, web browsing, and self-hosting a few services I connect to via wireguard. Sometimes I play games, but not competitively, so an extra ms of ping isn’t going to throw me into a rage. I do use a remote desktop feature like steam link to play gamed on my home office PC from my bedroom. Ping is currently acceptable according to the system with occasional slowdowns when my family is slamming the WiFi.
I will need to provide WiFi access. If my existing router(s) have an AP mode, I imagine I can just plug them in via ethernet?
What kind of wireless AP hardware do I need if I want connections to transfer between a basement and attic AP with minimal interruption?
For the router itself, I see people using what look like barebones routers and others using a minipc with dual LAN. What do you use and what advantages/disadvantages have you experienced as a result.
Can I set up a wireguard VPN server in either pfSense or OpenWRT?
Are there any enshittification risks or open-source purity concerns with either choice?
Is there a significant difference in popularity between pfsense and openwrt?
I will happily accept hardware recommendations for 2.5GB capable router hardware for a home network with 1GB fiber. It needs to be able to handle inbound and outbound wireguard connections. I’m overwhelmed by the many options between all the minipcs and purpose built hardware. Location is USA.
I appreciate any insight you may have. I’m a Linux guy, but networking has always been my weak point so I’m asking for help.
You must log in or # to comment.
I used pfSense for years and switched to OpenWRT. I highly recommend OpenWRT. pfSense is kinda trash IMHO. I tried to set up traffic shaping, so I could play games while my roommate was watching Netflix, and it just doesn’t work as advertised. I tried like 20 different configurations for the traffic shaping, following all the documentation, guides, countless forum threads, etc, and none of it worked properly when you actually test it. At the end of the day, I concluded that nobody understands how to configure traffic shaping on it and even the developers didn’t realize it was broken.
OpenWRT, on the other hand, just works better out of the box, and has the right level of customizability for home use. It has a way better ecosystem around it where you can download extra packages with GUIs… it’s just much nicer to use, and doesn’t have the QA problems I had with pfSense.
Thanks for the reply. At this point, I’ve decided I’ll need to try both. Fortunately my old router still works. I just need to make some hardware decisions now as I don’t have any hardware with multiple lan ports to try it out on. I don’t want to buy twice, so I’m trying to figure out what I’m going to need to overshoot my requirements a bit but not go crazy overboard and overspending for unused specs. My current router is the GliNet Flint 2 which has an open-WRT advance mode that I’ve messed with a little bit.
I used Pf as my vlan router and it worked fine but was surprisingly clunky and bit resource heavy
Openwrt seems to offer all the same stuff and is shockingly efficient. Also works in lxc containers effortlessly
Couldn’t recommend it more
Just go with OpenSense. Fully FOSS and comparable with corporate software feature-wise.
When I got 10 Gbit internet at home I didn’t like the prices of any of the 10G routers for sale so I built my own out of a $80 used ThinkCentre Tiny, $7 PCIe riser, and $20 dual-10G Intel NIC. My APs are the Ubiquiti UniFi APs I was already using (The router I switched from was a Ubiquiti USG3)
Initially I tried opnSense (and pfSense) but no matter what I did I couldn’t get 10G throughput, so I switched to OpenWRT which has been working great. I feel like the Linux kernel will have better support than FreeBSD since it has a bigger user base.
For a 1G/2.5G network you can probably get a way with even cheaper hardware.
If you got a $20 10g Ethernet, chances are you didn’t get one that is well supported on Freebsd. They currently lag behind Linux on the drivers for those. If you had a fully supported card, network throughput often beats Linux (with the caviat that it is going to depend on what you are doing with the firewall and QOS, obviously).
FWIW to anyone reading this and shopping for hardware, the card I’m using is an Intel 82599ES.
But I’ve had the same issues on a TrueNAS machine with a Mellanox ConnectX-3. I assume the limited speed was just due to the hardware, but after upgrading from TrueNAS CORE to TrueNAS SCALE, suddenly I was getting full 10 Gbit throughput.
I run opnsense on a decomissioned thin workstation I got for free at work. Added a couple of NICs et voila! For wifi I just disabled DHCP on the ISP router and plugged one of the lan ports into opnsense. Packets err… Find a way.
Opnsense. You can buy Protectli if you don’t want to build.
It’s expensive though. I was thinking about Protectli (a year ago) but then I speced something that I could have for less than a 100 bucks self-built and it was 400 bucks in a small non-repairable factor. No thank you sir :)
Yeah, you have to balance the value of your time. Were you able to spec something with coreboot for your diy build?
No, but I wasn’t going for that. I was thinking about it but found a lots of people saying its quite buggy and I didn’t want to deal with that.
opnsense is the way. Dedicated mini pc while you figure it all out. Eventually you can virtualize it, but run bare metal to learn.
