I have been using opnsense on a very cheap celeron nuc for a few years, very happy with it

If you’re new, something like Uniquiti UniFi stack is very beginner friendly and well polished.

If you’re planning to run your own hardware, the usual recommendation seems to be pfsense or opnsense on a modern lower end system (Intel N100 box for example).

Bearing in mind that a router is only responsible for routing (think directing the packets where to go). You’d also want to have access points to provide WiFi for your wireless devices. This is where UniFi stack makes it easier because you can just choose their access point hardware and control through single controller. Whereas rolling your own you’d be looking at getting something else to fill that role.

Fritzboxes are rock stable, and support Wireguard from FritzOS 7.5 onwards, see https://avm.de/service/vpn/wireguard-vpn-zur-fritzbox-am-computer-einrichten/

(Apparently NOT the cable versions!)

What nags me most with them is that you have no separate Firewall controll over their WiFi, and the WiFi range is not really great. So probably consider going with dedicated APs instead.

Wireguard and DNS filtering (albeit not as fine tuned and automatic as pihole) can all be done on OpnSense

I recommend OpnSense on whatever modern low-power hardware you can get your hands on, ThinkCentre, NUC or whatever, if you are okay with a separate device for WiFi or do not need WiFi. WiFi APs can be had for as low as 20 bucks and are usually straight forward to set up, but you gotta shell out more if you want the latest and greatest connectivity.

There is also the possibility for adding WiFi directly to OpnSense but I have not even bothered touching it. If you love tinkering and suffering, that’s a route you can go.

For the love of God, if you’re going to install PfSense, just get OpnSense instead. It’s just better.

I’m very happy with my FritzBox (7590), it handles de ADSL connection to the ISP, supports various DDNS providers, Wireguard VPN, 4 port gigabit switch (5 of you don’t need the WAN port), guest WiFi with client isolation.

It also has basic media server and NAS functionality (with USB3 external hard drives).

Of course you can change the DNS server and other network controls like QOS, wake on LAN, port forwarding, different profiles with parental controls, filters, connection times, etc.

They also seem to take security seriously.

I personally would flick through the OpenWRT supported devices and pick the best supported device with 802.11ax.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

5 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.

[Thread #626 for this sub, first seen 25th Mar 2024, 09:55] [FAQ] [Full list] [Contact] [Source code]