First, a hardware question. I’m looking for a computer to use as a… router? Louis calls it a router but it’s a computer that is upstream of my whole network and has two ethernet ports. And suggestions on this? Ideal amount or RAM? Ideal processor/speed? I have fiber internet, 10 gbps up and 10 gbps down, so I’m willing to spend a little more on higher bandwidth components. I’m assuming I won’t need a GPU.
Anyways, has anyone had a chance to look at his guide? It’s accompanied by two youtube videos that are about 7 hours each.
I don’t expect to do everything in his guide. I’d like to be able to VPN into my home network and SSH into some of my projects, use Immich, check out Plex or similar, and set up a NAS. Maybe other stuff after that but those are my main interests.
Any advice/links for a beginner are more than welcome.
Edit: thanks for all the info, lots of good stuff here. OpenWRT seems to be the most frequently recommended thing here so I’m looking into that now. Unfortunately my current router/AP (Asus AX6600) is not supported. I was hoping to not have to replace it, it was kinda pricey, I got it when I upgraded to fiber since it can do 6.6gbps. I’m currently looking into devices I can put upstream of my current hardware but I might have to bite the bullet and replace it.
Edit 2: This is looking pretty good right now.
Removed by mod
First, thanks everyone for all the info, glad I posted. It’s a lot to go through.
OpenWRT is the most frequently recommended thing here, and my router is not supported. I somewhat recently purchased my router (Asus AX6600) when I switched to fiber due to its high bandwidth and I’d prefer to not replace it. I’ll look around and see what options I have for putting a separate device upstream of my current hardware and if that doesn’t work out then maybe I’ll replace my current router.
I see that you can install openwrt on a switch. Would it make sense to put a switch with openwrt upstream of my current router/AP?
Edit: dang there’s only 1 switch supported by openwrt that has 10 gbps ports (ZyXEL XGS1250-12)
You can install OpenWRT on tons of hardware, or any generic PC. I’d suggest that over *sense distros any day because it’s just more user friendly.
Just glancing through that guide:
OPNsense instead of Pfsense, because pfsense is going to rugpull, it’s just a matter of time. I wouldn’t trust the twats that run it farther than I could throw them because they’re pretty silly people. Rossman suggests exactly this in the intro to the router section, he would change if he hadn’t been using it for a decade already. Unfortunately, a lot of this guide is focussed on how to do it via pfsense and if you’re brand new, you’re going to have to figure out how to do it in OPNsense yourself.
Wireguard/Tailscale instead of openvpn. Faster and way easier to set up. Don’t even try to set up a full LAN routed VPN, just use Tailscale for the services you want. And use it for everything and everyone instead of punching holes in the firewall.
He’s definitely right about mailcow; if you’re reading that guide for information, you are not a person that should be self-hosting email.
TLDR, the developers of pfSense are not the nicest people sometimes. If this bothers you, consider checking out OPNsense.
So first the author is arguing around on the router section that you should not buy a cheap router but then goes for pfsense instead of opnsense, i understand that when you are used to pfsense that you may not want to switch but recommending it for new ppl is just stupid. They have shown their hostality against their OS community in the past see https://news.ycombinator.com/item?id=13615896
I use pfSense and tried to migrate away in the past. The changes I would have had to make to setup opnsense were so significant that I gave up for to lack of time. I don’t have time luxury of downtime so I need to migrate quickly.
But if I were starting again I’d absolutely avoid the pfSense project and their childish shitty behaviour.
I do plan to buy more hardware to replace my current pfSense box and take my time to implement opnsense gradually.
When I first started self hosting in 2018 I didn’t know about how PFsense handled themselves and got a netgate appliance and used it up until 2 years ago and it ran great. Not a bad recommendation by any means but also understand expectations and opinions shift.
This guide seems pretty dated in terms of technologies and approaches used so I wouldn’t follow it 100%.
And it is heavily opinionated, without pointing out other solutions like for example the use of openvpn without mentioning wireguard even once.
Proxmox
Unraid
UniFi
Raspberry Pi
Docker
I don’t have time to respond, but exploring the capabilities of any of those things would be a great place to start.
Proxmox can be a bit of a bear to setup. The documentation is not very approachable for new users. It uses a lot of terms without definition which is a deadly sin of technical writing IMO. Guides for getting an Ubuntu Server VM setup vary wildly and often recommend outdated settings.
I’m totally on board with using it though. It eliminates the need to start from scratch when migrating to newer hardware.
Set up your favorite Linux server distro and then go ham on setting up docker (dockge is a great tool to introduce compose).
proxmox is pretty intuitive to use. You just have to make a lot of decisions to start with in regards to storage. I always go with one main drive with a partician for ZFS cache and at least two drives in the array for VMs that way if a drive fails everything is still good. Things get a little annoying if you’re trying to pass through hardware.
Yeah is guide is pretty useful! i went with setting up wireguard instead of openvpn. For a while now ive been self hosting alot of my stuff, SearXNG with gluetun tunneling, minecraft server for me and the boys and a Samba Share instead of paying for some dopey cloud storage. Ive gotten ZFS running in a 1tb z1 pool for my containers and plan to add a 10tb Z2 pool for long term storage and backups. i chose to do it in NixOS instead of debian or ubuntu, just because im a little bit of a nut for immutability.
its actually kinda funny i just left a post asking for help setting up wiregaurd server on c/selfhosted and referenced louis’s guide! Also i gotta add thats EPIC you got 10gbps internet, i went with a glinet flint 2 for my router. Because it runs openwrt under the hood, i personally like openwrt alot. there are people that swear by pfsense or opensense because of the bsd network stack, is very well maintained and secure as alot of commercial products like switches and firewalls run pfsense under the hood. for security and vlans pfsense would probably be better from what i heard. But openwrt works pretty well aswell, and i ended up just going with the flint 2 because it has 2.5gb wan in and 1 2.5gb lan. which was more than enough more my measly 1-2gb internet.
Like other people suggested here, use opnsense instead of pfsense, and wireguard instead of openvpn. What I did for my homelab was to get a used HP t620 thinclient and an Intel 350 card with 2x 1gbps ports. You say you have 10gbps, so you would need a card that can handle that, and maybe a beefier CPU. For my setup, this tiny 65€ machine is not even feeling it. Single digit cpu usage for 2 wireguard connections, a little over 1GB RAM usage for a handful of services. I think for you an n100 with 4gb of ram is more than enough, but going for 8gb will be better and it will not be much more expensive.
