Which Router to buy in 2023? UPDATE went with OPNsense on a firewall box.

LBJ

LBJ

n3wb
Jul 9, 2016
26
14
Looking to replace my Asus router which is no longer supported. I want a wired router and not one with WiFI. Thinking Ubiquiti Edge, but just starting to research it.

I want to avoid junk and am willing to pay a bit more to avoid junk.

Is it worth it to go the PFsense route, or is that too involved.

One consideration is I want to do OPEN VPN so I can see my cameras from far away. Dynamic DNS in the router would be nice -- maybe they all have that??

what should I buy? I have 8 cameras all wired, but the internet is also used for general home office and steaming etc.

thanks!!
 
Last edited:
LBJ said:
Looking to replace my Asus router which is no longer supported. I want a wired router and not one with WiFI. Thinking Ubiquiti Edge, but just starting to research it.

I want to avoid junk and am willing to pay a bit more to avoid junk.

Is it worth it to go the PFsense route, or is that too involved.

One consideration is I want to do OPEN VPN so I can see my cameras from far away. Dynamic DNS in the router would be nice -- maybe they all have that??

what should I buy? I have 8 cameras all wired, but the internet is also used for general home office and steaming etc.

thanks!!
Click to expand...
www.synology.com

RT6600ax | Synology Inc.

detail_RT6600ax.heading_desc
www.synology.com www.synology.com

Supports vlan and various vpn options including open vpn. They have their own free ddns service. You can disable the wifi if you wish. Pf sense will require more work on your end.
 
  • Like
Reactions: looney2ns, bigredfish, weigle2 and 1 other person
I've been using pfSense for the last few years on chinese fanless mini PCs like the ones Servethehome reviews, but I only suggest it if you have needs an Asus router won't fulfill, or if you really like to tinker and know your way around computer networks. pfSense has a LOT of features and unusual capabilities, but the setup tends to be more complex as a result. Asus is way more user-friendly, especially for VPN server configuration. So seriously consider sticking with Asus, and if you don't want to use the built-in wifi, you can always turn it off.
 
  • Like
Reactions: SpacemanSpiff, The Automation Guy, weigle2 and 3 others
Moved to pfsense too and could never go back. If you have a good networking background it's really not that bad. It's probably not much if any harder to set up and manage/maintain than the Edge. But, as above, if you don't have the background and/or you want something that's mostly plug 'n play and walks you through things, then a consumer router would be a better choice.
 
  • Like
Reactions: weigle2
I'm using PfSense also. Takes a little time in setting it up. Currently have 3 Lans (1 LAN, 1 CAM, 1 IoT). My Cam cant get out to WAN nor the other LANs. Check out Lawrence Systems youtube channel, if you are interested in PfSense.

I'm cheap and use it with a HP T610 Thin Client (no AES), with a 4 port Intel NIC card. Usually runs around 15-20% CPU with PfBlockerng and Snort, However, if you have a family of 4 or more, then it'll bog down. For a Christmas present to my brother, I Just got a HP T730 on ebay for 45.00, needs a SATA m.2 SSD (20.00), PSU (20.00) and a 4 port Intel NIC card (20.00-39.00). He's been thinking of setting one up for a couple years.
 
I use an Edge Router X and have been happy with it. So far it does what I need it to. I don't have the VPN set up, but need to look into it.

I have it set up with a segregated LAN with internet access only, my normal network, and VLAN from my Ubiquiti APs.

My network is structured like this, if it helps.

1697683196470.png
 
  • Like
  • Love
Reactions: C.S.Tech, Tim Swift, CanCuba and 1 other person
Another pfSense user here. I'll never use anything else. If there's ever a problem with setting anything up, there's always a youtube vid about it. I've gone overkill with a Xeon E3 CPU and a 10GbE backbone. Multiple VLANs, etc.
 
Yet another pfSense user here. I also would not use anything else.

I'll add that while pfSense has the feature set and capacity to do just about anything you could ever need (ie it is used in corporate environments), it really isn't hard to set up. There is also a plethora of YouTube videos and internet guides to walk even a complete beginner through how to set one up and even get into the more advanced features. I don't think it is too far of a stretch to say that pfSense has the largest amount of educational resources of ANY networking router/firewall device out there.

So I would whole heartedly recommend pfSense, even for the networking novice.

If you want plug and play, buy a Netgate device (Appliances). If you don't mind tinkering, then you can build your own device (buy hardware and install the OS yourself) for much less than Netgate sells them for.
 
