Home

the FCC ruling yesterday got me thinking about my router, it’s probably due for a replacement by the time the theoretical end of firmware updates baked into that (natural evil is likely around the same time) takes effect. I’m having trouble finding good options particularly in regards to openwrt at least.

We currently use two asus rt-ax3000 routers in mesh mode. One attached to the modem because it’s in a really shitty location, and one attached to our home server. I have 3 items that need 2.4ghz for smart home automation and everything else runs 5ghz, 2 laptops phones etc.

Everything I can get in local stores isn’t supported by openwrt (neither are the current routers). Looking at using older hardware we have spare (a MacBook Pro 2012 or rpi4) seem to have a track record of underperforming. What are the recommendations for upgrades from here?

Follow up question is am I overthinking it? Would the MacBook Pro or rpi4 with a second Ethernet nic running a firewall before the routers also fix the issue of not getting security updates?

I bought this one last month when it was on sale for $39: https://www.amazon.com/dp/B0BRK3CYY3

Haven’t deployed it yet, but it’s fully supported by OpenWRT. I would only be using it as an access point, though. My router is a USFF Optiplex with an extra NIC and runs OpenWRT.

That was one of the things I was considering was whether running a router before the WiFi and then just using them as access points might be a better choice.

That’s what I’ve done for years. Makes managing things much easier, and I run multiple APs (all with the same SSID/PSK) and you can just roam to the best one. One upstairs, one downstairs, one in the weird dead zone in my office, and one on the back patio (it’s not hardwired and uses the mesh connection for uplink).

These are all old Aruba APs running OpenWRT but that’s the plan for this Cudy Model. I may pick up a few more and just replace all of my trusty but very old Arubas.

I use a 2012 Mac Mini running OPNSense. I use the Apple Thunderbolt to Ethernet adapter in addition to the built in Ethernet. You could probably do the same for the MacBook Pro. I have a separate switch and access point. It works really well. And it was cheap.

If I need to buy something off the shelf I’m looking at unifi.

I was very excited about open firmware and ran FreshTomato for a while. Eventually I decided it wasn’t reliable though (2.4Ghz wasn’t actually running on one router, occasional speed issues).

I switched to Unify and have had a great experience. Great visibility into link speed, which device is on which AP, able to SSH into each device and run iperf3, WiFiMan is a great debugging tool (which you don’t need their ecosystem to try), notifies me when the ISP is slow/down. There’s a bewildering array of hardware and it’s not cheap or always in stock, but there are some good guides around.

So, I’d like FOSS to be the right answer, but in this case I’m glad I switched to Unifi.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

[Thread #192 for this comm, first seen 25th Mar 2026, 15:50] [FAQ] [Full list] [Contact] [Source code]

I use Merlinwrt on my Asus router. They have a bit longer support and I think it’s open source. May be worth looking into.

They also list my current one as unsupported unfortunately, I think because of the Broadcom WiFi chip in it.

I have a GL-AX1800 and I’ve been happy with it; going to get another for my mum.

Opnsense any option for you instead of openwrt. I run an old hp with Intel Ethernet card and connected a unify AP to it. Works well since years

make sure to remove the battery if you use the MacBook as a server. the battery blows up like a balloon…. I’m assuming because the server install doesn’t/can’t manage the battery properly. I’ve had this happen twice.

iirc battery management is supposed to happen at a firmware level. So it hypothetically shouldn’t be effected by what os you install.

I looked into to using a laptop as a router a while back and decided against it. From what I read, the chip is designed for bursts of processing and isn’t designed to be under constant load like a router would be. That means the fan will always be running an you risk overheating, fan failure, and high power draw.

That’s my non professional recollection so take it with a grain of salt.

Looking at using older hardware we have spare (a MacBook Pro 2012 or rpi4) seem to have a track record of underperforming

In what sense?

Many open source operating systems exist that can turn a computer with multiple NIC’s into a router or can be used in place of a hardware router OS. https://distrowatch.com/search.php?ostype=All&category=Firewall&origin=All&basedon=All&notbasedon=None&desktop=No+desktop&architecture=All&package=All&rolling=All&isosize=All&netinstall=All&language=All&defaultinit=All&status=Active#simpleresults is a search on distrowatch.com that gives you a petty good list to get started.

I personally use OpnSense with a Supermicro motherboard a Xeon E3-1226 v3, and 16GB of RAM. It was all used server equipment bought on Ebay. I run Caddy, an ACME client, Intrusion Detection, Chrony, UnboundDNS, Wireguard as a VPN endpoint, and Wireguard as a client for IPv6 connectivity through Route64 because my ISP only has an IPv4 stack. For WiFi access I’m running a couple TP-Link Omada EAP-650’s with the OC200 controller using POE so I can place them in ideal locations.

Will a firewall prevent issues if the Asus devices have some sort of Spyware on them. It can but not by default. Generally firewalls are configured to stop anything coming in and let anything out. Since the RT-AX3000’s are on your internal network by default they can send data out. Something like Intrusion Detection can watch for bad things running on your network and help but you would have to set static IP’s on each one and null route them. You could also flash them to an open source firmware if you are worried but is a personal decision.

I avoid two things in networking, router modem combo devices and really cheap routers or access points. Honestly you should ask, “Why is this so cheap?” Then look at the reviews for those super cheap Chinese android tablets and computers and you should begin to understand my reasoning why.

