Back to the drawing board...Router & AP(s) for Home Network

Markess

Well-Known Member
May 19, 2018
906
550
93
TL : DR - Needing to update my home network. A modest (wired?) router with basic security features for the wiring cabinet at the corner of the house (something like Ubiquity ER-X, ER-4, or even ER-12?), plus a centrally located AP(s) with decent coverage (similar to a used Ruckus 710 for example). The catch is, my current router has died, so I need to pick from what I can actually find in stock (U.S. - California) and is, hopefully, not insanely priced. Normally, I'd educate myself on products and then go looking for stock, but the family isn't going to give me the time to do that. They want their streaming, and they want it NOW :p

The more detailed version: The last time I did this in 2020 ( https://forums.servethehome.com/ind...recommendations-for-a-home-wifi-router.28762/ ), I'd settled on an Ubiquity ER-X for the wiring cabinet in the corner of the house, and a used Ruckus r710 centrally located (2 story 2500 sq foot mostly open floor plan). My son, lured by claims of amazing gaming presets, convinced me to get an Asus GT-AC2900 instead, and move our existing Asus Lyra pucks to be AI-Mesh nodes spread throughout the house. Since then the Lyras died & were replaced with two RT-AC68Us (reflashed from T-Mobile TM-AC1900), and now the GT-AC2900 has died too. The two RT-AC68Us by themselves are struggling for decent Wifi coverage, and I don't want to be buying my 3rd Asus router in two years to add to the AI-Mesh. Time to do something else!

But, I'm not sure the original 2020 solution (ER-X plus r710) is still the best choice? ER-X seems to be heavily backordered everywhere, and used ones are going for more than MSRP. Plus, seems like some people are having issues with them long term and the newer ER-4 or ER-12 are better choices? But, they seem to be out of stock everywhere too. Used Ruckus prices seem through the roof as well? Looking at Mikrotik reviews, lower end stuff (hEX) may not be enough for my needs, and mid-range stuff (RouterBOARD) seem to be hit and miss depending on the model. On paper, RB450Gx4 seems to be a good fit (MikroTik) , but I can't find much in terms of reviews, and the stories I've been reading about the learning curve for RouterOS are kind of daunting.

I'm still not ready to risk the wife's home office and ESSENTIAL Netflix/HBOMAX to a "roll your own" pf/OPNSense or similar solution. It exposes me to too much blame if there's issues. So, I think a wired router with modest security features seems to be my best bet (with the wiring cabinet in a closet in the corner of the house, a Wifi signal from that location would be poor). The desktops/NAS/ Servers are all wired, but the majority of devices and traffic are Wifi, so a decent AP/APs is/are going to be necessary as well.

The biggest problem seems to be finding suitable stuff that's actually in stock, and not enough time for my standard process of overly exhaustive research followed by a lot of dithering before I buy :rolleyes:. The wife, who is more decisive, advocates driving over to Best Buy and throwing money at whatever consumer product they have in stock. Hoping to avoid that too :eek:.
 
Last edited:

elvisimprsntr

Member
May 9, 2021
76
33
18
Florida
My kit is the following:

1. Open source enterprise class firewall from https://www.pfsense.org on an dedicated appliance from https://protectli.com
2. Open source enterprise class NAS software from https://www.truenas.com on 3 Intel based QNAP NAS
3. A pair of enterprise class Engenius EWS377APv3 APs with a wired backhaul

You might be able to repurpose on old x86_64 machine with pfsense if you have two supported NICs
Otherwise, just pick up a bare bones consumer router to give yourself time to figure out what you want to do long term.
 
  • Like
Reactions: nabsltd and Markess

Markess

Well-Known Member
May 19, 2018
906
550
93
Otherwise, just pick up a bare bones consumer router to give yourself time to figure out what you want to do long term.
I've been considering that option too. I've not kept up on the networking segment, so have no idea what's being manufactured in general, let alone what is or isn't in stock. Our device mix in the house has really changed lately too. Any given day, we've got 40-50 devices connected. And while almost all are idling at any moment, at least half are wifi now. That's up quite a bit from the last time I looked at it closely two years ago. Plus, I haven't really looked into if I want to get ready for faster than 1G for the wired equipment while I'm at it.

Decisions, decisions.
 

oneplane

Active Member
Jul 23, 2021
214
98
28
You can get any of the devices mentioned on the front-page of STH, like Topton and Qotom and put OpenWRT, OpnSense, VyOS etc. on it and get started with something before going all in on a specific ecosystem.

