this post was submitted on 11 Aug 2023
103 points (97.2% liked)

Selfhosted

39893 readers
366 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
103
Best router for home use? (self.selfhosted)
submitted 1 year ago* (last edited 1 year ago) by gabe to c/selfhosted@lemmy.world
 

I am planning to eventually build my own home server, and when I do I will hook it up via ethernet. But I do want to switch away from the generic FIOS router and use my own for more control over my data and security. Any recommendations?

top 50 comments
sorted by: hot top controversial new old
[–] daranto@2dl.eu 45 points 1 year ago (2 children)

If you want the full control use https://opnsense.org/ on a mini pc or in a VM on your home server.

[–] betternotbigger@lemmy.world 5 points 1 year ago (2 children)

Can this work with the "off the shelf" mesh routers.

[–] vector_zero@lemmy.world 7 points 1 year ago (1 children)

This seems like it's geared toward higher power hardware that's not generally available on a consumer-grade router.

[–] stown@sedd.it 7 points 1 year ago (1 children)

You could buy a $300 consumer router and it would be worse than just using an old PC with OPNsense.

[–] _TK@lemmy.antemeridiem.xyz 6 points 1 year ago (2 children)

Except that the old PC is probably less efficient at a lower clock than an AR based consumer router. You'll get more performance and features, but it will be more expensive to run.

load more comments (2 replies)
[–] Lrobie@lemmy.world 7 points 1 year ago (1 children)

No, off the shelf routers are usually ARM and opnsense is x86 only.

load more comments (1 replies)
[–] thejoker8814@lemmy.world 4 points 1 year ago

Please don’t host a router on a Hypervisor VM. That does not benefit security. First of all a router is an integral part of the (home) network, therefore it should not be dependent on anything, like a hypervisor. You want to be able to replace or update your server/ hypervisor independently from each other, for example in 5 hrs your router might be still rocking all data, but you would want to upgrade your home server / hypervisor. Furthermore all those OpenWRT, PFsense, OpenSense kernel/ OS hardening is more effective on the hardware itself, especially all RAM/ Memory based security measures. Also if you truly want to be more secure, you use dedicated hardware for multiple reasons, performance is dedicated to only routing/ firewall processing (no other service/ VM can block or slow down packet processing), reducing the attack surface (less software, less attack surface), easier to update.

[–] Semi-Hemi-Demigod@kbin.social 25 points 1 year ago (6 children)

I bought a mini pc with four Ethernet ports and turned that into a router

[–] JJGadget@lemmy.world 15 points 1 year ago (2 children)

This right here. get something cheap, throw opnsense or pfsense on it and start learning. It will probably be incredibly frustrating at first but when it starts to click then it is really fun and rewarding.

I bought an old dell r210ii years ago and threw pfsense on it then swapped to opnsense and could not be happier. It is still in use today, a good 6 years later.

[–] Semi-Hemi-Demigod@kbin.social 6 points 1 year ago (4 children)

I did mine by just adding some iptables rules to set up NAT. It's all of four commands:

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

iptables –t nat -s 192.168.0.0/16 –A POSTROUTING –o $wan0 -j MASQUERADE

iptables –A FORWARD –i $wan0 –o $lan0 –m state --state RELATED, ESTABLISHED -j ACCEPT

iptables –A FORWARD –i $lan0 –o $wan0 –j ACCEPT

Just set $lan0 and $wan0 to your LAN and WAN interfaces. For wifi I've got a couple Unifi access points around the house for good coverage.

Yes, I know IPv6 is better and yadda yadda yadda but I can't remember the addresses let alone type them so I'm not changing anything.

load more comments (4 replies)
[–] BigDickMystic@kbin.social 2 points 1 year ago (2 children)

Noob here. How fast can my LAN be with such a setup?

[–] JJGadget@lemmy.world 3 points 1 year ago

mine can push a gig around no problem.

