Time to assemble a new router

[DogsofJune]

I recently switched to Google fiber and immediately I had an issue with my current router. The Nighthawk R6700 would max out at 560 Mbps.
With the install I got two free Nest Pro's and am currently using them for wireless in the house and all my boxes in the "computer" room running through a gigabit switch.

I feel nekkid tho on the webs. My Plex server runs 24/7.

I looked at consumer routers to meet gigabit speeds, but damn on those prices. So I thought to build a OPNsense box.

Parts I have on hand, Intel 12400, Asus rog strix B660i and 16 gig of ddr4 4800 and an Inland 1 gig nvme.

The board has an Intel 2.5gb nic and wifi6.
I'm not worried yet about setting up wireless just now, but really want to get my boxes that are wired behind something a bit more than the "Nest".
My network skills are barely enough to get by. But I can learn, but type your answers slowly.


I assume I'll need another nic for the build, assuming I can use the onboard one, or perhaps look into a 2.5gb dual port? Suggestions on which non Chinese knock off Intel nic to look for?

Thoughts, suggestions?

And yes, the build is overkill, but it's in my possession already and needs a purpose.

 

[kydsid]

Skip 2.5g, go 10g. Intel X520 or X710. Get a switch with at least one 10g port to be the network core for connecting devices and APs

 

[Vermillion]

If you're going to do it, do it right. Pay the money for the dual port Intel NIC and be done. You'll be a lot happier you did.

That's also a lot of machine for OPNsense as you admitted. It'll be a lot of noise and power (and cost) for not a lot of work.

 

[DogsofJune]

Yup, considered 10gb, seems wise. I think I have found a dual port Intel x520. Hopefully not chinese knockoffs. Hard to discern legit equipment with unknown to me dealers.

It's not very loud at all.in the Lian Li Dan A4 with a noctua heatsink and fan tucked in the basement where the fiber comes in. Wattage at the wall is minimal and I can trim it back a bit in the bios.
To lazy to score a 12400T of some celery and replace

 

[ochadd]

Considered a virtualized setup for Plex + router? If you're going to have a 12400 up 24/7, might try to make better use of it. I don't know much about Plex or OPNsense specifically. I can say my quad core Haswell generation Xeon w/ Hyper-V does fine with a 500 mbps symmetrical connection routed via a PFsense VM, plus two more VMs for a Server 2022 file server and Blue Iris NVR. I use an onboard Intel gigabit NIC for the dedicated WAN and a 2.5 GB Trendnet NIC for the LAN. I get 280 MBps through it on the LAN side up and down, 2.2 gigabit.

 

[OFaceSIG]

I recently switched to Google fiber and immediately I had an issue with my current router. The Nighthawk R6700 would max out at 560 Mbps.
With the install I got two free Nest Pro's and am currently using them for wireless in the house and all my boxes in the "computer" room running through a gigabit switch.

I feel nekkid tho on the webs. My Plex server runs 24/7.

I looked at consumer routers to meet gigabit speeds, but damn on those prices. So I thought to build a OPNsense box.

Parts I have on hand, Intel 12400, Asus rog strix B660i and 16 gig of ddr4 4800 and an Inland 1 gig nvme.

The board has an Intel 2.5gb nic and wifi6.
I'm not worried yet about setting up wireless just now, but really want to get my boxes that are wired behind something a bit more than the "Nest".
My network skills are barely enough to get by. But I can learn, but type your answers slowly.


I assume I'll need another nic for the build, assuming I can use the onboard one, or perhaps look into a 2.5gb dual port? Suggestions on which non Chinese knock off Intel nic to look for?

Thoughts, suggestions?

And yes, the build is overkill, but it's in my possession already and needs a purpose.

Your Spidey senses are correct. A pfsense is what I would recommend over OPsense but they will both work. Dont' go crazy with the hardware. My pfsense is on an Intel 7100T and it's only a dual core and it's NEVER maxed out. It idles the vast majority of the time. It hosts VPN, vlans, firewall rules, you name it. Never sweats. Also you most certainly do not need 16GB. I have 4GB on mine and it never uses more than 1.5GB.