Regarding availability, it depends on where you are located. Most well known brands are out of stock, and imports from the US take forever, so it's easier to either get previous generation hardware (i.e. Dell VEP1445, Intel NUCs, or anything directly from the ODM in China) over here.

While a lot of homelab setups and 'better than consumer' configurations get all horny about IDS/IPS and line-rate IPSec, for a normal home configuration but perhaps with a little extra DNS filtering and IP blocklists, some extra subnets and VLAN support, anything with a recent Intel dual core or AMD Ryzen embedded CPU will do. If there is at least one x4 PCIe connection free, you can add faster network ports later, or you can get one of the devices that already come with a bunch of 2.5G ethernet ports by default.

Keep in mind that besides having a device that acts as a gateway (NAT, Firewall, DHCP, DNS, perhaps routing if you have multiple subnets), you might want to leave the actual network connections to a switch, including connecting access points to it. If you are okay with 1Gbps WiFi at the most, you can get a Power-over-Ethernet switch with plenty of 1G ethernet ports to attach access points to, generally those are at least Layer 2 managed, which mostly just means it knows about VLANs. That in turn means you can use access points that know about VLANs too, which means you can have a 'guest' network and a 'home' network and if you want to, you can add an 'lot' network or 'experiments' network for when you want to try things out without messing with users that are just using the internet.

While device counts and link speeds are relevant, what is more relevant is the amount of connections and the amount of packets per second. The reason for this is that most acceleration cores in consumer routers and most performance in software routers has started to depend on how much work the system has to do and not really how many bytes the work was about. 40 devices that all have 1000 connections open with a shitload of tiny packets would be harder on some routers than 400 devices with 1 connection each and a bunch of big packets. The same goes for certain types of IPTV streaming (IGMP based, so not Netflix or anything like that).

If you just aren't sure enough, this is by far the easiest to start with when you don't want to hook into an entire ecosystem right away: https://www.servethehome.com/topton...appliance-review-pfsense-opnsense-proxmox-ve/

You can even skip the proxmox part and directly install OpnSense for example, the end result is the same where you have plenty of fast network ports and configuration options to go from super simple WAN + LAN all the way to multiple virtualised routing systems chained together.

There was a thread a few weeks ago about a similar case where it was more about 'which AP do I use', and it generally just bounces around between UniFi, Ruckus, Aruba and Meraki. Engenius works well too, but I haven't deployed those since 2014 and back then they were mostly a one-off type of deal.
 
  • Like
Reactions: Markess

ReturnedSword

Active Member
Jun 15, 2018
473
172
43
Santa Monica, CA
pfSense is really easy to set up. If you’re going to have it act as a simple router/firewall it takes less than 10 minutes to install on most x86 hardware. You’ll probably spend more time writing the installer onto the USB drive.

Once the internet is back up, it will default to DHCP for all connected devices, so you can spend your time leisurely to configure static IPs and additional firewall features if you wish. Any config changes will take affect immediately, or in the case of static IPs, when the next lease is granted/reboot. On my dead pfSense (waiting for Topton N6005 box from China), I was using a cheap old 60GB Sandforce chipset SSD, and reboots were still within a few minutes. On a modern SSD rebooting should be even faster.

An issue you’ll have to deal with for WiFi devices is that roaming on AiMesh, at least on the same AC68Us that I have, is atrocious. I’ve been meaning to upgrade for the longest time, but eh, I’m always waiting for the newest WiFi revision. I waited for WiFi 6, then now there’s 6E, and supposedly soon 7. I guess I’ll wait for WiFi 7 :rolleyes: The standard features for 6/6E are vastly superior to WiFi 5/AC on the AC68U. Namely, better band steering, MU-MIMO, roaming, and beam forming. Just keep in mind that no “consumer” grade WiFi routers/mesh routers/APs support proper VLAN tagging, or VLAN tagging at all, which is the “killer” feature I’d like to have, so I can remove the APs I’m using for my guest and IoT networks. To get VLAN tagging you’d need to go for enterprise gear. Ubiquiti is a bit overhyped IMHO. The minimum I’d recommend are TP-Link Omada for brand new units.
 
  • Like
Reactions: Markess

sic0048

New Member
Dec 24, 2018
20
12
3
I am a non-IT professional, but moved to pfSense a few years ago. I run it on an HP t620+ thinclient and it works great, but I also don't have anywhere close to GB internet service. I use Ubiquity APs (AC Pros) at my house and I use TP-Link Omada (EAP-225s and EAP-620s) at my parents house (which also runs pfSense on a T620+) and Aruba S2500-48P network switches at both as well.

