Best LOCAL ONLY Wifi Router In 2021?

I need a new WiFi router, and thought I had zeroed in on the Ubiquiti Dream Machine, until I discovered that you apparently have to create an account with UI.com in order to use the device; and that is a deal-breaker for me. Can someone recommend a similar device that is completely 100% LOCAL ONLY?
I am willing to spend up to $300usd for such a device.

Thank-you

What about Fritz!Box?

I am a little overwhelmed by their product line-up. Any suggestions as to which model?

Depends on your DSL. I’m using 7590 (7490 before) with a 100 MBit DSL line.

Agree with you. It is a total turn-off that Ubiquiti wants an account created, just to use its products.
Not cool at all.

1 Like

I have used OPNsense, open source and free, for nearly a year on an old x86 box with a 1Gb NIC and won’t go back to a proprietary router. You will need a separate access point but that is no big deal.
OPNsense is state of the art and regularly updated for both bugs (not many) & new features.
No accounts required.

Apologies for being late to the thread.

I use pfSense, which has a common lineage with OPNsense. The router is followed with a manged switch (D-Link DGS-1510), which may not be necessary if the router/firewall host has enough NIC ports for your application.

For the Wi-Fi, I use an access point made by TP-LInk (EAP 245). You don’t necessarily need a controller (in the Cloud for UniFi) unless two or more access points are meshed. The controller can be hosted locally on Linux or Windows. Mine is hosted on my desktop PC.

Any of these functions can be mixed and matched with heterogeneous hardware, but the downside is the learning curve of a unique user interface for each function. Moreover, configuration can be arcane at first unless you have a background in networking. FWIW, I’m still learning.

Here’s a company providing off-the-shelf network appliances for the router/firewall software. The site has resources for selecting an appliance and configuring certain software-defined routers. Moreover, there’s plenty of information on YouTube to help you with initial installation and configuration. Of course, you can assemble your own using an x86 single-board computer or PC parts (as @Tromperie has done).

https://protectli.com/

Thanks for the information. My Protectli hardware will be here in a couple of days. I know very little, but, am learning! I stumbled across all of this by listening to a podcast, Privacy, Security & OSINT with Michael Bazzell. I went with his recommended WiFi access point, a GL.inet Beryl, which so far is suiting my needs.

I just looked up the Beryl. It looks like a cool (little) router. Potentially, you could load OpenWRT on the Protectli and have a common software platform for both boxes.

https://downloads.openwrt.org/releases/21.02.0-rc4/targets/x86/

The Beryl is designed to be a travel router, but, works well as an access point too, because its opensource, and because its not broadcasting your ssid to Timbucktoo. What advantages would there be with both the access point and the Protectli running OpenWRT? I am pretty well sold on pfsense. I am not sure there’s anything better.

The only benefit might be a reduced learning curve.

pfSense has been my preference and there are loads of online resources. I have a tiny single-board computer and it’s been loafing along (2 – 4 % CPU) for nearly three years.

https://www.netgate.com/blog/pfsense-2-2-4-on-minnowboard-turbot-dual-ethernet

I have been testing pfsense with an old desktop computer, and think I’ve figured out the basics. Corrected me if I’m wrong though … I assume, due to pfsense’s security, Home Assistant won’t talk to it, correct?

The Ubiquiti Dream Machine is only kind of cloud based. You are required to have a UI account to set up the device, but as soon as it is setup, you can disable remote access, create local administrator account and it is 100% local (though you still need Internet for updates of course).

The new EA Unifi Dream Router is crazy good for the price point. It is basically a new gen UDM, but for only $79 (assuming the price does not change for GA). Once it is in GA, it will be the router I recommend to any of my friends and family (I have a UDM Pro + multiple APs, it is a bit out of my use case).

EDIT: The only two features I have encountered that actually need the cloud connection is enabling beta versions of software and the Android Unifi Protect app. The Android Unifi Protect app is actually a bug though since it is Android only (not iOS). There is a bug that makes it so you cannot discovery local consoles across VLANs on Android.

I’m not quite sure what you mean.

HA still needs external 'net resources for software updates, add-ons, DNS, NTP, and any integration with a network API. In my case, I use Nabu Casa for external access (requires no port forwarding) and I access a home thermostat via an API server in Canada (where there is the PIPEDA and the Privacy Act). I tolerate these and a couple other integrations. DNS and (I think) NTP have some hard-coded IP addresses requiring 'net access.

When you first install pfSense, it has no inbound forwarding configured and no uPNP or NAT-PNP enabled. All LAN connections will be initially allowed outbound access using the default “Automatic Outbound NAT” mode, and that includes your HA host. You’ll find no open ports from the outside looking in. From this default configuration, you can add firewall rules to restrict local hosts to access the 'net, or allow forwarded outside connections to traverse the router to the LAN (which requires great care). Ultimately, you’ll isolate and restrict internal LAN traffic and determine what’s allowed to connect to external resources. There are multiple strategies and methods for doing this, as I’m learning.

https://docs.netgate.com/pfsense/en/latest/install/install-pfsense.html#pfsense-default-configuration

My apologies for being ambiguous. What I meant is: are there no HA integrations for pfsense? There was an integration available for my old router than allowed me to better monitor the presence of my phones on the network, and I think I’ve read there isn’t one for pfsense, and I assume its due to security concerns.

Just go with Ubiquiti, not necessarily the Dream Machine. I have the Ubiquiti Edgerouter and it’s brilliant, with two AP’s connected, but you could use the Security Gateway instead (the Edgerouter cannot be managed from the UniFi Controller). No need for an internet connection / cloud and the Unifi Controller is managed via HA which is where I manage the whole thing other than the Edgerouter hardware itself.

Oh. Now I understand.

Although I haven’t done it, you can get to pfSense metrics with SNMP:

https://www.youtube.com/watch?v=CKPbIeiJ2AQ
https://community.home-assistant.io/t/pfsense-stat-monitor/61070/34
https://community.home-assistant.io/t/device-tracker-with-pfsense-router/22231/75
https://docs.netgate.com/pfsense/en/latest/services/snmp.html
https://www.home-assistant.io/integrations/snmp/

As an aside, there is some Netgate development activity related to an API.

1 Like

Thank-you! My primary concern is the privacy and security of my network. How HA integrates is secondary.

1 Like

For the first initialization, you need a UI account indeed. Once done, you can create a local admin one & stop the link the cloud to have it fully managed locally.