Hi, I got a new router from my ISP, but it doesn’t even have an option to change the address of the DNS server…
So I’m gonna switch (if necessary also the ISP).
I have never used a custom router, so I would appreciate a push in the right direction. What can you recommend? Synology? FritzBox? Asus? Bridge Mode on the ISP router + RasPi?
The following I am running on a separate device, but if possible it would be nice to have it directly on the router device:
- PiHole
- Wireguard
- DDNS updater
If you’re new, something like Uniquiti UniFi stack is very beginner friendly and well polished.
If you’re planning to run your own hardware, the usual recommendation seems to be pfsense or opnsense on a modern lower end system (Intel N100 box for example).
Bearing in mind that a router is only responsible for routing (think directing the packets where to go). You’d also want to have access points to provide WiFi for your wireless devices. This is where UniFi stack makes it easier because you can just choose their access point hardware and control through single controller. Whereas rolling your own you’d be looking at getting something else to fill that role.
he following I am run
I second everything said here.
UniFi is a good starting place, and pfsense is good if you really want to dig in.
On one hand I love unify on the other I wish i never went this route. They do make it very simple to manage a whole suite of devices. But updates sometimes feel “Alpha/beta” some more advanced stuff requires editing jsons in the devices them self. Also recently the battery in my cloud key gen 2 has blown and their is no way to replace it without replacing the whole cloudkey. Thing lasted like 2 years. which is ridiculous. Personally I have started to look in to Mikrotik which is a load more advanced and has a higher learning curve. but if I am forced to edit jsons and use scripts to do some more advanced things i might as well.
Sorry for the slight rant… just be aware what you can get your self in to.
Thing lasted like 2 years. which is ridiculous. Personally I have started to look in to Mikrotik w
Good points – I’ve never ran into any issues with UniFi personally.
At the time I was self-hosting the UniFi Controller on my Proxmox server for a switch and an AP. So i suppose your mileage may vary with UniFi.
As far as routers go, I’ve been running a pfsense for a while and its been great. There is definitely a bit of a learning curve and it’s not something that I’d recommend to someone who has little networking knowledge. Once you understand how to work with it, there is very little you can’t do.
Mikrotik has pop-ed up on my radar recently too, might have to give them a look.
Edit: Phrasing.
All ill say is ROS script is a huge PITA.
So, making a script that takes an object of vlan/port assignments, and running the required commands to ensure the config of the mikrotik matches the declared vlan/port assignments.
The besy way ive seen to build/manage them is to use a compile step to go from some sane declarative config in order to build the actual ROS script to make the changes.
I just havent got round to making that a thing.
I hope they are working on a native python API, so i can script in a sane language, and run it directly on the mikrotik.
Config files are easy to import/export/edit/read, tho.
It does mean you have to reset to default when you update a config file (or configure the device live, then export the config)
Fritzboxes are rock stable, and support Wireguard from FritzOS 7.5 onwards, see https://avm.de/service/vpn/wireguard-vpn-zur-fritzbox-am-computer-einrichten/
(Apparently NOT the cable versions!)
What nags me most with them is that you have no separate Firewall controll over their WiFi, and the WiFi range is not really great. So probably consider going with dedicated APs instead.
I have been using opnsense on a very cheap celeron nuc for a few years, very happy with it
I’m very happy with my FritzBox (7590), it handles de ADSL connection to the ISP, supports various DDNS providers, Wireguard VPN, 4 port gigabit switch (5 of you don’t need the WAN port), guest WiFi with client isolation.
It also has basic media server and NAS functionality (with USB3 external hard drives).
Of course you can change the DNS server and other network controls like QOS, wake on LAN, port forwarding, different profiles with parental controls, filters, connection times, etc.
They also seem to take security seriously.
I personally would flick through the OpenWRT supported devices and pick the best supported device with 802.11ax.
