Replies

Since you can run DD-Wrt you should check into setting up a PFSense router. You can do it on the cheap. I did. Old PC I wasnt using anymore. $12 IBM decommissioned server (Intel Pro) 4 port gigabit card from Fleabay. It runs very well and is secure. My IOT stuff (No mics, no cams, no spying) is hard firewalled through an old netgear 2.4 access point with its own dedicated and tagged port. Separate network completely running through a separate VPN tunnel. Firesticks, same, with their own 5GHZ network and port. My stuff runs through the rest. Every network separately VPN tunneled.

There is a steep learning curve to PFSense but it is short. Once you know it you are in 1000% control of your network. You can do a lot with it. Tools like Suricata and PFBlocker-NG are very very very nice. Google them.

No mysteries on your network. You know everything. I have an enterprise grade router for $12, and it outperforms the most expensive wireless routers on the market by orders of magnitude in capacity as well as features. Your current WiFi just becomes dumb access points, and performance goes up because you arnt asking much from them.

You dont need a very capable computer. BSD, the underlying OS is extremely efficient. You need a descent retired server Intel based multiport card (best comparability, but others work) and a computer most people would chuck in the trash.

I highly highly recommend it. Traffic shaping QOS and stateful packet inspection and VPN bring the little chinese boxes to their knees. Pick one. This says, yes to all at the same time, and what else do you need, with 4 gig of ram and a 2.66 core duo with a tiny SSD. $40 computer on a good day with a $12 card and free open source software.

BTW, It scales. Put some iron behind it and you could easily handle a network with 1000’s of nodes and want to scale further, it scales load balancing everything between the boxes.

Most of the time like when 2 firesticks are going and I am downloading or uploading and a cpl people are browsing the CPU sits barely above idle at under 10% load with full stateful inspection making sure no yucky exploit or malware or worse stuff gets into my network, blocking adds, blocking china, blocking other problematic ips, etc.