Router Advice: Unifi Dream Machine or...?

[WantoN]

Hello gents,
Need advice for a new router / internet setup. First step is probably to buy a DrayTek Vigour 130 modem unless advised otherwise.

Plan to switch from Sky to Zen when contract ends. God knows what I'll do about TV and phone. Maybe FreeView / FreeSat and a VoIP solution? (Mrs insists on a landline).

I want:

• VLANS to seperate IoT and guests
• Strong IP handling
• Robust security
• Options for IP camera setups with remote access (Unifi or QNAP)

Originally decided on a Unifi Dream Machine, but there's reports of software that's still buggy, and machines that overheat or break. I'm considering:

1. Unifi Dream Machine
2. Unifi CloudKey V2 (plus?) + Unifi Router (USG?)
3. LinkSys AC3200 + OpenWRT
4. Some Mesh network solution

1. offers a great all in one solution, with some reliability concerns and no access to Protect / Unifi cameras.

2. Offers flexibility, and future camera upgrades, but will be costly and more bulky

3. Is an open, evolving solution I don't understand enough

4. Quick to setup but either lacking in features or very expensive. I have a small house

I could shift camera duties to the QNAP in the future, perhaps offloading the PiHole duties to a raspberry Pi.

Looking for product suggestions and advice lads. Anything at all is really appreciated. There's an intimidating amount of kit out there!

Spoiler: Current Setup

• Sky Q router, wireless off
• Unifi AC-Lite handling wireless
• 8 port PoE switch - AV cabinet
• Cat6 from AV cabinet to Office
• 4 port switch - Office
• QNAP TS-453 (PiHole Docker)
• Wireless devices : phones, laptops, quite a few IoT devices

 

[WantoN]

Blown away by the response chaps. Thank you. I'll clarify some details below, chuck some questions your way if that's alright, and lay out my revised options.

Budget
I am eternally skint The UDM and Vigour 130 is all I can stretch to for the internet side of things.

So about £400, preferably (much) lower.

Maintenance
One important aspect that probably should have occured to me sooner, is that this needs to be relatively bullet proof, not to mention set & forget if needed.

I'm not well, and whilst I love a project, sometimes I won't be in a place to faff about with it.

More importantly, if something happens to me, I don't want my wife to be stuck with a bunch of expensive paperweights, no internet, no TV, and no idea where to start.

My requirements

1. IoT devices on a separate VLAN which would only be able to talk to devices on my main VLAN when in use. I'd like this to be seamless. I'm confident the UDM does this, although I've read about some limitations on VLANS on the non-pro version?

2. Guest network with some parental / dodgy site restrictions. No access to IoT or NAS. Access to printer, and a splash screen, would be nice.

3. Functional & Secure; Basic static IP assignment, robust security / firewall, port forwarding & blocking, DNS server assignment. VPN would be nice too.

4. Future expansion into IP cameras. Doesn't have to be built into the router, just want to be able to remotely access live feeds / recordings, much like I do with my current Arlo setup.

@visibleman Great minds think alike fella, I'd been looking at the Draytek 2862ac. Could you advise if it can do all of the above?

Can I throw a total curveball in here and suggest the QNAP QGD-1600P Guardian? As well as being a QNAP NAS, it’s also a powerful router.

You certainly can mate, love a curveball! This looks like a phenomenal bit of kit. Exactly the sort of thing that gives me the nerd-tingles. Unfortunately, it's way out of my budget. Awesome suggestion though, thank you.

Question : Do you know if my TS-453 would be suitable for managing at least 4x 1080p cameras?

The NAS mainly handles backups in the wee hours, and stores my film library which I transcode and stream at 480p. It has a container running PiHole, and I'm in the middle of adding one for Canary. These could be moved to a Raspberry Pi I could spare 1-2gb of capacity on it.


Components

Modem

What’s the Vigor 130 specifically going to do for you that an £10ish HG612/ECI won’t?

As for Avalon’s suggestion on the second-hand ECI or Huawei modems from eBay. Yes, they’re great. Buy two!

Brilliant. I am all about second hand. Saves dosh, and it's good to re-use something rather than it go to landfill. If I choose a seperate modem solution, this is a no-brainer

you could use the Zen supplied Fritzbox modem/router in PPPoE Pass-through mode

Zen informed me they would supply a Technicolour router for this purpose, as the Fritzbox doesn't support it?

Another great option though. I could use the HG612 with Sky, and decide which to keep when Zen is installed.