I’m very happy with my Omada APs and their roaming. I have one in my garden shed in mesh mode, and it gives me a LAN port for a poe switch and cameras.
Any roaming capable AP is going to need a controller, so think about where that VM is going to live.I like running bare metal for single-purpose hardware items. Home Assistant OS has more features and is easier to manage on its own with its own peripherals (Zigbee dongle and whatnot) when running bare metal. Same with a router IMO.
I’m running a Unifi Dream Machine (first gen canister model) that’s still going pretty strong after 6 years. But I’m considering a jump to an x86-based router running OPNsense or OpenWRT once that thing inevitably shits the bed. I mean, I got my start on selfhosting with an old RT-N66U running Shibby Tomato…
So I recently(ish) went through this - migrating from consumer hardware to rolling my own.
Here’s what I did:I bought a mini-PC router and loaded OPNsense onto it.
I needed wireless AP’s in some odd places, so I bought a pair of POE-powered Netgear WAX620 AP’s because they were a decent price, and a 2.5G POE+ Switch.
I probably would not go with Netgear again. They try to lock you into their cloud (subscription) platform. I don’t dig it. I would probably also not go with a POE switch unless I had to, because it adds a lot to the cost.
If I had planned better, I’d have waited until a decent older switch became available from a local surplus source. (The local university has a public surplus site that sometimes has interesting and cheap networking gear.)
If you plan to set up VLANs, make sure your switches are up to the task.Been using OpenWrt on a Pi 4 for many years now. It’s been flawless. I’m using Ubiquiti APs. I’ve now replicated this setup in 4 more households with similar results.
Funny you mention. Ran pfsense as a router for years (still do.)
I had a Ubiquiti AP but hate shaving to run a VM or own separate hardware just to properly configure it. Especially considering it was the only ubiquiti gear I had.
Ended up installing openwrt on it and ended up with what I actually wanted out of an access point.
I use dlinks and what not now, whatever is cheap, has a decent radio, and supports openwrt.
I’m running an older Asus router they is listed on the OpenWrt site. Would it be the most affordable option to just install open wrt on this device and manually bring over my current configs?
Probably. If you use the WiFi on it, make sure to check if its WiFi is supported.
Will do. I think Asus stopped sending fw updates so I’m hoping to get a few more years out of this unit.
My choice is OpenWrt and specialized hardware. It is much better suited for home use and has much lower power consumption (i.e. silent). Right now I’m looking for replacement for my home router and going to buy one of Banana Pi boards. However in the US the optimal choice may be different.
I’ve got pfsense on a VM, works great. Opnsense is good too and easier to deal with than digging out a download from Netgate, but doesn’t have pfblocker integrated.
If you’re a masochist and have a managed switch, you can make do with a device that only has one NIC, by putting WAN and LAN traffic on separate VLANs on the same physical interface…
If you need wi-fi that automatically disqualifies PFSense. Also OpenWRT is Linux and is a bit easier to troubleshoot than PFSense that is FreeBSD.
They will have WiFi AP.
And this is just me, but I never had to troubleshoot the OS part of the OpenWRT or OPNSense.
I see I see.
I actually had to troubleshoot and I was so glad its familiar OS (Linux) rather than something I never touched. It it was something non critical I would probably opt for the unknown to have fun learning, but network is such an important thing that I want something I can fix fast if needed.
Opnsense or pfsense are good options. Most people would suggest the former.
If you use your existing router as an AP you need to ensure it has a different IP address then your firewall and turn off DHCP.
If buying APs most would suggest unifi access points for their features and ease of use.
The *sense options let your use wire guard, openvpn, or others like tailscale, tinc.
For hardware any dual nic (in the speed you want) any n95, n100, n150 mini PC should more than meet your needs.
Removed by mod
Should I use PFsense or OpenWRT?
I wouldn’t recommend pfSense unless you’re already invested in it (e.g. already have a pfSense setup and want to transfer your config files and settings over). Netgate (parent company) has been moving towards their paid versions (pfSense Plus and TNSR), the Plus version is free if you buy their router otherwise will cost you some money for a subscription. And meanwhile they stopped providing current downloads of full installs/builds of the free community pfSense so actually getting the current 2.8.1 is a hassle now - you’re expected to download their Netgate installer that needs internet access to download the full install while installing the router software, or you need to download/install an older version of pfSense (2.7.0 I think) and then get online to update it to 2.8.1.
Just went through all that doing a re-install, it’s crazy that I need to have internet access to install the router that will provide internet access LOL.
OPNsense is a well known alternative. OpenWRT could work too but I haven’t used it personally.
This is good info. I remember hearing a little bit of that and someone set me straight on DDWRT vs OpenWRT as well. I think I’ll take OPNsense for a spin.
