this post was submitted on 12 Jan 2026
31 points (97.0% liked)

Selfhosted

54479 readers
556 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
31
Homelab hardware choices (programming.dev)
submitted 17 hours ago* (last edited 1 hour ago) by hacktheplanet@programming.dev to c/selfhosted@lemmy.world
18 comments fedilink hide all child comments
 

[EDIT: Apologies for missing rule 3, my question is quite hardware focused. I will post any future follow ups elsewhere]

Hello fellow Lemmings (?).

Full disclosure, the text below is identical to my post on the OPNSense Forum, so apologies if you get déjà vu. I can edit the post and make it totally unique if just copying and pasting it here is against the rules, but I just figured that Lemmy would be a great place to get advice as well, as it embodies the selfhosting/homelab ethos and I might get some more diverse/independent advice here.

My Post

I will be building out a homelab and would like to have the router running OPNSense. I am coming from a Fritzbox 7530 AX.

I am considering a number of hardware options and would appreciate some advice to help me narrow it down.

Use Case

My use case, as I implied above, is to set up a homelab but also just have a secure and functional home network, so I can do the following:

  • Segment my network into multiple VLANs
  • Set up semi-managed switches
  • Set up access points
  • Explore the IDS/IPS features - will probably run CrowdSec
  • Support personal devices for a household of 2-4 people
  • Set up PoE security cameras on seperate VLAN
  • Establish homelab to mess about with things like HomeAssistant, etc.
  • Set up a VPN or similar means of accessing self-hosted services when away from home
  • Future proof my network, at least 2.5G capable

My maximum budget would be €800, though ideally I'd like to stay well under that if possible.

Ready and Purpose Built Options

As far as brand new devices, I have been looking at the following:

1. Protectli VP2430

Pros:

  • From my understanding, specs wise it should be able to handle everything I need.
  • I can also configure it to have more than 8GB of RAM or just get it with 8GB and update it myself down the road if I see the need.
  • Can be configured with Coreboot -Can be configured with a TPM
  • Has a standard 2-year warranty

Cons

  • American company (with EU offices) - would prefer to support an EU company and not have to worry about current/future international relations
  • Relatively pricey, considering similar devices are available from Ali Express and other similar marketplaces

Overkill alternative:

Protecli VP2440

Similar pros and cons, just not sure if getting 10GbE is worth it.

I am not really convinced of the various Chinese brands that do similar devices, primarily due to concerns regarding ongoing support and security updates, but if somebody has similar suggestions that address these concerns somewhat, I would be interested in finding out more.

2. DEC697

Pros:

  • From my understanding, specs wise it should also be able to handle everything I need.
  • Supports OPNSense development
  • European
  • Comes with 2 year warranty
  • Comes with 1 year OPNSense Business Edition

Cons:

  • RAM not upgradable, may not be as future proof?[/li]
  • Also pretty pricey

Questions I have about this product:

  • Since this is running an AMD chip, does the lack of Coreboot still present a loss in terms of privacy and security?
  • How limiting will 8GB be going forward?

Overkill alternative:

DEC750

Again, mainly for 10G future proofing.

Mini PCs

I have also looked into repurposing a SSF/USFF device as a router, like for example a Lenovo ThinkCentre M720q. I also have access to a bunch of Optiplex 5070 Micros, but these don't have the advantage of the PCIe slot (when used with a riser) that the Lenovo has.

Pros

  • Much cheaper
  • Possibly slightly better specs
  • Can be configured with more RAM later
  • Relatively low power still

Cons

  • Sourcing a device that's in good condition, with original power brick may be difficult
  • Need to source reputable/genuine Intel NIC
  • Need to source riser for PCIe slot or alternative for the Optiplex option
  • Very DIY, would feel afraid of misconfiguring the device and exposing myself to security issues
  • No warranty or support
  • Not as quiet
  • Higher power consumption

I also have an old Intel i5-4960k and GTX 970 system lying about in a big case, which maybe I could look at converting into a small form factor build, similar concerns as above though (mainly around security). In general, I am comfortable enough with problem solving with servers and personal devices as a Linux user, but ideally my router would be fairly set and forget (and reliable!), which I'm not sure these options would provide.

Open to any alternatives in this space that would be more straightforward than the ThinkCentre/Optiplex 5070 Micros.

Bonus questions:

  1. Has anybody had luck putting a device with OPNSense on it downstream of a FritzBox (which doesn't seem to support bridge mode) without too many issues due to double NAT? I've heard mixed reports that you can put the OPNSense router in the DMZ and forward traffic there, in order to avoid some issues with double NAT.
  2. Does anybody have any suggestions for PoE capable switches and access points that play nicely with OPNSense - I've been considering MicroTik but I'm not entirely sure what to look for.