Skip 2.5g, go 10g. Intel X520 or X710. Get a switch with at least one 10g port to be the network core for connecting devices and APs

Nowadays skiping 2.5 is ill-advised. MANY fiber terminals and cable modems output > 1Gbps because many of them are actually provisioned above 1Gbps. A 10Gbps WITH multigig capability like 2.5Gbps is the way to go for your uplink port. An Intel like the x550 will be fine. If you go with a 1/10 unit only, then you're hard capped at 1Gbps when your speed may actually be 1.2 or 1.3.

 

[SamirD]

So if you've got that type of hardware, I would look at virtualizing the router under proxmox and then having another windows vm that you rdp into. This way, you get to still use it as a PC for some stuff (knowing that if you take the system down you take the network down) as well as have a good router. I'd just get another 2.5Gb card at this time. You'll be able to upgrade to more later if you need it.

 

[DogsofJune]

So if you've got that type of hardware, I would look at virtualizing the router under proxmox and then having another windows vm that you rdp into. This way, you get to still use it as a PC for some stuff (knowing that if you take the system down you take the network down) as well as have a good router. I'd just get another 2.5Gb card at this time. You'll be able to upgrade to more later if you need it.

I am considering this route as well. It may double for NAS duty. The router and some better security than the Google Nest Pro offers is my primary concern.

 

[DogsofJune]

Your Spidey senses are correct. A pfsense is what I would recommend over OPsense but they will both work. Dont' go crazy with the hardware. My pfsense is on an Intel 7100T and it's only a dual core and it's NEVER maxed out. It idles the vast majority of the time. It hosts VPN, vlans, firewall rules, you name it. Never sweats. Also you most certainly do not need 16GB. I have 4GB on mine and it never uses more than 1.5GB.


Nowadays skiping 2.5 is ill-advised. MANY fiber terminals and cable modems output > 1Gbps because many of them are actually provisioned above 1Gbps. A 10Gbps WITH multigig capability like 2.5Gbps is the way to go for your uplink port. An Intel like the x550 will be fine. If you go with a 1/10 unit only, then you're hard capped at 1Gbps when your speed may actually be 1.2 or 1.3.

I was aiming for the OPNsense over pfsense due to some questionable internet discussions over pfsense antics.

 

[OFaceSIG]

I was aiming for the OPNsense over pfsense due to some questionable internet discussions over pfsense antics.

I've run Pfsense personally and professionally for at least a decade. I've had no issues with their support or performance.

 

[ochadd]

I am considering this route as well. It may double for NAS duty. The router and some better security than the Google Nest Pro offers is my primary concern.

Something to consider when deciding what hypervisor to use, any operating system really. How comfortable are you troubleshooting it when things go sideways? I've regretted every free OS server I've ever deployed. Being easy and cheap to deploy is only part of it. They work for years then one day you walk in and drives aren't showing up, there's corruption in a file system, network performance is terrible, the GUI management interface isn't working anymore. You might not know where to start. I've had all of those things happen to me w/ FreeBSD, OpenSolaris, and Linux based systems. It's not the operating system's fault that I'm an idiot without the skillset needed to administer it long term. Long winded way to say that I'd consider Windows Server 2022 and Hyper-V as your hypervisor even if it costs a little, if Windows is the only operating system you regularly use.

I have a many terabyte FreeNAS machine running in the next room and PFsense at home. I don't follow my own advice but future me will be pissed some day.

 

[SamirD]

I am considering this route as well. It may double for NAS duty. The router and some better security than the Google Nest Pro offers is my primary concern.

That would be a solid setup! Truenas and router.

 

[SamirD]

Something to consider when deciding what hypervisor to use, any operating system really. How comfortable are you troubleshooting it when things go sideways? I've regretted every free OS server I've ever deployed. Being easy and cheap to deploy is only part of it. They work for years then one day you walk in and drives aren't showing up, there's corruption in a file system, network performance is terrible, the GUI management interface isn't working anymore. You might not know where to start. I've had all of those things happen to me w/ FreeBSD, OpenSolaris, and Linux based systems. It's not the operating system's fault that I'm an idiot without the skillset needed to administer it long term. Long winded way to say that I'd consider Windows Server 2022 and Hyper-V as your hypervisor even if it costs a little, if Windows is the only operating system you regularly use.

