Hi all,
I’m slowly moving into the self hosted mindset specially for privacy, security and sailing the high seas. This community has been invaluable but I’d like to know which routers you use that fit well with this and plays nice with the services we’re hosting.
I’m mostly thinking about wifi support, openwrt, vpn (not a hard requirement), vlans, etc. I know probably a networking community would be a better place for this question, but I think this might be useful for other “self-hosters”
I have a Dell OptiPlex 7050 acting as a router. But I don’t do any port forwarding. Instead, I have an Oracle Always Free VM that is connected to my server via a WireGuard tunnel. The cloud VM acts as reverse proxy to all of the services that I host. The OptiPlex 7050 is running OpenBSD.
I use Mikrotik RB5009 because it’s easy and very powerful. It has zerotier and wireguard built in. I’m slowly getting into OPNSense, but I’m not too familiar with it yet.
I also run ubiquiti wifi, but am planning on changing to another system in the future.
My core switch is a unifi 24 enterprise. It’s the only affordable and semi quiet switch that is multigig, POE, and semi layer 3.
I currently run 6 vlans. Users, servers, management, IoT, LAN only, and DMZ.
Can only agree on Mikrotik routers. All are using RouterOS, which works the same on all their devices, from routers to switches and access points.
They are relatively cheap for the capabilites you’re getting. They have their own scripting language, two APIs (their new one is REST-based).
GUI (winbox is recommended, and plays nice with wine. Wouldn’t recommend web interface, just cumbersome) and CLI exists.
They have a lot of builtin functionality, like DHCP server, DNS server with static configuration, and even file sharing. Some models are powerful enough to run Docker images on (yes, that’s builtin…).
We’re running a couple of hundred and don’t have much problem with them.
Yes, but a caveat is that not all of their switches can run RouterOS. Some can only run SwitchOS, which I’ve heard is on its way out… So avoid that hardware.
I have an RB5009 router and I like it a lot.
You are completely right about SwitchOS, and it is even more exciting that some models sells in two versions, with the only difference being called CSS* for SwitchOS, or CRS* for RouterOS. And the SwitchOS-enabled model is much cheaper, so customers ordering for themselves almost always pick the wrong one (that is, SwitchOS, which we can’t manage properly in our automations and other software solutions).
I can vouch for MikroTik also. I have no access to fiber, so my choice was to get crappy Huawei or ZTE with limited customisation option or get MikroTik. I have bought Chateau 5G AX. I was able to bypass mobile CGNAT with Wireguard tunnel to a virtual MikroTik on cheap VPS, as my mobile provider does not offer static IP for non business customers. I am also running reverse proxy on my server to access my network directly thanks to Wireguard tunnel. You can edit nearly everything on MikroTik router (including MAC address on any interface and even spoof IMEI number when it has LTE like mine).
I use an N5105 generic mini pc running proxmox and opnsense. You can get them fairly cheaply from Aliexpress. They’re particularly low power and come with 4-6 gigabit network ports. I have two containers, the second of which hosts my Home Assistant instance. As an added bonus they often don’t have a fan.
For wifi I use Ubiquity wifi 6 Lite APs with the controller running under home assistant.
I want to do the same thing but I’ve read that it’s not a good idea to put opnsense and home assistant on the same machine “you don’t want your router restarting when home assistant restarts.” Is this not an issue of they are run in proxmox vms?
Hasn’t been an issue for me. HA would only be depending on Opnsense for a DHCP lease so assuming you have reasonable lease times it’ll just pick up where it left off.
Without checking I would imagine you could just set a delay for the HA container to make sure opnsense can start first, if it does become an issue.
I use unifi access points for wifi, and have an OpnSense router/firewall running on my server (proxmox).
That works really well, only negative ting is that if I reboot my server the internet is down while doing that. But that doesn’t happen very often.
I do almost exactly the same, except I have opnsense running on a cheap dual nic mini PC so I don’t have that dependency on my proxmox servers. The unifi stuff does need a controller, but they publish a free app that you can run instead of getting their hardware.
I’m running the app in an lxc on proxmox for unifi, works perfectly:)
I’m undecided about getting dedicated hardware for OpnSense. It would be nice when rebooting, but I don’t do that often. But then again, it runs fine on the server as a virtual medicine so no need for an extra machine to use power.
For now it will stay virtual. :)
