Seems like it might be time to build my next router before they become unaffordable. I’ve done some research, but I’d like to get the pulse of the community since other self-hosters may have a similar use care.
Should I use PFsense or OpenWRT? Should I use purpose built or minipc hardware?
This is for a home network (symmetric gigabit fiber). A few of the devices have 2.5LAN ports and it would be nice to make use of that speed locally. Primary uses include streaming Disney+ and YouTube, web browsing, and self-hosting a few services I connect to via wireguard. Sometimes I play games, but not competitively, so an extra ms of ping isn’t going to throw me into a rage. I do use a remote desktop feature like steam link to play gamed on my home office PC from my bedroom. Ping is currently acceptable according to the system with occasional slowdowns when my family is slamming the WiFi.
I will need to provide WiFi access. If my existing router(s) have an AP mode, I imagine I can just plug them in via ethernet?
What kind of wireless AP hardware do I need if I want connections to transfer between a basement and attic AP with minimal interruption?
For the router itself, I see people using what look like barebones routers and others using a minipc with dual LAN. What do you use and what advantages/disadvantages have you experienced as a result.
Can I set up a wireguard VPN server in either pfSense or OpenWRT?
Are there any enshittification risks or open-source purity concerns with either choice?
Is there a significant difference in popularity between pfsense and openwrt?
I will happily accept hardware recommendations for 2.5GB capable router hardware for a home network with 1GB fiber. It needs to be able to handle inbound and outbound wireguard connections. I’m overwhelmed by the many options between all the minipcs and purpose built hardware. Location is USA.
I appreciate any insight you may have. I’m a Linux guy, but networking has always been my weak point so I’m asking for help.
You must log in or register to comment.
I used pfSense for years and switched to OpenWRT. I highly recommend OpenWRT. pfSense is kinda trash IMHO. I tried to set up traffic shaping, so I could play games while my roommate was watching Netflix, and it just doesn’t work as advertised. I tried like 20 different configurations for the traffic shaping, following all the documentation, guides, countless forum threads, etc, and none of it worked properly when you actually test it. At the end of the day, I concluded that nobody understands how to configure traffic shaping on it and even the developers didn’t realize it was broken.
OpenWRT, on the other hand, just works better out of the box, and has the right level of customizability for home use. It has a way better ecosystem around it where you can download extra packages with GUIs… it’s just much nicer to use, and doesn’t have the QA problems I had with pfSense.
Just go with OpenSense. Fully FOSS and comparable with corporate software feature-wise.
So I recently(ish) went through this - migrating from consumer hardware to rolling my own.
Here’s what I did:I bought a mini-PC router and loaded OPNsense onto it.
I needed wireless AP’s in some odd places, so I bought a pair of POE-powered Netgear WAX620 AP’s because they were a decent price, and a 2.5G POE+ Switch.
I probably would not go with Netgear again. They try to lock you into their cloud (subscription) platform. I don’t dig it. I would probably also not go with a POE switch unless I had to, because it adds a lot to the cost.
If I had planned better, I’d have waited until a decent older switch became available from a local surplus source. (The local university has a public surplus site that sometimes has interesting and cheap networking gear.)
If you plan to set up VLANs, make sure your switches are up to the task.I’ve got pfsense on a VM, works great. Opnsense is good too and easier to deal with than digging out a download from Netgate, but doesn’t have pfblocker integrated.
If you have a Soho router already and its compatible with openwrt, use that. Otherwise, build a cheap x86 PC with 2 or more nic ports and use OPNsense. pfSense is probably not a great option anymore for reasons already outlined in other comments.
Thanks for the reply.
I have devices I could use, but they’re earmarked for other projects. I’m looking at acquiring hardware specifically for this project. I could acquire it at a garage sale or a classified ads site. I don’t really want to spend more than $350 if I can help it and even then, I have to be able to justify that to myself somehow. (since that almost enough to add another 2TB of SSDs to my server). Having said that, if the features I want are only present in pricier hardware, I want to find that out now.
I have a 4g WiFi router I carry around when I travel that I call “the hocky puck”. It also has an ethernet port, so when I’m home, I take the battery out and attach it to my router as a backup in case the fiber fails. If I want to do the same thing on OPNsense, I would need to add an expansion card with more network ports, right? That would steer me from miniPCs to barebones router hardware or a small-form-factor PC build where I could add as many NICS as I have PCI slots.
Does wanting a 2nd WAN pretty much rule out mini-PCs for me?
Even in my God Tier build-dreams, I only have 2WANS a LAN and a management LAN. :D
I have seen 6 port minipcs like this one https://cwwkpc.com/products/mini-pc-firewall-c6 so number of ports is not an issue as long as you are prepared to pay for it. I think you’ll find more ports with similar keywords (industrial, firewall, fanless, etc).
