My Linksys router died this morning - fortunately, I had a spare Netgear one laying around, but manually replacing all DHCP reservations (security cameras, user devices, network devices, specific IoT devices) and port forwarding options was a tedious pain. I needed a quick solution; my job is remote, so I factory reset the Netgear (I wasn’t sure what settings were already on it) and applied the most important settings to get the job done.
I’m looking for recommendations for either a more mature setup, backup solution, or another solution. Currently, my internet is provided from an AT&T ONT, which has almost everything disabled (DHCP included), and was passing through to my Linksys router. This acted as the router and DHCP server, and provided a direct connection to an 8-port switch, which split off into devices, 2 more routers acting as access points (one for the other side of the house, one for the separated garage, DHCP disabled on both).
If going the route of a backup solution, is it feasible to install OpenWRT on all of my devices, with the expectation that I can do some sort of automated backups of all settings and configurations, and restore in case of a router dying?
If going the route of a smarter solution, I’m not sure what to consider, so I’d love to hear some input. I think having so many devices using DHCP reservations might not be the way to go, but it’s the best way I’ve been able to provide organization and structure to my growing collection of network devices.
If going with a more mature setup, I’m not sure what to consider for a fair ballpark budget / group of devices for a home network. I’ve been eyeing the Ubiquiti Cloud Gateway + 3 APs for a while (to replace my current 1 router / 2 routers-in-AP-mode setup), but am wondering if the selfhosted community has any better recommendations.
I’m happy to provide more information - I understand that selfhosting / home network setup is not a one-size-fits-all.
Edit: Forgot to mention! Another minor gripe I have is that my current 1 router / 2 routers-as-AP solution isn’t meshed, so my devices have to be aware of all 3 networks as I walk across my property. It’s a pain that I know can be solved with buying dedicated access points (…right?), but I’d like to know other’s experiences with this, either with OpenWRT, or other network solutions!
Edit 2: Thanks for the suggestions and discussion everybody, I appreciate hearing everybody’s recommendations and different approaches. I think I’m leaning towards the Ubiquiti UCG Ultra and a few Ubiquiti APs, they seem to cover my needs well. If in a few years that bites me in the ass, I think my next choices will be Mikrotik, OPNsense, or OpenWRT.
$150 fanless N100 pc with 4x2.5gbps from aliexpress and install OPNsense on it.
This is the correct answer for the selfhosted crowd
I would not recommend unifi for a mature solution. It sure works nice as a glass panel, but it will get limiting if you will have a desire to hack around your network. Their APs are solid, though, it’s just the USG/Dream machine that I wouldn’t recommend.
Mikrotik software is very capable and hackable and you can run it in a vm if you feel like bringing your own hardware.
Another vote for Mikrotik, but only if you’re technical-minded and want to learn how routers work. One of the things I like the most about it is the ability to import/export the router config as plain text. That makes it very easy to do things like bulk-editing (I have a lot of IOT devices I need to configure), storing your config in version control for safe-keeping etc.
Yup, I have a Mikrotik and love it. I haven’t fully explored the possibilities, but so far I have:
- DNS server - traffic to my NAS uses my domain name, but everything stays on my network (so I get TLS, without hitting the internet)
- VLANs - haven’t fully configured yet, but I’m working on segmenting my network based on access needs; I currently have two SSIDs I’m playing with
- Ubiquiti AP - absolutely solid, though running the server is really annoying, especially since the machine it’s on is only connected via WiFi (so I have to drag the AP down every time I need to re-pair it if I break my wifi)
If you want a professional setup but don’t want to pay a ton, Mikrotik w/ Ubiquiti AP is affordable and very capable. All in, I think I spent $70 on the router and $100 on the AP, so $170 for an “enterprise grade” network. I’m planning to upgrade the AP soon, and it’s nice to not have to reconfigure the router, I’ll just add the AP, configure in the software, then remove the old AP.
I have a pretty decent background in networking - I spent a few years in a network technician position and finished up my CCNA training while I was doing that work. I’ll have to look into Mikrotik, I’ve never actually heard of that brand, thanks for the recommendation
I run Opnsense on a Proxmox VM (I followed this guide). I’m quite pleased with it. Opnsense is probably going to be more secure than any consumer router firmware, but you’re going to have to make a bigger upfront investment in hardware. I had never used Opnsense prior to using this system, and the fact that I’m running it on Proxmox is a huge benefit. If I’m ever about to do anything I’m unsure of, I can snapshot the VM in Proxmox. If my router config breaks as a result of my tinkering, I can easily restore from the snapshot.
Thanks for the link, I’ll have to look into running OPNsense on my Proxmox cluster. I’ve been holding off on buying a new server, having a server just for my networking VMs might be a good solution, thanks!
If you’re looking for a more mature networking setup, I would definitely recommend splitting up your router, switch and AP duties into separate devices. It gives you the most flexibility for when you want to tinker or change things.
