Hi all,
I’m slowly moving into the self hosted mindset specially for privacy, security and sailing the high seas. This community has been invaluable but I’d like to know which routers you use that fit well with this and plays nice with the services we’re hosting.
I’m mostly thinking about wifi support, openwrt, vpn (not a hard requirement), vlans, etc. I know probably a networking community would be a better place for this question, but I think this might be useful for other “self-hosters”
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point CGNAT Carrier-Grade NAT DNS Domain Name Service/System HA Home Assistant automation software ~ High Availability IP Internet Protocol IoT Internet of Things for device controllers NAT Network Address Translation PCIe Peripheral Component Interconnect Express SSD Solid State Drive mass storage VPS Virtual Private Server (opposed to shared hosting)
9 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #41 for this sub, first seen 14th Aug 2023, 10:45] [FAQ] [Full list] [Contact] [Source code]
Damn good bot
Wait since when does a tilde mean high availability?
It might be overkill and some sysadmin don’t like using them but Ubiquity with their Unifi model is all I’m using at home. USG as my router/firewall, 24-port 500w PoE switch, unifi cloud key for interface, and an AP-AC-Pro for WiFi access. The access point is enough to cover all my house and even my backyard.
+1 for Ubiquiti here too. My network is a fair bit smaller, but I have a regular Dream Machine for WiFi, router and firewall, and just an 8 port poe switch for two AP-AC-Pros and two cameras. The ecosystem is very expandable too, so I can easily add devices if I’m running out of capacity.
They’re a little pricier, but definitely worth it IMO for something that just works with minimal tinkering. Networking setup is quite easy as well, Mactelecom networks on YT has some great videos on that.
I use Mikrotik RB5009 because it’s easy and very powerful. It has zerotier and wireguard built in. I’m slowly getting into OPNSense, but I’m not too familiar with it yet.
I also run ubiquiti wifi, but am planning on changing to another system in the future.
My core switch is a unifi 24 enterprise. It’s the only affordable and semi quiet switch that is multigig, POE, and semi layer 3.
I currently run 6 vlans. Users, servers, management, IoT, LAN only, and DMZ.
Can only agree on Mikrotik routers. All are using RouterOS, which works the same on all their devices, from routers to switches and access points.
They are relatively cheap for the capabilites you’re getting. They have their own scripting language, two APIs (their new one is REST-based).
GUI (winbox is recommended, and plays nice with wine. Wouldn’t recommend web interface, just cumbersome) and CLI exists.
They have a lot of builtin functionality, like DHCP server, DNS server with static configuration, and even file sharing. Some models are powerful enough to run Docker images on (yes, that’s builtin…).
We’re running a couple of hundred and don’t have much problem with them.
Yes, but a caveat is that not all of their switches can run RouterOS. Some can only run SwitchOS, which I’ve heard is on its way out… So avoid that hardware.
I have an RB5009 router and I like it a lot.
You are completely right about SwitchOS, and it is even more exciting that some models sells in two versions, with the only difference being called CSS* for SwitchOS, or CRS* for RouterOS. And the SwitchOS-enabled model is much cheaper, so customers ordering for themselves almost always pick the wrong one (that is, SwitchOS, which we can’t manage properly in our automations and other software solutions).
I have a Turris Omnia (https://turris.com). Comes with their custom OpenWrt out of the box so can do everything that can, with some extra features. Hardware is pretty good: two wifi cards, one of which can do 802.11ax, 6 GBit ethernet ports, 1 SFP port, 2GB RAM, 8GB EMMC flash, supports adding a PCIe SSD. You can also pretty easily install your own OS on it if you want to, personally I have it booting off of a PCIe SSD with NixOS on it.
deleted by creator
Depending on how in depth you want your firewall, packet inspection, etc to be and your internet access speed, you may want a commercial grade router. You can also probably use an old PC and add a dual gigabit NIC to it and load up opnsense or pfsense or some other router/firewall distribution. From there, add a stand alone switch and a standalone wifi AP (or router in AP mode). The reason I bring up using a commercial device or an older desktop is because packet inspection, filtering, etc at line speed on a gigabit connection won’t be possible with a lot of low powered devices.
I used to do this (was using an old Intel core i5 second gen with added RAM and a dual port gigabit NIC) but it was a lot to keep up with. I have since moved on to an Asus router (RT-AX86U) with the AsusWRT-Merlin software package. The only functionality I really lost was suricata for IDS. The AsusWRT distro comes with some proprietary stuff (that I think you can turn off) but it’s also very “open” in terms of just running Linux underneath. This means you can set up things like VLANS, use iptables, etc.
AsusWRT-Merlin adds some niceties (including a nice add on system that will expand into web based interfaces for certain things you might usually do from command line, better/expanded firewalling, and even adguardhome installer for DNS-based malware/spyware/ad blocking… kinda like pihole but lots of people like it better). The maintainer of that package corresponds frequently with Asus (to the point that some of his stuff is merged back into the official AsusWRT at some points).
I can confirm that the model I mentioned above is able to do all the firewalling, QoS, adguard DNS filtering, etc at gigabit speeds. It also has some sort of IDS and a few other protections, but they are part of the proprietary bits (Asus licensed via TrendMicro I believe).
I’ve never trusted vendors like Asus for their routers. I’m currently using PC Engines APU2E4 with OpenBSD. This setup support everything I can think of.
What do you use for a wireless access point?
Eero.
Interesting, I’d never heard of them, thanks!
I have a Dell OptiPlex 7050 acting as a router. But I don’t do any port forwarding. Instead, I have an Oracle Always Free VM that is connected to my server via a WireGuard tunnel. The cloud VM acts as reverse proxy to all of the services that I host. The OptiPlex 7050 is running OpenBSD.