My introduction to networking
Taking the initial steps to improve my network was the spark that started my entire homelab journey. This would have been circa 2008, and I had no idea what it would lead to in the years following. I arrived in college with a computer and a fancy new Internet connection. I learned what DNS was for and supposedly I read you could even host your own content online! The problem was.. to host content online required a host, which costs money, and I was broke.
The cost-effective solution was to host it myself but when people tried to reach my public IP, the connection was dropped. My router/firewall blocked this unknown inbound traffic and I needed to fix that. And thus begins my router revolución!
Re-Using Existing Hardware
If you’re just starting out building a home lab, my first recommendation is:
Use what you have available
Many of us have either extra tech laying around or can repurpose existing hardware we already own to accomplish the job. This includes your current router/WiFi access point. The below solutions can be flashed on top of your current router to additional functionality. Check each product’s hardware compatibility page for more information. Each of these I’ve tested and has their own unique pros and cons.
Re-flashing a Consumer Router
- You likely already have a consumer router at home today
- The software is free
- You can add additional features to your existing router
- The software often improves reliability
- This software is not supported by the router manufacturer
- In some cases, it can lower the performance of the device. Often Wi-Fi speeds will not be as fast.
- At the time of writing, Wi-Fi 6 is not supported by most of the solutions
- DD-WRT – Many years ago this was the best option available and compatible with most existing routers. Today however, I would no longer recommend the solution. The documentation is dated and hasn’t been maintained exceptionally well. Most devices which can run DD-WRT can also run the software below, which in my opinion is always superior.
- FreshTomato – If your hardware is on the supported list, FreshTomato is in my opinion one of the best solutions! The UI is smooth and especially understandable for new power users while the software is very reliable. Unfortunately, it has one of the shortest supported hardware lists.
- Asuswrt-Merlin – For those with an ASUS router, this solution will feel very at home. The software is a tweak of the existing ASUS firmware that comes pre-loaded on your device. Unfortunately it adds the least amount of features and instead aims to tweak your device for just better performance. If you have an ASUS router, you will need to choose whether you need a “better stock” experience with Merlin or if you want additional features (OpenWRT).
- OpenWRT – This solution is probably the most feature-rich option that you can get from a consumer router. OpenWRT is packed with features, they have fantastic documentation, and the overall UI is easily understood (albeit I don’t feel the UI is as simple as FreshTomato). For most power users, OpenWRT is the best choice. I believe they also have the largest supported modern hardware list of the above options.
While the above software are great for repurposing an old consumer router, they’re not the best to fill the long-term reliability goal. Consumer routers are typically extremely low power and have poor cooling. They overheat and occasionally require a reboot. Eventually, you’ll want even more from your router/firewall. Instead of an “all-in-one” solution like a consumer router, it’s time to consider breaking apart your services with additional power.
It May Not Be New, But It’s New-To-You
In this section, the goal is simple: We want the absolute maximum amount of features, reliability, and ease of use at the absolute lowest possible cost. Additionally, we get to save some old hardware destined for the scrap yard!
Reduce, Reuse, Recycle!
Hopefully by now you’ve tried the consumer router solutions to dip your toe in the water. You’re beginning to feel familiar with your network and maybe even looked into some more advanced features like VLANs, QoS, etc. You recognize all the new features waiting out there for you and you just want better reliability and performance than what your consumer router can offer.
Let the hunt begin
First things first, you’ll need some hardware. For this upgrade, do the following in this order:
- Do you have any old computers laying around made in the last ~10 years?
- Is your work giving away any old PCs? Businesses often use Dell or HP small form factor (SFF) PCs, and these are perfect for router usage.
- Check Craigslist, Facebook Marketplace, or local resellers. Look for “Dell Optiplex”, “HP EliteDesk”, or “Lenovo ThinkCenter”.
- If all else fails, check eBay for any of the options listed in #3 above. The full cost of my current solution was $60 with shipping included.
What exactly are you looking for in a device?
- Google the CPU and check how much power it might draw (the CPU’s TDP numbers will tell you if it’s a power hog or not, but TDP does NOT equal the constant power draw number). Aim for a CPU with a TDP no higher than 60W. If you can find one between 30W – 50W, that’s great. Remember, this device will be on 24/7, and electricity costs aren’t going down!
