TechSauce is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Learn more
Navigation
Overview
Routers are everywhere. Whether you’re an IT administrator for a large company or living in a small apartment, routers are essential in managing traffic between Wide Area Networks (WANs) and Local Area Networks (LANs). They come in all shapes and sizes, whether they’re DIY Routers or off-the-shelf units. They also act as a network firewall which acts as a filter in restricting or allowing traffic to and from computers behind them. They’re essential in any network, regardless of the size.
When it comes to the home however, routers are typically issued by Internet Service Providers (ISPs) in the form of a residential gateway. These boxes usually combine a modem, router and wireless access point…all in one. It seems handy, but in fact, it’s typically the reason for traffic slowdowns, security vulnerabilities and weak Wi-Fi signal.
The good news is you don’t have to use routers issued by your ISP. But there are better options out there than the TP-Link AC1750 or the NETGEAR 4-Stream. These routers are typically better than those issued by your ISP, but they’re still vastly underpowered and lack security and other networking features. It is for that reason that we highly recommend you check out PFsense.
Software
PFSense
PFsense is a free firewall/DIY router software package built on top of FreeBSD which can be installed either on a physical computer or virtual machine and is fully configurable via an easy-to-learn graphical user interface.
It may look intimidating, but PFSense is actually very easy to use, and has a plethora of features making it not only very secure, but also extremely customizable. PFsense has features including policy-based routing, stateful packet inspection, OpenVPN/Wireguard server, split tunneling, traffic shaping, support for VLANs, Dynamic DNS, as well as many others.
PFsense has additional capabilities outside of what is installed by default. These capabilities come in the form of “packages” that can be installed on top of the default software stack. You can think of them like addons, where they are written for PFsense. But, instead of being written by the developer, they’re written by members of the community. The PFsense community is very strong and my experience so far with that community has been very positive.
For example, pfBlockerNG is a package that can block incoming/outgoing traffic based on country, IP Reputation, and other unwanted traffic. It can also act as an adblocker and malware blocker using Domain Name System-based Blackhole Lists (DNSBL) which can protect your network from hackers trying to gain unauthorized access.
Another popular package is called Snort, an open-source intrusion detection and prevention system. These rules are community maintained, and can block, log, or alert intrusion attempts in real time. There are many more packages available for PFsense, but we wanted to give you a couple of examples of some of our personal favorites.
OPNsense
Of course, running a DIY router doesn’t necessarily limit you to PFsense. There are a few other popular options within the homelab/small business community regarding network router/firewall software. One popular option as an alternative to PFsense is OPNsense.
OPNsense started as a fork of PFsense in 2014, which retains many familiar aspects of PFsense, but is focused on open source, code quality, and community development. Depending on your priorities, this may be important to you, especially if you’re concerned about the community being able to validate or improve upon the code for bugs or inefficiencies.
As you can probably tell, the OPNsense dashboard is quite similar to PFsense’s. In fact, the configuration file (config.xml) is easily swappable between the two, so if you decide one day to switch from one to the other, there’s no need to start from scratch.
OPNsense also has a number of packages available (and built-in) that can be installed/configured to your liking, similar to PFsense.
Hardware
Our Pick
There are a few options on how to get started with regards to hardware. First and foremost, it is absolutely feasible to build a DIY router yourself. This can be accomplished with new or old pc parts. However, you may be searching for something small, quiet and out of the way. The hardware we love and recommend to all homeowners for all of their routing needs is the Protectli Vault FW4B.
The Protectli Vault FW4B includes an Intel Quad Core 2.2Ghz CPU. It also has four Gigabit Ethernet ports which help you connect to your Modem and downstream devices. Last but not least, it includes 8GB of RAM and a 120GB SSD onboard. The best feature, is that the heatsink is integrated into the case, meaning there’s no fan onboard.
You read that correctly…this box is 100% silent and will happily route your packets to/from the outside world without making any noise. Of course, these boxes are fully customizable, so if you ever want to upgrade RAM or onboard storage in the future, it is quite easy to do so.
The Grand Champion
If you’re more of an advanced user and want more CPU power to perform additional functions like intrusion detection and prevention, extensive packet sniffing and monitoring, or are considering deploying your DIY router in a small business environment, consider the Protectli Vault 6 Port Firewall.
This router has a much more powerful Intel quad core i5 8250U, with the same AES-NI support, but still manages to be fanless. It also includes 8GB of RAM and a 240GB SSD, but unlike the FW2B, it has six (6) physical ethernet ports on board. This may be extremely useful if you decide to run multiple networks in your home or business, or if you have multiple WAN connections (multiple Internet providers) that you want to use within one environment.
The Runner-Up
You may be saying, “I don’t need all of the bells and whistles. I just want a basic device with two Ethernet Ports”. If you’re buying a router for your home, and don’t need or care for advanced networking features, the Protectli Vault FW2B is for you.
The Protectli Vault FW2B includes an Intel Dual Core 2.5Ghz CPU. It also has dual Gigabit Ethernet ports which help you connect to your Modem on the Wide Area Network (WAN) side, as well as your downstream switches and devices on the Local Area Network (LAN) side. Last but not least, it includes 8GB of RAM and a 120GB SSD onboard.
Conclusion
When it comes to networking, there is no end to how deep the rabbit hole goes. However, that doesn’t mean you need an IT certification to understand how it all works. There are options out there aside from what your Internet Service Provider offers to you, not to mention resources available across the internet with easy how-to guides on how to get started. We hope that this guide gave you an introduction on some options that we think are the best for getting started with a DIY router that you don’t need to pay monthly for. We may not be able to control the weather, but we certainly have the power to control our data within the privacy of our own homes.