My Linksys router died this morning - fortunately, I had a spare Netgear one laying around, but manually replacing all DHCP reservations (security cameras, user devices, network devices, specific IoT devices) and port forwarding options was a tedious pain. I needed a quick solution; my job is remote, so I factory reset the Netgear (I wasn’t sure what settings were already on it) and applied the most important settings to get the job done.
I’m looking for recommendations for either a more mature setup, backup solution, or another solution. Currently, my internet is provided from an AT&T ONT, which has almost everything disabled (DHCP included), and was passing through to my Linksys router. This acted as the router and DHCP server, and provided a direct connection to an 8-port switch, which split off into devices, 2 more routers acting as access points (one for the other side of the house, one for the separated garage, DHCP disabled on both).
If going the route of a backup solution, is it feasible to install OpenWRT on all of my devices, with the expectation that I can do some sort of automated backups of all settings and configurations, and restore in case of a router dying?
If going the route of a smarter solution, I’m not sure what to consider, so I’d love to hear some input. I think having so many devices using DHCP reservations might not be the way to go, but it’s the best way I’ve been able to provide organization and structure to my growing collection of network devices.
If going with a more mature setup, I’m not sure what to consider for a fair ballpark budget / group of devices for a home network. I’ve been eyeing the Ubiquiti Cloud Gateway + 3 APs for a while (to replace my current 1 router / 2 routers-in-AP-mode setup), but am wondering if the selfhosted community has any better recommendations.
I’m happy to provide more information - I understand that selfhosting / home network setup is not a one-size-fits-all.
Edit: Forgot to mention! Another minor gripe I have is that my current 1 router / 2 routers-as-AP solution isn’t meshed, so my devices have to be aware of all 3 networks as I walk across my property. It’s a pain that I know can be solved with buying dedicated access points (…right?), but I’d like to know other’s experiences with this, either with OpenWRT, or other network solutions!
You must log in or register to comment.
$150 fanless N100 pc with 4x2.5gbps from aliexpress and install OPNsense on it.
This is the correct answer for the selfhosted crowd
I would not recommend unifi for a mature solution. It sure works nice as a glass panel, but it will get limiting if you will have a desire to hack around your network. Their APs are solid, though, it’s just the USG/Dream machine that I wouldn’t recommend.
Mikrotik software is very capable and hackable and you can run it in a vm if you feel like bringing your own hardware.
Another vote for Mikrotik, but only if you’re technical-minded and want to learn how routers work. One of the things I like the most about it is the ability to import/export the router config as plain text. That makes it very easy to do things like bulk-editing (I have a lot of IOT devices I need to configure), storing your config in version control for safe-keeping etc.
If you’re looking for a more mature networking setup, I would definitely recommend splitting up your router, switch and AP duties into separate devices. It gives you the most flexibility for when you want to tinker or change things.
For a main router setup, I would recommend OpnSense. It’s has a cloud backup feature which allows you to automatically backup the configuration to a Google Drive xml file whenever it is changed.
The XML config file stores all your leases so you don’t have to worry about reassigning DHCP reservations. If you load the config onto a new system, like for an upgrade or if the router hardware fails, usually you just have to change the interface mappings and you’re good to go.
As far as APs/switches, I would recommend Unifi or Mikrotik. Unifi has a fancy dashboard you can use to adopt new equipment and restore/change configs from, but I find Mikrotik easier and simpler to backup and I like that i dont have to host a controller to make config changes.
If going the route of a backup solution, is it feasible to install OpenWRT on all of my devices, with the expectation that I can do some sort of automated backups of all settings and configurations, and restore in case of a router dying?
That’s what I do. Every device runs OpenWRT except my ONT. Backing up is just a cron script that calls each one and pulls the config.
For my router, I ended up buying an old Barracuda LoadBalancer 340 and installing OpenWRT (it’s an x86 device so it was super easy). It’s a little over-powered for a router, but the price was right. It’s got more than enough spare resources to run some extra stuff, including Docker, so I’m probably going to throw my PiHole container on there since I haven’t been impressed with AdGuard Home (which is available in the repos).
And if you go for an old Barracuda unit like I did, the default BIOS password is
bcndk1I’m not very experienced with OpenWRT - how sensitive is it to device changes? If your Barracuda dies tomorrow, do you have to purchase the same brand / model, or could you slap your saved config onto a similar device? Is there some sort of device compatibility to consider?
The barracuda I have is
basicallyan x64 board in a 1U half-depth case with two extra network adapters (3 total including the onboard one). I have two of them: one’s running OpenWRT (my router) and the other vanilla Debian.So if my router one dies, I can just either pull the drive from it or restore a config backup to another suitable PC that has two NICs (or promote the second unit I have).
The config in openwrt is abstracted. So if the hardware and NICs are totally different, you might need to reconfigure the device names in the config so they’re referencing the right NICs, but everything else should “just work” (e.g. WAN and LAN are just arbitrary labels).