For a main router setup, I would recommend OpnSense. It’s has a cloud backup feature which allows you to automatically backup the configuration to a Google Drive xml file whenever it is changed.
The XML config file stores all your leases so you don’t have to worry about reassigning DHCP reservations. If you load the config onto a new system, like for an upgrade or if the router hardware fails, usually you just have to change the interface mappings and you’re good to go.
As far as APs/switches, I would recommend Unifi or Mikrotik. Unifi has a fancy dashboard you can use to adopt new equipment and restore/change configs from, but I find Mikrotik easier and simpler to backup and I like that i dont have to host a controller to make config changes.
I’ll have to look into Mikrotik APs. I have a Mikrotik router and a Ubiquiti AP, and the Unifi SW is annoying (I’ve had to set it up twice now). I’ll need to upgrade my AP soon, so if Mikrotik makes a good AP, I might just go that route (and now’s a good time because I’m running cable and am annoyed at my AP being passive PoE).
Yeah, I definitely agree with splitting it up. Until lately, I haven’t been able to justify the cost of replacing my whole setup. But at the rate that my routers/routers-as-APs seem to die (maybe one every 18 months), it’s enough of a nuisance that I’ll just spend some money and do it the “right” way
If going the route of a backup solution, is it feasible to install OpenWRT on all of my devices, with the expectation that I can do some sort of automated backups of all settings and configurations, and restore in case of a router dying?
My two cents: use a “full” computer as your router (with either something like OPNsense or any “regular” linux distro if you don’t need the GUI) and OpenWRT on your access points.
Unless you use the GUI and backup/restore the configuration (as you would with proprietary firmwares), OpenWRT is frankly a pain to configure and deploy. At the moment I’m building custom images for all my devices, but (next time™) I’m gonna ditch all that, get an x86 router and just manually manage OpenWRT on my wifi APs (I only have two and they both have the same relatively straightforward config).
It’s a pain that I know can be solved with buying dedicated access points (…right?)
Routers and access points are just computers with network interfaces (there may be level-2-only APs, but honestly I’ve never heard of any)… most probably your issue is that the firmware of your “routers as access points” doesn’t want to be configured as a dumb AP.
Good points. It’s strange to me to think of routers and APs as just computers, or things that can be run off of a mini-PC or some kind of raspberry pi, but it seems like it’s entirely feasible to build up your network with those.
If going the route of a backup solution, is it feasible to install OpenWRT on all of my devices, with the expectation that I can do some sort of automated backups of all settings and configurations, and restore in case of a router dying?
That’s what I do. Every device runs OpenWRT except my ONT. Backing up is just a cron script that calls each one and pulls the config.
For my router, I ended up buying an old Barracuda LoadBalancer 340 and installing OpenWRT (it’s an x86 device so it was super easy). It’s a little over-powered for a router, but the price was right. It’s got more than enough spare resources to run some extra stuff, including Docker, so I’m probably going to throw my PiHole container on there since I haven’t been impressed with AdGuard Home (which is available in the repos).
And if you go for an old Barracuda unit like I did, the default BIOS password is
bcndk1
I’m not very experienced with OpenWRT - how sensitive is it to device changes? If your Barracuda dies tomorrow, do you have to purchase the same brand / model, or could you slap your saved config onto a similar device? Is there some sort of device compatibility to consider?
The barracuda I have is
basicallyan x64 board in a 1U half-depth case with two extra network adapters (3 total including the onboard one). I have two of them: one’s running OpenWRT (my router) and the other vanilla Debian.So if my router one dies, I can just either pull the drive from it or restore a config backup to another suitable PC that has two NICs (or promote the second unit I have).
The config in openwrt is abstracted. So if the hardware and NICs are totally different, you might need to reconfigure the device names in the config so they’re referencing the right NICs, but everything else should “just work” (e.g. WAN and LAN are just arbitrary labels).
Oh, that’s really nice. The more I hear about OpenWRT and OPNsense being so well supported, the more I lean towards those as my solution
I almost went with OPNsense (having previously used pfSense), but everything else was already on OpenWRT so I decided to keep things consistent. OPNsense is a solid choice, too.
I used to use OpenWRT on various devices, but two years ago I got a UDM-Pro, a USW-16-POE, and a few Unifi APs and cameras. I run pi-hole on the UDM-Pro. I have no complaints. It is more expensive than piecing it all together using OpenWRT and some Raspberry PIs, but way easier.
No issues or anything so far with the Unifi devices? That’s good to hear. Do you have any third-party integrations with your Unifi devices, or is it as locked of an ecosystem as I’ve read others say? I don’t think I’d mind taking the plunge, as long as it has good customer service and support.
I do not know what you mean by third-party integrations. I do not use any cloud stuff, Ubiquiti’s or otherwise.