I have a many terabyte FreeNAS machine running in the next room and PFsense at home. I don't follow my own advice but future me will be pissed some day.

This is something I looked into extensively before deciding on proxmox. Mind you I haven't even set it up yet, but of all of them it fit the bill for what I needed especially since upgrades which cause problems aren't forced down your throat. Virtualizing at its core isn't trivial but it does eek out a lot more work out of the same hardware hence why its done.

 

[DogsofJune]

Something to consider when deciding what hypervisor to use, any operating system really. How comfortable are you troubleshooting it when things go sideways? I've regretted every free OS server I've ever deployed. Being easy and cheap to deploy is only part of it. They work for years then one day you walk in and drives aren't showing up, there's corruption in a file system, network performance is terrible, the GUI management interface isn't working anymore. You might not know where to start. I've had all of those things happen to me w/ FreeBSD, OpenSolaris, and Linux based systems. It's not the operating system's fault that I'm an idiot without the skillset needed to administer it long term. Long winded way to say that I'd consider Windows Server 2022 and Hyper-V as your hypervisor even if it costs a little, if Windows is the only operating system you regularly use.

I have a many terabyte FreeNAS machine running in the next room and PFsense at home. I don't follow my own advice but future me will be pissed some day.

I will not say that by any means I am proficient, in any OS, but I have had many a Linux box over the years. I completely understand what scenario you mention. My favorite box runs Manjaro and see's lots of gaming action, when I have time.
I will look into a Windows variation tho. I'd like to set up something, and leave it.

Proxmox looks intriguing

 

[Meeho]

I was aiming for the OPNsense over pfsense due to some questionable internet discussions over pfsense antics.

Same reason I chose OPNsense. Been running it for several years and I'm very happy with it. Pfsense is a good product and you won't go wrong we either one, but I don't like supporting shitty companies.

 

[Cypher-]

For what it's worth I just redid my home setup about a month ago and decided to make TrueNAS a virtual machine as well as move from pfSense to OPNsense and virtualize that too. It has been fine for the last few weeks but wouldn't you know it today I woke up and everything was down. Turns out the server (a Dell R730) crashed with a CPU1 machine check error.

Now I've thought about all of this extensively and was prepared for whatever may happen. Thankfully all I needed was a reboot and everything was back online but even if it was some sort of catastrophic hardware failure I have four identical machines CPU / memory wise. I have backups of my HBA, my NIC, everything except the GPU for transcoding which I can do without. Please make sure if you go this route that you have a plan for stuff going wrong. Granted your hardware is much newer so you should be OK but you never know. It's never fun when your entire house is offline and you need to wait for parts to fix it.

 

[SamirD]

...but I don't like supporting shitty companies.

That's how I feel about bad countries...

 

[DogsofJune]

It's never fun when your entire house is offline and you need to wait for parts to fix it.

So true, but at least I have the Google Nest WiFi Pro goober to fall back on so the kids have Disney.

Anyone have a link to a decent nic? Either I come up with items that cost more than the consumer routers, or it's labeled as "Intel" or Intel like..... Microcenter in KC doesn't have any 10gb stuff, let alone dual port nics

 

[MrGuvernment]

That would be a solid setup! Truenas and router.

Just do not rely on Truenas virtualized if you have critical data and no backup plan (yes it can be done if one "must" do it)., on desktop gear, to be as good as it can be on proper gear, and you would now likely want a bit more memory if you want better performance.

Personally, just get a 2nd NIC, (intel based) and install OPNsense / pfsense and leave it at that. You want your router to be up and running and not be affected by anything else. Oh changed a Hypervisor setting and got to reboot, OH internet is down..

Your VM your testing on your system does something weird and hangs the whole thing some how, OH, internet is down....

You dont need a windows box to RDP into, if you need your network access to your home set up OpenVPN or Wireguard and done.