It is somewhat sensitive, at least wireless device names, network/switch setup, MAC addresses and LED/ GPIO settings are going to be different - almost always (and this list is far from complete).
Usually what I do is I take the config and merge it manually (Beyond Compare), to the default config of a new unit, that way I can adjust the interfaces and other details.
To be fair I only do this because I tend to deploy OpenWRT on customers quite a lot and something I don’t have a config for some specific hardware already done. A router is basically a fridge, it should last a long time and even if you’ve to manually configure everything it won’t be much of an issue 5 or 10 years later.
Unifi gear is super great value-wise. Their support is lacking, but their equipment is pretty easy to deal with.
UCG is great and cheap.
UDM Pro is more flexible / future proof but also more expensive. (you get POE, and access to the rest of their suite, but that access also comes with some hardware lockin)
They don’t do custom DNS, so a couple of PIE holes or a DNS service are prudent.
This is what I did after running consumer Linksys and ASUS routers, including with OpenWRT.
I moved to a Unifi setup and haven’t had any issues. I can manage it remotely if I need to, like another household member needs something changed or fixed. I’ve never had to restart it to fix an issue, it just works.
Easy upgrades without having to replace the entire setup and move settings over manually. Especially easy wireless upgrades, almost just plug and play replacing the old access point antenna.
And if you need just a small setup and you run a home server you can run the management software on there instead of something like their dedicated Cloud Key device.
hell it’s almost worth it just for the Suricata IDS/Blocking :)
BTW you CAN do DNS in a unifi gateway. It just requires making dnsmasq entries through shell. Perfect solution? No. But it gets you there with no additional hardware.
I run Opnsense on a Proxmox VM (I followed this guide). I’m quite pleased with it. Opnsense is probably going to be more secure than any consumer router firmware, and you’re going to have to make a bigger upfront investment in hardware. I had never used Opnsense prior to using this system, and the fact that I’m running it on Proxmox is a huge benefit. If I’m ever about to do anything I’m unsure of, I can snapshot the VM in Proxmox. If my router config breaks as a result of my tinkering, I can easily restore from the snapshot.
I used to use OpenWRT on various devices, but two years ago I got a UDM-Pro, a USW-16-POE, and a few Unifi APs and cameras. I run pi-hole on the UDM-Pro. I have no complaints. It is more expensive than piecing it all together using OpenWRT and some Raspberry PIs, but way easier.
No issues or anything so far with the Unifi devices? That’s good to hear. Do you have any third-party integrations with your Unifi devices, or is it as locked of an ecosystem as I’ve read others say? I don’t think I’d mind taking the plunge, as long as it has good customer service and support.
Be prepared to be hostage of their cloud services… Unifi was all cool until they introduced the Cloud Key and a few other things.
Can’t you just not use their cloud services? It makes you create an account for setup, but once setup was done I never touched it.
I do not know what you mean by third-party integrations. I do not use any cloud stuff, Ubiquiti’s or otherwise.
As a fellow ONT haver, you should find out if you have XGS or G-PON fiber and just stand up an opnsense box/VM as your router.
Can also check out the 8311 discord!
Currently I have a WAS-110 connected via SFP NIC to a Proxmox VM running opnsense. That has SR-IOV for my physical ports and other VMs and then a nice WAP for wifi6e.
That way you don’t get vendor locked into anything on the Ubiquiti/Ruckus side of things
I have the att bgw-320 as well. Very excited for when the hardware for the bypass comes around.
I tried using the IP passthrough setup on it, but it ended up causing all sorts of slowdowns that I had troubles diagnosing. I was using the nanopi r4s with a WiFi AP when I had this issue. Make sure to look into compatibility with ATTs IP passthrough is not total passthrough so you might have to dig into the details to make sure it all works together.
My setup is smaller, but when my venerable old router died about a year ago, I acquired an Asus TUF-AX3000_V2 where I installed FreshTomato. One can login via SSH and dump all settings for backup. Likewise, individual or all settings can be done on the command line instead of the GUI. I have a script on my computer that reads CSV files with MAC addresses and more to apply changes in an automated way.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network DNS Domain Name Service/System IP Internet Protocol IoT Internet of Things for device controllers NAS Network-Attached Storage PiHole Network-wide ad-blocker (DNS sinkhole) PoE Power over Ethernet SBC Single-Board Computer SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL Unifi Ubiquiti WiFi hardware brand VPN Virtual Private Network
13 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.
[Thread #921 for this sub, first seen 14th Aug 2024, 19:05] [FAQ] [Full list] [Contact] [Source code]
I’m spoiled now. I prefer ubiquiti equipment for my network, security camera, and even door access.
However, if you prefer completely open source I can recommend opnsense and openwrt. Personally I prefer a single point of configuration… So all ubiquiti for me… It makes it easy to restore a complete network configuration as you are discovering is a pain.
Maybe start with the new cloud gateway max as a router if you are interested.