The APs were bought new, but everything else was bought used on EBay. It's been rock solid with the exception of 1 TP Link EAP-225 AP going bad which I ended up replacing with a EAP-620).

I would do basically the same thing today if I was to do it all over. I would probably buy a new and more powerful thin client, and probably Brodcade ICX network switches, but that's just to ensure future proofing for a longer period of time. Nothing I have now as been a limitation in the speed or reliability of my network.
 
  • Like
Reactions: Markess

ReturnedSword

Active Member
Jun 15, 2018
473
172
43
Santa Monica, CA
I forgot to mention that I have a Ubiquiti ER-X and ER-4 just laying around that I didn’t return in time. I was about to jump on the Ubiquiti hype wagon some time ago, and realized it was junk. At least with the ERs I have, I couldn’t do nearly as much as I could on pfSense, and that’s before losing the IDS/IPS features of pfSense. I admit the dashboard is pretty though.
 
  • Like
Reactions: Markess

Markess

Well-Known Member
May 19, 2018
906
550
93
Thanks for all the great info. A lot to unpack. My big takeaway is that I had no idea how little I actually knew :oops:.

Thinking my best bet is to limp along with the two remaining Asus routers, learn some stuff, check into pfSense etc., and make some informed decisions. I've the parts to put something together to learn on: firewall/router box and a "desktop" to put behind it. I suppose I could do it in a VM on a server, but for me that would probably just create an extra layer of confusion. Putting hardware behind an existing router will probably require some fiddling(?), but google is my friend and I'm sure I'm not the first to try it.

Keep in mind that besides having a device that acts as a gateway (NAT, Firewall, DHCP, DNS, perhaps routing if you have multiple subnets), you might want to leave the actual network connections to a switch, including connecting access points to it.
Good advice! Everything is already on managed switches: Netgear GS108T in the wiring closet and TP-LinkTL-SG1016DE in my home office/lab. I just haven't been using any of their management features. Guess its time to start.

That in turn means you can use access points that know about VLANs too, which means you can have a 'guest' network and a 'home' network and if you want to, you can add an 'lot' network or 'experiments' network for when you want to try things out without messing with users that are just using the internet.
I'm seeing the wisdom in this. Looking at my device list, I've got a ton of appliances and IOT stuff (heck, even the doorbell has two IPs), and I have no idea for some how often (if ever) they get firmware/security updates. And as for "experiments"....yes, a VLAN would be GREAT for that. Don't want to mess with the other users in the house here. They can get mean. :eek:

pfSense is really easy to set up. If you’re going to have it act as a simple router/firewall it takes less than 10 minutes to install on most x86 hardware. You’ll probably spend more time writing the installer onto the USB drive.
I had no idea it was that easy. I'll give it a go! I have nothing to fear, but fear itself. And my wife. And my kids. But if I sandbox it, I should be relatively safe. :D

An issue you’ll have to deal with for WiFi devices is that roaming on AiMesh, at least on the same AC68Us that I have, is atrocious.
Oh, the plan is to get rid of those Asus routers entirely. They were less than $25 new on Ebay, so I have no reservations about jettisoning them as soon as I pick out a replacement solution.

I am a non-IT professional, but moved to pfSense a few years ago. I run it on an HP t620+ thinclient and it works great, but I also don't have anywhere close to GB internet service. I use Ubiquity APs (AC Pros) at my house and I use TP-Link Omada (EAP-225s and EAP-620s) at my parents house (which also runs pfSense on a T620+) and Aruba S2500-48P network switches at both as well.
I'll need to delve deeper into the hardware side of things for pfSense. Our inbound internet, and the network cables from the other rooms all terminate in our bedroom closet. To keep the wife happy a firewall/router/switch there need to super quiet, if not silent.

How do you find the Omada APs? I'd seen them in my initial research and noted that they were actually available for purchase. Having two people mention them in the thread here, I think I'll definitely take a good look at them.

Do you find the Aruba switches easy to manage? I've got a S3500 (same OS as the S2500 I believe?) that I used for 10G for a while, but took down when it became clear that I just wasn't using the bandwidth. The 16 port switch in my home office is out of ports though, so I was thinking of putting the Aruba back, just without the 10G module (its removable on that one). I never used any of the more advanced management features though, so have no idea if the text based interface is cumbersome for that.

