My Linksys router died this morning - fortunately, I had a spare Netgear one laying around, but manually replacing all DHCP reservations (security cameras, user devices, network devices, specific IoT devices) and port forwarding options was a tedious pain. I needed a quick solution; my job is remote, so I factory reset the Netgear (I wasn’t sure what settings were already on it) and applied the most important settings to get the job done.
I’m looking for recommendations for either a more mature setup, backup solution, or another solution. Currently, my internet is provided from an AT&T ONT, which has almost everything disabled (DHCP included), and was passing through to my Linksys router. This acted as the router and DHCP server, and provided a direct connection to an 8-port switch, which split off into devices, 2 more routers acting as access points (one for the other side of the house, one for the separated garage, DHCP disabled on both).
If going the route of a backup solution, is it feasible to install OpenWRT on all of my devices, with the expectation that I can do some sort of automated backups of all settings and configurations, and restore in case of a router dying?
If going the route of a smarter solution, I’m not sure what to consider, so I’d love to hear some input. I think having so many devices using DHCP reservations might not be the way to go, but it’s the best way I’ve been able to provide organization and structure to my growing collection of network devices.
If going with a more mature setup, I’m not sure what to consider for a fair ballpark budget / group of devices for a home network. I’ve been eyeing the Ubiquiti Cloud Gateway + 3 APs for a while (to replace my current 1 router / 2 routers-in-AP-mode setup), but am wondering if the selfhosted community has any better recommendations.
I’m happy to provide more information - I understand that selfhosting / home network setup is not a one-size-fits-all.
Edit: Forgot to mention! Another minor gripe I have is that my current 1 router / 2 routers-as-AP solution isn’t meshed, so my devices have to be aware of all 3 networks as I walk across my property. It’s a pain that I know can be solved with buying dedicated access points (…right?), but I’d like to know other’s experiences with this, either with OpenWRT, or other network solutions!
Edit 2: Thanks for the suggestions and discussion everybody, I appreciate hearing everybody’s recommendations and different approaches. I think I’m leaning towards the Ubiquiti UCG Ultra and a few Ubiquiti APs, they seem to cover my needs well. If in a few years that bites me in the ass, I think my next choices will be Mikrotik, OPNsense, or OpenWRT.
As for backup, you can also buy a e.g. Lenovo M920q minipc, buy a pci-e riser, buy a dual port ethernet card, set up Proxmox, set up an pfSense (or OpenWRT, or OPNsense) VM inside, pass-through the ethernet card directly to the VM. The VM is very backupable, since you just copy the VM state and save it somewhere. This would only work for the router though, since the AP’s that’d be running OpenWRT wouldn’t be VMs. This is at the cost of having to deal with an additional layer for the VMs.
I guess the problem you’re asking about in regards in regards to cross-device portability of a backed up config is valid. If you had a four ETH port router, backed up the config, and then uploaded it on a two ETH port router, you’d run into trouble, but I have no experience here.
You can also install OpenWrt on some switches these days (PoE also reportedly works with realtek-poe module):
- https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875/
- https://openwrt.org/toh/views/toh_standard_all?dataflt[Device+Type*~]=Switch
That way you’d have a fully open OpenWRT-only network lab, so you’d always be working with the same system.
deleted by creator
I have the att bgw-320 as well. Very excited for when the hardware for the bypass comes around.
I tried using the IP passthrough setup on it, but it ended up causing all sorts of slowdowns that I had troubles diagnosing. I was using the nanopi r4s with a WiFi AP when I had this issue. Make sure to look into compatibility with ATTs IP passthrough is not total passthrough so you might have to dig into the details to make sure it all works together.
I like the Turris Omnia and (highly configurable) Turris Mox. They come with OpenWrt installed.
Unifi gear is super great value-wise. Their support is lacking, but their equipment is pretty easy to deal with.
UCG is great and cheap.
UDM Pro is more flexible / future proof but also more expensive. (you get POE, and access to the rest of their suite, but that access also comes with some hardware lockin)
They don’t do custom DNS, so a couple of PIE holes or a DNS service are prudent.
BTW you CAN do DNS in a unifi gateway. It just requires making dnsmasq entries through shell. Perfect solution? No. But it gets you there with no additional hardware.
Agreed. After 4 years on PFSense, and that becoming basically a second job, I pulled the trigger and got a Unifi USG-Ultra, and my life is now all rainbows and unicorns.