- The device must have a PCI-e slot. Some smaller machines will use a “PCIE-LP”, which is a low profile PCI-e slot. It looks like a normal PCI-e slot, but is only half the size. These will typically work just fine.
- If it’s an Intel CPU, Google the model number and pull up the product page. Does it have Intel AES New Instructions (AES-NI)? If yes, this is a huge plus.
- Look up your CPU’s PassMark score. I wouldn’t recommend getting a CPU with a score lower than 2,000. Lower scores will definitely work, but leave little room for adding extra features later on. Old Core i3s and i5s are ideal, but a Pentium with hyperthreading, a Celeron with multiple cores, or a higher-end Core 2 can also work great. AMD options exist, but have significantly less support for older hardware and don’t offer AES-NI.
Unfortunately, because we’re getting used hardware and prices fluctuate, it’s impossible to recommend a go-to option here. Each homelabber’s situation will be slightly different, but that’s part of the fun!
Your machine should likely come with old DDR3 memory. I’d recommend having at least 4 GB of memory. Check your machine’s specs from the manufacturer, since some will have maximum RAM capacities.
We need an SSD, but not a big one. In most cases, you won’t use more than 5 GB of space total. Cheap SATA SSDs can be found on Amazon for less than $25. Look for brands like Kingston, Patriot, Team Group, and Lexar.
First, decide how fast your internal network needs to be. Are you transferring large amounts of data locally or are you mostly streaming from the Internet? If you have large local transfers, you may want to consider a 2.5G or 10G network card. These will obviously cost more (not just this router’s card, but you need the infrastructure to support it with switches, multi-gig clients, more powerful CPU and cooling solution). If you’re here for the budget build, a normal 1G network card will suffice for many years to come.
Now that you’ve decided on either 1G or multi-gig, head over to eBay where you’ll begin looking for old enterprise equipment. 2.5G and 10G is only just catching on in the home user space, but lucky for us, businesses have been using these cards for many years! You should be able to find a used INTEL network card with 2 or 4 ports for around $25 including shipping. Why did I emphasize Intel there? Because Intel NICs are far and away the most reliable solution. Realtek 1G NICs do exist and are often cheaper, but will cause you problems down the line in terms of reliability. Save yourself the trouble and get an Intel NIC from the start.
And in walks the *sense router!
pfSense and OPNsense are similar solutions which provide a near enterprise-level of features and support. In fact, many small businesses use these solutions today. And either software is available for the grand total of…. $0! Both products are available for users to install on their own hardware and use indefinitely without a license cost. For official technical support from the developers, you would need a paid Support plan, but homelab users can typically resolve any issues with the excellent community support via the forums.
pfSense/OPNsense – As the names might suggest, both solutions are extremely similar from a feature-set perspective. In fact, both solutions grow from the same roots, a solution called m0n0wall. While m0n0wall may no longer live today, both of these solutions have evolved to provide amazing firewall solutions. Alternatives do exist (IPFire, for example), but in my opinion fail to live up to the reliability, compatibility, and performance of the *sense solutions. With that said, which should you choose? For a full rundown, I’d recommend checking out this blog by TekLager, who discusses just about all of my thoughts: https://teklager.se/en/pfsense-vs-opnsense/
- The more popular solution in the professional space
- Historically aimed for fewer updates with a greater emphasis on reliability
- The best documentation
- Offers pfBlockerNG – a DNS adblocking solution like pihole
- Offers a better Traffic Manager experience
- Now offers a paid pfSense Plus solution. This means some features (aimed at businesses) will eventually be locked behind a paywall
- Has an extremely embarrassing corporate history, specifically in regards to their views on OPNsense and multiple community responses (Google: “pfsense drama”)
- Rapidly gaining popularity among the homelab user group
- Often aims for more frequent updates
- All features are available without a paid license
- Less documentation than pfSense, but due to the similarities in the products, the pfSense documentation can often still be helpful
Personally, I started with pfSense, but I was in a position to migrate when the pfSense WireGuard drama originated in 2021. I didn’t appreciate the pfSense response to the situation, I was worried about the future of free-pfSense with pfSense Plus looming, and so I decided to switch to OPNsense. The migration was smooth, as I had a simple network at the time. I’d recommend OPNsense, who has thus far proven to be reliable and just as feature-rich as pfSense (for the features I require).