Thanks again everyone who replied. It was a real eye-opener.
 

sic0048

New Member
Dec 24, 2018
20
12
3
How do you find the Omada APs? I'd seen them in my initial research and noted that they were actually available for purchase. Having two people mention them in the thread here, I think I'll definitely take a good look at them.

Do you find the Aruba switches easy to manage? I've got a S3500 (same OS as the S2500 I believe?) that I used for 10G for a while, but took down when it became clear that I just wasn't using the bandwidth. The 16 port switch in my home office is out of ports though, so I was thinking of putting the Aruba back, just without the 10G module (its removable on that one). I never used any of the more advanced management features though, so have no idea if the text based interface is cumbersome for that.

Thanks again everyone who replied. It was a real eye-opener.
The Omada's are at my parents house and they seem to work fine. However we are talking about two elderly people that don't really have much in the way of needs. As I mentioned, I did have the one hardware failure for some unknown reason. It did allow me to upgrade to a wifi6 unit which I don't even have at my house yet. I bought the hardware controller after about a year because I found it on sale and I though it would be more stable than the software controller and I didn't want to get calls about the wireless not working. I do believe it has been more stable since that time, although the software controller wasn't "unstable" by any means.

I'm running a bunch of VLANs through my Aruba switches and that's about as sophisticated as I get. I'd like to learn more about L3 routing and get some of that functionality off the firewall, but it just hasn't been a high priority. I don't think my current network is noticeably slow, so there is little motivation to try to "fix" something that probably isn't broken in the first place.
 
  • Like
Reactions: Markess

ddaenen1

New Member
Jul 7, 2020
17
1
3
I also vote for pfsense and second the opinion that it is probably faster to set up than any Ubiquity or Mikrotik router and out of the box with the wizard provides very good protection. You can play around with packages once you are familiar with the concept. I run it on Supermicro 1U server with 2 SSD's in zmirror (one is enough to start with but as i work from home alot with lots of Teams meetings, i like the idea of a redundant system)

I have one backbone 24p Cisco SG350 switch hooked up to the router which connects to all the devices in the house, including 4 Cisco WAP571 AP's via POE+.

I went for this setup as i had been frustrated for years due to the unreliable behavior of consumer devices, especially router and wifi. once i moved over, I never looked back.
 
Last edited:
  • Like
Reactions: Markess

oneplane

Active Member
Jul 23, 2021
214
98
28
I severely dislike pfSense, and OpnSense is fork and drop-in replacement (especially on new setups), but at the end of the day you can get your network running either way.

If you want to experiment with it, without messing with your network or buying hardware, you can just get VirtualBox on your computer, download an ISO from the firewall software website (Download - OPNsense® is a true open source firewall and more for example) and do a "pretend" installation so you can get a feeling of how hard it might be. There are ready to go pre-installed virtual machines available as well but I recommend doing the installation yourself to feel a bit more comfortable with the whole thing. (the same can be done with pfsense but the company and culture around it has gone to shit years ago)

If you are going to try this out and are not familiar with anything I just wrote, here are some pointers:

- you will need to have a bit of free disk space, RAM and enough CPU cores on your computer to run virtual machines
- Downloading and installing something like virtual box is really easy. It might ask you if you want to install the extension pack: yes do that!
- When you create a 'new' virtual machine it will simply ask you a few questions (if asked about the operating systems: OpnSense (and pfsense) are FreeBSD based)
- give them something like 1GB RAM, 8GB virtual hard drive and 2 CPU cores
- give them 2 network interfaces, the first one can be a 'bridged' one connected to your existing ethernet or wifi, the second one can be host-only
- when asked about a disk to install something on the VM, use the ISO file you downloaded earlier
- finish the setup question thing and off you go, you can run your virtual machine and do the pretend-installation and if something goes wrong you can just delete the virtual machine and start over

After you start the virtual machine you can run the installer that is inside the ISO file you started the machine with and follow the on-screen steps, afterwards it will restart itself and it will enter the initial setup for the firewall where you can just accept all the defaults and you're good to go.

At the end, the firewall will have an IP of 192.168.1.1 or something like it (it will be displayed) and depending on your host-only network settings you may be able to reach it, but that's only relevant to write a long post about if you are interested in trying it out.
 
  • Like
Reactions: Markess

ReturnedSword

Active Member
Jun 15, 2018
473
172
43
Santa Monica, CA
Thanks for all the great info. A lot to unpack. My big takeaway is that I had no idea how little I actually knew :oops:.

