MT3000 as my home router firewall

Looking to get an opinion on my home internet router.

I'm a network engineer and I collect old network equipment, so my home network consists of various Cisco gear, and I have way too much (edge router, asa firewall, core switch, distribution switches, wireless lan controller, wireless access points, etc). I have a couple of GL iNet MT3000's around that I am no longer using for anything. I'm considering replacing my edge router, firewall, and an access point with one of my MT3000's and using the other as another wireless access point or repeater. Then I can get rid of a bunch of large, electric-hungry devices.

My questions:
Would the MT3000 be good enough to use as a home router for a 100mbps internet connection, or should I look at something else like a Flint2? Or even some other brand. Looking to keep it kinda cheap. Don't see much of a difference between the MT3000 and Flint 2 for my purpose, but open to suggestions.

Should I run the stock firmware or openwrt? I basically need the following functionality: router, firewall, a couple of NAT rules for internal servers, VLAN trunk support to connect to my core switch which will do most of my routing, some custom DNS records for internal services, DHCP server with ability for reservations, Wifi, isolated guest Wifi, dynamic DNS updater, Wireguard server, OpenVPN server, and SMB. This would also allow me to get rid of two VPN servers, a NAS, a DHCP vm, and a DNS vm. I would then use the extra MT3000, probably wired, as an access point with home an isolated guest wifi, so it would also need vlan support.

Thanks for any thoughts.

I am running the Beryl AX (GL-MT3000) that I installed vanilla OpenWRT from the OpenWRT website for my model of gl.inet. My connection is 1 Gbit down 100 Mbit up. I have connected my ISP router to the Beryl AX's WAN port and disabled my ISP wifi. My beryl provides all my wifi. It providesa Beryl LAN, guest vlan SSID, Another vlan guest with enforced Mullvad wireguard (for guest use and phones that have annoying snoopy apps that want to track you) and another SSID for bridged pass-through onto the ISP router's lan.

I have 1 PC, 2 laptops, 2 phones, 2 light bulbs, a Marble connected as a wireless extender, Sky TV box, a rubbish Virgin media stream box, a wall socket, 4 Amazon echos.

I can't speak to setting up wireguard as a server but i think it's possible on vanilla wrt. I know it's possible on the gl.inet regular firmware. My main issue with the gl.inet firmware is if you add new SSID from the LUCI advanced screen, they don't work. You have to go in SSH and modify the wireless conf file and muddle your way through copying settings and amending them for the new wireless SSID you added. Major pain.

Anyway, for my needs, with OpenWRT it is doing everything I want. Admirably so. I love it. Not sure I want it to actually be the sole router for the whole house, but in all honesty, it kind of is. On my main virgin media ISP router, all that is conencted is my PC and my raspberry pie ADSB tracker and if and when we use a laptop, one laptop. So it kind of is running my whole home's networking. I just haven't decided to set the ISP box into modem-only mode and rest the full external ISP IP networking onto it's shoulders. Yet. Maybe I will in time.

Of course you could always go with the more expensive models, but for my needs I am in love with the Beryl AX.

I echo @use2fa 's thoughts with the addition the Beryl AX has plenty of horsepower if you're handling switching downstream. If you're not planning on travelling then dump the convenience the GL GUI gives for a travel router & go pure OWRT. The GL firmware really makes it a proper appliance which is great for travelers but that doesn't apply to your use case. It also uses a proprietary SDK for the specs/speeds as advertised per GL's web site. Vanilla/pure OWRT does not.

WG throughoutput may be a limiting factor. You can always flash back via the U-boot WebGUI. See the GL docs for 'How to unbrick your router' (or similar terminology). Here's some other necessary details I'll not bother reposting for your reference. You know what you're doing. LuCI & its underlying uci shouldn't be too much of a challenge if you're used to iOS but be aware:

This thread has some very important notes on which OWRT image to flash in order to keep U-boot's WebUI on the device:

Side note: did you know it's possible to run OWRT in a VM? I use it as a way to safely prototype major changes before committing them to bare metal. Happy hacking!

WG is techically a P2P VPN. It's the routing tables that make the difference.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.