I am going to watch these. Thank you. I probably will get the EWS377 now lol.
I assume it will work fine with opnsense?
Itāll give you a lot better hardware for your money and longetivity is greatly increased.
Youāre of course free to do whatever you want, I personally wouldnāt build a network without using a smart switch since it helps a lot of something performs strange but thatās up to you of course.
You can get Linksys MR8300 refurbs @ 50$ each, thatās kinda hard to get beat given itās a tri-band radio unit 
Yeah. I use a pfSense firewall appliance and one of the EWS377 is plugged directly into that. The other is on the fibre network, plugged into a Mikrotik switch. The Engenius kit takes PoE and can use an A/C adaptor/DC input.
opnSense is on a newer version of BSD than pfSense so you should have no issues at all. Those WAPs also have native vlan support and can setup guest networks and client isolation directly from the device if you wanted to prevent normie-guest from ever seeing your internal network. Of course you can just let opnSense take care of that, but that is the flexibility that you have with onboard management. This is why I use them in my home an in my lab environments.
For any one ready to pounce, Ruckus can do this too but the price is too high for what I need. it may suit your needs at your price point.
1 Like
If you are going with Unifi APs, I would consider using more than one unit. To find out how many AP units you need, go to the Ubiquity website; there is a section that will allow you to input the plans for your condo and see the optimal spots for your APs. For example, I have an Unifi 6 light unit, but my area is 570 square feet with no wall and only one floor. I am pretty happy with my Unifi AP and switch. I only wished I had purchased either Unfiās 24 port or 48 port switch because now I am running out of ports.
2 Likes
It seems like I will be going with engenius ap as our leader suggests. Seems like it might be better than going with unifi
Please report back and let us know what you think and any lessons learned.
Will do. I will be ordering everything in a week or so we still have some more time to discuss if needed.
what about this one? Should this work with linux/opnsense? seems like it is not supported yet. any similar specād nic recommendations?
I would not generally recommend thatā¦ Your router will be idling 24/7, and a high power Intel system will generate a lot of heat and drive up your electric bills for very little benefit.
A much better option is to visit OpenWRTās list of supported hardware, and buy the cheapest 802.11ac router you find there:
With OpenWRT, youāll have a real Linux installation available under the hood to install and configure most anything you want. If you want to get more advanced, you can buy an OpenWRT supported router with a USB port, as that will allow attaching a hard drive, printer, etc. as well.
Of course you know your situation and needs better than anyone else, so YMMV.
Buy a second hand 24 port managed switch. You will thank me later.
Personally not a big fan of the forbidden router, which is why it is called forbidden. But recently while helping some forum members, I realized you can do some powerful things with it if you are into virtualization a lot. On-demand additional VLANs? No problem. BSDs do not have drivers for your modern fancy new WiFi 6 card? Easy, make a Linux VM, pass the card to it and bridge its network to your BSD VM router. Have another WiFi 6 card that you want to use as an AP? Do the same with another Linux VM. There is a lot of extensibility for a virtualized router that you do not get with a standalone build.
Unifi 6 Lite and Unifi 6 LR are supported by OpenWRT.
It is pretty good, but it is annoying that you have to run the unifi controller on another PC around your house. Thankfully, it can be a RPi 4 or anything that runs Debian x86_64 or aarch64.
I used to run a lot of Unifi APs in my network, with no other Ubiquiti products, just ran the unifi controllers on a VM and a RPi4 2GB version.
I have an Intel i340 (82580) from HP with 4 ports. Does a fantastic job on pfSense.
Anything Intel gigabit will probably be supported on BSD.
My main router was a RPi 3 for about 10 months. I switched to a RockPro64 one or two weeks ago. Running Linux because I need WiFi to work on it, but if I had bought a compatible USB wifi card with FreeBSD or OpenBSD, that was what I would have ran. Anyway, from my tests, this thing can push its single gigabit NIC to its limits. I have not tested with multiple ports, because I donāt have a PCI-E ethernet card to test with and I am hoping to get 2x 2.5 GbE Intel card, but most of them are buttf*ck expensive.
i225s donāt appear to be supported in FreeBSD 13.0 yet.
i210, i211, i350 and i354, among others.
I suggested a managed switch in post #4 
Iām aware but LR is quite expensive, 11ax is still a bit dodgy using available drivers and itās a pain to flash
6 Lite is based on MIPS which is a dead end more or less
Since heās going to use APs thereās no need for Wifi support on the router itself and USB wifi is a bad option irregardless of OS especially as AP.
You need 13.1-RELEASE or newer for the igc driver
https://www.freebsd.org/cgi/man.cgi?query=igc&apropos=0&sektion=0&manpath=FreeBSD+13.0-stable&arch=default&format=html
In general I would recommend getting the latest controller available (there are several revisions of the i225 controller and you want B3 in that case).
2 Likes
Yeah, which I do not think pfSense or OPNsense use yet. 
True, I was just pointing out that it can be an option with forbidden routers, even though I donāt like forbidden routers. I donāt like USB options in general either, but I used them in the past, they ended up being fine (USB ethernet) and besides the lack of drivers in BSDs, this USB WiFi Iām using is working decently, although if I had the option (and money), I would drop it for something else.
