If you’re looking for a more mature networking setup, I would definitely recommend splitting up your router, switch and AP duties into separate devices. It gives you the most flexibility for when you want to tinker or change things.

For a main router setup, I would recommend OpnSense. It’s has a cloud backup feature which allows you to automatically backup the configuration to a Google Drive xml file whenever it is changed.

The XML config file stores all your leases so you don’t have to worry about reassigning DHCP reservations. If you load the config onto a new system, like for an upgrade or if the router hardware fails, usually you just have to change the interface mappings and you’re good to go.

As far as APs/switches, I would recommend Unifi or Mikrotik. Unifi has a fancy dashboard you can use to adopt new equipment and restore/change configs from, but I find Mikrotik easier and simpler to backup and I like that i dont have to host a controller to make config changes.

Unifi gear is super great value-wise. Their support is lacking, but their equipment is pretty easy to deal with.

UCG is great and cheap.

UDM Pro is more flexible / future proof but also more expensive. (you get POE, and access to the rest of their suite, but that access also comes with some hardware lockin)

They don’t do custom DNS, so a couple of PIE holes or a DNS service are prudent.

I run Opnsense on a Proxmox VM (I followed this guide). I’m quite pleased with it. Opnsense is probably going to be more secure than any consumer router firmware, but you’re going to have to make a bigger upfront investment in hardware. I had never used Opnsense prior to using this system, and the fact that I’m running it on Proxmox is a huge benefit. If I’m ever about to do anything I’m unsure of, I can snapshot the VM in Proxmox. If my router config breaks as a result of my tinkering, I can easily restore from the snapshot.

I have a closet full of old routers (including Linksys), extenders, and switches to be able to handle dead spots. They all sucked. Then I heard about mesh routers when they first came out. Tried two, saw that they worked well, and got a third one. A few months later, a new ISP showed up in our neighborhood with unmetered Gig fiber and I happily drop-kicked Comcast to the curb. It was gratifying that the fiber connection came with a single mesh device of the same brand I already had. Since then, I’ve upgraded to the next-gen routers, and gotten a few smaller ‘wall-wart’ units for extending the range outdoors.

I don’t really have to fuss with configurations like I had to before. It’s amazing how much of a time drain it was to go screw around with settings when a new device came in that didn’t work, or to replace a router when one died. I haven’t had to do anything in years. Every once in a while, I go set up a DHCP reservation but that’s it. The firmware updates auto-install while everyone’s asleep and I get pretty decent bandwidth in places I had constant dropoffs. When I switched out the actual routers to the new gen, the whole thing took 10m and the whole network was down for maybe 2m while the new ones booted up. No end devices had to be modified or restarted.

Where the fiber comes in, there’s a single router node, with two Ethernet ports. One goes to the fiber ONT, the other to a 10-port gig switch where it feeds the rest of wired setups. Elsewhere, the farthest mesh unit has no incoming physical connection, but a small wired switch connected to other wired devices near there. I didn’t have to make any router configuration settings to make this work. Just plugged it all in. Common devices go on the main network, and janky IOT devices (and visitors) go on the guest network.

For external access for self-hosting, you can take a domain name and set up a free Cloudflare tunnel to access your in-home services remotely. Pay Cloudflare a fee and you get extra rules-based access control. The router also has a premium service where it comes with a family bundle of security software. One other thing I like is that the mobile app sends a notification whenever a new device joins the network, so if I see one I don’t recognize, I can block them. Hasn’t happened yet, but if it does, I’ll know to go rotate the wifi passwords.

Anyway, highly recommend mesh routers. I happened to get Eeros (before they were acquired) but there are a few other brands around. Some people don’t like that Amazon bought eero, but they appear to be left to run as an independent outfit. It has been pretty solid so far.

P.S. A friend with a more complicated setup than mine got Ubiquitis. It’s anecdotal, but he recently asked about switching away and I told him pretty much what I’ve written here. YMMV.

Edit: checked back with friend. He said he was very happy with his Ubiquiti gear. I mixed up his review from years ago with another friend’s networking setup.

If going the route of a backup solution, is it feasible to install OpenWRT on all of my devices, with the expectation that I can do some sort of automated backups of all settings and configurations, and restore in case of a router dying?

My two cents: use a “full” computer as your router (with either something like OPNsense or any “regular” linux distro if you don’t need the GUI) and OpenWRT on your access points.

Unless you use the GUI and backup/restore the configuration (as you would with proprietary firmwares), OpenWRT is frankly a pain to configure and deploy. At the moment I’m building custom images for all my devices, but (next time™) I’m gonna ditch all that, get an x86 router and just manually manage OpenWRT on my wifi APs (I only have two and they both have the same relatively straightforward config).

It’s a pain that I know can be solved with buying dedicated access points (…right?)

Routers and access points are just computers with network interfaces (there may be level-2-only APs, but honestly I’ve never heard of any)… most probably your issue is that the firmware of your “routers as access points” doesn’t want to be configured as a dumb AP.

I’m going to suggest something that I don’t see anyone else talking about here. Synology, the company mostly known for the NAS devices, makes some surprisingly good routers as well. I’ve got 2 of their RT2600ac and 3 of their MR220AC mesh units. Their configuration software is unlike anything I’ve used by any other brand. It a web based interface that looks like a variant of desktop linux. Configuring it feels like configuring an actual computer.

I had originally purchased these for my business, an esports center, but after the business closed a few years ago I kept the hardware and used them in my home. They are so much better than any other consumer networking hardware I’ve tried from DLink, Linksys, and Asus.

They have newer models out that support AX wifi. But I haven’t felt the need to upgrade yet. A few notes though. Their hardware does not necessarily support every cutting edge feature. No wifi 7 as far as I know for instance. They seem to sit about 2-3 years behind the absolute latest, but the trade off seems to be stability and reliability.

In my home, I have every unit physically hardwired back to my server rack in my basement. So while it does support mesh over wifi, I’ve opted to run ethernet to every room in my house. My general rule is anything that can be wired, should be wired. We even have a disconnected shed/workshop which I trenched and buried a cable out to so that I’d have a wired access point out there.

I rarely see anyone mention Synology’s routers, but I think they are worth consideration.

I haven’t seen it mentioned it yet, Firewalla. I I’ve been running the Gold version myself for a couple of years now and it’s been great.

I believe it was founded by ex-cisco engineers.

This is paired with Unifi switches/AP’s.

I like the Turris Omnia and (highly configurable) Turris Mox. They come with OpenWrt installed.

I’m spoiled now. I prefer ubiquiti equipment for my network, security camera, and even door access.

However, if you prefer completely open source I can recommend opnsense and openwrt. Personally I prefer a single point of configuration… So all ubiquiti for me… It makes it easy to restore a complete network configuration as you are discovering is a pain.

Maybe start with the new cloud gateway max as a router if you are interested.

I took a quick read of the comments and I apologize in advance if this has been suggested already.

I use a self hosted DNS server (AdGuardHome) I was using TechnitiumDNS for a long while, but moved over to the other recently so I could do some more blocking as needed (adult special needs house dweller sometimes needs limited internet). It also acts as a DHCP Server so it takes the role of both the DHCP assignments away from the router. As it so happens, this week, I got to experience the benefit of having this setup live when my main router also went down, I was able to switch to a spare router (My ISP provided one) and all I had to do was turn the DHCP off and optionally point the DNS To my AdGuardHome address, set the SSID’s up and I was in business. All of my devices happily reconnected and grabbed their assigned IP’s.

In short, if you have a spare computer, SBC such as a raspberry PI or whatnot, you can easily host something like that and not have to worry about setting those again.