A router for cybersecurity homelab


I'm looking for some suggestions on a homelab setup to study for a cybersecurity cert and generally learn networking.

DNSSEC would be a plus but not a requirement, don't need alot of range, price not huge issue but prefer something new that doesn't cost $300 & is near impossible to brick.

I'm thinking about buying the GL.iNet GL-MT6000- for network segmentation, not a Dumb AP.

I also have a Protectli Vault 4WC and a Pi 400 w/ only 4 gb of Ram that I'd like to incorporate into the homelab. Any suggestions?
Maybe use the Pi for a server and the Protectli for a firewall?

Why neither the Zimaboard nor the Protectli vault are officially approved or supported hardware devices?

My friend btw installed Openwrt on a Banana Pi, which is as far as i can tell is a semi-supported device, but he's way better than me tho. I'm not so sure I could do that...

MT6000 is a great first device and was recently recommended as one of the best "newcomer routers" in Best "newcomer routers" - 2024 - #2 by richb-hanover-priv so that indeed would be a good choice. It has an easy-to-use OEM recovery mode which makes bricking impossible.

From a quick Google search, aren't they x86? Then you can just install it as any other x86 machine by following https://openwrt.org/docs/guide-user/installation/openwrt_x86. The devices that show up in for example the firmware selector are SoC:s that need bespoke firmwares, which x86 doesn't. You will need to install any necessary drivers not part of the base image, but if you're only planning to used wired networking that should just work out of the box.

1 Like

zimaboard is x86, anything x86 is "approved".

if you need a bunch of ports, https://www.ebay.com/itm/364849321889 could be an alternative, and SFP+ ports a bonus.

What about one or more VMs in a x86 box?

1 Like

That's a nice price point compared to the Cisco Catalyst my friend bought when he installed Openwrt.

For a modular setup, something like this could be used
router: Protectli Vault 4WC
switch: Netgear GS305E
accesspoint: GL.iNet GL-MT300N
client: Pi 400

No, I wasn't aware that x86 hardware doesn't need to be on the approved list.
Those install directions look pretty hairy. The openwrt install instructions from Protectli are the same.
I feel like maybe I can do it but I'm just as likely to brick the device.
I want to start learning how to install this kind of open source hardware, but maybe I should buy the out-the-box solution.

I saw Techno Tim on Youtube install Openwrt on Proxmox on a Protectli 4 port, but not sure I can do that.

That would be a good AP. I'm just noticing my Protectli 4W4C doesn't support wifi 6. And less interference that way.

Like virtualbox or gnome boxes or vm player, costs in the balllpark of 0.00 moneys of your liking

Thanks to everyone who replied. I really appreciate it.
I'm kinda bummed bc the Pi i thought i was going to use this morning when i woke up doesn't have enough RAM for Luci, and then early this afternoon I realized my 4-port Protectli is different than the 4-port Pro version I saw Techno Tim use to install openwrt on proxmox. Sigh.
Brada is right I should try building a home lab with Virtualbox. I also really appreciate dannil explaining to me that x86 devices don't need 'bespoke firmware' (i had to look that term up) and hence don't need to be on the approved list. He also said the MT6000 is unbrickable and is a great first device for newcomers so I'm probably going to buy one of those.
I also sent in a support ticket to Protectli asking for help getting Openwrt set up and what should I do for recovery if I mess up the install.

I bought that Protectli for pfSense before I realized pfSense doesn't have secure wifi.
Are all of you computer science majors or something? How you learn how to do this stuff? I really want open source software but i don't know how to install it- like, i bought a brandnew Google Pixel 7 Pro for Graphene OS n couldn't install it..
How i learn how to do what u guys do?
Buy an MT6000, install it on Protectli, and/or set up a homelab w/ Virtualbox?
This is the Way?

1 Like

You are all over the place; after that.

Figure out how to run OpenWrt on an x/86 and then try to study.

Although, my gut says, you are trolling for us to do your homework for you.

I don't care if you are trying to cheat: the class after me were allowed Texas Instruments calculators while we had slide rulers.
I care you may be trying to use us absent an admission.


1 Like

Bullcrap. No way!

You must have crippled it or your assignment crippled it.

I've run OpenWrt on a Pi zero w.

My 1st generation Pi 1B (a decade old) with 512MB ram can still have OpenWrt with Luci, I wonder if you can buy a Pi that's worse than mine??

Protectli, different models different CPUs, just a matter of speed, your 4WC has quad core J3710 which is quite OK for most use cases (if you need SQM with 1Gbps probably not).

Just like your home PC, if your desktop/laptop OS messed up, what should you do?? If you know how to answer this question, it's the same for your Protectli. It's just a PC with more ports, different hardware, you can even install Windows on it to make it a desktop PC if you want. This is just something like PC 101 question.

If you don't even know how to think in this way, I am curious how would you step into the world of cyber security??


X86 are unkillable, that's the beauty of the platform.

You basically boot Openwrt from a flash drive, and write it do the drive, done.

Compared to x86 the MT6000 is very killable.


Sometimes I am thinking, maybe just use the USB OpenWrt dongle (get small form factor one like Samsung FitPlus/Lexar JumpDrive S47) with squashFS and call it a day....we don't even need to install any drive inside the machine.

Works too, but some of those specialized devices won't let you change the boot order, so you'll have to either pull the drive, or zero it out.

1 Like

R u serious?
I thought for sure I read on the official openwrt website that 4gb of RAM was only enough to run Openwrt from the CLI and that LUCI needs 8gb bare min or pref 16 gb RAM.
Openwrt on a Pi Zero?
holy crapola
wow that's impressive
So maybe i'll try that openwrt install on my Pi and use the Protectli for the server I need. I haven't really decided whether to buy the MT6000, try it on my Pi, or nevermind about the third option.
Protectli warned me against trying to install openwrt after I filed the Support Ticket they replied vey promptly...
We have an article here that gets used many times a day to install pfSense. It’s a step by step tutorial so pretty easy to follow: https://kb.protectli.com/kb/how-to-install-pfsense-ce-on-the-vault/

And here is one for OPNsense: https://kb.protectli.com/kb/how-to-install-opnsense-on-the-vault/

OpenWRT is a good option but it isn’t as feature rich as pfSense or OPNsense. We have a Knowledge Base article on installing that but it’s harder to install.

If you don't even know how to think in this way, I am curious how would you step into the world of cyber security??

I was hoping I could learn, since I'm keenly interested. I'm great w books and taking tests n theory but applying these things on a keyboard I'm lacking and is holding me back.

I have 10+ minor Coursera certs & i recently earned my Google Cybersecurity cert already n now I'm (almost) 3/4ths thru the CompTIA Security + SCY-701.
That will be my first cert w/ a proctored exam at the end so i figured f i can pass that then i'll just keep on going until I can get a job.

You ARE a computer science major!
I had friends in that department when i was trying to be a physics major there for awhile.
I'm not trolling you, friend. This isn't my homework.