Now take your old router, turn it to AP mode and use that for your wireless access - bam done! If you wanted to get real fancy, sure, get a managed switch and do vlans, 10Gb is nice, and a way to go vs stop gap 2.5/5Gb switches and gear but know most older hear like Brocade ICX switches only work at 1Gb or 10Gb, no in between. (https://forums.servethehome.com/ind...s-cheap-powerful-10gbe-40gbe-switching.21107/)

Think long term, how long do you need this to last? May be you get a new Ubiquiti switch with 10Gb and 2.5 support..

 

[MrGuvernment]

For what it's worth I just redid my home setup about a month ago and decided to make TrueNAS a virtual machine as well as move from pfSense to OPNsense and virtualize that too. It has been fine for the last few weeks but wouldn't you know it today I woke up and everything was down. Turns out the server (a Dell R730) crashed with a CPU1 machine check error.

Now I've thought about all of this extensively and was prepared for whatever may happen. Thankfully all I needed was a reboot and everything was back online but even if it was some sort of catastrophic hardware failure I have four identical machines CPU / memory wise. I have backups of my HBA, my NIC, everything except the GPU for transcoding which I can do without. Please make sure if you go this route that you have a plan for stuff going wrong. Granted your hardware is much newer so you should be OK but you never know. It's never fun when your entire house is offline and you need to wait for parts to fix it.

Newer hardware sure, but not server grade either, and as you noted, even that can go wrong and it is meant to run 24/7.

Knock on wood my HP SFF i5 6500 Pfsense box has been solid (with a Intel X520 in it).

I know virtualization sounds great and it is good to consolidate things for less space and power, but I guess i dont like the idea of all your eggs in one server...let my router be my router and nothing else..... TrueNAS if anything,. let it be physical and the use the VM ability with in it, to do virtualization, why the other way around... TrueNAS Core (Bhyve) and SCALE (KVM) are both solid hypervisors.

 

[MrGuvernment]

So true, but at least I have the Google Nest WiFi Pro goober to fall back on so the kids have Disney.

Anyone have a link to a decent nic? Either I come up with items that cost more than the consumer routers, or it's labeled as "Intel" or Intel like..... Microcenter in KC doesn't have any 10gb stuff, let alone dual port nics

Get used on Ebay.

Chelsio is top tier (T520 or up) if your thinking 10Gb, followed by Intel X520 line and up. When buying i buy only from North American sellers and i look for ones who tend to sell server stuff in general.

some notes
https://www.truenas.com/community/r...ide-some-tips-for-not-getting-ripped-off.176/

For DAC's and such, if not fs.com , 10gTek has been solid for me as well and I have mostly their DAC's at home
https://www.amazon.ca/stores/10Gtek/page/7758DD55-C587-421A-8C4C-1B3ABD7F8DFF?ref_=ast_bln

 

[Cypher-]

Newer hardware sure, but not server grade either, and as you noted, even that can go wrong and it is meant to run 24/7.

Knock on wood my HP SFF i5 6500 Pfsense box has been solid (with a Intel X520 in it).

I know virtualization sounds great and it is good to consolidate things for less space and power, but I guess i dont like the idea of all your eggs in one server...let my router be my router and nothing else..... TrueNAS if anything,. let it be physical and the use the VM ability with in it, to do virtualization, why the other way around... TrueNAS Core (Bhyve) and SCALE (KVM) are both solid hypervisors.

Honestly I completely agree with you and ran this way for years. TrueNAS on its own machine, pfSense on another, and a third for Proxmox. The only reason I decided to virtualize everything is I'm bringing in a ton of storage and whatever power I've saved from shutting down the other two severs is already being used again. Even before this I liked to joke that my hobby is my power bill. I figured I'd try to make it a bit better.

Get used on Ebay.

Chelsio is top tier (T520 or up) if your thinking 10Gb, followed by Intel X520 line and up. When buying i buy only from North American sellers and i look for ones who tend to sell server stuff in general.

some notes
https://www.truenas.com/community/r...ide-some-tips-for-not-getting-ripped-off.176/

For DAC's and such, if not fs.com , 10gTek has been solid for me as well and I have mostly their DAC's at home
https://www.amazon.ca/stores/10Gtek/page/7758DD55-C587-421A-8C4C-1B3ABD7F8DFF?ref_=ast_bln

I'll second all of this. I had a Chelsio card in my pfSense box and all of my cabling has come from fs.com.