As for backup, you can also buy a e.g. Lenovo M920q minipc, buy a pci-e riser, buy a dual port ethernet card, set up Proxmox, set up an pfSense (or OpenWRT, or OPNsense) VM inside, pass-through the ethernet card directly to the VM. The VM is very backupable, since you just copy the VM state and save it somewhere. This would only work for the router though, since the AP’s that’d be running OpenWRT wouldn’t be VMs. This is at the cost of having to deal with an additional layer for the VMs.
I guess the problem you’re asking about in regards in regards to cross-device portability of a backed up config is valid. If you had a four ETH port router, backed up the config, and then uploaded it on a two ETH port router, you’d run into trouble, but I have no experience here.
You can also install OpenWrt on some switches these days (PoE also reportedly works with realtek-poe module):
- https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875/
- https://openwrt.org/toh/views/toh_standard_all?dataflt[Device+Type*~]=Switch
That way you’d have a fully open OpenWRT-only network lab, so you’d always be working with the same system.
deleted by creator
I have the att bgw-320 as well. Very excited for when the hardware for the bypass comes around.
I tried using the IP passthrough setup on it, but it ended up causing all sorts of slowdowns that I had troubles diagnosing. I was using the nanopi r4s with a WiFi AP when I had this issue. Make sure to look into compatibility with ATTs IP passthrough is not total passthrough so you might have to dig into the details to make sure it all works together.
My setup is smaller, but when my venerable old router died about a year ago, I acquired an Asus TUF-AX3000_V2 where I installed FreshTomato. One can login via SSH and dump all settings for backup. Likewise, individual or all settings can be done on the command line instead of the GUI. I have a script on my computer that reads CSV files with MAC addresses and more to apply changes in an automated way.
As a fellow ONT haver, you should find out if you have XGS or G-PON fiber and just stand up an opnsense box/VM as your router.
Can also check out the 8311 discord!
Currently I have a WAS-110 connected via SFP NIC to a Proxmox VM running opnsense. That has SR-IOV for my physical ports and other VMs and then a nice WAP for wifi6e.
That way you don’t get vendor locked into anything on the Ubiquiti/Ruckus side of things
Oh, very interesting. Yeah, I hate this AT&T ONT - I hate the idea of my ISP owning or providing any equipment. I was under the assumption that there weren’t good alternatives for the ONT, and that I was stuck with the AT&T-provided one, since fiber is relatively newer. Seems much easier for them to lock you into using their device. Thanks for the link!
My pleasure! If you have GPON (1Gbps and less), it is easy to just masquerade as the BGW320 without the hardware from what I know. Again, would check out the discord to find out what you need.
Mikrotik all the way. But prepare yourself for a nice steep learning curve, but now that om past that i sware by it. Super fast and infinity configurable. The entire router configuration can be exported as a txt file and imported in seconds so if it breaks just get a new one and load up your config and you are good to go. Also the forums are a gold mine of information. What i love the most is just how fast it is. Setting take effect instantly. Also means it is extremely fast to lock yourself out of not careful. Again, steep learning curve but really good after that.
Edit: Forgot to mention! Another minor gripe I have is that my current 1 router / 2 routers-as-AP solution isn’t meshed, so my devices have to be aware of all 3 networks as I walk across my property. It’s a pain that I know can be solved with buying dedicated access points (…right?), but I’d like to know other’s experiences with this, either with OpenWRT, or other network solutions!
This works very well with OpenWRT on each AP and/or router device by using the same ESSID and password combo on each of them, enabling WLAN roaming and also 802.11r Fast Transition to allow your mobile devices to hand-off quickly from one AP to another as signal strength levels demand. With this enabled you keep the same IP address, and even SSH sessions don’t drop when you move from one AP to another, it all happens in the background. As far as the end-user is concerned it is all just one big happy wifi network.
802.11r is not mesh, that’s a separate thing but and you can do it with OpenWRT too. I don’t need to because I have ethernet to all my APs, so all the RF bandwidth is available for the last leg from AP to device(s), and not being used by back-haul from AP to AP through to the router as well.
In your use case I would consider grouping devices into categories and having a different wifi network for each category with the dhcp and firewall rules set accordingly.
VLANs on the ethernet-side might also be useful, but it sounds like most of your devices are on WiFi, so it might well be possible to get a “mature” setup without needing that extra complexity.
As others have said, backing these settings up and restoring them to a new device in the case of hardware failure is generally straightforward. Care is needed when replacing the broken device with a new one because of naming conventions varying from device to device, but the network logic, and things like dhcp reservations can be carried over.
I haven’t seen it mentioned it yet, Firewalla. I I’ve been running the Gold version myself for a couple of years now and it’s been great.
I believe it was founded by ex-cisco engineers.
This is paired with Unifi switches/AP’s.