The Router Recommendations Thread (Consumer)

[CAD4466HK]

Yeah,

Long story short, OPNSense was founded when M0n0wall shut down a few years back. Netgate, the company behind pfSense didn't like when they suddenly had a new competitor on the market after M0n0wall shut down, and did a lot of shitty things to the OPNSesne project, including creating a fake website for OPNSense in which they made it seem like OPNSense was pro-nazi, and many other things.

It was really petty and disgusting.

And then OPNSense sued pfSense over it in court and won.

After that I just didn't have any desire to use pfSense anymore.

As with everything, there is two sides to every story, and pfSense probably paint themselves as the victim of all of this as well, but I was just really turned off when it comes to pfSense after the whole ordeal.

Wow, consider me educated. This puts pfSense in a whole different light.
I'll let my cousin know about this ASAP. Thanks for the insight.

 

[Milehigh]

Looking for a router recommendation, I do NOT need wifi on the router as I have 3 Ubiquiti wireless access points through the house with great coverage. Can I skip having wifi on the router? Recommendations for a router without wifi? Thanks

 

[Zarathustra[H]]

Looking for a router recommendation, I do NOT need wifi on the router as I have 3 Ubiquiti wireless access points through the house with great coverage. Can I skip having wifi on the router? Recommendations for a router without wifi? Thanks

You are a perfect candidate for a custom OPNSense or pfSense build as discussed a few posts up. These are much more flexible and powerful than any consumer router, and many (most?) enterprise systems, if you spec them right.

Or you could buy one of the embedded solutions that both of them offer. OPNSense's embedded products are a little bit higher end and pricier. The ones pfSense offers (as Netgate) span the range a little more and are available as cheaper home products all the way up to the more expensive ones that OPNSense offers.

The OPNSense Hardware

The Netgate/pfSense Hardware

For reasons discussed previously, I have some ethical issues with Netgate, but not every purchase decision needs to be an ethical decision. Sometimes you just have to buy the best product for your needs.

If you really like the Unifi ecosystem, Unifi has some products as well that are very reasonably priced, and will integrate nicely with your Unifi controller you are already likely using for those AP's.

These embedded solutions will pale in comparison to the processing capability of a custom x86-based router though. You can use old PC hardware you have laying around, as long as you get a good NIC with two or more ports) or have them on board. (Usually best to avoid Realtek though) You don't even need server grade hardware (though server grade NIC's help) and if you have gigabit or lower performance needs, this can be very affordable.

I'm pushing gigabit speed through Wireguard VPN for my entire network entirely on my OPNSense router. Mine is on a Xeon chip with a Supermicro server board (but there is no reason you have to go this more expensive route if you don't want to. Most people who build OPNSense or pfSense do it with spare PC hardware they have laying around and a dedicated cheap dual port Intel gigabit NIC.

 

[Milehigh]

You are a perfect candidate for a custom OPNSense or pfSense build as discussed a few posts up. These are much more flexible and powerful than any consumer router, and many (most?) enterprise systems, if you spec them right.

Or you could buy one of the embedded solutions that both of them offer. OPNSense's embedded products are a little bit higher end and pricier. The ones pfSense offers (as Netgate) span the range a little more and are available as cheaper home products all the way up to the more expensive ones that OPNSense offers.

The OPNSense Hardware

The Netgate/pfSense Hardware

For reasons discussed previously, I have some ethical issues with Netgate, but not every purchase decision needs to be an ethical decision. Sometimes you just have to buy the best product for your needs.

If you really like the Unifi ecosystem, Unifi has some products as well that are very reasonably priced, and will integrate nicely with your Unifi controller you are already likely using for those AP's.

These embedded solutions will pale in comparison to the processing capability of a custom x86-based router though. You can use old PC hardware you have laying around, as long as you get a good NIC with two or more ports) or have them on board. (Usually best to avoid Realtek though) You don't even need server grade hardware (though server grade NIC's help) and if you have gigabit or lower performance needs, this can be very affordable.

I'm pushing gigabit speed through Wireguard VPN for my entire network entirely on my OPNSense router. Mine is on a Xeon chip with a Supermicro server board (but there is no reason you have to go this more expensive route if you don't want to. Most people who build OPNSense or pfSense do it with spare PC hardware they have laying around and a dedicated cheap dual port Intel gigabit NIC.

Thanks for the detailed advice... as luck would have it, due to a basement finish and having to downsize some storage, I got rid of some older PC stuff laying around which would have worked perfectly. With that said, I'm retired so can spend some time researching building my own with either solution you suggested. My buddy probably has a ton of stuff I could utilize, need to get him over for a beer and discuss

 

[SamirD]

Looking for a router recommendation, I do NOT need wifi on the router as I have 3 Ubiquiti wireless access points through the house with great coverage. Can I skip having wifi on the router? Recommendations for a router without wifi? Thanks

Personally, I like used watchguard units. They're ridiculously cheap for what they can do, even if their firmware can't be updated.

 

[Dopamin3]

Yeah,

Long story short, OPNSense was founded when M0n0wall shut down a few years back. Netgate, the company behind pfSense didn't like when they suddenly had a new competitor on the market after M0n0wall shut down, and did a lot of shitty things to the OPNSesne project, including creating a fake website for OPNSense in which they made it seem like OPNSense was pro-nazi, and many other things.

It was really petty and disgusting.

And then OPNSense sued pfSense over it in court and won.

After that I just didn't have any desire to use pfSense anymore.

As with everything, there are likely two sides to every story, and pfSense probably paint themselves as the victim of all of this as well in their version of it, but I was just really turned off when it comes to pfSense after the whole ordeal.

Not using Netgate products / pfSense for their childish antics is entirely justified, but I'll give another good reason. Let's take a trip back to the release of pfSense 2.5, where they actually shipped a Wireguard kernel module (it almost got upstreamed into FreeBSD but thank goodness it wasn't) that Jason Donenfeld (the creator of Wireguard) said this about:

Spoiler: quote

I imagined strange Internet voices jeering, “this is what gives C a bad name!” There were random sleeps added to “fix” race conditions, validation functions that just returned true, catastrophic cryptographic vulnerabilities, whole parts of the protocol unimplemented, kernel panics, security bypasses, overflows, random printf statements deep in crypto code, the most spectacular buffer overflows, and the whole litany of awful things that go wrong when people aren’t careful when they write C. Or, more simply, it seems typical of what happens when code ships that wasn’t meant to. It was essentially an incomplete half-baked implementation – nothing close to something anybody would want on a production machine.

This article goes into some depth about it: Buffer overruns, license violations, and bad code: FreeBSD 13’s close call

Would you ever trust a company that actually vets that and puts it into a production release of a firewall?