Shared cottage wifi build on a limited internet connection

[duhmojo]

Hi all. Long time fan of the site.

Its been a while since I rolled my own wireless/wired router setup. I currently run a D-Link DSR-250 with a combination of Bell Home 3000 and Apple Extreme wireless APs. I use a RPi with Pi-Hole to great affect to deal with ads, etc... from my fiber internet connection.

At my cottage I've been living with a Virgin Mobile LTE sim in a Huawei LTE router and pay as you go, but I easily blow it out each month (4-5GB, no streaming, some podcast downloads and whatever our phones and tablets do in the background). I run an LTE repeater to get better signal to the router than I used to get with just the phones walking around the property. I tried last Winter to build a custom Wifi router with baked in Pi-Hole (with some Android, Microsoft and Apple update blocking), OpenVPN (bridged to my home VPN) and an attempt at web caching in an effort to control data usage and live with the setup a little longer, but it didn't work out.

So, I'm here, cap in hand, looking for ideas. Is there a router out there that everyone is adopting for more powerful features, like DNS based ad-blocking/security, etc... that I can catch up on?

I have half a mind to just get a rural over-the-air internet hook up, but its like $60/m for 5M/1M with a 50GB cap. I could split that with my neighbour, but we're like 320 feet from each other, and he's up the hill a bit. So I won't be able to blanket the area, but he's retired and would won't use it inside in the evening. I could run PoE outdoor ethernet to an outdoor CPE AP between us. That could actually get us outdoor wifi. Disclaimer: I'm not trying to get wifi in the country so much as figuring out what it would take to split an internet bill. I would like to work remotely during the Summer sometimes.

So maybe if there was a router with a PoE port, that would be a plus.

Anyways, any tips are welcome. I'll update next Spring on what I did and how I did it.

 

[Trip]

Upgrading your WAN bandwidth and data cap is the first order of business, most definitely. I'd spring for that 5/1 line just for yourself, if need be. Are there any other ISP solutions in the area that you're aware of?

Beyond that, I'm not exactly sure of what to recommend you for a router/gateway solution, if you already tried what sounds like more or less your own custom-built firewall distro + packages, and it didn't work out... What exact feature set, in list form, do you require and why did your previous DIY attempt fall short, beyond the fact that it just didn't work out overall?

As far as interconnecting with your neighbor, 320 feet isn't too big a deal, as long as you have line of sight for a wireless PtP link, or the possibility to just lay a run of outdoor coaxial and use 100Mb ethernet-over-coax for a hard link. From there, you can blast whatever wifi you want around each cottage, if that's desired.

Interested in your answers and further thoughts.

 

[coxhaus]

If you want a safe DNS I would look to QUAD9 9.9.9.9 as it is free. If you want better, then Cisco has their umbrella system for a monthly charge and you have to use Cisco.

 

[duhmojo]

For internet there's only Bell DSL which is 5M/.8M which runs along the power lines through my property (I'm a pole away from it) and I don't currently have a land line running to my place. So I'd have to go through the trouble of getting Bell to do rural work in an old cottage that isn't wired for a land line. If they offered fiber-to-copper (so faster speeds) I might consider going through the trouble, but it's not as simple as ordering their service.

The best solution that other's have had good results with is WTC internet, which in the area is a line-of-sight setup which they have antennas in the area for. The nice thing is they have a seasonal rate where you can shut it off for 6 months per-year, but the hook up cost is way more expensive, like $300, which I think is just a hedge against people who sign up then cancel, then sign up again the following year. I need them to come and do an assessment, but it should be ok.

For my neighbour, you're right, I could just run coax. There's this $60 unit on amazon.ca: https://www.amazon.ca/dp/B07L6X94XS/?tag=smallncom-20

It would be cool to get an outdoor CPE installed in the woods, but not a priority. I think I'll start with the internet upgrade (in the spring) and in the mean time focus on a new router solution.

So, here's a list of features I'd like my (low bandwidth cap) router to feature:

1. DNS based Ad and domain blocking. This is to reduce the amount of obnoxiously wasted bandwidth internet ad companies are pumping out. In 2019, auto-play video BS seems to have come roaring back in fashion. WTH. I also need to block automatic device updates, etc... PCs and devices will behave different on LTE vs wifi, and on wifi they don't automatically know its a limited connection. Same with blocking Netflix and Youtube. When guests visit their kids have no self control. Maybe a guest SSID is a way to manage this.
2. Local media serving and/or playback would be handy. If it runs plex that would simplify life. Not a high priority.
3. Any HTML and image proxy compression would be nice
4. DDNS
5. Site-to-site VPN support
6. A PoE port would be nice

Doesn't have to be high speed wireless. Honestly with the trees and lake, lower frequencies will travel farther.

 

[duhmojo]

If you want a safe DNS I would look to QUAD9 9.9.9.9 as it is free. If you want better, then Cisco has their umbrella system for a monthly charge and you have to use Cisco.

With Pi Hole I modified the dnsmasq config to include a custom DNS supplement. This allows me to limit site resolution to places QUAD would want to explicitly support. Caching DNS queries (especially if they're DNS-SEC) prevents anyone but QUAD from knowing or interfering with my queries. I'm not that paranoid, but I liked being able to customize my local LAN, cottage LAN (through VPN) resolution, and block destinations like Apple/Android apps/updates. If there's a router solution that'll cache and customize locally, I can certainly just point to QUAD, but AdGuard is probably a better choice, but combining something like Pi-Hole with QUAD as the up stream DNS is the best approach. (no, low ads, and QUAD risky sites removed)

 

[duhmojo]

You know I have an older 2 bay Synology NAS I put away from I upgraded to a 4 bay Asustor. I'll dig it up and refresh the software. I remember it being too under powered to transcode plex very well, but NFS/SMB sharing was fine and it had surveillance camera recording which could be useful at a cottage (e.g. instead of stupid always online app streaming through a 3rd party, I'll just record local and send some pics via email). Synology can run Docker containers, and Pi-Hole has been containerized so there's hope. It'll definitely run a VPN and ddns. Hmmm...