Thinking my best bet is to limp along with the two remaining Asus routers, learn some stuff, check into pfSense etc., and make some informed decisions. I've the parts to put something together to learn on: firewall/router box and a "desktop" to put behind it. I suppose I could do it in a VM on a server, but for me that would probably just create an extra layer of confusion. Putting hardware behind an existing router will probably require some fiddling(?), but google is my friend and I'm sure I'm not the first to try it.



Good advice! Everything is already on managed switches: Netgear GS108T in the wiring closet and TP-LinkTL-SG1016DE in my home office/lab. I just haven't been using any of their management features. Guess its time to start.



I'm seeing the wisdom in this. Looking at my device list, I've got a ton of appliances and IOT stuff (heck, even the doorbell has two IPs), and I have no idea for some how often (if ever) they get firmware/security updates. And as for "experiments"....yes, a VLAN would be GREAT for that. Don't want to mess with the other users in the house here. They can get mean. :eek:



I had no idea it was that easy. I'll give it a go! I have nothing to fear, but fear itself. And my wife. And my kids. But if I sandbox it, I should be relatively safe. :D



Oh, the plan is to get rid of those Asus routers entirely. They were less than $25 new on Ebay, so I have no reservations about jettisoning them as soon as I pick out a replacement solution.



I'll need to delve deeper into the hardware side of things for pfSense. Our inbound internet, and the network cables from the other rooms all terminate in our bedroom closet. To keep the wife happy a firewall/router/switch there need to super quiet, if not silent.

How do you find the Omada APs? I'd seen them in my initial research and noted that they were actually available for purchase. Having two people mention them in the thread here, I think I'll definitely take a good look at them.

Do you find the Aruba switches easy to manage? I've got a S3500 (same OS as the S2500 I believe?) that I used for 10G for a while, but took down when it became clear that I just wasn't using the bandwidth. The 16 port switch in my home office is out of ports though, so I was thinking of putting the Aruba back, just without the 10G module (its removable on that one). I never used any of the more advanced management features though, so have no idea if the text based interface is cumbersome for that.

Thanks again everyone who replied. It was a real eye-opener.
I would advise against going with a virtualized router/firewall if this is your first attempt. It’s much easier to go bare metal, even if you end up inevitably not utilizing some available resources on the hardware. Plenty of people virtualize though, but you can learn the major stumbling block, which is hardware pass through for the NICs, later at your leisure.

Here’s a thought though. My first self-rolled router/firewall was Sonicwall, and it ran on a Fujitsu dual Pentium III Xeon 500 MHz workstation I picked up from a trash pile behind a company. I just put an additional PCI 100 Mbps NIC in it (Realtek even, gasp!) which IIRC I paid $7-10 for. A while later I switched to m0n0wall, which was the immediate predecessor of pfSense (Also even a predecessor of non-router related stuff like FreeNAS). OPNsense originated as a direct fork of pfSense. Even back in those days with the installer being a CD onto a hard disk, the process took maybe 30 minutes tops.

Do you have an old computer laying around? Perhaps an additional NIC? Many USB NICs also work nowadays. Intel NICs are preferred due to driver stability, but Realtek is just fine. If it worked back then it works better now. You can try out pfSense today even. ;) The config can be backed up manually to xml, or NetGate provides a free cloud configuration backup service. If you change hardware, you just load the configuration backup, wizard asks to re-configure the NICs, and you’re good to go.

Btw, the biggest gripe against Realtek back then were badly written drivers that crashed Windows or caused high CPU utilization, similar to the arguments over hardware dial-up modem chipsets, then hardware modems vs soft-modems, then eventually the arguments devolved into which soft-modem was the best. I find modern CPUs, even Atom-based Celeron/Pentium are more than sufficient to make up for any performance lost due to supposed Realtek drivers.
 
  • Like
Reactions: Markess

Markess

Well-Known Member
May 19, 2018
906
550
93
I severely dislike pfSense, and OpnSense is fork and drop-in replacement (especially on new setups), but at the end of the day you can get your network running either way.
No reason I can't try both as long as I'm experimenting.

Do you have an old computer laying around? Perhaps an additional NIC? Many USB NICs also work nowadays. Intel NICs are preferred due to driver stability, but Realtek is just fine. If it worked back then it works better now. You can try out pfSense today even. ;) The config can be backed up manually to xml, or NetGate provides a free cloud configuration backup service. If you change hardware, you just load the configuration backup, wizard asks to re-configure the NICs, and you’re good to go.
The disadvantage of being a pack rat is that you wind up with a closet/cabinet full of old (but functioning) parts. Of course, when you need some extra parts, it's suddenly an advantage as well!