That’s seems to be what I keep coming back to over the past few days. The UCG Ultra looks perfect for what I need - I don’t want a router and AP in one device, nor do I need any of the security software that other Unifi devices seem to have - I run those separately. I think the UI and dashboards are what are really pushing me towards Ubiquiti, they look really great for displaying the info I want to see
It is pretty intuitive and just works. I do have an issue where I can’t access my services on ProxMox and UnRaid via URL (only via IP) when I have the work profile enabled in that network from the local network (works via internet from outside or through a VPN though), but it does work is the profile is disabled. Other than that, everything just works and is super easy to setup and configure.
This is what I did after running consumer Linksys and ASUS routers, including with OpenWRT.
I moved to a Unifi setup and haven’t had any issues. I can manage it remotely if I need to, like another household member needs something changed or fixed. I’ve never had to restart it to fix an issue, it just works.
Easy upgrades without having to replace the entire setup and move settings over manually. Especially easy wireless upgrades, almost just plug and play replacing the old access point antenna.
And if you need just a small setup and you run a home server you can run the management software on there instead of something like their dedicated Cloud Key device.
hell it’s almost worth it just for the Suricata IDS/Blocking :)
If going the route of a backup solution, is it feasible to install OpenWRT on all of my devices, with the expectation that I can do some sort of automated backups of all settings and configurations, and restore in case of a router dying?
My two cents: use a “full” computer as your router (with either something like OPNsense or any “regular” linux distro if you don’t need the GUI) and OpenWRT on your access points.
Unless you use the GUI and backup/restore the configuration (as you would with proprietary firmwares), OpenWRT is frankly a pain to configure and deploy. At the moment I’m building custom images for all my devices, but (next time™) I’m gonna ditch all that, get an x86 router and just manually manage OpenWRT on my wifi APs (I only have two and they both have the same relatively straightforward config).
It’s a pain that I know can be solved with buying dedicated access points (…right?)
Routers and access points are just computers with network interfaces (there may be level-2-only APs, but honestly I’ve never heard of any)… most probably your issue is that the firmware of your “routers as access points” doesn’t want to be configured as a dumb AP.
Good points. It’s strange to me to think of routers and APs as just computers, or things that can be run off of a mini-PC or some kind of raspberry pi, but it seems like it’s entirely feasible to build up your network with those.
I’m spoiled now. I prefer ubiquiti equipment for my network, security camera, and even door access.
However, if you prefer completely open source I can recommend opnsense and openwrt. Personally I prefer a single point of configuration… So all ubiquiti for me… It makes it easy to restore a complete network configuration as you are discovering is a pain.
Maybe start with the new cloud gateway max as a router if you are interested.
My setup is smaller, but when my venerable old router died about a year ago, I acquired an Asus TUF-AX3000_V2 where I installed FreshTomato. One can login via SSH and dump all settings for backup. Likewise, individual or all settings can be done on the command line instead of the GUI. I have a script on my computer that reads CSV files with MAC addresses and more to apply changes in an automated way.
$150 fanless N100 pc with 4x2.5gbps from aliexpress and install OPNsense on it.
How much power can these things draw?
STH measured 23w on theirs, but it can vary based on which one you buy. Tons of compute power with those 4 E cores.
https://www.servethehome.com/fanless-intel-n100-firewall-and-virtualization-appliance-review/4/
This is the correct answer for the selfhosted crowd
I used to use OpenWRT on various devices, but two years ago I got a UDM-Pro, a USW-16-POE, and a few Unifi APs and cameras. I run pi-hole on the UDM-Pro. I have no complaints. It is more expensive than piecing it all together using OpenWRT and some Raspberry PIs, but way easier.
No issues or anything so far with the Unifi devices? That’s good to hear. Do you have any third-party integrations with your Unifi devices, or is it as locked of an ecosystem as I’ve read others say? I don’t think I’d mind taking the plunge, as long as it has good customer service and support.
Be prepared to be hostage of their cloud services… Unifi was all cool until they introduced the Cloud Key and a few other things.
Can’t you just not use their cloud services? It makes you create an account for setup, but once setup was done I never touched it.
They’re devices usually require a ui.com account and linking the device. As some people already said it you’ll still require cloud connection to setup the device even if standalone by using their mobile or desktop app. Doesn’t seem like a good choice for someone who’s into privacy and self hosting.
For someone who’s into privacy I wouldn’t recommend ubiquity at all. A few years ago there was a scandal about them doing telemetry, first in secret without even a setting to turn it off, and when people to to know about it they have made a default-on setting for it. They know you’ll most probably use their gear for the outmost routers too, and you won’t discover it.
I do not know what you mean by third-party integrations. I do not use any cloud stuff, Ubiquiti’s or otherwise.