 

[Meeho]

Honestly I completely agree with you and ran this way for years. TrueNAS on its own machine, pfSense on another, and a third for Proxmox. The only reason I decided to virtualize everything is I'm bringing in a ton of storage and whatever power I've saved from shutting down the other two severs is already being used again. Even before this I liked to joke that my hobby is my power bill. I figured I'd try to make it a bit better.

Just make sure to pass the storage controllers to TrueNAS, don't run it on virtualized storage.

 

[Keljian]

There is no point upgrading to 10gig if you're not going 10 gig for the foreseeable future.

Also, you don't need UTM on a home connection if you keep your devices up to date. If you are running servers and so forth, IDS/IPS may be of value, but it doesn't sound like you are.

I think you're overcomplicating and setting something up that will be a bear to maintain.

Consider either a firewalla gold or mikrotik RB5009 - both will serve 1gb+ without issues.

 

[Dopamin3]

Parts I have on hand, Intel 12400, Asus rog strix B660i and 16 gig of ddr4 4800 and an Inland 1 gig nvme.

And yes, the build is overkill, but it's in my possession already and needs a purpose.

Oh boy, you're not just looking at a firewall and I think you realize why. It would be a tragedy for that level of hardware to run any firewall platform baremetal.

You should look into running a hypervisor (e.g. Proxmox, XCP-ng, VMware ESXi, etc...) and virtualize OPNsense. Use the built in motherboard NIC for management of the hypervisor (and bridge to other VMs/LXCs) then grab a dual port NIC for the OPNsense VM. You have two options for using the NIC- you can either do PCIe passthrough and directly present the network card to your VM, or create virtual network bridges on the hypervisor host. The ability to snapshot your OPNsense VM before making big changes or upgrades is fantastic. I just changed from baremetal OPNsense to virtualized in Proxmox and I regret not having done it sooner. ServeTheHome has a great guide on doing passthrough on Proxmox.

Despite many people who will say to avoid Realtek NICs, if you just enable the OPNsense plugin os-realtek-re it will use the Realtek driver, not the one provided from FreeBSD and it will work fine. This is assuming you directly pass it through (or run it baremetal), otherwise in a bridge scenario make sure the hypervisor supports Realtek. Proxmox will work with the right driver but I'm unfamiliar with others if you bridge instead of passthrough. You can find dual port 2.5GbE Realtek NICs all over the place that are VERY inexpensive and brand new, usually in the ~$30 - $40 range. If you would prefer to go Intel, make sure you get the X550-T2 as it supports NBASE-T whereas the X520-T2 only supports 10GbE/1GbE.

 

[DogsofJune]

Resorting to Ebay and found this

 

[Dopamin3]

Resorting to Ebay and found this

No NBASE-T support so only 10GbE/1GbE/100Mb: https://ark.intel.com/content/www/u...thernet-converged-network-adapter-x540t2.html

 

[SamirD]

some notes
https://www.truenas.com/community/r...ide-some-tips-for-not-getting-ripped-off.176/

That truenas guide is gold. Learned and confirmed a few things I've observed. Thank you for sharing!

 

[SamirD]

Resorting to Ebay and found this

ime if you're going to buy new, the price at a b2b retailer like CDW, Provantage, Connection, etc will have similar prices. If not, the ebay listing is fakes.

Ebay is good for used ime, but you really have to look carefully. Back a few years ago when I was looking for some Intel PCI-X dual port server cards, everything listed Intel was fake. Even Dell branded ones had fakes. I finally settled on the HP branded one as there were very few used sellers and they were getting rid of them in bulk. You may need to resort to such tactics.

 

[Meeho]

Consider either a firewalla gold or mikrotik RB5009 - both will serve 1gb+ without issues.

Mikrotik is pain in the ass to set up and manage compared to OPN/pfsense, and lacks many features. I haven't used Firewalla, but IIRC it's app based, which should be an immediate disqualifier for anyone but the most basic user.