I have been running pfSense for the last 3-4 years as well on a Protectli Vault at our house and love the flexibility and stability (can be a bit overwhelming at first) For clients, I often use the Ubiquiti UDRs for ease of access/manageability as well.
 
I moved from pfSense about 10 years ago due to multi wan problems, to OpenWrt, which is more involved but (I think) much more flexible in that you can build your own firmware that supports exactly the functionality you need and run it on many sub $100 routers up to an x86 VM or PC. Devices like BananaPi or NanoPi or PC's like bp2008 mentioned will also work.
But for simplicty, probably one of the Asus ones that support OpenVPN will be best, if you have a public IPv4 and not behind Carrier Grade NAT.
 
  • Like
Reactions: bp2008 and CanCuba
My NetGate pfsense SG-3100 has been rock solid for last 5 years but NetGate advised this week that it's end of life.

Their recommended replacement (2100) is a step down in performance and current exchange rate make me question where to go !!! :confused:
 
Valiant said:
My NetGate pfsense SG-3100 has been rock solid for last 5 years but NetGate advised this week that it's end of life.

Their recommended replacement (2100) is a step down in performance and current exchange rate make me question where to go !!! :confused:
Click to expand...


Have a look at OpenWrt, you can run it as a basic router/firewall or add anything to it re VPN's like OpenVPN or Wireguard on hardware much cheaper than Netgate gear. I'm not aware of anything that pfSense/BSD can offer that OpenWRT can't do and OpenWRT is still free.
 
  • Like
Reactions: kontrol, CanCuba and Valiant
Coltect said:
Have a look at OpenWrt, you can run it as a basic router/firewall or add anything to it re VPN's like OpenVPN or Wireguard on hardware much cheaper than Netgate gear. I'm not aware of anything that pfSense/BSD can offer that OpenWRT can't do and OpenWRT is still free.
Click to expand...

+1 for OpenWRT. I've almost finished my new network setup. Using OpenWRT, I'm able to balance the traffic between both my internet connections (Ubiquiti Nano and LTE) with failover to LTE in case the Nano goes down or gets over-saturated using MWAN3, throttle bandwith per IP or MAC (QoS over Nftables), set up a mesh network using old routers (as long as they can get OpenWRT on them) .

Also installed it on my other devices (including a $25 repeater so I can mesh it) to handle some IP cam stuff (cams send face captures to an external HD attachd to one of the older routers).

Now looking at getting an RPi4 to get some more horsepower and tonnes more RAM in a smaller package.

Setup can be complicated but the OpenWRT forum is very, very helpful.
 
  • Like
Reactions: Coltect
Valiant said:
My NetGate pfsense SG-3100 has been rock solid for last 5 years but NetGate advised this week that it's end of life.

Their recommended replacement (2100) is a step down in performance and current exchange rate make me question where to go !!! :confused:
Click to expand...

It has reached "End of Sale" meaning that Netgate is no longer going to sell that particular model. There is no "End of Life" with these appliances as long as the main pfSense OS is being maintained/updated. The software on the SG-3100 is exactly the same as all the other pfSense devices and it is no different than what you would get if you bought a new Netgate device. There is zero reason to replace that hardware unless it fails or you find that it isn't "powerful" enough for your network.
 
Last edited:
  • Like
Reactions: bp2008
The Automation Guy said:
It has reached "End of Sale" meaning that Netgate is no longer going to sell that particular model. There is no "End of Life" with these appliances as long as the main pfSense OS is being maintained/updated. The software on the SG-3100 is exactly the same as all the other pfSense devices and it is no different than what you would get if you bought a new Netgate device. There is zero reason to replace that hardware unless it fails or you find that it isn't "powerful" enough for your network.
Click to expand...

Thanks for your reply, l re-checked my email and the Netgate web site (with optimism) but it's EOL. My plan however is to continue using it.

From the email "This is due to FreeBSD, the underlying operating system for pfSense Plus software, no longer supporting 32-bit platforms like the Netgate 3100. "




1698145268830.png
 
  • Wow
Reactions: The Automation Guy
Valiant said:
Thanks for your reply, l re-checked my email and the Netgate web site (with optimism) but it's EOL. My plan however is to continue using it.

From the email "This is due to FreeBSD, the underlying operating system for pfSense Plus software, no longer supporting 32-bit platforms like the Netgate 3100. "




View attachment 175812
Click to expand...
Wow! Thanks for the added information. I would have never guessed that was the issue. Partly because I am shocked that Netgate was selling 32-bit only hardware in 2017 when that device was released. Honestly that is really, REALLY crappy of them. How long have 64-bit processors been the standard? I'm using a nearly 12 year old thin client (HP t610+) at my parents house and it is 64bit. (I was using the same device at my house too, but upgraded a few years ago).