Solution : HG612 second hand and/or Technicolour from Zen

Router
After all of your particularly sage advice, revised options are:

• Unifi Dream Machine. Does everything I want. Looks great. Could integrate my AC-Lite for the garden / any dead spots. Pricey. Not perfect. Requires seperate modem. All in one solution means faults could be costly.

Thanks for setting my mind at rest @Avalon and @WJA96

• OpenWRT solution. Eg; Linksys WRT3200. Flexible, powerful, potentially cheap if I can get the right model, or pick one up second hand. Requires more setup, no tech support.

Question : Any other router suggestions?

• All-in-one solution. Eg; Draytek 2862ac. Lacks the continued development of the UDM, but second-hand is much cheaper. No modem needed. The Draytek doesn't look like a beautiful space alien suppository.

Question: Any other all-in-one recommendations?

• Self built solution; pfSense / Untangle. Most flexible. Fun. Containers; PiHole, Canary, BluIris etc. Have parts, cheapest option? Bulky. No warranty or support.

Questions:
Is a 4790k, Z97M and 16gb of Ram suitable?
Should I get a separate Network card? Which one?
Any vulnerability concerns on older Intel hardware?


Note : I've removed the USG and Mesh solutions from the list.

Landline
@Avalon Don't get me started mate. The Mrs bought these (admittedly rather spanky) DECT Panasonic handsets, after deciding that we needed a landline, even though we've not used one for years. She is otherwise rational and awesome, so this is a concession I'll begrudgingly make.

I'll probably go Zen as you suggest once we switch. Was initially put off by their rates, and packages, but we'll never use it anyway.

Voipfone looks like an excellent solution. If I eventually use Zen it's still a good stopgap. Needs an adapter, Voipfone offers the Cisco SPA112 for £60 which seems about the going rate. Even better, I can get one second hand for about £30.

Question:
Any suggestions for a cheaper VoIP adapter?
Are these just plug and play?

Television Packages
In addition to changing TV package, the Mrs wants a kitchen TV so I've been looking at using a Chromecast. Could apply this to the main TV as well. I believe we could watch live channels, as well as catch-up and streaming services. I'm assuming we can pause and rewind, but no recording.

Question: Is the Chromecast a good choice for this?Any other suggestions?

• Sky, TV Only package. We pay very little already, mainly just Freeview channels. Recording etc. No up front payment. Contract.

• FreeView - Costs nothing per month. Same channels as now. Need aerial and box; £200 minimum. No contracts. 3 years to break even!

• FreeSat - Have dish. Less channels & Box selection than FreeView. No contracts. 2 years to break even.

Question: Anyone have any experience with FreeSat they can share?

• ChromeCast / NowTV - Flexible, streaming services and Live TV. Passes as needed. No contracts. No aerial costs. Small cost of entry. Big drawback is we can't record.

Question: As above. Is the Chromecast a good choice for this? Any other suggestions?


Conclusion

Seems there's about a dozen ways I could approach this, all with their pros and cons, and I can't reasonably ask any of you to definitively tell me what I should go for

That being said, I very much appreciate answers or advice you're willing to provide to any of the myriad questions I've posed. You've already been a massive help, thank you!

That's all for now. Sorry about the ridiculously long posts. Stay safe, have a fab Christmas, and may 2021 be a better year for us all!

 

[WantoN]

Been looking at the pfSense solution and I'm rather taken with the idea. There'd be no discarding of my access point and I have most of the hardware already.

I also believe it could act as a print server, as well as run dockers / VMs for Unifi, PiHole, Canary etc ?

If this is the case then the only other solution with as much appeal would be the UDM. Given it's evolving, looks good and has support / warranty.

Parts I have:

• Ubiquiti UAP-AC-LITE
• i7 4790k & aftermarket cooler
• MSI Z97M, mATX
• 16GB DDR3 2400mhz
• 256gb Sata SSD
• Materials and fans to make a case

I believe l would need :

• HG612 Modem
• NIC - Intel Pro 1000 PT, Quad
• Power Supply - 350W min, SFX

If I'm savvy I could get all three for around £80, more if I have to buy the PSU new. Another £30 for the Cisco SPA112, if I go with VoIP.

I could put together a quick and dirty case (acrylic & mesh) mounted behind my desk.

I'm feeling flush I could buy an m.2 SSD for cleaner wiring, and splash out on the Silverstone SX500-LG for a bigger fan, more power and modular cables. With all that I'd still be at half the cost of a UDM.

Really given me a lot to think about, cheers chaps!

 

[WantoN]

What do you mean by the bit I've underlined?

I'm not a fan of assigning static IP addresses using DHCP. .

Have a look at the Grandsteam HT-801, they're about £30.