[–] Jivebunny@lemmy.world 2 points 1 year ago

As fast as the slowest denominator in your LAN. So give the PC that you're going to host this on a decent Ethernet card and you should be flying.

load more comments (5 replies)
[–] CapillaryUpgrade@lemmy.sdf.org 17 points 1 year ago (7 children)

You already have some good suggestions, so i just want to mention openWRT which can be flashed on off-the-shelf router combo (just check their supported devices first, if you go this route)

[–] Zozano@aussie.zone 3 points 1 year ago

Love OpenWRT!

As a networking noob I spent more than a week configuring it to get it right, including needing to SSH into it because I flashed the wrong firmware (do not get NA and EU confused, the difference is enough to flat line your modem).

But in the end, I eliminated my bufferbloat with SQM; a feature the stock device lacked. I also set up a USB to act as expanded storage to install more software.

load more comments (6 replies)
[–] girsaysdoom@sh.itjust.works 17 points 1 year ago* (last edited 1 year ago) (6 children)

Everyone has some great recommendations. I didn't see anything about Ubiquiti so I'll throw it out there since I've had a good experience with them. The Dream Machine is for home/small office setups and is fairly inexpensive for what it does: https://store.ui.com/us/en/collections/unifi-dream-router.

Edit: it's now the dream router. They changed the name it seems.

[–] Kushan@lemmy.world 4 points 1 year ago (3 children)

I wish they had more 2.5G or even SPF+ options in this range. I'm lucky enough to have a >1gigabit home connection but router options are surprisingly limited if I want that full connection speed going to my server

load more comments (3 replies)
[–] uninvitedguest@lemmy.ca 4 points 1 year ago (4 children)

This is interesting, I hadn't seen this from them before and I'm in the market for a new router! Does this play nicely with additional access points?

[–] Oderus@lemmy.world 2 points 1 year ago (1 children)

They work with existing Ubiquiti AP's no problem. I have the Dream Machine (I guess Dream router now) and it's awesome. Wish I got the Dream Machine Pro which is switch-like and comes with no AP's so you have to add them as needed and it supports cameras.

load more comments (1 replies)
load more comments (3 replies)
[–] jemikwa@lemmy.blahaj.zone 3 points 1 year ago* (last edited 1 year ago)

My only complaint is that coming from a networking background, Ubiquity's OS is awful and makes me want to gouge my eyeballs out. Navigating the interface to find settings makes no sense, it's not very granular in how you can configure certain filtering settings, dual wan setups are difficult to manually change over, and good luck looking at logs to troubleshoot any traffic flow issues (hint: you can't).

For someone who just needs a firewall and a VPN endpoint, it's great. If you need anything more than that, get opnsense/pfsense. Pairing one of those with Ubiquity APs (which are actually pretty terrific) is a really solid setup.

load more comments (3 replies)
[–] sj_zero@lotide.fbxl.net 12 points 1 year ago

Pfsense or opnsense are really powerful options.

You'll need a wireless access point as well, but those two are quite powerful and can run on quite powerful hardware.

[–] thejoker8814@lemmy.world 10 points 1 year ago (1 children)

I cannot recommend any consumer router brand, at least not with stock firmware, because any of them don’t have guaranteed update policy. Further, some of the stock firmware contains insecure protocols, like telnet (yes, still), outdated ciphers (SSL, TLS 1.0), and some feature you want is always missing. Further they often lack innovative features like WireGuard in updates, mostly bug fixes and security patches.

That’s why I would urge you to consider using one of the router/ gateway distributions listed below.

Depending on your requirements, I can recommend the following router OS:

  • OpenSense (router without WiFi)
  • OpenWRT (router with WiFi)

If you have an old laptop or pc to spare, you could at least give those two a try.

Someone already mentioned it, OpenSense runs only on x86 / PC Hardware (and MiPS). OpenWRT can be flashed onto a lot of consumer routers as well as be installed on traditional x86 / PC hardware.

OpenWRT has a hardware table on their website for supported models. Some of them come cheap if you buy them used and are pretty decent.

If you like more flexibility, I can recommend building your own router. Used thin clients, Iike for example Fujitsu Futro S920. Thin clients are basically low-powered PCs, which are often cheap on the used market and provide a variety of hardware interfaces. Most use Intel NICs, some have secondary NIC, can hold SATA disks, provide interfaces for WiFi (pice, miniPCIe, m.2) or extension cards, have high efficient power supplies and are in majority are passive cooled. Or get some SBC/ Low-Powered board with the interfaces you need. It doesn’t need to be new hardware.