 

[Keljian]

Mikrotik is pain in the ass to set up and manage compared to OPN/pfsense, and lacks many features. I haven't used Firewalla, but IIRC it's app based, which should be an immediate disqualifier for anyone but the most basic user.

Ok so Firewalla is not (only) app based. And Mikrotik is easy if you know a little about networks.

 

[Meeho]

Ok so Firewalla is not (only) app based. And Mikrotik is easy if you know a little about networks.

Requres app login for the additional web interface.

Networking knowledge doesn't help with RouterOS interface quirks or missing features.

 

[Keljian]

Requres app login for the additional web interface.

Networking knowledge doesn't help with RouterOS interface quirks or missing features.

Please let us all know what you mean rather than being cryptic

 

[Meeho]

Please let us all know what you mean rather than being cryptic

It wasn't my intention. RouterOS idiosyncrasies are widely known and sort of meme at this point. It's very convoluted and has its peculiar way of doing things that will have one hunt for forum posts and line commands/scripts far too often. As for missing features, very limited secure DNS support, slow Wireguard adoption, no dynamic white/blackist support, no dyndns services support...are some of the first that come to mind.

 

[Keljian]

It wasn't my intention. RouterOS idiosyncrasies are widely known and sort of meme at this point. It's very convoluted and has its peculiar way of doing things that will have one hunt for forum posts and line commands/scripts far too often. As for missing features, very limited secure DNS support, slow Wireguard adoption, no dynamic white/blackist support, no dyndns services support...are some of the first that come to mind.

I never had to hunt for how to do things. I found routeros to be straightforward.

It has wireguard now, so speed of adoption is of no consequence.

RouterOS is what it says on the tin, router, not UTM device.

 

[Meeho]

It has wireguard now, so speed of adoption is of no consequence.

It was of consequence for the years it wasn't available.

RouterOS is what it says on the tin, router, not UTM device.

Those are basic firewall/router features.

 

[Keljian]

It was of consequence for the years it wasn't available.

Those are basic firewall/router features.

have you ever worked with a Cisco before?

 

[kydsid]

It was of consequence for the years it wasn't available.

Those are basic firewall/router features.

And? PFsense and OPNsense are both firewall's also in their default form. Both need plugins or upgrade to capture next-gen firewall or UTM features.

The OP wants an overkill router on Hardforum. So be it, this is the place for overkill. Merakai isn't overkill in this space imho and neither are pf/opn in default form. The OP already admitted they will have to learn things. Hasn't even got to the point of a dual nic and worrying about the software.

Although OP it would be wise to work on what software you are running. OPN/PF and almost any roll your own, has proclivities for what NIC work well and are stable. Cart vs Horse issue.

 

[DogsofJune]

Trust me, I'm doing my research. This thread has helped me so far with what equipment and nomenclature I should even look for.

I'm excited to explore this new territory personally. I'm interested in learning something new.

I'm probably going to DL and explore both Pfsense and OPNsense and see what I'll be dealing with until I get the rest of my hardware.

 

[Dopamin3]

Trying to stay on a budget for the NIC, rather than buy used enterprise hardware, here are the two NICs you should consider (or similar). Both of these support 2.5GbE/1GbE:
1)Realtek RTL8125B based dual 2.5GbE NICs such as 1, 2, 3 , etc... I outlined in my previous post how Realtek will work fine.
2)QNAP QXG-2G2T-I225 based on Intel i225-LM. This NIC doesn't have issues like the early revisions of the i225-V if you start researching and it's less expensive than X550 NICs.

You will likely never need >2.5GbE on your WAN side, and this doesn't stop you from still doing 10GbE or higher on a LAN level with the appropriate switch. If you get serious with VLANs and still want that speed between networks you can get a proper L3 managed switch to bypass the using your firewall as a "router on a stick"

I would never encourage someone to use pfSense unless they're already on it. OPNsense has feature parity (minus pfBlockerNG) and I'll quote myself from a previous post.

Netgate/pfSense are childish and rushed a garbage tier wireguard kernel module and actually publicly released it on pfSense 2.5. The original developer of m0n0wall (the software from which pfSense originally forked from) recommends to use OPNsense.

I would not support Netgate for the reasons above.