Also used commercial grade hardware on Ebay is a great place to get a steal if you are building a homelab. Most of the time this stuff is pulled because it no longer is fast enough for a server farm and functionally obsolete. The firmware will generally be very stable and well tested. I’m running a 10Gbps fiber backbone for my network that connects my router, server, 48port ethernet switch (using 2 DAC cables), and desktop computer together.

I have a 1Gbps fiber connection and speedtest at 950Mbps while everything is up and running. The Ethernet connection at 1000Mbps is the limiting factor. A speedtest from my cell phone (S26) over WiFi I test at 680Mbps. My testing internally from my desktop to my server using openspeedtest runs around 8000Mbps.

I like my flint 2 router from GL.Inet. Uses openwrt on the back end but has a more normal interface in the frontend with the back end still accessible if you want it.

And you can install whatever firmware you want.

I’m overkill and use ubiquity but you can also use their entry level devices, I’m a fan of hardwiring the wifi points to a switch or the router itself thru poe so you don’t have to use a wifi band for the mesh.

Right now using a pfSense router, it’s been working well but I’ll eventually replace it with hardware to run OPNsense (pfSense fork) when the time comes.

If you’re mainly just worried about wireless I’d just look into something to run OpenWrt or maybe FreshTomato if you’re sticking to older hardware. I have an older Linksys wireless router that is compatible with FreshTomato firmware so it’s been running on that and works well for my own usage, nothing fancy.

Same. Got some leftover Fortinet from work that I’m using. Could be better, but my Fortigate 101E works miles better than my ISP default router. All I had to do was assign upstream wan to VLAN 10 and spoof the MAC address.

I use pf as the firewall on my server, what is the difference/reason for the opnsense fork?

Only use network gear for wireless. The hardware in client devices is not designed to work well as a AP and will perform poorly.

I would just pickup some used equipment and flash openwrt. It is relatively straight forward and should work decently well.

OpenWRT does support more recent hardware if you know what you are looking for

router modem combo devices and really cheap routers or access points.

I’ve always thought that combo devices are probably good for the average, casual internet user, but not high end, extreme users. I want the best (within reason of course) delivery mechanism that I can get to route the signal from the street to my devices. It’s worth the extra $$ to me.

agreed.

either way remove the battery.

At least for some laptops, you cannot just remove the battery. If the battery is removed, the performance may be throttled. This is true of very old MacBooks.

100%.

but $ for cpu+ram of old MacBooks makes it feasible. They are dirt cheap on ebay, and I don’t need the screen.

My bedrock server runs on a 2012mbpro. I take daily backups and have another mbp laying around when this one fails completely. The expanding battery warped the shell pretty bad, but it’s still functional.

Would the MacBook Pro or rpi4 with a second Ethernet nic running a firewall before the routers also fix the issue of not getting security updates?

No. For most routers, this provides no additional protection to the router. Your router should not be accepting connections from the WAN side that would be blocked by the firewall, but consumer routers almost always initiate connections to the WAN side, indistinguishable from normal client traffic to your firewall, and accept connections from the LAN side, invisible to your firewall. If the firewall blocks all incoming requests, it would create problems for UPNP, effectively giving you CGNAT, even if the firewall does not perform address translation.

Which hardware is recommended? Trying to search through their list a ton of it is already on old-stable and seemingly ready to be eol-d. I’m not really interested in spending on new routers playing whack a mole with security updates every 2 years. I’d rather have poor performance and a longer lifecycle versus unknown likely marginal support window.

Some standalone WAPs for WiFi and PC based router. Depends on what you are getting you can get it dirt cheap. WAP also need firmware upgrades, but it is less a problem.

I use OpnSense on a miniPC with an N100 processor. I got a decent one from HUNSN and added memory. I installed ProxMox and OpnSense runs in that along with a pihole instance and a few other services and it is really fast compared to any router I’ve had in the past.

I also use a RAM disk for OpnSense caching and logs, and anything I want to keep gets copied out to my NAS for permanent storage. That helps a lot with performance and SSD drive wear, but with memory so expensive from the LLM bubble, it might be more expensive now than a few years ago when I got mine.

Many open source operating systems exist that can turn a computer with multiple NIC’s into a router

Minor nitpick, but if you’re planning on sticking a NIC into a machine to make it a router, it’s probably more cost-effective to get a single NIC with multiple Ethernet ports than multiple NICs.

When I got whatever it was that I got new…I think an Asus device…that I used, I think that I had to order it online, and it sounds like OP was shopping brick-and-mortar. I dunno if he’d be able to find it brick-and-mortar.

This is what I was looking into recently. I just want to replace my shitty Spectrum router.

I was looking at Topton N150s on AliExpress, but $250+(tax/shipping) is terrible, with no RAM.

I saw people using the Lenovo m720q/m920q with a pcie 4 port, so I’m leaning towards that.

We’re about to get fiber in the next year or two, so I want to get something that can handle 1g up and down.

There’s a lot of options, none perfect, but none terrible.

I bough old FUJITSU Desktop (ESPRIMO D757/E90+) its ~2017 has 4 pcie. I bough cheap 3 ethernet NICs and 1 wi-fi on a maketplace/bazar and installed openWRT. Actually I installed proxmox and openWRT in a VM so that I can use that computer for other networking stuff like AdGuard, Tailscale, etc… Btw if you do this be careful which wifi you buy, not everything is easy to setup on OpenWRT.

Apple couldn’t monetize firmware so they got rid of it (probably).

Mikrotik is a great budget friendly option too. It’s pretty simple to do a standard home setup in RouterOS

https://www.xda-developers.com/why-use-opnsense-over-pfsense-dont-trust-netgate/