[–] peregus@lemmy.world 3 points 1 year ago

I second OPNsense and Fujitsu Futro S720/920 (from €20/30 on eBay) with secondary NIC (or even router on a stick with VLAN enabled switch). I'd leave WiFi to a dedicated AP.

[–] monotux@lemmy.world 9 points 1 year ago

servethehome.com has a series about these fanless, multi-gigabit firewall for a while, might be interesting if you have a 200-300 USD budget?

https://www.servethehome.com/tag/firewall/

I've used a very similar setup in the past (J1900 CPU, 4x1 Gbps network ports) and I only replaced it due to reasons. Not noticed any performance bottle necks with that setup.

The latest N100/N200/N300/N305 CPUs from Intel looks really interesting, similar performance as my workstation but at a 10th of the power usage. N305 also has 8 cores in a passively cooled case, amazing stuff!

[–] Eris@l.os33.co 8 points 1 year ago (2 children)

Mikrotik hex are stupid cheap for the speed and features you get

load more comments (2 replies)
[–] Feliberto@programming.dev 7 points 1 year ago

I don't know if it's the best one, but I've been using Mikrotik Hex S for years and it's been a great experience so far.

[–] CriticalMiss@lemmy.world 7 points 1 year ago

It all depends on the features you want in that router and how much you’re willing to spend. I bought a MikroTik hAP ax3, which has many enterprise features (that can come handy to us selfhosters as well) that I found myself not necessarily needing, but definitely enjoying.

[–] monotux@lemmy.world 7 points 1 year ago

I'm using a ~30 USD thin client with a 4 port networking card (~20 USD), just using plain nftables on Debian. It routes handles my network just fine (complex rule set with many subnets & rules, 250/100 Mbps connection). Also using codel/cake for traffic shaping, avoiding lousy ping times even when downloading/streaming et c.

I use two TP-Link EAP 245v3 (ancient by now, but I can still use all my WAN speed from all rooms) for WiFi. Works great.

If I would redo it I'd use VyOS, OpenWRT or maybe OPNSense, but still using x86 hardware due to cost/power usage/performance. And then newer ceiling access points.

[–] grimer@lemmy.world 6 points 1 year ago (1 children)

I've had amazing luck with the Synology routers. You can start with one then if you want/need you add more to create a mesh network. I find the interface easy as well. My 2 cents of course...

Another vote for Synology here. I have 2 RT2600 and 1 RT1600 between myself and my parents houses. They have been completely bullet proof and the oldest one is going on 7 years old now.

[–] Decronym@lemmy.decronym.xyz 6 points 1 year ago* (last edited 1 year ago) (1 children)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
AP WiFi Access Point
DNS Domain Name Service/System
NAT Network Address Translation
PiHole Network-wide ad-blocker (DNS sinkhole)
RPi Raspberry Pi brand of SBC
SAN Storage Area Network
SATA Serial AT Attachment interface for mass storage
SBC Single-Board Computer
SSH Secure Shell for remote terminal access
SSL Secure Sockets Layer, for transparent encryption
TLS Transport Layer Security, supersedes SSL
Unifi Ubiquiti WiFi hardware brand
VPN Virtual Private Network

13 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.

[Thread #26 for this sub, first seen 11th Aug 2023, 15:25] [FAQ] [Full list] [Contact] [Source code]

load more comments (1 replies)
[–] partizan@lemm.ee 5 points 1 year ago

something running openWRT. I for example have a Turris Omnia, which is running their own fork of openwrt. https://www.turris.com/en/omnia/overview/

[–] JackbyDev@programming.dev 5 points 1 year ago* (last edited 1 year ago) (1 children)

Can you give us some details about your house?

My house was built in the golden age of having voip landlines that needed CAT 5e cable but before cell phones were the norm so I have a wired backhaul mesh.

