In 2020, at the height of covid lockdown, I bought a Netgear RAX 120 router. I considered this a solid investment because it cost a lot of money but I was trapped in my house, thus necessitating a smooth internet experience. Over the years I have come to loathe this router, in part because I have gotten more savvy with networking generally, but mainly because it has slowly started to deteriorate and caused me nothing but grief.
If you have lived with a mediocre Wi-Fi router, I want to let you know that a better way is possible. Affordable wired routers and access points exist. You can just make your own mesh network, building a router like it was a computer or using premade accessible mini PCs. While it’s more technically complicated than just buying a router, there’s a massive quality of life improvement.
Splitting the difference — using Wi-Fi Access points and wired routers
One reason why I hate consumer Wi-Fi routers is because they’re all-in-one devices. Wi-Fi standards get updated fairly frequently, and combining the router part with the wireless part often leads to an experience that becomes obsolete faster. What’s more, this is often not ideal for getting the best Wi-Fi coverage in your home. And while consumer mesh systems do address this, I prefer to just go with something closer to business or enterprise grade.
One way you can approach this is by just getting a wired router and using wireless access points to handle the Wi-Fi traffic. You can get a rock solid wired router for 50 bucks if you don’t need to go over a gigabit. For wired products I’m a huge fan of Latvian company Mikrotik. Their RouterOS is as solid as a rock, and they have an endearing YouTube channel. Additionally, you can just make a teensy hardware router using Single Board Computers like the NanoPi, but I’ll get to that later.
For wireless access points a lot of people enjoy Unifi by Ubiquiti. I had these in the past and personally do not enjoy them. They exist in a weird zone between enterprise and enthusiast, costing too much to justify the quality of service. The software needed to manage them requires either buying their hardware or running that proprietary software locally on a docker container or Raspberry Pi. This entire process is needlessly annoying. For the same money you can buy access points from companies like Grandstream or TP-Link’s Omada system, which people seem to like and which offer way more features for your money. You can even buy decommissioned older enterprise hardware from brands like Ruckus, Cisco and Aruba. Older enterprise hardware isn’t going to be the latest and greatest, but it’s solid as a rock.
I ended up going with Grandstream’s access points. Though they have their annoying quirks if you don’t use GWN Manager (I had to ssh into one of them to update a firmware URL), they can manage themselves if you prefer that and are an incredible deal for the money. A lot of these access points have PoE (Power of Ethernet), which means they can be powered over the same ethernet cable that transfers data. In the last few years, network switches have gotten very cheap and fast, and you can often find units that go up to 2.5 GbE and will power all your access points for not a lot of cash. Multiple access points, powered by a network switch, into a wired router can give you fast, reliable coverage for about the price of a high end consumer router or mesh system. Since the individual parts are distinct from each other, you have a better route for upgrading each of those things down the line.
Making your router suck less with OpenWRT
Another path you can take to make your router suck less is, hardware permitting, have it run a different OS, specifically OpenWRT. OpenWRT is a Linux-based OS for embedded devices like routers that provides a standardized, open source and frequently updated platform for your router. This is great in particular if you’d like to repurpose an older Wi-Fi router which is not getting updated as frequently as it used to. Not all routers support OpenWRT, although I wish they did. In my case, there is some experimental support for my cursed Netgear, but only the V2 model, which I do not have. What’s more, there’s always the potential to brick your router, although if you’re planning on getting rid of it anyway this is a great way to breathe life into an old device.
OpenWRT also runs on a variety of devices. My hacked robot vacuum actually runs on a modified version of the OpenWRT. FriendlyELEC makes a variety of single board computers like the NanoPi series that can be effectively used as routers by installing OpenWRT.
Block ads before they get there: Pihole, Adguard and Blockly
Whenever someone starts screwing around with Raspberry Pis, the first thing everyone recommends is installing Pi-hole. Pi-hole is a DNS sinkhole that’s really easy to install and effectively blocks a bunch of ads and internet tracking and prevents certain unwanted traffic. However, over the years since it has been created, other more robust options have come along. AdGuard Home is one option, and has a really robust interface and set of filters. If you have kids, it does a great job at blocking adult-oriented traffic across an entire network. There’s also Blocky, which is newer but runs very lean, although it has to be set up on the command line. All of these options are valid ways to rapidly improve your overall network experience with only a little bit of work. If you go down this route using a Raspberry Pi, I personally prefer DietPi - an exceedingly lean OS that runs on a variety of single board computers and is a cinch to set up.
The invasion of the Mini PCs: Topton/CWWK/Gowin and running ProxMox
Over the last year I have become obsessed with a series of strange miniature PCs coming out of China. Often featured on the forums and YouTube channel of networking website Serve The Home, these firewall devices seem very similar to offerings from Protectli. They often feature powerful processors for what they are, have a robust amount of I/O for a single device and run on a tiny amount of power. You will often see them from companies like Topton, CWWK, and GoWin.
When it comes to using one of these as a router and firewall, these things are beasts. There are tons of ways to approach this, but two of the most common ones are PfSense and the open source alternative OpnSense (other options include VyOS and Mikrotik’s CHR platform, which are worse as firewalls and better at routing traffic). You can install these directly on the device, or you do what a lot of people do and install them via Proxmox. Proxmox is a virtualization platform that lets you run several virtual machines on the same machine. This means that in addition to running something like OpnSense for traffic, you can run several other things on the same device. This is what I did.
I decided to go with an Intel N100 based unit from CWWK. You can order these on Aliexpress, Amazon or directly from CWWK, although there are enough horror stories on the STH forums of people who got dud units and the latter is a bit easier when it comes to returns. When I got mine, I threw a 1TB SSD inside of it and 16 gigs of ram. I also made sure to reapply the anemic thermal paste on the unit with Thermalright TF8, which costs next to nothing and wowed reviewer Igor’s Lab when compared to higher priced thermal paste.
There are plenty of great tutorials out there on how to install OpnSense on Proxmox, and I will admit that I ran into some trouble that necessitated calling my ISP. But the process itself, despite being stressful, was very instructive, and now I feel very comfortable running new virtual machines on the device. Both Proxmox and OpnSense have bright, beautiful interfaces, my internet screams now, and the actual service runs so efficiently that I have tons of room left over to run other services on my network.
Everything in my house is running beautifully now. As I wrote this, I found a wonderful resource – a series of easy-to-use scripts by a user named tteck that automate the process of installing new Linux containers making it as easy as copy/pasting a simple command. I had also found out, suddenly, that tteck has told people that they will no longer be maintaining the repo due to moving into hospice care. “I have very limited time left on earth. weeks.” Since then, the scripts have a new home: Community-Scripts.
Easy to use, open source software like this only exists because people come together online to share knowledge. Without YouTube tutorials or forums like STH, I would not know where to start with building a Proxmox box. OpenWRT is maintained and worked on by volunteers attempting to unfuck the mess left by major companies. People like tteck selflessly maintain scripts even as they get sick. Companies are often not interested in maintaining their hardware unless they are forced to – they are happy to just sell you something that slowly disintegrates until you have to buy something new in a few years.
I have seen the glimpse of a GPL future where things are open, where old routers are given a second life, where things are self-hosted and where everyone has adult tools at their disposal. I want these things to be easy for everyone. These things are built on the sweat equity of nerds everywhere, but when you experience it, you realize it is a beautiful way to live. If we all put our minds to it, none of us have to deal with awful home Wi-Fi ever again.