Wow this brings me back! Even though it wasn’t long ago that I posted this, I have learned a great deal since and have found other options to accomplish this. However I will admit that I ended up purchasing an ASUS Router and am running ASUS-WRT Merlin firmware. Below I’ll list what I ended up using to accomplish each of my initial requirements in the first post.
Router: As mentioned above, I decided to scrap the idea of using a Raspberry Pi and Apple AirPort Extreme as a functional Wi-Fi router and go with an ASUS Router. The main reason behind this was due to lack of security options within the AirPort Extreme as well as the fact that the Pi would require constant maintenance. So I did some research and found that the ASUS-WRT Firmware has a great GUI but also just as powerful as other solutions such as OpenWRT.
VPN Client: This function is built into the ASUS-WRT Merlin software by default and works very well, however I decided to discontinue my pursuit in setting up a network-wide VPN Client as it was killing up/down speeds, and was also causing a ton of issues with my streaming services due to using the VPN’s geo-location with a local DNS Server. Instead I simply use the Surfshark VPN app when needed. As a side note, ASUS-WRT Merlin just came out with a feature to simplify VPN Routing Policies called ‘VPN Director’ - I have not tried this yet, but it looks very promising.
Firewall: The ASUS-WRT Merlin firmware has an add-on app store where I installed something called ‘SkyNet’ which provides a router-based firewall. That, combined with individual device firewalls that I’ve setup, satisfies the firewall need.
DNS Server: While the ASUS Router also has the ability to block ads like Pi-Hole and AdGuard Home via an add-on called ‘Diversion’, I ended up going with a Raspberry Pi 4B running AdGuard Home as the ad-blocker, and Unbound as a recursive DNS Server/Resolver. I did try Diversion at one point, but after running a few ad-block tests I found that both Pi-Hole and AdGuard Home were working slightly better - additionally, the load that Diversion was putting on my router was causing a decrease in DNS resolution times, and overall speed.
File Server: I went with a dedicated Raspberry Pi 4B as a main File Server for my home. I use Diet Pi with Samba and FTP setup - the Samba Server is used on a dedicated SSD to house files and media that are not sensitive, and need to be accessed quickly on multiple OS types. Since the FTP Server is a bit more secure (relatively), I use that to house some sensitive items. I have been exploring Docker recently and will be moving some of the items listed above to Docker Containers due to simplicity, efficiency, and security - I highly recommend using Docker as much as possible.
A couple things to note since my original post:
- OpenWRT is now available for the Raspberry Pi 4B as a rolling release instead of a snapshot. I have used OpenWRT a bunch over the last year (mainly while using a few GL.iNet routers which have a front-end GUI on top of OpenWRT) and I was not a huge fan of the massive amount of customization. It is very powerful and can well suit many out there, but for me it was too much.
- RaspAP has added a few features (and improved upon some) to their software to incorporate Ad Blocking and a VPN Client feature. One of the main issues I had with RaspAP when I originally posted was the inability to setup a second USB Wi-Fi adapter, but I found a script that automatically identifies any attached Wi-Fi adapters and sets it up for you - I then would install RaspAP and be on my way. I actually built this exact setup when I was traveling recently, and because it worked so well I ended up replacement my Mother’s crappy Belkin router with the Pi.
- If you are looking for an all-in-one solution, I suggest purchasing a router that can utilize OpenWRT or some variant (such as ASUS-WRT Merlin) - when searching for a router that is compatible with custom firmware, make sure that the firmware will support your hardware for a few years. I almost made the mistake of buying an ASUS Router that was able to be unsupported by ASUS-WRT Merlin. Additionally, depending on the size of your home, the GL.iNet router product line is a great option - I have purchased two of their ‘Mango’ Routers and one of their ‘Slate’ routers for traveling, but they can absolutely be used as stationary home routers too (and they are cheap).
Can you tell me what exactly your looking to accomplish, and what type of hardware you currently have? How many connected Clients do you plan on having? I might be able to point you to a few solutions.