My setup, which I think works well, is to have OPNsense on the miniPC as router/firewall, and separate WiFi APs. This setup has lasted me around 5 years now and will probably last as long as OPNsense and openWRT (for my APs) had decent support for my hardware. Well worth the money and effort in my opinion, and separating the router/firewall from the AP allows you much more flexibility.
OpnSense is amazing.
I’ve used it for over 10 years after using a ton of other stuff. I run a 10G fiber connection from my router to my 10G network backbone with multiple vLan’s. My ISP provides me a 1Gbps fiber connection to an ONT. I also use a Netgear LM1200 as a wired Cellular backup which OpnSense selects automatically when the fiber loses connectivity.
I am running mine using a Xeon E3-1226 v3 in a Supermicro X10SLL-F with 16GB of RAM and a 128GB Sata SSD. 10G is provided using a Mellanox ConnectX3 and an SFP+ module with OM3 Fiber.
I’m running a Quanta LB6M for my fiber backbone and a Dell PowerConnect 5548 for 1Gbps ethernet connections.
For WiFi I use a pair of TP-Link Omada EAP-650’s with the OC200 controller using POE. It hands over seamlessly as clients move around the house and I’m planning to add a 3rd AP upstairs when I have finished my solar install and competed the building of the master suite.
Sounds like you are pretty far along in your networking journey. I can appreciate the vLans and the 10G backbone, but a lot of the hardware you mention is over my head. :D I’d take the miniPC route, but like you, I’d like to attach my 4g router as a failover.
Opnsense or pfsense are good options. Most people would suggest the former.
If you use your existing router as an AP you need to ensure it has a different IP address then your firewall and turn off DHCP.
If buying APs most would suggest unifi access points for their features and ease of use.
The *sense options let your use wire guard, openvpn, or others like tailscale, tinc.
For hardware any dual nic (in the speed you want) any n95, n100, n150 mini PC should more than meet your needs.
Should I use PFsense or OpenWRT?
I wouldn’t recommend pfSense unless you’re already invested in it (e.g. already have a pfSense setup and want to transfer your config files and settings over). Netgate (parent company) has been moving towards their paid versions (pfSense Plus and TNSR), the Plus version is free if you buy their router otherwise will cost you some money for a subscription. And meanwhile they stopped providing current downloads of full installs/builds of the free community pfSense so actually getting the current 2.8.1 is a hassle now - you’re expected to download their Netgate installer that needs internet access to download the full install while installing the router software, or you need to download/install an older version of pfSense (2.7.0 I think) and then get online to update it to 2.8.1.
Just went through all that doing a re-install, it’s crazy that I need to have internet access to install the router that will provide internet access LOL.
OPNsense is a well known alternative. OpenWRT could work too but I haven’t used it personally.
This is good info. I remember hearing a little bit of that and someone set me straight on DDWRT vs OpenWRT as well. I think I’ll take OPNsense for a spin.
I’ve been running opnsense on a qotom mini pc for a couple years now and have no complaints. It has plenty of resources for my 1gb fiber connection.
Are you currently using a modem/router combo or are they separate units? If it’s one unit, you’ll need a way to connect your fiber. The qotom has 4 sfp ports that should work for this or you can use a media converter.
The qotom has 5 2.5gb ethernet ports so you might be able to avoid adding on a switch. If you go the route of using a mini pc with dual ethernet, you’ll have to add a switch to the mix.
I have the fiber ONT straight from the wall. The tech support guys at my ISP gave me all the details I needed to configure my own current router (GLInet Flint 2). I’ve just been not trusting corporate solutions lately. I’m almost completely degoogled on my phone and the recent router banning drama is encouraging me to do this now instead of later when I had originally wanted to do it.
There’s also https://opnsense.org/, but I know little about it
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network IP Internet Protocol PoE Power over Ethernet SSD Solid State Drive mass storage
[Thread #277 for this comm, first seen 6th May 2026, 21:20] [FAQ] [Full list] [Contact] [Source code]
im in the same boat as you. tried opnsense for a week, but the webui is really not that friendly for a total beginner like me. im running ipfire right now, which offers less options but thats a + while im still learning the basics.
Glad to know I’m not alone! Sometimes it feels like everyone else has either figured it all out, or I’m charting new (and potentially silly) territory and nobody knows wtf I’m doing.
I’ve been doing Linux stuff for a long time, but I was still living under my parent’s roof back then so I never had to network anything, I just had the wifi password. After school, out in the world, I still didn’t have my own network for quite some time. Only in the last few years have I really started to grasp how it works well enough to actually do something useful with that knowledge. I’ll take a look at ipfire too. Luckily my current router is still functioning okay, so I have time to play around and see what software will work for me. Right now I have to make some sort of decision about hardware because I don’t have anything with dual ethernet on hand.
I’ll throw in my vote for pFsense. Pretty comprehensive package.
