So don't laugh, but my current router is a 17 year-old Linksys WRT54Gv2 running DD-WRT. I've got the radio disabled and use a newer TP-Link router hooked up as a dedicated AP.
I'm looking to upgrade the router and am considering either a new, DD-WRT compatible consumer product like the Linksys 3200ACM or a Netgate 1100 running pfSense. I am not now, nor do I ever want to be a network administrator. The reason I haven't replaced my router in 17 years is because it just plain works without any effort on my part. That said, I like the flexibility, features, and value that typically come from open source projects.
I'm leaning towards pfSense but am concerned I might be getting in over my head. I don't want to get into something where I'm using command line to make configuration changes or coming to forums for help every time I want to set up a static IP lease.
Some things I would like to eventually configure:
Static IP leases for most in-home wifi devices.
VPN for remote access to LAN. Dynamic update of Public-facing IP would be helpful.
Maybe ad blocking... maybe not.
Policies to restrict/deny WAN access by certain devices at certain times.
Any opinions from the community are greatly appreciated. TIA.
I had an older router that I was quite happy with. It worked great. I realized that the software had not been updated in several years. And in that time, there have been several serious bugs discovered in most routers that had not been fixed. So, in the last year, I replaced my old router with a Cisco VLAN wireless router. The software gets regular updates, so I am much more comfortable with it. With respect to your questions, most modern routers will be able to handle your needs.
I bought an EdgerouterX and an happy with it. If you don't want all of the network traffic analysis running and enable the 2 hardware offloading options, I get the full gigabit speed that I pay for.
I think it's running about $60 now. I was network router novice before buying it and I was able to figure it out pretty easily.
It can definitely do 1, 2 & 4. For ad blocking, I recommend buying a raspberry Pi zero and installing Pihole.
I have had a few clients make the same request, they don't want to be network admins but want the features that comes with having network admin skills. Some of the routers that have the capabilities you are looking for such as the Asus line not only have them built in but you can still flash a firmware that keeps the stock Asus features but extends the capabilities.
pfsense is super flexible, and very very powerful. WAY more capability than any of the consumer routers or custom firmware that is out there... I've very recently used Asus-merlin and DDWRT... both of those are easier to use, navigate, and get from the box to running quickly. They are designed for the masses with little tech knowledge or desire and generally work straight out of the box. If you want to do a quick setup and leave it alone (which sounds like what you described), then you might be better going this route.
If you don't want to be a network admin BUT have some skills and logical thinking and kinda like tinkering now and then - then pfsense will be OK for you. It's a lot of work to set up though, depending of course on what your needs are.
If you go with pfsense, a less expensive option may be to reuse an old desktop computer, put an extra network card in it (so you have WAN, and LAN ports), and learn it that way before, or instead of, buying a dedicated device. Or even better, you can install it in a virtual machine on windows and get a feel for the functionality and usefulness before pulling the trigger on an actual device. You can download the installer for free....
I'm in a similar state. I need to change out my network infrastructure and I can't make up my mind about how complicated to make the project. A few others to check out:
Don't forget you can also get Untangled home for $50 / year and that is pretty easy to use. If you are going to build or use a more powerful router you may want to watch this reivew:
I prefer OpnSense to pfSense as there seems to be less "drama" with the developers.
Originally left pfSense back when they declared they were dropping support for systems without AES-NI. Not saying it was necessarily the wrong thing to do but it kind of left users like me hanging.. I think they eventually backed off of that afterwards though.
It's good for less complicated setups as the video @ronv42 pointed out but that is changing over time. I'd stay away from the beta firmware though. I am still using OpnSense running on a Protectli box and have a Cloudkey Gen 2 + some APs. Haven't made the jump to the UDM Pro - no compelling reason just yet. I will be installing a UDM Pro in few months for a new home build.
Seems like they are out of stock at ui.com and closer to $200 on Amazon. Otherwise I liked these when I had looked at them previously.
Looks promising but most compatible routers seem to be in the same $200 price range. And maybe it's just me, but does a router really need to look like a UFO?
@tiwing@erktrek@jasazick I like the idea to test drive the system in a VM first. I think I'll give OpnSense a try and see how it feels.
The day of the indiscrete wifi router seems to have been delegated to mesh systems and corporate access points. They ether look like a light show on some Neolithic art or a strange upside down insect with all the antennas. That is why my AP's at home are unifi with protectli router appliance in the basement running Untangle. Which one of these would look better on a bookshelf:
The Unifi stuff is a definitely a commitment to their equipment but the management UI is great. The trouble is thanks to the chip shortages Ubiquiti is out of stock on a lot of different things.
I ended up with WiFi 6 LR & Lite APs to replace my UAC Pro and Flex (coke can AP ftw!). Also you (the general "you" not you! ) need a POE switch which should probably be Ubiquiti as well.
I really like the control the system gives me even without the gateway stuff which OpnSense takes care of..
That's crazy! I saw that one of them had the SFP port so it wasn't the EdgerouterX that I got for $60 but the others that were $140+ sure looked just like mine.
) need a POE switch which should probably be Ubiquiti as well.
