Upgrading from your basic router, whether it was supplied by your ISP or not, is a huge step towards building a more resilient home network. You could get an off-the-shelf router or take the plunge straight into building your own router powered by pfSense or OPNsense. While there are other options around, like SophosFW (which requires an Intel CPU-based device), the wealth of how-to's and other content around pfSense and OPNsense means they're often the best choice for the first-time firewall fabricator.
Building your own custom router is more than just removing ISP fees and control from the box that controls your internet access. You gain tons of advanced features to play with, the ability to have more devices attached at once, and more while being able to run on fairly low-powered hardware, so the startup costs are low.
6 best practices for deploying pfSense or OPNsense in your home lab
Home lab life is all about learning, and already-established best practices will help your journey.
5 You're tired of paying ISP fees
Basic ISP routers are universally terrible, and you're often charged for them
Your internet service provider has to offer you a router to connect to its services, but there's no expectation that the router has to be good or that it will support the number of devices on your home network. The company might try all kinds of tactics to make you stick with that router, saying things like you'll get the optimal experience with it, or lose access to features if you switch, but they're misrepresenting the facts at best. The basic router that they try to push on you is usually terrible and comes with heavy strings attached.
It could be just enough for the internet plan you first signed up for or lock you out of features that are available on the retail version of the same router. Often, you end up paying a monthly rental fee for it, which is often waived for so many months before it sneaks onto your bill again. And your ISP retains a backdoor connection to it, which they use for pushing updates to the firmware, which means you're not in control. Even a low-powered custom router with pfSense, OPNsense, SophosFW, or others will free you from monthly payments, and from the ISP's clutches.
7 reasons your ISP-provided router is the worst thing about your internet connection
If you're still using the router your ISP provided, it's time for a change.
4 To get the best out of your connection
If you've got gigabit broadband, you'll need a more powerful router
The faster your internet package, the more strain on your router while in use. This might limit the speeds you see on your devices, even if all the router is doing is passing data to one computer. That's why we recommend thinking about upgrading your router before your internet plan to ensure your new speeds are supported by the hardware you're using.
With a custom router, not only do you get better control over your device, but you can get better hardware to maximize your ISP's speeds. That could be 2.5GbE or faster Ethernet ports to enable better connections between your networked devices, the ability to feed Wi-Fi 6E or Wi-Fi 7 access points with enough bandwidth, or to go past gigabit internet speeds if your ISP offers faster plans. Plus, with the right hardware you can keep those speeds high, even when packet inspection and other security features are in place.
5 reasons your internet connection might be slower than advertised
If your internet is slower than it should be, here's what may be causing it and some things you should check to fix it.
3 For timely security updates
Basic routers only fix major bugs, if you get that at all
Basic routers don't often get firmware updates, and sometimes only to fix major security bugs. Plus, depending on how old your router is, it might not give you a notification that there's an update waiting to be installed. ISPs routinely push firmware updates, but these can also be fairly slow to roll out, as they have to test to ensure every device will be stable once the upgrade is finished. Both pfSense and OPNsense have regular updates, as outlined on their documentation pages:
Of the two, OPNsense has a better update schedule for most users. Two major updates are targeted each year, and bi-weekly updates are provided for security issues and bug fixes. pfSense has two schedules depending on if you're using the free Community Edition (CE) version or the paid Plus package. CE typically gets two releases a year, but they're released "when ready" with no scheduled drops. pfSsense Plus targets three major updates per year, again with no set timeline. Both packages let you opt in for notifications when updates are ready.
How to update your router firmware
Your router acts as your first line of antivirus defense
2 For more advanced features
A custom router opens the door to so many options
Basic is as basic does, and a basic router can't be expected to have any features above basic routing capabilities. Maybe you'll get the ability to add one guest network, but that could be it. But when you build a hardware firewall and router with custom firmware, you get tons of extra features and fine-grained control over your network. Plus, they examine outgoing data packets as well as incoming ones, so you get a warning if something is sending data places it shouldn't be, catching malware in the act.
Some of these additional features include only allowing certain types of data transmission to specific devices, like video calls from your video doorbell, or only letting certain devices use VPNs. Plus, they inspect packets while they go through the network and can be set up with intrusion prevention systems (IPS) and intrusion detection systems (IDS) that work together to flag suspicious packets and give them a deeper look. You can even set up sandboxing so that newly downloaded files get held briefly to test if they're malicious or not, stopping issues before they get to your device's hard drives.
How to easily replace your ISP router with a custom OPNsense firewall
Easily create your own router with this free open-source software
1 To support more devices
Basic routers can only handle a handful of connected devices at one time
Seemingly, everything comes with Wi-Fi these days, and that's a problem for poor basic routers. These can often only support a small number of devices connected at any one time and get overloaded with the demands of the average modern house. It's also worth noting that there will likely be two different limits: one for the entire DHCP pool, which is just over 200 devices, and a second limit for how many Wi-Fi devices can be connected at once. The Wi-Fi limit could be lower than 50 devices if you have an older Wi-Fi 5 router.
By splitting your network equipment into a custom router and a wireless AP, you gain the ability to support more connected devices at once. You might need several APs to connect the number of wireless devices your home has without slowdowns, but it will be a better experience overall than any basic combo router.
Five essential things to keep in mind when building your home network
Save yourself some time, effort and trouble by considering these things when building out your home network
Replacing a basic router with a custom OPNsense, pfSense, or SophosFW box makes your network better
Basic routers are fine for connecting homes with relatively modest connectivity demands. The problems start when you add more connected devices than the router can sustainably support, leading to slowdowns and other issues. If you're serious about the speed and security of your home network, building a custom router with OPNsense, pfSense, or any of the other easily available router firmwares is a great way to learn more about networking while keeping your home network secure.