Hi all,

I’m slowly moving into the self hosted mindset specially for privacy, security and sailing the high seas. This community has been invaluable but I’d like to know which routers you use that fit well with this and plays nice with the services we’re hosting.

I’m mostly thinking about wifi support, openwrt, vpn (not a hard requirement), vlans, etc. I know probably a networking community would be a better place for this question, but I think this might be useful for other “self-hosters”

  • Anon819450514@lemmy.ca
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    It might be overkill and some sysadmin don’t like using them but Ubiquity with their Unifi model is all I’m using at home. USG as my router/firewall, 24-port 500w PoE switch, unifi cloud key for interface, and an AP-AC-Pro for WiFi access.

    • OminousOrange@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      +1 for Ubiquiti here too. My network is a fair bit smaller, but I have a regular Dream Machine for WiFi, router and firewall, and just an 8 port poe switch for two AP-AC-Pros and two cameras. The ecosystem is very expandable too, so I can easily add devices if I’m running out of capacity.

      They’re a little pricier, but definitely worth it IMO for something that just works with minimal tinkering. Networking setup is quite easy as well, Mactelecom networks on YT has some great videos on that.

  • Kaavi@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I use unifi access points for wifi, and have an OpnSense router/firewall running on my server (proxmox).

    That works really well, only negative ting is that if I reboot my server the internet is down while doing that. But that doesn’t happen very often.

    • ostsjoe@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I do almost exactly the same, except I have opnsense running on a cheap dual nic mini PC so I don’t have that dependency on my proxmox servers. The unifi stuff does need a controller, but they publish a free app that you can run instead of getting their hardware.

      • Kaavi@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I’m running the app in an lxc on proxmox for unifi, works perfectly:)

        I’m undecided about getting dedicated hardware for OpnSense. It would be nice when rebooting, but I don’t do that often. But then again, it runs fine on the server as a virtual medicine so no need for an extra machine to use power.

        For now it will stay virtual. :)

  • voolten@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I can vouch for MikroTik also. I have no access to fiber, so my choice was to get crappy Huawei or ZTE with limited customisation option or get MikroTik. I have bought Chateau 5G AX. I was able to bypass mobile CGNAT with Wireguard tunnel to a virtual MikroTik on cheap VPS, as my mobile provider does not offer static IP for non business customers. I am also running reverse proxy on my server to access my network directly thanks to Wireguard tunnel. You can edit nearly everything on MikroTik router (including MAC address on any interface and even spoof IMEI number when it has LTE like mine).

  • TCB13@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    How much wifi and open-source do you really want?

    If you are willing to go with commercial hardware + open source firmware (OpenWRT) you might want to check the table of hardware of OpenWrt at https://openwrt.org/toh/views/toh_available_16128_ax-wifi and https://openwrt.org/toh/views/toh_available_864_ac-wifi. One solid pick for the future might be the Netgear WAX2* line. One of those models is now fully supported the others are on the way. If you don’t mind having older wifi a Netgear R7800 is solid.

    If you want full open-source hardware and software you need a more exotic brand like this https://www.banana-pi.org/en/bananapi-router/.

    Both solutions will lead to OpenWRT when it comes to software, it is better than any commercial firmware but there’s a catch about open-source wifi. The best performing wifi chips are Broadcom and those don’t usually see open-source software support**. MediaTek is the open-source alternative and while they work fine they can’t, unfortunately, beat Broadcom. As most hardware is Broadcom they have hacks that go behind the published wifi standards and get it go a few megabytes/second faster and/or improve the range a bit.

    ** DD-WRT is another “open-source” firmware that has a specific agreement with Broadcom to allow them to use their proprietary drivers and distribute them as blob with their firmware. While it works don’t expect compatibility with newer hardware nor a bug free solution like OpenWRT is.

  • Heastes@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I’m using a thinclient (Fujitsu S920), slapped an Intel Pro/1000 NIC in there and installed opnsense. Hardware cost for both used was around €80. Wifi is handled by a TP-Link access point.

    It’s a big boy router/firewall, and it’s been quite a learning experience but very fun.

  • 2xsaiko@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    I have a Turris Omnia (https://turris.com). Comes with their custom OpenWrt out of the box so can do everything that can, with some extra features. Hardware is pretty good: two wifi cards, one of which can do 802.11ax, 6 GBit ethernet ports, 1 SFP port, 2GB RAM, 8GB EMMC flash, supports adding a PCIe SSD. You can also pretty easily install your own OS on it if you want to, personally I have it booting off of a PCIe SSD with NixOS on it.

  • TheDevil@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I use an N5105 generic mini pc running proxmox and opnsense. You can get them fairly cheaply from Aliexpress. They’re particularly low power and come with 4-6 gigabit network ports. I have two containers, the second of which hosts my Home Assistant instance. As an added bonus they often don’t have a fan.

    For wifi I use Ubiquity wifi 6 Lite APs with the controller running under home assistant.

    • weedazz@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I want to do the same thing but I’ve read that it’s not a good idea to put opnsense and home assistant on the same machine “you don’t want your router restarting when home assistant restarts.” Is this not an issue of they are run in proxmox vms?

      • TheDevil@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Hasn’t been an issue for me. HA would only be depending on Opnsense for a DHCP lease so assuming you have reasonable lease times it’ll just pick up where it left off.

        Without checking I would imagine you could just set a delay for the HA container to make sure opnsense can start first, if it does become an issue.

  • or4n@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I’ve never trusted vendors like Asus for their routers. I’m currently using PC Engines APU2E4 with OpenBSD. This setup support everything I can think of.

  • eramseth@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Depending on how in depth you want your firewall, packet inspection, etc to be and your internet access speed, you may want a commercial grade router. You can also probably use an old PC and add a dual gigabit NIC to it and load up opnsense or pfsense or some other router/firewall distribution. From there, add a stand alone switch and a standalone wifi AP (or router in AP mode). The reason I bring up using a commercial device or an older desktop is because packet inspection, filtering, etc at line speed on a gigabit connection won’t be possible with a lot of low powered devices.

    I used to do this (was using an old Intel core i5 second gen with added RAM and a dual port gigabit NIC) but it was a lot to keep up with. I have since moved on to an Asus router (RT-AX86U) with the AsusWRT-Merlin software package. The only functionality I really lost was suricata for IDS. The AsusWRT distro comes with some proprietary stuff (that I think you can turn off) but it’s also very “open” in terms of just running Linux underneath. This means you can set up things like VLANS, use iptables, etc.

    AsusWRT-Merlin adds some niceties (including a nice add on system that will expand into web based interfaces for certain things you might usually do from command line, better/expanded firewalling, and even adguardhome installer for DNS-based malware/spyware/ad blocking… kinda like pihole but lots of people like it better). The maintainer of that package corresponds frequently with Asus (to the point that some of his stuff is merged back into the official AsusWRT at some points).

    I can confirm that the model I mentioned above is able to do all the firewalling, QoS, adguard DNS filtering, etc at gigabit speeds. It also has some sort of IDS and a few other protections, but they are part of the proprietary bits (Asus licensed via TrendMicro I believe).