RE: VLANs I saw it covered in a UDM setup video from Crosstalk solutions iirc. IoT devices could not talk to those on the main VLAN. Devices on the main VLAN had to first start 'talking' to the IoT device, then they would communicate as normal. Was seamless.

RE: Static IPs. In the past I've excluded say 20 IPs from the DHCP range, specifically for assigning them to devices via the router. Leaving plenty spare for expansion. Most devices assigned static IPs were left on DHCP. I keep a spreadsheet of assigned IPs. Love a good spreadsheet

@the-evaluator Never had an issue with this beforr. Is it bad practice?

RE: Grandsteam HT-801 recommendation. That's awesome thanks mate, if I can find one second-hand its a solid alternative to the SPA. I'd like to avoid VoIP entirely if I can though.

As Armageus says though, you could opt for the vanilla 2862 and then use whatever AP you wanted.

That's excellent thank you mate. Really useful info. The 2862 looks like a perfect alternative, as I already have the AC-LITE. Significant saving over the wireless version and no need for a seperate modem!

Despite running PFSense at work for 100+ Computers, it's not really something I'd want at home

4790k is overkill - even a Dell Micro/Lenovo Tiny/ HP Mini PC would be a better option

EDIT: It may also worth considering a dedicated NVR for your CCTV - things like HiLook by Hikvision, or one of Uniview's dedicated NVRs can be had cheaply, and "will just work" - no fuss, no further licenses, and are then independent of whatever else you might want to mess around with on your router, VMs, etc.

RE: CCTV, ah that's great thank you mate. Really surprised by how cheap that HiLook is. Got any cheap camera recommendations that would be better than Arlo cameras,?

RE: pfSense. How interesting. Why wouldn't you want it at home ?

RE: The hardware. What makes those mini-PCs the better option?

For the record I appreciate the 4790k is excessive, but the parts are literally just gathering dust, and for £80ish would give me a complete build. Wouldn't it be more than capable of doing everything I need and more?

My thinking was it also gives me more options for VMs etc, as I'll be able to assign resources with reckless abandon

Router wise your hardware is overkill, thanks to intel's power gating technology it's not going to suck that much power, you could run bare metal or you could re-purpose the old hardware

if you want simplicity, then the UDM/Linksys may be a better option, they offer mediocrity in abundance, but it's a router

TV wise consider a FireTV stick that allows Plex/Kodi or whatever your chosen front end is to play back all sorts, Plex/emby can be fed by an E2 based box (amongst other things), has full EPG and can record

CCTV wise, I wouldn't want my main NAS being slow due to constant CCTV writes

A cheap NVR covers PoE for the cameras and gives you a fire and forget system that isn't slowing anything else down.

Ofcourse you could give it a dedicated drive on either the NAS or that virtualised host you're trying to talk yourself out of

Talking myself out of it is getting more difficult by the second Incredibly useful stuff, thank you mate. I can't lie, it's prompted a considerable amount of googling and the addition of many new acronyms to my vocabulary.

That VoIP info was immensely informative as well. Thanks for confirming the SPA choice. I feel quite confident going for it if needed. That's VoIOP ticked off the list!

That's a lot of my questions answered, and plenty of new information too. So after reading everyone's comments I've decided it's either the DrayTek non-ac, UDM & Modem, or the rather tantalising / immensely daunting task of deploying my own hardware, again with a cheapy modem.

@the-evaluator , @Armageus any more light you can shed on the above is really appreciated!
@Avalon Thanks so much again mate. Could you shed any more light on where to start with the self-build?

Going to swat up on DrayTek, the UDM, and my options for the self-build, and wait for your responses so I can feel out of my depth again

 

[WantoN]

I have an ebay vigor 150 going to a edgerouter x, total cost 100 quid between em.
I also have a 10 port switch with fsc for about 80 quid, giga speeds and poe ect.

Dont need to spend an arm and a leg, get the edgerouter, add a pihole and enjoy

Thanks for this man, I did actually look at the EdgeRouter but dismissed it early on. Perhaps it needs a revisit.

After doing some research I realise why I was advised running pfSense on the 4790k was overkill.
It's a complete OS, so running it virtualized on Ubuntu server, would be a right pain. Plus internet goes down any time the server needs restarting, as I was told.

Looks like it's between the UDM and DrayTek, maybe an EdgeRouter. If I get a cheaper solution I could stilk build a server with the 4790k.