Any advice very much appreciated. Happy to elaborate on anything if need be.

top 18 comments
sorted by: hot top controversial new old
[–] kumi@feddit.online 1 points 8 hours ago* (last edited 7 hours ago) (1 children)

Odroid H4+ (Intel N97 4c; comparable to the CPU of that Protectli) and H4 Ultra (Intel N300 8c) also worth considering. Versatile units from a small established Korean maker.

https://www.hardkernel.com/shop/odroid-h4-plus/

https://www.hardkernel.com/shop/odroid-h4-plus/

https://www.hardkernel.com/shop/h3-h2-net-card-2/

If you plan on virtualizing or running a bunch of containers on it I think it's worth looking at the higher-core models and more RAM. If it's just for OPNSense, such 4c with 8G should be plenty.

Also, if you can afford, I strongly suggest getting two of whatever you go for and not doing anything important with the secondary. It really sucks if you have some unexpected issue (hardware failures and OS regressions can happen to anything) and don't have anything on hand to replace your main router with. Since you'll be labbing it can also be very freeing to have a testing/dev/staging/playground/debugging device with the same hardware and messing around won't take down your production network. IMO this is higher priority than higher specs if you have to do tradeoffs.

[–] hacktheplanet@programming.dev 1 points 1 hour ago

That's a very interesting option actually. I haven't followed Odroid in several years, but they seem to really have come on specs wise.

I saw that some users had concerns about I226-V NICs and that workarounds are needed sometimes - do you know if that's still the case?

I don't think I will be visualizing my router setup, I will do a bare metal install, but I do like the idea of having a second one of these as a backup server/router.

[–] Klox@lemmy.world 4 points 12 hours ago* (last edited 12 hours ago) (1 children)

For a Homelab, I cannot imagine going with anything other than older used SFF boxes for my router. I've been running PfSense and then OPNSense on them for over a decade.

[Mini PC] Very DIY, would feel afraid of misconfiguring the device and exposing myself to security issues

The risk is there for every router software, and the form factor won't change that. The OPNSense software is pretty solid and the tutorials are less likely to lead you astray. You will learn a lot with a deep dive on OPNSense. So I'd say just go for the used hardware. The nice thing is your entire OPNSense config is a single file making it easy to back up and restore. If the hardware it craps out on you in 5 years, you take your OPNSense config (regularly back it up with one of the plugins) and a new mini PC and you are running again.

A general PC will crush most routing tasks. The only concern is encryption but anything newish should be fine. Multi gig connections and 10G inner network has been great on my Optiplex.

  1. Does anybody have any suggestions for PoE capable switches and access points that play nicely with OPNSense - I've been considering MicroTik but I'm not entirely sure what to look for.

They should all be fine. OPNSense is your router and firewall, and IMO it doesn't really influence my downstream hardware choices (switches, APs, etc.).

Not sure how the used market is in UK. Last year I decided to go 10G so bought a used Brocade ICX 7250 48x PoE+ RJ45 8x 1/10 GbE SFP+ Gigabit Switch for $78 on ebay. Its been so nice! 48x PoE ports and 6x 10G ports. It takes a detailed walkthrough and some head scratching to get it running well so I wouldn't really recommend it specifically without a bit of experience. But it is easily the best bang for your buck. Throw in 10G SFP+ PCIE module into all your important machines and use passthrough DACs and you've got a flexible 10G setup for $200-$300.

I am not familiar with FritzBox so not sure how that changes the calculus.

[–] hacktheplanet@programming.dev 2 points 1 hour ago

Yeah I think my concerns regarding using a mini PC might be misplaced, but I was more thinking in terms of the bios and firmware of the mini PC, i.e. if it it's an older model, will it continue to receive updates. But then again I guess that would take a security vulnerability somewhere higher up the stack to exploit in the first place. 🤔

OPNSense's default security posture does seem pretty good and will likely be a significant uplift from my router's basic firewall.

Didn't actually know about the single config thing, very useful.

That switch looks like a serious bit of kit! I'll be taking it easy first, space is also at a bit of a premium.

[–] hendrik@palaver.p3x.de 6 points 16 hours ago* (last edited 16 hours ago) (1 children)

Sorry, I don't have an answer to your question, but two other communities that would fit: !homelab@lemmy.world and !homelab@selfhosted.forum

They're both not really active, though. And someone asked about OpenSense hardware before and didn't get any answers...

Just writing this so you have some other places to look up, in case your post gets deleted, I think you're technically in the wrong community here. As per rule 3 in the sidebar, this community isn't about hardware questions.

[–] hacktheplanet@programming.dev 2 points 2 hours ago (1 children)

Oh my bad, sorry I'm not really used to the Lemmy interface yet. I'll reply to the people who were kind enough to give advice here and post any follow ups elsewhere. Thanks for the tip.

