I am planning to eventually build my own home server, and when I do I will hook it up via ethernet. But I do want to switch away from the generic FIOS router and use my own for more control over my data and security. Any recommendations?
I am planning to eventually build my own home server, and when I do I will hook it up via ethernet. But I do want to switch away from the generic FIOS router and use my own for more control over my data and security. Any recommendations?
If you want the full control use https://opnsense.org/ on a mini pc or in a VM on your home server.
Can this work with the “off the shelf” mesh routers.
No, off the shelf routers are usually ARM and opnsense is x86 only.
…or MIPS…
Removed by mod
You could buy a $300 consumer router and it would be worse than just using an old PC with OPNsense.
Except that the old PC is probably less efficient at a lower clock than an AR based consumer router. You’ll get more performance and features, but it will be more expensive to run.
I guess if you live in a place where electricity is super expensive this will matter. A good majority of self-hosted people don’t seem to care much as they have server racks full of old hardware.
The Fujitsu Futro S720 consumes about 6 Watts and it’s great for OPNsense!
Please don’t host a router on a Hypervisor VM. That does not benefit security. First of all a router is an integral part of the (home) network, therefore it should not be dependent on anything, like a hypervisor. You want to be able to replace or update your server/ hypervisor independently from each other, for example in 5 hrs your router might be still rocking all data, but you would want to upgrade your home server / hypervisor. Furthermore all those OpenWRT, PFsense, OpenSense kernel/ OS hardening is more effective on the hardware itself, especially all RAM/ Memory based security measures. Also if you truly want to be more secure, you use dedicated hardware for multiple reasons, performance is dedicated to only routing/ firewall processing (no other service/ VM can block or slow down packet processing), reducing the attack surface (less software, less attack surface), easier to update.