Edit: it occurs to me you probably mean like a router-router being that this is self hosted lol. So disregard haha

[–] gabe 3 points 1 year ago

I live in a town house with relatively good Wifi signal coverage with no extenders needed. I am planning on eventually paying a professional to get wall Ethernet ports installed so I can hook up my most network dependent devices (gaming desktop, gaming devices) and use the router with the rest that wouldn’t make sense to hook into Ethernet.

[–] Moonrise2473@feddit.it 5 points 1 year ago (2 children)

I like the fritzbox ones but I think in USA the best is the base Unifi one (dream router)

Or a cheap decommissioned thinkcentre tiny m700 with opnsense

load more comments (2 replies)
[–] Kir@feddit.it 5 points 1 year ago (2 children)

I'm a noob, but I'm running a Frirzbox router and it seems great to me. 0 problem in configuration and happened to have lots of useful features now that I'm exploring self hosting (it support woreguard VPN natively and have automatic wakeonlan feature for my server)

[–] 486@kbin.social 3 points 1 year ago (4 children)

I always found the software updates of AVM - the manufacturer of those "Fritz!Box"es - to be of questionable quality. If you take a look at the source code that they have to release upon request of the GPL'ed source code they use, you'll notice that they use ancient versions of the Linux kernel, Busybox and other tools. By ancient, I mean many years old, unsupported by upstream for years. Also, they only publish those sources manually when someone asks for them, which doesn't bode well for their internal development processes. If they used CI/CD pipelines, they could easily push out updates of those sources with every new release…

load more comments (4 replies)
[–] redballooon@lemm.ee 2 points 1 year ago* (last edited 1 year ago) (2 children)

I’m a professional in software development, sometimes tasked with administration stuff.

At home I love my FRITZ!Box. The only thing I’m missing is DNS rewriting, but I can work around that. If you don’t know what that is you don’t need it anyway.

load more comments (2 replies)
[–] randombullet@lemmy.world 4 points 1 year ago (2 children)

Mikrotik RB5009 is my router.

Moving to OPNsense

load more comments (2 replies)
[–] floridaman@lemmy.blahaj.zone 3 points 1 year ago

Here is something I wrote previously under a similar post: "Check out the OpenWRT Table of Hardware, it has a list of firmware mod-able off the shelf WiFi routers that work with, you guessed it, OpenWRT. It's rather versatile as it's Linux based and can handle VLANs, multiple SSIDs, and of course, you can change the DNS servers." As I said, OpenWRT is very versatile and runs on many different routers, just find one you like and install it! Many of the supported routers provide Gigabit switching, and some even have multigit for your server connection.

[–] coolfission@lemmy.world 3 points 1 year ago

ASUS RT-AX86U + asuswrt-merlin is what I've used. Completely stable since day 1 unlike my old netgear router.

[–] avidamoeba@lemmy.ca 3 points 1 year ago

Raspberry Pi 4 with a UE300 and OpenWrt can comfortably do 1 gig with SQM. I don't know if it's the most cost effective way to do it but it's one way and it's working well in 3 setups I'm looking after.

[–] balfrag@lemmy.world 3 points 1 year ago (1 children)

UniFi Dream Router is also a nice router for internet speeds up to 700 Mbps.

load more comments (1 replies)
[–] Perrin42@kbin.social 2 points 1 year ago

The Firewalla is pricey but amazing. I am running the Gold at home, and it runs Linux and supports Dockers so I'm running PiHole on the router.

[–] Takumidesh@lemmy.world 2 points 1 year ago

Not sure about your budget, but I switched to a udm se and it's pretty awesome, for me the benefit comes in with cameras and access control. the UI and off the shelf tooling is very nice with it.

Opensense is another more diy option.

I used an edge router 4 before the udm for a few years and it was pretty ok.

[–] TheInsane42@lemmy.world 2 points 1 year ago

My main router here is a RPi4 with 4GB memory, Debian and an USB interface for the connection to internet. The switches are Netgear (324 and a gifted 724) and tthe main server is an RPI 4 as well, but with 8G mem.

It depends your necessity but If you want a reliable and secure router is a good option a router that is compatible with OpenWRT for example.

load more comments
view more: next ›