I know you are half-joking but that does not help me. For now I am sticking with Mikrotik because they strike a good balance between hackability and good UX but they can definitely be better. I guess one day it’ll be pfSense + addons then.
That’s very easy to accept, problem with trying to decipher Mikrotik is whether you get the best value for your money and time. Investing 3 hours a few years ago did not enlighten me one bit and did not help with my problem at all.
I’d be 100% okay with them if $time_invested was directly correlated to $results_achieved. But it’s not.
Well, it really depends on what your intended use is, doesn’t it? I have used Mikrotik so extensively that my time investment has paid off multiple times. The platform uniquely combines great software with great hardware at great prices. I am saying this as someone who had to use sub-par Mikrotik software and hardware for years. Now with RouterOS maturity and ARM processors I have almost everything I could wish for.
To give you an idea, the scripts I copy to every physical or virtual router currently consist of over 30,000 characters; highly optimized for brevity and comment-free. I have tens of ultra-optimized firewall rules. In the past, I used Mikrotik for things as diverse as wireless LAN connection of remote office locations, and workstation access that depended on mobile phone presence. Sky is the limit.
Your use-case will inevitably be different. Your time may be better spent elsewhere. However, if there is something simple I can help with, feel free to PM me.
I have an age old Ubiquiti EdgeRouter X that I used to run on their 1.10 branch until I got IPv6 connectivity at home last year. That didn’t work with their firmware at all, so I flashed OpenWrt on it, which was a little adventure in itself. But with OpenWrt it has been rock solid and IPv6 works flawlessly. Looks like there’s some more hacking on the horizon, though, w.r.t the latest OpenWrt: migrating to 24.10 requires some extra stuff
I have a Unifi Dream Machine Pro. Separate access points for wifi. I have had it for some years so now there are some good cheaper alternatives like the Unifi Gateway Max and others.
There are also compo units (router/wifi) like Dream Router 7 and UniFi Express 7 if you want that.
I like Ubiquitis Unifi equipment as it easy to use and manly just works and they keep improving. Their routers now has Wireguard support as well (most of them at least) so I don´t need to set that up separatly (my nerves wireguard box is no longer needed where I run Unifi ). Its not as customizable and hackable as other things mentioned here, but it works very well for my needs.
I do enjoy hacking and customizing on devices and setups but I have noticed when it come to the network side that is no lenger where I want to spend my time and attention. Enough of it goes to side projects and my self hosted services. I guess you have to choose your battles.
I do like the seperation between router and access point as it makes it possible to upgrade them independently.
For my internet provider internet access, I use a GPON from Intelbras model Onu R1 in bridge mode, I use it instead of the modem/router provided by my internet provider since theirs sucks (it wouldn’t even allow me to put it in bridge mode).
For the Firewall, I use a small minipc with a Intel J4125 with Pfsense installed.
And finally, for the router/mesh I use the Netgear Orbi Pro wifi 6, pretty good router IMO allowing you to setup vlans etc.
All things regarding VPN, security, etc I configure directly in Pfsense.
). Its not as customizable and hackable as other things mentioned here, but it works very well for my needs.
