this post was submitted on 12 Jan 2026
34 points (97.2% liked)

Selfhosted

54479 readers
734 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
34
Homelab hardware choices (programming.dev)
submitted 21 hours ago* (last edited 6 hours ago) by hacktheplanet@programming.dev to c/selfhosted@lemmy.world
21 comments fedilink hide all child comments
 

[EDIT: Apologies for missing rule 3, my question is quite hardware focused. I will post any future follow ups elsewhere]

Hello fellow Lemmings (?).

Full disclosure, the text below is identical to my post on the OPNSense Forum, so apologies if you get déjà vu. I can edit the post and make it totally unique if just copying and pasting it here is against the rules, but I just figured that Lemmy would be a great place to get advice as well, as it embodies the selfhosting/homelab ethos and I might get some more diverse/independent advice here.

My Post

I will be building out a homelab and would like to have the router running OPNSense. I am coming from a Fritzbox 7530 AX.

I am considering a number of hardware options and would appreciate some advice to help me narrow it down.

Use Case

My use case, as I implied above, is to set up a homelab but also just have a secure and functional home network, so I can do the following:

  • Segment my network into multiple VLANs
  • Set up semi-managed switches
  • Set up access points
  • Explore the IDS/IPS features - will probably run CrowdSec
  • Support personal devices for a household of 2-4 people
  • Set up PoE security cameras on seperate VLAN
  • Establish homelab to mess about with things like HomeAssistant, etc.
  • Set up a VPN or similar means of accessing self-hosted services when away from home
  • Future proof my network, at least 2.5G capable

My maximum budget would be €800, though ideally I'd like to stay well under that if possible.

Ready and Purpose Built Options

As far as brand new devices, I have been looking at the following:

1. Protectli VP2430

Pros:

  • From my understanding, specs wise it should be able to handle everything I need.
  • I can also configure it to have more than 8GB of RAM or just get it with 8GB and update it myself down the road if I see the need.
  • Can be configured with Coreboot -Can be configured with a TPM
  • Has a standard 2-year warranty

Cons

  • American company (with EU offices) - would prefer to support an EU company and not have to worry about current/future international relations
  • Relatively pricey, considering similar devices are available from Ali Express and other similar marketplaces

Overkill alternative:

Protecli VP2440

Similar pros and cons, just not sure if getting 10GbE is worth it.

I am not really convinced of the various Chinese brands that do similar devices, primarily due to concerns regarding ongoing support and security updates, but if somebody has similar suggestions that address these concerns somewhat, I would be interested in finding out more.

2. DEC697

Pros:

  • From my understanding, specs wise it should also be able to handle everything I need.
  • Supports OPNSense development
  • European
  • Comes with 2 year warranty
  • Comes with 1 year OPNSense Business Edition

Cons:

  • RAM not upgradable, may not be as future proof?[/li]
  • Also pretty pricey

Questions I have about this product:

  • Since this is running an AMD chip, does the lack of Coreboot still present a loss in terms of privacy and security?
  • How limiting will 8GB be going forward?

Overkill alternative:

DEC750

Again, mainly for 10G future proofing.

Mini PCs

I have also looked into repurposing a SSF/USFF device as a router, like for example a Lenovo ThinkCentre M720q. I also have access to a bunch of Optiplex 5070 Micros, but these don't have the advantage of the PCIe slot (when used with a riser) that the Lenovo has.

Pros

  • Much cheaper
  • Possibly slightly better specs
  • Can be configured with more RAM later
  • Relatively low power still

Cons

  • Sourcing a device that's in good condition, with original power brick may be difficult
  • Need to source reputable/genuine Intel NIC
  • Need to source riser for PCIe slot or alternative for the Optiplex option
  • Very DIY, would feel afraid of misconfiguring the device and exposing myself to security issues
  • No warranty or support
  • Not as quiet
  • Higher power consumption

I also have an old Intel i5-4960k and GTX 970 system lying about in a big case, which maybe I could look at converting into a small form factor build, similar concerns as above though (mainly around security). In general, I am comfortable enough with problem solving with servers and personal devices as a Linux user, but ideally my router would be fairly set and forget (and reliable!), which I'm not sure these options would provide.

Open to any alternatives in this space that would be more straightforward than the ThinkCentre/Optiplex 5070 Micros.

Bonus questions:

  1. Has anybody had luck putting a device with OPNSense on it downstream of a FritzBox (which doesn't seem to support bridge mode) without too many issues due to double NAT? I've heard mixed reports that you can put the OPNSense router in the DMZ and forward traffic there, in order to avoid some issues with double NAT.
  2. Does anybody have any suggestions for PoE capable switches and access points that play nicely with OPNSense - I've been considering MicroTik but I'm not entirely sure what to look for.

Any advice very much appreciated. Happy to elaborate on anything if need be.

you are viewing a single comment's thread
view the rest of the comments
[–] Cyber@feddit.uk 1 points 1 hour ago

The advice above matches mine.

I have a home-built pfSense unit and when parts die (not if), then I just replace them with spares I have already waiting... as that box is now critical for you.

I also have a Fritz in bridge mode with the pfSense doing PPPoE through it, so effectively, the firewall is the first real device on the WAN. Makes things much simpler as the WAN interface has status like packet drops, etc, much easier to diagnose issues.