I’m a big fan of Mikrotik with Unifi WiFi.
Mikrotik I have a RB5009 which is powerful enough for all of my needs.
I took a quick read of the comments and I apologize in advance if this has been suggested already.
I use a self hosted DNS server (AdGuardHome) I was using TechnitiumDNS for a long while, but moved over to the other recently so I could do some more blocking as needed (adult special needs house dweller sometimes needs limited internet). It also acts as a DHCP Server so it takes the role of both the DHCP assignments away from the router. As it so happens, this week, I got to experience the benefit of having this setup live when my main router also went down, I was able to switch to a spare router (My ISP provided one) and all I had to do was turn the DHCP off and optionally point the DNS To my AdGuardHome address, set the SSID’s up and I was in business. All of my devices happily reconnected and grabbed their assigned IP’s.
In short, if you have a spare computer, SBC such as a raspberry PI or whatnot, you can easily host something like that and not have to worry about setting those again.
I’m going to suggest something that I don’t see anyone else talking about here. Synology, the company mostly known for the NAS devices, makes some surprisingly good routers as well. I’ve got 2 of their RT2600ac and 3 of their MR220AC mesh units. Their configuration software is unlike anything I’ve used by any other brand. It a web based interface that looks like a variant of desktop linux. Configuring it feels like configuring an actual computer.
I had originally purchased these for my business, an esports center, but after the business closed a few years ago I kept the hardware and used them in my home. They are so much better than any other consumer networking hardware I’ve tried from DLink, Linksys, and Asus.
They have newer models out that support AX wifi. But I haven’t felt the need to upgrade yet. A few notes though. Their hardware does not necessarily support every cutting edge feature. No wifi 7 as far as I know for instance. They seem to sit about 2-3 years behind the absolute latest, but the trade off seems to be stability and reliability.
In my home, I have every unit physically hardwired back to my server rack in my basement. So while it does support mesh over wifi, I’ve opted to run ethernet to every room in my house. My general rule is anything that can be wired, should be wired. We even have a disconnected shed/workshop which I trenched and buried a cable out to so that I’d have a wired access point out there.
I rarely see anyone mention Synology’s routers, but I think they are worth consideration.
I would not recommend unifi for a mature solution. It sure works nice as a glass panel, but it will get limiting if you will have a desire to hack around your network. Their APs are solid, though, it’s just the USG/Dream machine that I wouldn’t recommend.
Mikrotik software is very capable and hackable and you can run it in a vm if you feel like bringing your own hardware.
Another vote for Mikrotik, but only if you’re technical-minded and want to learn how routers work. One of the things I like the most about it is the ability to import/export the router config as plain text. That makes it very easy to do things like bulk-editing (I have a lot of IOT devices I need to configure), storing your config in version control for safe-keeping etc.
I have a pretty decent background in networking - I spent a few years in a network technician position and finished up my CCNA training while I was doing that work. I’ll have to look into Mikrotik, I’ve never actually heard of that brand, thanks for the recommendation
Yup, I have a Mikrotik and love it. I haven’t fully explored the possibilities, but so far I have:
- DNS server - traffic to my NAS uses my domain name, but everything stays on my network (so I get TLS, without hitting the internet)
- VLANs - haven’t fully configured yet, but I’m working on segmenting my network based on access needs; I currently have two SSIDs I’m playing with
- Ubiquiti AP - absolutely solid, though running the server is really annoying, especially since the machine it’s on is only connected via WiFi (so I have to drag the AP down every time I need to re-pair it if I break my wifi)
If you want a professional setup but don’t want to pay a ton, Mikrotik w/ Ubiquiti AP is affordable and very capable. All in, I think I spent $70 on the router and $100 on the AP, so $170 for an “enterprise grade” network. I’m planning to upgrade the AP soon, and it’s nice to not have to reconfigure the router, I’ll just add the AP, configure in the software, then remove the old AP.
Mikrotik all the way. But prepare yourself for a nice steep learning curve, but now that om past that i sware by it. Super fast and infinity configurable. The entire router configuration can be exported as a txt file and imported in seconds so if it breaks just get a new one and load up your config and you are good to go. Also the forums are a gold mine of information. What i love the most is just how fast it is. Setting take effect instantly. Also means it is extremely fast to lock yourself out of not careful. Again, steep learning curve but really good after that.
I haven’t seen it mentioned it yet, Firewalla. I I’ve been running the Gold version myself for a couple of years now and it’s been great.
I believe it was founded by ex-cisco engineers.
This is paired with Unifi switches/AP’s.