 

[WantoN]

It doesn't necessarily work like that. In my setup I am serving DNS to my IoT VLAN from 2 Pi-Hole instances in my main LAN (VLAN 1) so there's a firewall rule in place that lets the IoT VLAN reach port 53/udp on 2 IP address in VLAN 1. The communication is kicked off by the devices in the IoT VLAN. If it were reliant on the DNS servers starting the communication then the IoT VLAN wouldn't have working DNS.

Do you actually need communication from IoT to the main LAN? If you're just wanting to control a smart light (for example) that's in IoT then as long as the LAN is allowed to reach the IoT VLAN then it should work without there being any rules to allow communication the other way. It gets a bit more complicated if you have Sonos speakers in the IoT VLAN and want them to be controlled from a device on the LAN.



It's definitely not how I would do it, but if it's working and you're happy with it then keep on doing it. In an enterprise envionment that'd be extremely bad practice but this isn't an enterprise environment



I'm not a fan of Draytek stuff (though I used a Vigor 130 as my FTTC modem and that was rock solid, I'd still be using it it I hadn't moved to FTTP) and can't be bothered with a bare metal install so out of the 3 options I'd go with a UDM. Either option would work though.

If you've got another option I'm all ears mate. These are based solely on my limited reading, I'm still reading up on openWRT, just didn't see the point as it was going to cost me the same as the DrayTek.

 

[WantoN]

Merry Christmas to you all, and many thanks for all the help guys. It's been incredibly informative and I really appreciate the amount of time and effort you've put in.

For the modem I'll be getting the HG612, cheap and replaceable. And I'll pick up Zen's Technicolour when we switch, and keep one of them as a backup. Basically saving me £100 on the project!

For the router I've decided on the Unifi Dream Machine, it does what I want, I'm familiar with the software, and it's a new product that will continue to evolve and improve. I can also expand by switching out my dumb switches if I want. Plus youve set my mind at rest about some of the horror stories.

For TV I'm going to go with the Sky basic package I already have, as switching to any solution with the same functionality would take two or three years to recoup the upfront cost, plus I like it.

For the telephone I'm going to pick up a second hand VoIP adapter for £30, and trial Voipfone until we switch to Zen. At which time we'll decide whether we'll stick with VoIP, or use Zen's landline. The Voipfone PAYG solution is £1 a month, with no fixed term contract. Perfect.

Kitchen TV will run an Amazon Fire stick and it'll just be for watching Live TV, catch-up and streaming content etc. Recording etc will be handled by the Sky Q box in the AV cabinet.

Thanks to the savings you've made for me, I can buy the bits needed and build a little server project with those old parts. This will be for fun, but I already have several uses planned. I'm going to start experimenting with Proxmox and some VMs / Dockers, but I'll do my own research and tinkering, and decide what fits my needs. If my Raspberry PI duties move to the server, I'll have another project ready, having a go at setting up honeypots. Not that I think I'll need them

For IP cameras later down the line, I'll look into a dedicated solution, eg. Hikvision, which looks incredibly flexible, and affordable. I'll also consider my server / NAS for this purpose.

Hope you've all had a brilliant day, considering we were in lockdown ours was awesome

 

[WantoN]

Hey @WantoN. Your setup is pretty much the same as mine because I also have a single AP-AC-Lite so I was quite excited to see which direction you'd take when I read the thread.

Did you get the Dream Machine? If so, what are your impressions of it? I was interested in the pfSense SG-2100/3100 routers but they're perhaps a little complicated and overkill for me. I absolutely love my AP-AC-Lite so the Dream Machine seems like a no-brainer on paper, but the software bugs do worry me and it's disappointing that they didn't include PoE and Wi-Fi 6.

Hi mate,
I've not acted yet. Money is very, very tight so I need to be careful.

I'm considering Mikrotik equipment. Very competitively priced, and very powerful. Less than a third the price and does most of what I want. It's down to their HeX S, hAP ac³ or the UDM.

I decided to build out my mini server first as it's going to cost me very little and I can try pfSense (and alternatives) on it.

I'll update if and when I go ahead, and with what.

I looked at the Amplifi but wasn't impressed with the range, and the software is comparably quite limited.

I'm also wondering if Ubiquiti will release a WiFi6 successor.

 

[WantoN]

That HeX S actually looks perfect, especially since it includes a PoE port so I could ditch the PoE injector for the AP-AC-Lite.

I’ve always heard that RouterOS has a steep learning curve, but my requirements are very simple so it shouldn’t be too difficult to configure a basic WAN+LAN setup.

Opportunity to learn mate

One thing about the Mikrotik is that most of the Poe is passive, so check your specs.

At that price it's hard to argue, especially when we've both got APs already!