[–] hendrik@palaver.p3x.de 1 points 1 hour ago

No worries. Your post was well-written. And I'm glad people could offer some advice. Not even the proficient Lemmy users get all of this right all the time. I just figured I'd drop you a comment in case the mods take action, to spare you the effort to also learn about the modlog and how to look up their note... But seems it wasn't necessary 😄

[–] poVoq@slrpnk.net 5 points 16 hours ago (1 children)

This might be a good choice: https://libreboot.org/docs/install/x2e-n150.html

[–] hacktheplanet@programming.dev 1 points 1 hour ago

Interesting, totally forgo about Libreboot. I've never flashed a chip before, but that could be an option too.

[–] irmadlad@lemmy.world 3 points 14 hours ago (1 children)

Protectli VP2430

Pricey. I mean, if you have the cabbage, no worries. However, you can find off brand, but similar for much less on ebay or Ali Express. I don't run OPNsense, but I do run pFsense. My pFsense box runs pfblockerng, suricata, ntopng, unbound, tailscale, I use a ton of feeds, and quite the robust set of rules. It doesn't take a super computer to be an effective OPNsense or pFsense firewall.

Mini PCs

Lenovo's are nice, sip power, quiet, but unless you can source some used ones they get pricey.

[–] hacktheplanet@programming.dev 2 points 1 hour ago (1 children)

Do you have any recommendations for brands on Ali Express?

I am still considering the Lenovo route, will do some more digging, thanks.

[–] irmadlad@lemmy.world 1 points 44 minutes ago

As far as brands of firewall appliances on Ali Express, I hate to say it, but at the off brand level, it's 6 of this, half dozen of the other. You pick the spec that gives you the best bang for your $$. Before I pulled the trigger tho, I would do a cursory search for reviews. You're probably not the only person on the planet that has ever bought that specific off brand, so the chances there is a review somewhere is good.

[–] MuttMutt@lemmy.world 4 points 16 hours ago* (last edited 12 hours ago)

Honestly, I suggest going onto ebay and buying an old server hardware. My TrueNAS and OpnSense boxes as well as my 10G switch and my 48 port 1G switch were purchased used on ebay. My TrueNAS came from UnixSurplus https://www.ebay.com/str/unixsurpluscom and I have purchased hardware for others from them. They list their TrueNAS ready systems under FreeNAS but it doesn't matter, the HBA's are flashed to IT mode already so all you need to do is add drives and install an OS.

Yes 10G can be useful if you have a lot of users or transfer large files. I edit video and I store it all on my server.

Yes 8GB of RAM will be limiting, ZFS needs a minimum of 16GB to function correctly.

The switches and AP's shouldn't care what the router OS is. I use OpnSense, my 10G switch is a Quanta LB6M, my 1G switch is a Dell Power Connect 5548, I have 2 TP-Link EAP650 AP's with a TP-Link Omada OC200 controller and will be adding another AP when my upstairs is finished.

For POE I just use an injector with my Power Connect. My AP's, the OC200, and multiple cameras are all POE.

I've found that if the equipment powers up and works for a week it will continue to do so for a long time, I've used the Quanta LB6M since 2016 or so.

[–] tofubl@discuss.tchncs.de 4 points 16 hours ago (1 children)

I have one of those n100 mini pcs with 4x2.5G NICs. My ISP device does have bridge mode but I never enabled it. Being new to opnsense, the NAT rules gave me a headache but got it to work fine before long.

Downside to the device is no bios updates ever. Otherwise it's perfect for me. Debian + incus + opnsense VM. Some additional Docker services in separate VMs. Fanless, so completely silent in the living room next to the modem. And plenty of power to spare. I'm not close to maxing out the cpu by any stretch.

[–] hacktheplanet@programming.dev 1 points 1 hour ago

Interesting! How much RAM does your device have, if you don't mind me asking?

I am hoping to be able to do the same and just have it downstream of the ISP router, will make the setup more portable if down the road we change provider.

[–] Decronym@lemmy.decronym.xyz 1 points 14 hours ago* (last edited 42 minutes ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
AP WiFi Access Point
LXC Linux Containers
NAT Network Address Translation
PoE Power over Ethernet
ZFS Solaris/Linux filesystem focusing on data integrity

5 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.

[Thread #999 for this comm, first seen 13th Jan 2026, 00:15] [FAQ] [Full list] [Contact] [Source code]

[–] Natanox@discuss.tchncs.de 0 points 11 hours ago (1 children)

Nitrokey's devices are also worth a look, they're a European company based in Germany and really know their stuff. Their NitroWall routers run on Coreboot and come with either OPNsense or OpenWrt.

[–] hacktheplanet@programming.dev 1 points 2 hours ago

Interesting, I had no idea they make anything besides the Nitrokey. Will check them out.