I updated a lot of systems for the extended family the last couple years during stay at home. I wound up with all the old gear, so I've got a variety to choose from. I've got five motherboards with dual onboard Intel NICs here that should work as a learning platform:
  • QM67 (82579LM & 82574L)
  • Q77 (82579LM & 82574L)
  • H81 (i217-LM & i210-AT)
  • Q170 (i219-LM & i210-AT)
  • C236 (2 x i210-AT) (has IPMI, which may be handy)
Unless there's a particular NIC model that's a real stinker with BSD, I assume any of these should work OK?

Is pf/OPNSense sensitive to OS disk speed? The H81, Q170, and C236 boards can boot from NVMe and I've got a couple low capacity ones with PCIe adapters I can use if disk performance matters.
 

ReturnedSword

Active Member
Jun 15, 2018
473
172
43
Santa Monica, CA
The disadvantage of being a pack rat is that you wind up with a closet/cabinet full of old (but functioning) parts. Of course, when you need some extra parts, it's suddenly an advantage as well!

I updated a lot of systems for the extended family the last couple years during stay at home. I wound up with all the old gear, so I've got a variety to choose from. I've got five motherboards with dual onboard Intel NICs here that should work as a learning platform:
  • QM67 (82579LM & 82574L)
  • Q77 (82579LM & 82574L)
  • H81 (i217-LM & i210-AT)
  • Q170 (i219-LM & i210-AT)
  • C236 (2 x i210-AT) (has IPMI, which may be handy)
Unless there's a particular NIC model that's a real stinker with BSD, I assume any of these should work OK?

Is pf/OPNSense sensitive to OS disk speed? The H81, Q170, and C236 boards can boot from NVMe and I've got a couple low capacity ones with PCIe adapters I can use if disk performance matters.
I don’t find IPMI to be that useful on a router, as the management interface would have to be on a separate VLAN. Plus a router can be easily rebooted as it’s at home. Even on my previous ancient N2930 pfSense that died, the display was still up (though system unresponsive). I’d just pick the oldest hardware you have. Even the Q67/Q77 motherboards will be more than fine!

I forgot to ask… you don’t have multiple networks set up right? So in that case you would only need 2 NICs anyway (WAN, LAN). You could even just have the old motherboard run pfSense and not bother at all with buying a new appliance, unless you want a mini PC type system as your router eventually. Whenever you want to move systems just backup your config and upload it to the new install when prompted, or in the wizard of you skip importing configs during install.

On NICs, even the ancient 82579LM or 82574L will be fine. Realtek is fine too if you happen to have had a “cheapie” old motherboard. My dead Jetway N2930 board had 82574L NICs and it served well for many years. It never got maxed out, even on that pokey slow N2930.

I had my Jetway box running on a 2.5” 5.4k laptop disk for the first couple of years, until the disk died, then I swapped to a cheap Sandforce based 2.5” SSD for the rest of its lifetime. The SSD still has 98% life left. PfSense isn’t that disk heavy. On a new build with modern hardware I would suggest M.2 NVMe, but it’s not necessary. A SATA SSD will be more than fine. The biggest hits to the disk will be if you do any sort of proxy caching (Squid for example), but most people do no use Squid.
 
  • Like
Reactions: Markess

Markess

Well-Known Member
May 19, 2018
906
550
93
You could even just have the old motherboard run pfSense and not bother at all with buying a new appliance, unless you want a mini PC type system as your router eventually.
I don't necessarily need a new appliance. There's room where it needs to go for a decent size case, so even the micro-ATX boards I've got on hand will work. The more important thing for any permanent solution is noise. This needs to go in the bedroom closet, and audible fan noise is a downcheck for spousal approval. I didn't realize just how little CPU is needed though. So low/no noise shouldn't be too difficult, even with some of the hardware I've got on hand.

Whenever you want to move systems just backup your config and upload it to the new install when prompted, or in the wizard of you skip importing configs during install.
This is great to know. Will save even more time.

Cheers!
 
Last edited:

adman_c

Active Member
Feb 14, 2016
112
46
28
Chicago
I don't necessarily need a new appliance. There's room where it needs to go for a decent size case, so even the micro-ATX boards I've got on hand will work. The more important thing for any permanent solution is noise. This needs to go in the bedroom closet, and audible fan noise is a downcheck for spousal approval. I didn't realize just how little CPU is needed though. So low/no noise shouldn't be too difficult, even with some of the hardware I've got on hand.



