Choosing Between Building Yourself or Using a Ready-made Router Your thoughts welcome!
Choosing Between Building Yourself or Using a Ready-made Router Your thoughts welcome!
Hey there! I’ve been diving into 10Gbps routers and came across an interesting video. The conversation around PFsense with Unbound, DNS leaks, and similar topics kept me torn between building it myself or using a ready-made solution—like the UniFi Dream Machine Special Edition. Netgate’s prebuilt models, such as the 6100 Base PFsense, seem appealing but might look a bit dated. They could work, though they’re not the most stylish.
If you’re looking for more affordable options, there are definitely cheaper alternatives worth checking out. The original post mentioned that the Netgate 6100 supports 10Gbps but may need multiple connections due to CPU limitations. If you plan to use PFSense plus additional features, a more powerful processor would be ideal—something capable of handling IDS/IPS, fq_codel, VPN, etc. An i7-4770 might feel excessive, as speed could be the main bottleneck.
On the other hand, there’s a model from Teklager that’s not just expensive—it’s quite pricey at $2856. That’s definitely a tough choice if you’re aiming for budget. My goal is a wallet-friendly router that works well with PFsense and Unbound. I’m considering pairing it with an Ubiquity switch later, but should I get the switch first because my current setup has limited ports (most are 2)? Or should I jump straight into the router?
The main challenge here is our internet stability. We’re using an ASUS RT-AC87U as our primary router, connected via a long cable to a second router, the Technicolor TG799vac Xtream—which seems to be the source of our troubles. My wife and I are struggling with connectivity issues: she can reach my PC but not mine, and we often lose speed unexpectedly, forcing her to restart the main router.
I’m still trying to sort through all these conflicting advice and specs. Any tips on hardware needs or alternatives would be super helpful. Thanks for your help—I really appreciate it!
Thanks for the advice! That Dell model looks quite budget-friendly. How is Dell performing in terms of upgradability these days? Are they still facing any proprietary challenges? It seems like I didn’t come across a unit with the i3-7100 I found—it has an i5-8500 for 462 USD, which is likely cheaper than what I thought. Good to know it supports AES-NI, so it probably offers better performance. Ooof, makes sense why you mentioned used ConnectX3 (Mellanox if that’s the right term), but I haven’t found any in Europe. I did spot a few on Amazon US, though—they don’t ship to Sweden. I’ll add it to my watchlist. On the other hand, the Mellanox ConnectX4 looks promising but costs almost as much as the tower itself. Haha. Meanwhile, the Intel X550-T2 seems quite appealing and reasonably priced. Still, I’m puzzled about the price range—222 USD up to 902 USD (all figures converted from SEK).
Both routers are configured for routing. If neither is set to access point mode, you risk forming two distinct networks, with one router acting as a second gateway, which can block access to other devices. Before purchasing new equipment, switch both devices to access point mode (disable the built-in router feature) and lower the antenna power. Stick to 5 GHz for both access points, or choose autochannel selection, or assign separate channels to each. Concerning unbound, this is intriguing—consider running a full day or several days of IP address caching. I tend to keep caches longer without major problems, and there’s a command to refresh just a specific zone, which functions similarly to refreshing a domain name or website. If after weeks or months a site fails to connect to the correct IP, you can update only that DNS entry while preserving the rest of your cache. I find it useful to use a local device for domain resolution, reducing reliance on multiple internet services. Unbound is great because any PC can be set up with it; just need an operating system (any of the main four) and possibly a virtual machine if Linux isn’t used. VirtualBox simplifies bridged networking—select the appropriate option in the VM network adapter settings. This lets one PC have two separate IP addresses. You could run a Linux VM with unbound installed to serve as the DNS server for that network. Just set your router to use the IP address of the virtual machine as the DNS, and it will work for all connected devices. Another option is pi-hole, which makes monitoring blocked websites easy. Any device can be configured with it, and you can block unwanted sites in a browser list. You can pair pi-hole with unbound, and the pi-hole guide explains this process. This approach not only enables unbound DNS but also helps limit unnecessary network connections, conserving bandwidth. Using pi-hole as the upstream DNS provider with unbound checks the cache and then queries root servers.
