I have been using opnsense on a very cheap celeron nuc for a few years, very happy with it

I personally would flick through the OpenWRT supported devices and pick the best supported device with 802.11ax.

Fritzboxes are rock stable, and support Wireguard from FritzOS 7.5 onwards, see https://avm.de/service/vpn/wireguard-vpn-zur-fritzbox-am-computer-einrichten/

(Apparently NOT the cable versions!)

What nags me most with them is that you have no separate Firewall controll over their WiFi, and the WiFi range is not really great. So probably consider going with dedicated APs instead.

I’m very happy with my FritzBox (7590), it handles de ADSL connection to the ISP, supports various DDNS providers, Wireguard VPN, 4 port gigabit switch (5 of you don’t need the WAN port), guest WiFi with client isolation.

It also has basic media server and NAS functionality (with USB3 external hard drives).

Of course you can change the DNS server and other network controls like QOS, wake on LAN, port forwarding, different profiles with parental controls, filters, connection times, etc.

They also seem to take security seriously.

I’ve been super happy with mikrotik, currently running mikrotik hex s, and ubiquity u6-lr for wifi, have had 0 issues, no need to reboot etc. Plenty of customizing if desired. A learning curve tho if you do want to start messing around

Wireguard and DNS filtering (albeit not as fine tuned and automatic as pihole) can all be done on OpnSense

I recommend OpnSense on whatever modern low-power hardware you can get your hands on, ThinkCentre, NUC or whatever, if you are okay with a separate device for WiFi or do not need WiFi. WiFi APs can be had for as low as 20 bucks and are usually straight forward to set up, but you gotta shell out more if you want the latest and greatest connectivity.

There is also the possibility for adding WiFi directly to OpnSense but I have not even bothered touching it. If you love tinkering and suffering, that’s a route you can go.

For the love of God, if you’re going to install PfSense, just get OpnSense instead. It’s just better.

If you’re new, something like Uniquiti UniFi stack is very beginner friendly and well polished.

If you’re planning to run your own hardware, the usual recommendation seems to be pfsense or opnsense on a modern lower end system (Intel N100 box for example).

Bearing in mind that a router is only responsible for routing (think directing the packets where to go). You’d also want to have access points to provide WiFi for your wireless devices. This is where UniFi stack makes it easier because you can just choose their access point hardware and control through single controller. Whereas rolling your own you’d be looking at getting something else to fill that role.

Adding another Mikrotik recommendation with the standard warnings – a bit of a learning curve, although it has a default configuration that “just works”. If you mess something up you can just apply the default config to get back online.

Don’t buy from Amazon. For whatever reason people have problems with those units. Fakes maybe? Who knows. If you’re in the US buy from streakwave, roc-noc, ISP supplies, Double Radius, or Getic (international shipping).

The RB5009 series is very good if you want something beefier with more ports.

You haven’t mentioned what sort of access link or speed you have, that seems very relevant here.

For my 1Gbit/s fiber connection the Edgerouter 6P has been pretty good. It has an SFP port and can route 1 Gbit/s of traffic without issue and my dual-stack setup works well too.

The only significant downside is that its switching is slow, it has no hw support. So I put my NAS on a separate subnet instead so that the traffic to it can be routed instead.

I find DrayTek devices to work quite well.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

13 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.

[Thread #626 for this sub, first seen 25th Mar 2024, 09:55] [FAQ] [Full list] [Contact] [Source code]

How much bandwidth and flexibility do you want? OpenWRT is what I use on consumer hardware but many people here also swear by custom hardware with opnsense

Hi-end Xiaomi router, they have WiFi ax and enough ram and support open wrt so you can host your things on it, better yet, do DIY router on orange pi board, there’s tutorials you can follow

If you want to start small, I’d go with one supported by Asuswrt-Merlin, “a third party alternative firmware for Asus routers, with a special emphasis on tweaks and fixes rather than radical changes or collecting as many features as possible.” Keeps it close to stock with minor upgrades, and a faster release cycle for fixes. The RT-AX88U_PRO is one of the higher end routers that is supported by Merlin.

I have a mesh system made up of Asus Zenwifi ET8s, and I have been very happy with them. They have a lot of cool features, such as having a VPN server and VPN client, with the VPN client allowing me to apply the VPN to only selected devices. It has tons of customization options for those that are knowledgeable about that sort of thing. For example, I can tweak at what signal strength AP steering happens. It has WiFi 6E and 2.5 Gbps wired backhaul.

When I first got it, it was very buggy, and some features straight up didn’t work. But they eventually got all the bugs that I found fixed. It’s in a really good state right now.

To address your desired features, it does have wireguard. I don’t know about DDNS, but it does not have pihole built in. It has adguard built in, but it doesn’t really seem to do much, tbh. Then again, pihole didn’t really do anything for me either. I ended up shutting off my pihole because I didn’t even notice a difference.