I’ve been very happy with Opnsense running as a VM on both ESXi, and now Proxmox. Lots of configuration options and able to setup some complicated firewall rules easily.

I have been using opnsense on a very cheap celeron nuc for a few years, very happy with it

I use an entry level router ASUS RT-AX53U with OpenWrt. WiFi 6, IPv6, Guest VLAN, DNSCrypt (DoH), Adblock, Firewall are few things I have configured with OpenWrt.

Even if you don’t buy ASUS, make sure your router is supported by OpenWrt. It’s a Linux distribution that runs on routers and PCs to configure home networking.

How much bandwidth and flexibility do you want? OpenWRT is what I use on consumer hardware but many people here also swear by custom hardware with opnsense

I have a Unifi router, switch and four access points. My setup works fine. Stable.

I see other people from work say they get dropouts over the work VPN but I have no issues at all. I’m not saying the hardware is their cause but ISP provided all in one boxes are just that. An all in one solution.

I personally would flick through the OpenWRT supported devices and pick the best supported device with 802.11ax.

How much wifi and open-source do you really want?

If you are willing to go with commercial hardware + open source firmware (OpenWrt) you might want to check the table of hardware of OpenWrt at https://openwrt.org/toh/views/toh_available_16128_ax-wifi and https://openwrt.org/toh/views/toh_available_864_ac-wifi. One solid pick for the future might be the Netgear WAX2* line or the GL.iNet GL-MT6000. One of those models is now fully supported the others are on the way. If you don’t mind having older wifi a Netgear R7800 is solid.

For a full open-source hardware and software experience you need a more exotic brand like this https://www.banana-pi.org/en/bananapi-router/. The BananaPi BPi R3 and here is a very good option with a 4 core CPU, 2GB of RAM Wifi6 and two 2.5G SFP ports besides the 4 ethernet ports. There’s also an upcoming board the BPI-R4 with optional Wifi 7 and 10G SPF.

Both solutions will lead to OpenWRT when it comes to software, it is better than any commercial firmware but be aware that it only support wifi hardware with open-source drives such as MediaTek. While MediaTek is good and performs very well we can’t forget that the best performing wifi chips are Broadcom and they use hacks that go behind the published wifi standards and get it go a few megabytes/second faster and/or improve the range a bit.

DD-WRT is another “open-source” firmware that has a specific agreement with Broadcom to allow them to use their proprietary drivers and distribute them as blob with their firmware. While it works don’t expect compatibility with newer hardware nor a bug free solution like OpenWRT is.

There are also alternatives like OPNsense and pfSense that may make sense in some cases you most likely don’t require that. You’ve a small network and OpenWRT will provide you with a much cleaner open-source experience and also allow for all the customization you would like. Another great advantage of OpenWRT is that you’ve the ability to install 3rd party stuff in your router, you may even use qemu to virtualize stuff like your Pi-Hole on it or simply run docker containers.

I went tplink omada router, switches, and aps, very happy.

I have a Netgate 3100 that I bought used. Workes fine and at full speed with my 1000/1000Mbit connection.

I am using NanoPi R5S. I am using debian system but there is also openwrt image for it, if you are not experienced Linux admin.

Works for over a year without problems. It runs PiHole and Wireguard client on docker, ddclient, unbound and reverse proxy.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

13 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.

[Thread #626 for this sub, first seen 25th Mar 2024, 09:55] [FAQ] [Full list] [Contact] [Source code]

One more for mikrotik (I run the VM version on a small linux box).

I tested a ton of those (pf/opn-senses, VyOS, even Cisco), and noone of the free ones can handle IPv6 in a reasonable way in 2024, which is slightly bizzare. Mikrotik has some annoyances, but it’s rock solid as a router.

I don’t use its container features and instead run podman in a vm next to it. Works great.

Wireguard and DNS filtering (albeit not as fine tuned and automatic as pihole) can all be done on OpnSense

I recommend OpnSense on whatever modern low-power hardware you can get your hands on, ThinkCentre, NUC or whatever, if you are okay with a separate device for WiFi or do not need WiFi. WiFi APs can be had for as low as 20 bucks and are usually straight forward to set up, but you gotta shell out more if you want the latest and greatest connectivity.

There is also the possibility for adding WiFi directly to OpnSense but I have not even bothered touching it. If you love tinkering and suffering, that’s a route you can go.

For the love of God, if you’re going to install PfSense, just get OpnSense instead. It’s just better.