We attempted to switch between Bridge mode and access point settings. I don’t recall specific steps, but one option involved inserting the cable into an unexpected port instead of the WAN slot, causing complete internet loss. We spent nearly a week trying to resolve this issue before finally connecting it normally. It was quite a learning curve—I had no idea what caching meant. I’m familiar with virtual machines and know their purpose, but I wasn’t sure how to operate one. I didn’t realize any operating system could run Unbound, thinking it was exclusive to PFSense. The Pi-hole concept seemed the simplest and least complicated, possibly the most affordable, but I wondered if it would match PFSense’s security level. It turned out we had a lot to explore, making this project more complex than it initially appeared.
Sorry for the delayed response; I've been occupied with a sick child. $400 felt reasonable at first, but prices here in Sweden are quite high these days. I’d have to postpone buying anything for this project until we need to purchase medicine. - We Swedes face consequences for ordering from AliExpress or similar sites due to high fees and import taxes meant to boost local purchases. I checked AliExpress just to compare prices, but it mostly listed spare parts. Maybe I was looking in the wrong places, as you suggested. I’m patient; my budget restricts me from acting quickly, haha. Thanks for your guidance on AliExpress. If the deal is substantial enough, perhaps the fees are worth it. There’s no harm in exploring, after all.
An access point provides wireless capability and connects via a wired uplink to the broader network. Bridged mode is also referred to as passthrough. This setup is ideal because it turns off routing, letting you avoid a separate network segment. You might want to consider connecting the upstream Ethernet cable directly to the LAN port instead of using the wide area network. This could clarify what the software is trying to achieve. Since routing isn’t active, you shouldn’t configure the device to rely on a wide area link. Instead, aim for local integration within your network. In terms of DNS caching, without it, your browser will repeatedly ask the server to resolve domain names for websites you visit every few minutes. This behavior is controlled by the web server, and you generally can’t influence it. You can improve privacy by caching (storing locally) the IP address or DNS results. Even if a server forces a DNS lookup, local caching prevents unnecessary trips. If you configure your network’s DNS server to be unbound, lookups will occur locally, keeping traffic within your network and enhancing privacy while reducing repeated requests. Pi-hole works best on Linux but can run on any OS, including virtual machines. Oracle offers open-source Virtualbox, which lets you install Linux-like environments easily. A key adjustment after launching a VM is to change network settings—rather than installing Pi-hole, enable IP networking in view settings, type “dns” and press Enter in the filter box. This filters out unnecessary data about websites loading on your machine. You’ll need to install it per device or set up Pi-hole on a PC, Linux VM, or virtual machine. Switching the adapter from native to bridged lets you assign a specific IP for DNS resolution. Pi-hole itself doesn’t act as a firewall; it simply filters DNS queries to block or allow traffic based on your rules. PF/Opnsense provides pfblocker-NG for similar functionality. Studying these tools in a virtual environment with bridged networking is an effective learning approach.
For a homemade fix, new Atom C3758 firewall units have just hit the market. Check out this one: https://www.amazon.com/KETUOPU-Firewall-...B0CR4BFHZ3. Its core matches Netgate products (same CPU as the Netgate 8200). Since the C3000 line is an older generation, it offers great value now. A key advantage of the C-series compared to older Core chips is its compatibility with Intel QuickAssist, which OPNsense and pfSense back.
With limited gigabit connectivity, investing in a 10gb switch makes little sense. A 10gb switch will allow your devices to communicate at 10gb rates without needing extra upgrades. Your router should match your internet speed for optimal performance. For full customization and ongoing learning, building from scratch is ideal—just upgrade the NIC later if needed. If simplicity is key, the Dream Machine Pro SE offers a straightforward setup with plug-and-play functionality. I previously used pfSense but moved to the Dream Machine Pro SE for better centralized network management. It also provides a cleaner design with fewer components like a single access point and a ceiling-mounted router.