I'm sorry for your situation. If I was in your shoes, there is no way I would give Netgate any more of my money. I would by a device from another vender (ideally with a 64-bit x86 chipset) and load the pfSense OS onto it. You've been running pfSense long enough to not need any "paid support" from Netgate which is really the only benefit from purchasing directly from them.

EDIT - I also think Netgear is potentially full of shit. Here is a list of supported chipsets which clearly includes the ArmV7 32 bit chipset that the 3100 uses - although it is at a lower "tier 2" support level. That being said, there are very few chipsets that were once supported, but are no longer. ....
www.freebsd.org

Platforms

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.
www.freebsd.org www.freebsd.org

Here are the 3100 specs. Netgate 3100 Security Gateway Manual — Hardware Specifications | Netgate Documentation

Edit #2 - while this linked post (SG3100 end of sale, what about software?) is a little old, it also says that Netgate tends to continue to release builds even for EOL devices. The loss of support for 32bit devices also seems to have already occurred prior to this thread based on comments in the thread. So again, it is possible that your device will continue to work and get updates for a long time. It's just that Netgate isn't going to provide any official support for it (but you are well outside your paid support window anyway, so this is really a moot point).
 
Last edited:
The Asus ax86u will allow you to create a vlan guest network. Supports most vpn.
Has ddns service. Also supports open vpn server as well as winegaurd ..
 
I'm interested in PFSense, but I would need to find some rock solid HW. The Netgate SG-1100 would likely be sufficient for my needs and speed, but I just can't see paying over $200 (by the time you add shipping costs) for a design that's more than 4 years old.

Maybe the PFSense CE version on Protectli HW. not sure yet.

anyone recommend any proven HW for PFsense CE??
 
LBJ said:
I'm interested in PFSense, but I would need to find some rock solid HW. The Netgate SG-1100 would likely be sufficient for my needs and speed, but I just can't see paying over $200 (by the time you add shipping costs) for a design that's more than 4 years old.

Maybe the PFSense CE version on Protectli HW. not sure yet.

anyone recommend any proven HW for PFsense CE??
Click to expand...

The "reliability" isn't going to come from the software, it is the hardware. Most hardware now runs fine without any issues, but it's obviously possible to get a lemon occasionally. That is going to be bad luck vs buying a device that is notoriously bad IMHO. Honestly just about any 64bit processor (Intel or AMD) is going to work fine. This is a device that will be running 24/7, so power consumption is probably something to take into account. You want a device that is powerful enough to run your network, but power efficient enough to cost the least amount of money to run.

I'm running a HP t620+ thin client at both my house and my parents house. They are 10 year old appliances that I bought used. They still working great for with pfSense. It's not what I would buy today (I'd get something newer and potentially more energy efficient too), but I have been 100% satisfied with those two purchases through the years.

If I was purchasing something today, I would:
1 - Buy used
2 - make sure it's 64bit and supports AES-NI encryption
3 - might consider something with 2.5gb ports, but honestly it will be a long time before I need that type of speed on my WAN/service provider connection. I don't have anything close to 1000/1000 internet speeds now and I am not looking to upgrade. 2.5gb ports are generally very expensive to implement right now.

Truth be told, I actually have new hardware for my house (repurposing a older Intel i5 device), but I plan on doing a wholesale change in network gear - new firewall appliance running OPNsense instead of pfSense, new switches (two switched "stacked" together), new network design scheme (different subnets, VPNs, etc), adding 10gb connections, etc, etc, etc - and it's a project I've let languish for a while. It's been on my test bed, but I was having some setup problems with my 10gb connections from the firewall to the switch that caused me to walk away at some point and I haven't gone back to correct them. As it gets colder and I am spending more time indoors, I'm sure I'll jump back onto this project.
 
If you got kids and want some easy to use lock down feature and built in vpn client try this .

Firewalla: Cybersecurity Firewall For Your Family and Business

Firewalla is an all-in-one intelligent Firewall that connects to your router and secures all of your digital things. It can protect your family and business from cyber threats, block ads, control kids' internet usage, and even protects you when you are out on public Wifi. There is no Monthly Fee.
firewalla.com firewalla.com
 
You must log in or register to reply here.
Top Bottom