DEV.co
Open-Source Security · spr-networks

super

SPR is an open-source router platform that assigns one WiFi password per device and enforces zero-trust network policies with per-device DNS rules and ad-blocking. It runs on commodity Linux hardware (like Raspberry Pi) via Docker and includes WireGuard VPN, firewall policy controls, and observability features for home and small-business networks.

Source: GitHub — github.com/spr-networks/super
740
GitHub stars
57
Forks
JavaScript
Primary language
BSD-3-Clause
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryspr-networks/super
Ownerspr-networks
Primary languageJavaScript
LicenseBSD-3-Clause — OSI-approved
Stars740
Forks57
Open issues34
Latest releasev1.1.7 (2026-07-07)
Last updated2026-07-08
Sourcehttps://github.com/spr-networks/super

What super is

Built on JavaScript/React frontend and Go backend, SPR implements device identity via MAC+passphrase, assigns /30 subnets per device, and uses nftables for policy-based packet filtering and routing. It supports WPA3 Multi-PSK, CoreDNS for DNS filtering, and offers an API-driven plugin architecture for extensibility.

Quickstart

Get the super source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/spr-networks/super.gitcd super# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Home Network Segmentation & IoT Device Isolation

Assign distinct WiFi passwords and network policies to each device (phones, smart home gadgets, guests) to prevent lateral movement and enforce per-device DNS ad-blocking rules.

Small Office / SOHO Security with Zero Trust

Implement policy-based access controls across wired and wireless devices using device identity and group-based firewall rules, with optional remote VPN access via WireGuard.

Privacy-Focused Self-Hosted Router Replacement

Replace proprietary router firmware with a fully auditable, open-source alternative that centralizes DNS filtering, ad-blocking, traffic logging, and VPN termination on hardware you control.

Implementation considerations

  • Requires Linux system (Raspberry Pi 4+, x86, ARM) with Docker and sufficient RAM for comfortable operation; builds may exhaust memory on very constrained devices.
  • Per-device password management increases user friction; suitable for small networks (< 50 devices) but requires careful rollout for larger user bases.
  • Policy rules are defined via API or UI; plan for documentation and training on zero-trust model (routing isolation, device groups, port forwarding rules).
  • DNS filtering depends on correct list feeds and per-device rule configuration; misconfiguration can break legitimate traffic or bypass intended blocks.
  • Backup and restore workflows not explicitly documented in excerpt; clarify disaster recovery procedures before production deployment.

When to avoid it — and what to weigh

  • Enterprise-Scale Deployments — No evidence of multi-site management, LDAP/RADIUS integration, or centralized monitoring for hundreds of devices. Built for home/SOHO, not data-center or distributed infrastructure.
  • Carrier-Grade or ISP Deployments — No mention of DHCP failover, BNG features, subscriber management, or compliance with carrier SLAs. Not designed for high-availability or multi-tenant scenarios.
  • Low-Resource Constrained Environments — Build process uses memory-backed filesystems and Docker; minimal hardware like old embedded routers may struggle. Requires at least Raspberry Pi 4 equivalent.
  • Requires Proprietary Closed-Source Integrations — SPR is open-source; if your stack mandates closed-source vendor dependencies or licensing tied to hardware, this may not fit procurement policies.

License & commercial use

Licensed under BSD-3-Clause, a permissive OSI-approved license allowing commercial use, modification, and distribution with attribution and liability disclaimers. No copyleft restrictions.

BSD-3-Clause permits commercial deployment without royalties or approval. However, project includes optional paid tiers ('SPR PLUS' subscription for advanced features); clarify whether commercial use requires licensing those premium features separately. Review terms at supernetworks.org for subscription scope.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Project emphasizes zero-trust, per-device identity, and WPA3 Multi-PSK support (noted as 'SPR first'). Minimizes attack surface via Go+JavaScript stack and nftables hardening. Supports policy-based spoofing prevention. No independent security audit mentioned. DNS filtering is client-side (effective against common threats but not a privacy panacea). VPN and encryption depend on correct WireGuard/WPA3 configuration. Review threat model: local network attacks, DNS exfiltration, and rogue AP scenarios.

Alternatives to consider

OpenWrt

Mature, widely-deployed open-source router OS with extensive hardware support and package ecosystem, but heavier, less opinionated on zero-trust design, requires more tuning for per-device policies.

pfSense / OPNsense

Powerful firewall-centric distributions for advanced routing and policy, but x86-focused, steeper learning curve, and less optimized for home WiFi mesh scenarios.

Ubiquiti Dream Machine / UniFi

Commercial closed-source offering with polished UI and multi-site management, but proprietary, vendor lock-in, and lacks per-device password granularity SPR provides.

Software development agency

Build on super with DEV.co software developers

If you need per-device network isolation, zero-trust policies, and full control over DNS and firewall rules, request a technical demo or consultation to assess fit for your SOHO or home environment.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

super FAQ

Can I run SPR on my existing router hardware?
Only if your hardware runs Linux (x86, ARM, Raspberry Pi 4+). SPR is not native firmware for consumer routers; you must replace or run in parallel on a dedicated Linux host.
Is SPR suitable for guests and family members without technical skills?
Setup and admin tasks require networking knowledge. Per-device passwords are more secure but increase user friction. Consider iOS app and web UI for guests, but initial config is not plug-and-play.
What happens if the SPR router goes down?
WiFi and policy enforcement stop. No automatic failover or redundancy is described. Plan for backup connectivity (secondary AP or ISP failover) for critical networks.
How does SPR handle DNS privacy?
Supports DNS-over-HTTPS to upstream resolvers and per-device DNS rules. All DNS queries pass through the SPR host; review privacy implications if using cloud resolvers.

Custom software development services

From first prototype to production, DEV.co delivers software development services around tools like super. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source security and beyond.

Evaluate SPR for Your Network Infrastructure

If you need per-device network isolation, zero-trust policies, and full control over DNS and firewall rules, request a technical demo or consultation to assess fit for your SOHO or home environment.