Best and most stable wifi routers right now

Grebuloner

Gawd
Joined
Jul 31, 2009
Messages
965
Build your own router, buy enterprise-level wifi APs.

I needed to replace/upgrade from my dying Asus router a few years ago and couldn't find anything that worked for me. Did some research and went for a pfSense build with a Unifi nanoHD AP. Best decision I've ever made. It's very fast, much more secure, especially with far longer support windows on the hardware (technically, pfSense is forever) and snort/pfBlockerNG packages, and you can tweak to your heart's content plus even more addons to make things better.

Great thing about separate router/AP units is that if your house is appropriately wired (or you're willing), you can put the AP(s) in the best location while the router sits wherever the modem is.
 
D

Deleted member 12106

Guest
I run pfsense at the edge on one of these w/ 8gb ram: https://www.supermicro.com/en/products/system/1U/5018/SYS-5018A-FTN4.cfm that also has cellular failover and battery backup. It runs Suricata/PFblockerNG/DNS Resolver. Added my lists from pi-hole to it.
Have a 24port HP gbe switch (for now) behind it. Drooling on one of these: https://www.netgear.com/support/product/XS724EM.aspx HP Switch is also on battery backup
From there, unifi covers wireless and they all support AC, some are outside as well and they can wirelessly connect/mesh to each other. Most of these are also on battery backup.
Internal DNS is handled by Windows Active Directory(both DCs point to the PFBox)

For PFSense, can use a low power PC for pfsense, or if you want to help support dev can get one of these: https://store.netgate.com/pfSense/SG-1100.aspx Note: this will not allow snort/IDS packages. Next suggestion would be this: https://store.netgate.com/pfSense/SG-2100.aspx (this with support is on my 'no care about the cost list')
Next up after this would be something like this: https://protectli.com/ , i3/i5 is possible with the 6 port version.
Qotom makes some hardware: https://www.amazon.com/QOTOM-celeron-Processor-Fanless-pfSense/dp/B082X39JLH
Full DIY: Dell SFFs with an i3 or i5 would run literally everything, can drop in a quad port intel nic.

At this time, I've not found an off the shelf router I like do to wanting updates. PFSense is always updated even when your hardware is ancient. Have a few ASUS routers with merlin firmware(openwrt based), one is used as a bridge ATM and never any issues.

Untangle is another router distro I like and had played with from v5-v9, they do have some neat modules and even a home use license which grants access to most packages(low cost). Researched Sophos hard but seems to be CPU hungry and Dev really needs more QA/Code review. SQL injection...not OK. Untangle and Sophos would work on x86 hardware like shared above.

I think it really depends on the specific use case, internet connection speed/type and how many clients are behind it. If you want just raw router the asus units with merlin are hard to beat.

If you want off the shelf/easy then would look at the netgear nighthawk routers.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,936
scobar dead on!
For me it was just using a PCEngines APU2 4GB with 3x 1GB nics - https://pcengines.ch/apu2.htm,

Total package was about $230 CAD shipped couple years ago when I got it, low power usage, small and could handle anything! Sold it recently though as i needed to add 10GB SFP+ to my network.

Untangle I ran long time ago and did enjoy the GUI for what it could do, but you def. want decent hardware to run it.
 
D

Deleted member 12106

Guest
I had looked hard at those PCEngines a few years back but they seemed underpowered? IDK. I was going to do untangle but the home license does not allow IDS and there were some features on PF I wanted to play with.
OPNSense would be another distro to look at.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,936
For PFSense they are more than enough, most people can still run PFSense on an old Core 2 Duo. When it gets slow is if you want to ruin Snort and other things on your pfsense. I ran pfblocker and had a 600mbps download speed and about 15 devices total on the network and it ran fine.
 

sphinx99

Gawd
Joined
Dec 23, 2006
Messages
922
Can someone recommend a guide to pfsense hardware that calls out what kind of hardware is needed to sustain what kind of throughput with different features in play? My somewhat lay-person's understanding is that I would need one level of hardware for say 1Gbps basic routing; perhaps more if I overlay some QoS and/or filtering; perhaps yet more if I overlay VPN... while expecting to maintain the same bandwidth. If this is correct, what I am looking for is a guide to what kind of throughput can the expected (for a set of commonly used feature-combos) for some different sets of hardware.

I'd like to set something up over the winter holidays and optimize it, but most of the hardware I have is going to be too power hungry and physically large so I'd like to get a better feel for what an optimized setup would be.

(My ideal would be minimal compromise up to 1Gbps up/down to WAN)
 

Grebuloner

Gawd
Joined
Jul 31, 2009
Messages
965
Official Netgate guide

Start there. Basically, without VPN, anything will do fine as long as you meet the storage/ram requirements of the add-on packages. VPN is a nonstarter without a CPU that supports AES-NI, and you should check to see if your preferred method is single or multithread (OpenVPN is single). You'll also need to add at least 1GB to your memory requirements for a tmp/var folder ramdisk (avoids wearing out an SSD or let's a HDD stay off longer)

My personal system runs donuts around my 250mb connection (cpu/mb/ram was a $100 combo on fleabay awhile back):
Haswell i3 4370
B85 motherboard
8 GB ram (typically 50% used plus a ram drive)
Not garbage cheap SSD
Intel i350-t4v2 nic

Packages: VPN, Snort, pfBlockerNG, some minor tools
 
Top