About
The RISC-V Router by Start9 makes advanced networking and network security accessible to everyone. The router is open source, from hardware to OS, and is the only one designed specifically to accommodate the complex needs of home-based self-hosting.
Units are expected to ship no later than September 2026.
Pre-orders and donations will be used to fund development and are therefore non-refundable.
Key Points
- Open Source: The Start9 router is open source, all the way down through firmware and hardware.
- User-friendly:
Unlike other routers, especially routers with advanced functionality, the Start9 router is accessible to non-technical
users. Our modern GUI is easy to use and provides sane defaults
for users who just want a plug-and-play experience.
- StartOS-friendly: Start9 server owners will
be able to link their server with their router for a streamlined
clearnet experience. Meaning, if a user wants to host one of their
services on a domain they control, the server can remotely and
automatically configure the router to forward the appropriate ports and
create the appropriate firewall rules, etc.
Hardware Specs
Software Stack
- OpenSBI: a firmware layer in the boot process, providing runtime services from
the machine mode (M-mode) to the supervisor mode (S-mode) kernel,
abstracting platform-specific hardware details and making operating
systems more portable across different RISC-V systems. Learn more.
- StartWrt:
Start9's fork of OpenWrt, including a modern GUI, that reimagines the router experience from first principles.
Features
Security Profiles
Every device on the network receives a Security Profile, which is determined by how the device gained access
to the network.
Ethernet
Each Ethernet port maps to a different Security Profile. The Ethernet port a device uses determines the Security Profile it receives.
Example. A device plugs into Ethernet port 1 and receives the "Admin" Security Profile. Another devices plugs into Ethernet port 2 and receives the "Guest" Security Profile.
WiFi
Instead of creating different WiFi networks, there is one WiFi network with different passwords. Each password maps to a different Security Profile. The password a device uses determines the Security Profile it receives.
Example. Paul connect to WiFi using the "Admin" password, which leads to the "Admin" Security Profile, granting him full access to the LAN and Internet (through Mullvad VPN). Paul has a four children who all use the "child" password, which leads to the "Child" Security Profile, granting them Internet access during the day (through a custom Wireguard VPN) using custom DNS server that filters porn and no Internet access at night. Paul has friends over for dinner and gives him the "Guest" password, which leads in the "Guest" Security Profile, granting them full access to the Internet (through a Proton VPN) and only certain devices on the LAN. Paul connects his Roku and Nest thermostat using the "Smart Device" password, which leads to the "No LAN" Security Profile, granting these devices limited access to the Internet but no access to the LAN.
Inbound VPNs
Create unlimited inbound VPN servers for remote access to the LAN. Each VPN server maps to a different Security Profile. The VPN server a device uses determines the Security Profile it receives.
Example. Julie uses the "Primary" VPN server, which leads to the "Admin" Security Profile, granting her full access to the Internet and LAN. Julie gives her friends the "Friends" VPN server, which leads to the "Shared Services" Security Profile, granting them access to a family server, such that they can upload photos, save password, or use her Bitcoin node to send/receive/verify transactions but not see antyhing else on her netowrk or use her network to access the Internet.
WiFi Schedules
Optionally disable WiFi entirely on a schedule. e.g. disable WiFi from 10pm-7am in order to prevent WiFi usage or to limit
radiofrequency EMF exposure.Outbound VPNs and VPN chaining
Connect unlimited, network-wide outbound VPN clients for Internet privacy. Optionally chain VPN clients together to avoid consolidating activity with a single provider and achieving multi-jurisdictional resilience.
Example. Mark has accounts with Mullvad VPN and Proton VPN. Whenever he makes a request to the Internet, it goes through Mullvad VPN, then through Proton VPN, then to the final destination. This ensures neither Mullvad nor Proton knows his Internet activity unless they collaborate with each other.
One-click dynamic DNS
Use Start9 Dynamic DNS for free with a single click. No account necessary.
Optionally use another dynamic DNS provider.
Help Mode
Toggle "Help Mode" to get a detailed explanation of everthing in the current view, including links to external resources. Toggle again to make it disappear.
