After getting a Raspberry Pi, I realised that I cannot use on my ISP router. I therefore need to get my own router.
I already checked the router firmware page and the OPNsense and OpenWRT pages. From the OPNsense official shop, I’m getting the sense that OPNsense-compatible hardware is more expensive, so I’m thinking of going with OpenWRT.
Basically, my needs are quite simple: the network has a couple of laptops, a few phones and a smart TV, all connected to the ISP router wirelessly. I just need something to use alongside the ISP box (in bridge mode) and that can run PiHole on my Pi. Also, ideally not going over €200-300, although I don’t quite realise the implications of this price range on performance/quality.
I saw the list of compatible hardware on the OpenWRT page, but am not sure how to narrow it down. Compatibility with the latest version of OpenWRT seems like a good start. Then what? sufficient flash memory and RAM, but how much? What else has an impact, number of CPU cores and/or frequency? Are there brands that are more trustworthy?
So overall, limited budget and limited needs; anything that can help narrow down the search would be great!
In router world both RAM and CPU doesnt mean the same as in laptop for example. Typical home router has (upto) 32MB of RAM and 1 core-CPU and thats more than enough.
Biggest factor is likely going to be what version of wifi (want 5 or 6? 6E is barely if at all supported yet) it supports and general compatibility with OpenWRT. Peruse their forums as consider asking for recommendations there too.
Also OpenWRT has an Adblock plug-in, essentially doing the same thing as Pi Hole. Not as flashy or probably has as much dev effort in its blocklists, but it’s one less device to maintain and is good enough for me. Adblock at DNS level will only matter for non VPN using devices (amazing for blocking smart tv tracking).
Thanks, good to know. Many go wayyyy beyond that, so that means it’s probably not needed for me and I can filter those off. Any reliable brands?
No clue for wifi, is there a bit difference? As for pi-hole, I was quite psyched about the pi, so I really want to set it up. And, indeed, most of that effort is for the tv and my +1, who does not run a VPN.
I updated my network last year and got a TP-Link ER-605 router, and a Netgear WAX206 Access Point. Both were around $150 total. I used to run a PiHole, but my Raspberry died, so I am using NextDNS on the router through DoH. But the ER-605 would work perfectly with a PiHole.
I like the ER-605 and was able to set up firewall rules to block regular unencrypted DNS requests to cover IoT devices that I could not set NextDNS on. I also have VLANs set up to separate my wife’s office computer from the rest of our stuff.
Overall, it’s been rock solid for almost a year.
Sounds rather good, thanks for the details. However, sorry if this is dumb, but what is the access point for? I see it provides wifi – is that supplementing the router’s wifi? Or does the router not include wifi?
I’m surprised GL.iNet wasn’t mentioned yet. They’re essentially the gold standard in the privacy community. They come shipped with OpenWRT and they’re easy to customize and configure. You can use an OpenVPN/Wireguard VPN on them, configure the router to use Tor, set difference network and device policy, and easily change the DNS to use DNSCrypt, NextDNS, or a Raspberry Pi.
If you’re looking for performance, Flint 2 is the way to go: Flint 2 (GL-MT6000) | High-Performance VPN Router - GL.iNet.
Alternatively, the Slate AX or Beryl AX are light weight routers with a good performance. Slate also integrates with a NAS.
These two are also recommended by Michael Bazzell from Intel Techniques in his Extreme Privacy book.
You can also have a look at the product comparison: Compare - GL.iNet
You can have a router connected to your ISP and then some access points connected to the main router. The APs just broadcast wifi in dumb mode.
My current setup is OPNsense on a Protectli box. I’m quite liking the ad blocking in Unbound DNS. I used to run a Pi-Hole and quite liked it but am giving this a spin. I think it is as effective as PiHole. (Is using the same block list as Pi-Hole :Stephen Black list maybe?).
The OPNsense box is connected to three dumb APs from Ruckus for wifi.
I have a couple Netgear AC1000 routers that I flashed OpenWRT onto following the instructions on the site. I’m going to put them into dumb AP mode and use with the OPNsense box for a full FOSS setup.
The Netgear routers could be used on their own as a router and extending AP, if desired. OpenWRT is pretty cool.
There are helpful guides on Youtube (Invidious). This guy has good tutorials: https://homenetworkguy.com/
Thanks a lot, I’ll make sure to check those out.
ok, I see how that comes together. what are your advantages from having several access points? is it better signal across longer ranges? or segregating your connections? what for?
See this thread Privacy and security oriented router?
I’d like to clarify that they don’t come with openwrt, but their own OS based on openwrt. So in any case you have to choose to trust them. Otherwise you will still need to flash the official openwrt. I believe their custom version of OpenWRT is also open source, but I haven’t checked the code, and there’s no way to verify that the software running in the router is the same as the published code, unless you built it yourself and flash it. In any case, they make it very easy to flash a regular build of OpenWRT if you don’t trust their version.
I use a Flint 2, and I chose to trust the version that comes built it. It’s great. It has a very clear and simple UI to set up the usual, including VPN server and client, AdGuard etc. But still gives access to openwrt’s interface and ssh-ing into it feels just like an openwrt box.
I’m new here. Read the forum guidelines, used the search function, and here I am hopping onto this thread and asking for a router recommendation. Hope OP doesn’t mind.
Trying to up my privacy and security game, but I’m not the techiest of people. Currently looking for something that can;
- configure multiple segregated vlans.
- set each vlan to a separate wireless SSID
- do some ad/tracker blocking, either by using something like AdGuard Home or via setting a different DoH/DoT address for each vlan pointing to a NextDNS profile.
- have at least one of the vlans connecting to my VPN provider (currently IVPN*) using WireGuard.
- sustain reasonable VPN speeds, preferably 500Mbps at least (I have a 1Gbps ISP connection).
I’m based in Southeast Asia so might not have easy access (or the buying power) to some of the brands available to people in the US or EU region where I assume most of the members in this forum are based. Also would prefer something with a decent GUI and platform-agnostic** interface.
Currently looking at GL-iNet* routers. Seen the brand mentioned a couple of times here, but personally have no prior experience and am unsure if all the conditions I listed above will be met. If that’s not recommended, the next best thing (easily available where I live) would be a Merlin compatible Asus model, I suppose. Anything else I should consider? Enterprise grade is probably out of my budget and above my skillset, unfortunately. Also would prefer an all-in-one unit.
Thanks in advance.
*I’ve learned that anything Tom Spark or TorGuard rates poorly has to be doing something right.
**Meaning something I can access via entering its IP address in a browser, as opposed to some dedicated app.
I had a related topic about trying to replace google wifi.
Here is what I decided on after comments here and posting about it on openwrt for a 1gbps connection.
4GB version. 1GB version can’t boot with OpenWrt, it’s different thing, also don’t pick R4SE the eMMC can’t be used.
The idea with this router is to completely separate routing functions from the AP(s). This way you avoid ending up with a jack-of-all trades solution. This also makes it easier to look at APs that may not be strong routers.
wsm20 makes a good AP (preferably wired), but they aren’t all that fast as router, which should not matter in this situation.
Total Cost: ~$205 or about €190 which is the low end of your budget.