I'm new to OpenWRT and home network design, but I'm quite comfortable as an embedded linux developer. I just bought a house and am looking to get my home network set up in a flexible and secure manner. I love the concept of having open-source firmware and hardware, but the choices are pretty overwhelming. I've read through a number of posts on the forum and it looks like you all know your stuff.
The details:
100 Mb/s Symmetric Fiber to the home, option for 1 Gb/s symmetric if I want
Wi-Fi is required, 802.11ac at least
Gigabit Ethernet is required, though I only really need 3 or 4 ports including WAN.
SFP not required, the ISP provided a fiber terminal.
Users: 3 people with laptops, desktops, phones, IoT, home security, TV
I would like to have 3 SSIDs and VLANs
OpenVPN client/server would be nice
I'll build a stand-alone server if I need NAS/Server capabilites.
I would prefer an all-in-one
Priorities are security, speed, and cost, in that order.
Budget is <$350 USD, in the neighborhood of $250 USD is ideal.
The network will be used for working from home over VPN, video streaming, and home security/automation (IoT). I plan to have these networks divided up in a way that keeps things relatively isolated. Starting out, I'd really prefer to have a single piece of hardware that I can use while I figure out exactly how I want to use my network.
I've been looking at the Turris Omnia and I quite like the concept. My concerns are that it may be overkill for what I need and it gets mixed reviews. I'd prefer not to have to build a system from scratch. I'm not looking for a new hobby, but I'm comfortable with it taking a bit of setup to get everything dialed.
What sorts of off-the-shelf hardware would you all recommend given the above information?
100 MBit/s would be rather easy to cope with, but "option for 1 Gb/s symmetric if I want" would be a concern for that, as speed upgrades aren't that far away, so looking at the 500-1000 MBit/s shelf is a better idea.
Understood. I was just trying to illustrate where I'm at.
I guess I didn't read that post closely enough. It seems that if I want to take any advantage of 1/1 Gb/s service, even if I don't care about wifi speeds, I need a component system. That's disappointing, but I can understand why. If I upgrade to the gigabit service I'll need to rethink my hardware.
Let's ignore the possibility of 1Gb/s to the house for now and assume I only want 100Mb/s FTTH, but 1Gb/s hardwired LAN. Wi-Fi speeds don't need to be any faster than 100Mb/s.
Do yourself a favour. Get a dedicated WiFi unit. Something like a TPLink EAP or a Ubiquiti AC Lite. Most consumer routers are crap for wifi (aka the ones the ISPs hand out) Use a dedicated WiFi unit and stop the hassles. Hardwire it back to the switch and enjoy the stability.
I use a turris omnia on a 100/40 link and am quite satisfied. I even left it running the turris OS (OpenWrt derivative) as I want the automatic update feature (I happen to trust team turris enough to consider that a security improvement, but I am sure there a differing opinions). I comes with a pretty easy GUI way pt set up an OpenVPN server (and there are instructions how to use wireguard instead). It will do 100/100 with a lot of bells and whistles, and will even do traffic shaping/firewalling/NAT up to 500/500 Mbps (and without traffic shaping probably close to 940/940). I comes with an 802.11ac radio (dual band).
Still for a large floorplan adding dedicated APs (wired to the main router) is great advice even with an omnia. (But it is always possible to add such APs later if they seem required)