I mean, in my experience it doesn't particularly matter where you edge, so long as you don't get too close.
Homelab
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
edge noises
I found opnsense easier to use than openwrt as far as just using the web interface with minimal or no ssh terminal usage. You would have to use an x86 system though such as one of the aliexpress opnsense routers. One of mine was visually nearly identical to the protectli branded equivalent and was able to run seemingly without issues using their coreboot bios too.
Openwrt can probably do everything I wanted from it but I'm working to barely scrape by and can't spend time learning stuff like manually configuring my whole network via terminal like when I was still in school. I went through a few different hardware choices too because some things flat out didn't work on some hardware. One arm device had an openwrt fork or distro(?) with docker support and I believe that would be able to do what you want but I never checked if that was a feature in the actual openwrt project or just the one made for my device.
I can only tell you what I use. Obviously, the first thing I did was put my modem in bridged mode. I attached a router/firewall (in my case a sonicwall, but anything is fine, as long as it's not found at the local best buy); a few switches, access points, and two raspberry pi's running...... Bind.
Yep, I don't use pihole. I don't see the point. I have Adblock on my browser, where I can set it to run, or not run, as I see fit.
I'm going Max performance here, the firewall is running in an optimized spi mode, QoS enabled, the whole nine yards. One of the pi's runs DHCP, the pair run bind for DNS forwarding and caching out to Google's public DNS servers.... The whole system is ripping fast. at least for response times. Bandwidth.... Well, I blame my ISP for that.
If I were to recommend something similar to someone else, the things I would change are my WiFi and switch selection, I'm using all Cisco products, which most people don't want to deal with that complexity. I can't blame them; and ubiquiti is a good substitute.
For the firewall, I'd usually recommend opnsense.
And I'm pretty solid on recommending the pi's, with bind. I'm sure pihole is nice, but bluntly, I just want my DNS to do DNS things. Let everything else worry about the rest.
I highly recommend getting a n100 based system and installing opnsense onto it.
The most basic I would recommend is something with 2 gigabit Ethernet ports. N100 will have all sorts of variations with 2.5g and 10g ports depending on what you want.
My opnsense router with no fan (case is a heat sink) has been rock solid for like 7 years now.
The wifi aspect is taken care of by a ubiquiti UAP (there are better options now).
I use a pihole docker on my server but you can run adguard plugin directly on opnsense to get a similar setup.
I have a Pi Zero W 2 just for Pi-Hole, so it's just the router I need. I'm apprehensive about an x86 as I'm looking at these ARM SBCs and they just feel more efficient, but the n100s are tried and tested.
You cannot put pihole on a router but yes, those are good ideas. A router with openwrt will have VPN settings, as do many proprietary ones. Alternatively, you could look into opnsense, which is router software on computer hardware (not a router), which you could also put pihole on. I'd say it's way more tricky though.
Given how important a router is and how easy it is for something to wrong with this, even with just a random update, I'd personally not even try this. I actually just use a tp link omada business router as my family wouldn't be too happy if the internet is broken. It has VPN and I just bought a couple access points so I can improve the WiFi whilst setting up vlans to compartmentalise smart home devices. Everything else is nice to have but if something goes wrong with the services below overnight and I need to work from home, at least I can just switch them off until I got time to fix them.
I got a cheap second hand thin client off eBay for pihole and home assistant (using proxmox), and another custom desktop acting as a headless server with the rest of my services running in docker (plex and arr stack, vaultwarden, nextcloud, imich, loads others etc. It allows flexibility so if the server goes down, or runs out of memory, or I'm messing around and broke it, my family's streaming isn't impacted.