This is great to know. Will save even more time.

Cheers!
If silence is desired, then the fanless mini-pcs (topton, etc from Aliexpress) have a ton to recommend them. I have a qotom box (celeron j3160) running pfsense that I bought from Aliexpress years ago and it's been absolutely rock solid. It literally only goes down if the power goes out or if an update requires a reboot. Current uptime is ~250 days. The downside to these little boxes is currently availability. When ordering from Aliexpress, my guess is your minimum time would be 1.5-2 months. It usually takes about a month for me to get something from Aliexpress, and with covid shutdowns and other supply chain issues, my guess is that it'd be a while before you get something. Fortunately, that gives you plenty of time to muck around with pfsense/opnsense on your existing hardware.

Another option would be to get a Protectli box from Amazon. They're readily available but you'll pay dearly (in dollars and less up-to-date hardware) for the convenience.

If you're starting from scratch, I'd personally recommend opnsense over pfsense: the interface is a bit better organized IMO, and netgate (the company that owns pfsense) has made some business decisions that I consider pretty crappy. I'm currently in the process of migrating to a new firewall running opnsense. To be fair though, pfsense is a great firewall. It has been 100% rock solid for me--not a single issue that wasn't my own fault. And since I'm running my new firewall virtualized, I'll actually have a pfsense install there as a backup in case there's something about opnsense that I don't like.

Good luck!
 

ReturnedSword

Active Member
Jun 15, 2018
473
172
43
Santa Monica, CA
I don't necessarily need a new appliance. There's room where it needs to go for a decent size case, so even the micro-ATX boards I've got on hand will work. The more important thing for any permanent solution is noise. This needs to go in the bedroom closet, and audible fan noise is a downcheck for spousal approval. I didn't realize just how little CPU is needed though. So low/no noise shouldn't be too difficult, even with some of the hardware I've got on hand.



This is great to know. Will save even more time.

Cheers!
If the router will live a closet, you probably would need for the case to have fans regardless. Are the fans you have that loud? Even my main workstation that has 6 fans on the radiator, and 4 other fans elsewhere in the case is barely audible even in my quiet office. The fans are on low to medium controlled by the BIOS on a fan curve. The only noticeable thing is the heat build up from the PC, but as it’s now cold, it nicely keeps the office at a good temperature.
 

ReturnedSword

Active Member
Jun 15, 2018
473
172
43
Santa Monica, CA
@Markess What area are you located? If you’re in the Los Angeles / Orange County area I can give you some spare old brand new Yate Loon 120mm fans I’ve got from back in my silentpcreview days. They’re 3-pin, not PWM, but were famously quiet and push a decent amount of air.
 

Markess

Well-Known Member
May 19, 2018
906
550
93
If the router will live a closet, you probably would need for the case to have fans regardless.
This is why I've been reluctant to try an appliance like this! ;) Its a decent sized walk in closet. But, yeah,fans may be indicated. The wife likes to not worry about if the door is closed oir not, so its usually left open. Oh, and she has bionic hearing.

Yes, I could say something like, a) we could just make sure we close the door when we go to bed, and b) but it needs a fan for cooling.

But, having been married for 28 years, I can accurately predict her response would be a) I never had to close the door before, I don't want to have to remember to close it now, because we suddenly need to have something with a fan and b) the old one didn't need a fan, I don't understand why this one needs one. Seems to me like we're sliding backwards if it needs cooling fan and the other one didn't You know, the (fill in suitable product name here) router at Best Buy, with the racing stripes and half a dozen funny shaped antennas, the one I said you should have just bought that one and be done with it, that one doesn't need a fan either. You could be back with it in a half hour and have it set up in 15 minutes more. Problem solved and no fans.

Are the fans you have that loud?
I doubt it. But, honestly, I haven't finished putting anything together yet. The "test rig" was going to be in my office, where fans don't matter (I have crappy hearing, so fans don't bother me). If I decide to go this route, there's definitely passively cooled options out there. Netgates "desktop" like appliances (and boy howdy, they sure get a premium for them, don't they?) seem to be passively cooled all the way up till you get to the "large business" models.

