I’m trying to make my first server (Immich + Navidrome + Nextcloud running on Debian, will use WireguardVPN for remote access), but my crappy XFinity router (XB7) just won’t port forward at all to my server machine. I’ve tried so many things to make it work, so the best thing I can do now is buy my own router so that I can just use the Xfinity router as a bridge. Do you guys have recommendations for a secure, customizable enough, and long-distance router good for 6 people?
keep in mind it may not be your router’s fault you can’t accept incoming connections, you may be behind cgnat. if you are, you need a reverse proxy like cloudflare tunnels
I use very popular router by Gl.Inet called Flint 2 (GL-MT6000). Goes on special for about $125 USD. Great specs, solid device.
Fully supported by OpenWRT, and I recommend flashing to that so that you have completely FOSS software with no possibly hijinks from the manufacturer’s OEM OS.
You’ll need to read some guides or watch some vids to get you set up on OpenWRT, bit of a learning curve, but it has everything you could possibly need. Check it out.
I also vouch for GL.inet routers, they also have a 5th gigabit port that was nice to have since all 4 of the ones on my old router were full.
I just bought the Flint 3 and love it so far! Been to lazy/haven’t prioritized flashing it yet but it works great out the box.
Used SFF PC: $40
Pcie 10gbe network card: $30
OPNsense: free
Done.
Where can I get SSF PC for $40? What am I looking for in particular?
eBay, FB marketplace, craigslist. Basically any dell, hp, or Lenovo workstation big enough to have a pcie slot.
Intel is usually the most prevalent. 6th or 7th Gen i3 or better. 4 to 8G ram, at least a 64G SSD.
Here’s one that’s a little overkill on the ram. But you’ll need a cheap small SSD if you get it.
Do you live in the United States? If so the only reasonable option for a router at this exact point in time is to run your own using opnsense or PFsense. You can buy an x86 mini pc with with a couple high bandwidth NICs and it’ll do the job
If you want a complete unit with custom hardware and tuned custom software, look at MikroTik. Solid hardware, dependable software, good support, good community.
If you want to build your own, grab any multi-ethernet micropc from aliexpress and install OPNsense. Cheap and flexible. But you’ll be on your own once (not if) something fails.
Both of these are essentially pro-level options with lots of headroom to build up to advanced services. I’d stay away from OpenWRT which is essentially just an open source consumer grade wifi router image. You’d be replacing your crappy (but supported) router with the same thing just without support.
One other option I would mention if you like nice centralized web ui’s, have a look at Ubiquiti’s Unify. If you can afford to go all-in on a Unify router, backbone switch and wifi access points, the combined management is really a step above the competition.How do you find those micropcs on Ali?
I have an OpenWRT One. It comes with OpenWRT preinstalled (duh) and some proceeds go to fund the project.
OpenWRT gets a lot of love around here, incorrectly.
If you are willing to flash custom software to a router you bought for that purpose, you may as well just pick the better option and put pfSense or (better) OPNsense on a mini PC with two Ethernet ports.
The router running OpenWRT will usually be a lot less power hungry than a mini PC, ethernet switch and access point.
That really depends. And whether or not it matters at all depends on the cost of electricity where OP is.
Its high everywhere.
It is absolutely not.
If your router works for everything but that, I would recommend looking into Tailscale instead of a Wireguard VPN or run a Cloudflare tunnel as a service on the Debian host. Tailscale is free for personal use and is Wireguard under the hood with an orchestrator bolted on. I have done just about everything here has said at some point. I’m running a 10Gbps capable OPNSense firewall. For services outside my network I have several LXC containers with Cloudflare tunnels (broken out by service type) and I have Tailscale installed on one of my physical Debian hosts as an exit node.
If you just want access to everything while your out, Tailscale for your devices. If you want friends to be able to access, then Cloudflare tunnel. Neither require buying anything new.