I am open to suggestions on what router to buy for openwrt. also suggestions for intel nic. I am not just trying to catch up from the last few posts.
Of the two options (openwrt & opnsense) I am considering so far which one is more āplug n playā or easier to setup? I would prefer if it was easier to setup.
Iād say that pfSense is the most refined one over OPNsense and OpenWrt (last) but to be fair OpenWrt does target much more limited hardware platforms. The newest release of OPNsense is based on 13.1. Keep in mind that almost all supported routers will struggle to handle Gbit speeds if youāre looking at OpenWrt.
ok so no more openwrt because I want gigabit speeds.
RK3399 platforms will do Gbit speeds and are supported but I havent tried any myself and I would run another OS/distro (and already do on multiple devices) but such a solution does not fit your requirements.
1 Like
Huh? Thatās a pretty blanket statement.
@astimp13 OpenWRT is just a Linux distro with a UI to configure routing and switching and a bit of firewalling and DNS along the way.
Unlike your typical Ubuntu, it can more easily run on really bad/old hardware - because all the software packages have been compiled with various lightweight options picked out. It doesnāt magically make old hardware good, but it might be usable for some things. .
Of course OpenWRT can route at gigabit speeds on a workstation/desktop/gaming CPU (even from 10 years ago - 10G could also probably work). The Linux kernel itself is what does the routing there and it is not that heavily modified (in my opinion, compared to some random hardware vendors).
I think @diizzy may have had in mind some 2012-era wdr3600 MIPS based routersā¦ or various $5 cortex-A7 or cortex-A9 SBCs (that might go for $70 in todayās markets) - those might struggle a bit depending on the detail there.
Because of crazy markups and prices these days and a gazillion manufacturers and resellers with weird unrecognizable names itās hard to separate the wheat from the chaff when it comes to SBCs, and itās hard to tell can this-or-that arm core tied to this-or-that nic chip transfer gigabit worth of packets through the firewall or vpn, while also doing supposedly ālight weight torrenting on a usb3 HDD running ZFSā on the side.
Specific to OpenWRT these days, thereās support for āflow offloadingā in OpenWRT. This is based on an idea that we often actually mean to firewall flows, even if we filter packets one by one, so why not take advantage of it? OpenWRT does this by having these nftable firewall rules that interact with the lower levels of the networking stack to have them pre-select packets belonging to pre-approved flows more efficiently and then have those further following packets processed faster by bypassing a lot of firewalling and routing that usually happens for each packet independently. Less work per packet => more packets per second.
@astimp13 Have you looked at something like this:
Some of them are stupidly over priced where I live in Europe, $500+ on Amazon for some configurations is ridiculous, but some of these that cost in the $200-300 ish range look reasonable as both a cheap and compact alternative to buying your own 1U case and building an AM4 based router.
FWIW, I have gigabit cable, my router is 2015-era n3160 celeron with realtek nics (one pcie and one usb3) running Debian, doing routing and firewalling and some other stuff, and I use a pair of u6-lr in my house, and I get about 3/4 of a gigabit over wifi either in same room as AP or room next to the AP and it seems mostly limited by 5GHz 2x2 WiFi itself, and the phone/laptop im using, and the server sending me data.
I use a pair of access points, not just one because of DFS channels and radar detection, and software upgrades, and as a kind of a hot-spare since I work from homeā¦ in hindsight I could have gotten away with only one these last year or two, but Murphyās law says if I hadnāt had bought two, I would have needed them
3 Likes
First you go on about that itās borderline inaccurate then you go on recommending an i7-based PC? Lets break this down, to make this fairly easy lets use Index of /snapshots/targets/
You can exclude all MIPS platforms, You might be able to push linespeed using MT7621 due to recent changes but you will have little to no headroom at all. Any 32-bit ARM platform is out of the question except possibly the high end Armada 385 ones which are a few devices. I would also say that youāre very optimistic if you were to claim that ARM 64-bit dual core sub 1.3GHz are suitable so how many supported routers are you left with?
Software offloading does help but it doesnāt do miracles, work in all scenarios and does work with both iptables and nftables.
What you also fail to mention is that it does strip out a lot due to what hardware it targets and that also include āoptionalā optimization for most hardware platforms to reduce binary size and variants (to reduce load of buildbots). By optional I mean things such as cpu specific instructions (NEON, SIMD in general) and so on.
1 Like
True, I agree most targets that OpenWRT supports are ancient crap, ā¦ (Iāve mixed feelings about the fact thereās so much effort going into some of the MIPS stuff).
OP mentioned using a spare i5 they have laying around, so I indexed on that; and realistically thereās nothing wrong with OpenWRT performance on that kind of hardware - depending on the network card, it might even be a better experience than pfsense. Also, gigabit on a pi4 or on most āmodernā/ 2,3,4 year old A53 (RK3328; or RT3200) and A72 (pi4, RK3399, s922, am311) is generally adequate for 1GB home cable use with OpenWRT.
ā¦ but yeah, most targets OpenWRT supports, are based on old cores back when the products were newā¦ clearly a wrt610n from 2008 is going to have trouble keeping up with stuff, and thereās sadly lots of that kind of junk on various ebays and similar.