What area are you located?
I'm up in Sacramento. I've got a few Noctuas in the parts box that will work, but thanks for thinking of me. I just know that I'll get heat over it regardless :p. First step is to get something together to see how I like it, and if I'm willing to go to the mat over it, I'll tackle what to use long term when the time comes. Heck, maybe prices and supply chain issues will miraculously go back to normal by then!.
 

ReturnedSword

Active Member
Jun 15, 2018
473
172
43
Santa Monica, CA
This is why I've been reluctant to try an appliance like this! ;) Its a decent sized walk in closet. But, yeah,fans may be indicated. The wife likes to not worry about if the door is closed oir not, so its usually left open. Oh, and she has bionic hearing.

Yes, I could say something like, a) we could just make sure we close the door when we go to bed, and b) but it needs a fan for cooling.

But, having been married for 28 years, I can accurately predict her response would be a) I never had to close the door before, I don't want to have to remember to close it now, because we suddenly need to have something with a fan and b) the old one didn't need a fan, I don't understand why this one needs one. Seems to me like we're sliding backwards if it needs cooling fan and the other one didn't You know, the (fill in suitable product name here) router at Best Buy, with the racing stripes and half a dozen funny shaped antennas, the one I said you should have just bought that one and be done with it, that one doesn't need a fan either. You could be back with it in a half hour and have it set up in 15 minutes more. Problem solved and no fans.
I mean, there’s nothing wrong with consumer wireless routers. They work, and besides WiFi is needed somehow as well which why I have my AC68Us dumbed down to AiMesh AP mode. Note to your son though, who I’m sure is having a pull in opinion as well, that “gaming” routers are usually just a variant of another router in the lineup, with preconfigured QoS rules for gaming. But over the lifetime of the router new games will be introduced, and QoS rules would need to be manually configured for those anyway. Those ports can be easily found on Google or the developer’s website and manually configured in any router with QoS.

The major con with consumer routers then, at least to me, is they are not as full-feature as something open source like pfSense or OPNsense. The other con depending on budget is that consumer routers can be rather expensive, at which point it’s better to run your own rolled router and have enterprise APs (even mesh ones now), that are much cheaper than buying multiple consumer routers or a consumer mesh router system for that purpose. A enterprise or enterprise-lite AP will always certainly perform much better for a large number of WiFi devices.

What parts do you have for the Q67 and Q77 system? A way to lower noise is to use bigger fans, and a bigger CPU HSF. Even a cheapie CoolerMaster Hyper 212 probably will lower noise by quite a bit. They regularly go on sale for $10-15.

I doubt it. But, honestly, I haven't finished putting anything together yet. The "test rig" was going to be in my office, where fans don't matter (I have crappy hearing, so fans don't bother me). If I decide to go this route, there's definitely passively cooled options out there. Netgates "desktop" like appliances (and boy howdy, they sure get a premium for them, don't they?) seem to be passively cooled all the way up till you get to the "large business" models.
Well, looks like this will be a weekend project for you this weekend :p

The NetGate appliances are decent, however if you look at the specs most are pretty slow as well. I’d prefer to go with a Protectli or Qotom appliance if speed of delivery is a necessity. Otherwise waiting for a Topton from China is the best way.

I ran that dual PIII Xeon on SmoothWall/m0n0wall/pfSense for many years until I decided it was too big (it was a full sized workstation). I then replaced it with a custom built Atom D525 based pfSense. That one still works, however I thought perhaps I needed more power, so I switched to the Jetway N2930 based board. I have a Topton N6005 unit on order as of now to replace the dead Jetway board. From the D525 onward, the motherboards were passively cooled (including the new Topton). I still put two Noctua 40mm fans on the D525, N2930 case “just in case.” The Topton unit I have on order has a passive heatsink case, so I’ll see how hot it gets. It probably will be ok as atom based CPUs have rather low TDP.

I just know that I'll get heat over it regardless :p. First step is to get something together to see how I like it, and if I'm willing to go to the mat over it, I'll tackle what to use long term when the time comes. Heck, maybe prices and supply chain issues will miraculously go back to normal by then!.
You can do what I do, which is to do it anyway, then have the family realize it works and there was nothing to worry about in the first place ;) This isn’t a financial decision that will break the bank or cause any life changes. The worse that can happen is you can’t figure out pfSense over the weekend just yet, and have to revert your best ASUS unit back to router mode.

To be completely honest, I’ve had my custom routers of various distro flavors for so long now that it feels really strange to revert one of the AC68Us back to router mode just to have internet. Covid issues in China causing delays for the delivery of my new Topton appliance :(
 
  • Like
Reactions: Markess