SPR (Supernetworks Platform Router) takes a different approach to home WiFi security by assigning unique WPA3 passphrases per device and isolating each device in its own /30 subnet. This micro-segmentation strategy makes lateral attacks like ARP spoofing practically impossible, raising the bar for zero-trust home networking.
What SPR does and how it works
SPR is an open-source router OS designed to run inside Docker containers on a Linux machine. It transforms a standard Linux box into a WiFi router that enforces strict device-level segmentation and policy-based access control.
The core idea is to combine Multi-PSK WPA3 support—which allows each device to have a unique WiFi passphrase—with per-device /30 subnet isolation. This means every device is placed in a tiny subnet that prevents direct communication between devices, limiting the attack surface for lateral movement.
SPR integrates several key networking components: WiFi access point functionality with Multi-PSK WPA3, DNS over HTTPS (DoH) with per-device ad blocking and filtering, WireGuard VPN support for secure remote access, and multi-WAN load balancing to optimize internet throughput and reliability. All of these features are managed through a React-based web UI that simplifies configuration and monitoring.
The project architecture relies heavily on containerization. Each network function runs in an isolated Docker container, reducing the attack surface by minimizing unmanaged code and enabling modular updates. The main codebase is in JavaScript, orchestrated with Docker Compose.
Technical strengths and design tradeoffs
The standout technical feature of SPR is the pioneering implementation of Multi-PSK WPA3 support in an open-source router OS. Multi-PSK enables unique WPA3 passphrases per device on the same SSID—a capability that is rare outside enterprise-grade equipment and almost nonexistent in open-source solutions.
This per-device credentialing combined with assigning each device a dedicated /30 subnet enforces micro-segmentation at the network layer. Traditional home routers often rely on a single shared WiFi password and optionally VLANs, which are coarser-grained and less secure. SPR’s approach structurally prevents ARP spoofing and lateral attacks since devices cannot reach each other directly.
The zero-trust network model is enforced by strict firewall policies that control traffic flow based on device identity and policy rules. This is a significant security improvement over typical home networks where devices often communicate freely once on the LAN.
DNS over HTTPS is integrated with per-device ad-blocking, giving fine-grained control over DNS queries and privacy enhancements out of the box. WireGuard VPN support further extends security by allowing encrypted remote access with minimal performance overhead.
Running all components containerized is both a strength and a tradeoff. Containerization minimizes the attack surface and eases maintenance, but it introduces some complexity and resource overhead compared to monolithic router firmware. The reliance on Docker means SPR is best suited for users comfortable managing Linux containers.
The React-based UI balances usability with the technical complexity under the hood, providing a modern interface for configuration. However, users unfamiliar with advanced networking concepts might face a learning curve.
SPR offers a paid “SPR PLUS” tier with additional features like mesh networking with wired backhaul and event-based triggers, which extends its capabilities beyond the open-source core.
Explore the project
The SPR repository on GitHub (https://github.com/spr-networks/super) contains the full source code, documentation, and configuration examples. Since installation commands vary and the project expects a certain level of familiarity with Docker and Linux networking, it’s important to follow the official documentation closely for setup.
The repo organizes components into Docker containers managed via Docker Compose. The React UI source is included, providing insight into the user experience layer.
Key documentation files in the repo include the README and various markdown files outlining features, architectural decisions, and configuration guidelines. These are the best starting points to understand how to deploy and customize SPR for your environment.
Users should be prepared to work with Docker networking, WireGuard configuration, and firewall rules to fully leverage SPR’s capabilities.
Verdict
SPR is a technically ambitious project that brings advanced security and segmentation features usually found only in enterprise routers to the open-source and home networking space. Its per-device WPA3 passphrases and micro-segmentation through /30 subnets offer a strong security posture that makes common WiFi attacks and lateral movement very difficult.
That said, SPR’s architecture and feature set come with a tradeoff in complexity and resource demands due to containerization and the advanced networking concepts involved. It’s best suited for users who are comfortable with Linux, Docker, and networking fundamentals, such as security-conscious home lab enthusiasts or small office environments.
For those looking to improve network security beyond traditional consumer routers and willing to invest time in setup and understanding, SPR offers a compelling open-source platform that integrates multiple key networking technologies into a cohesive whole. The paid SPR PLUS tier extends the platform further for users needing mesh and automation features.
Overall, SPR is worth exploring if strong device-level network segmentation and zero-trust policies are priorities in your network setup, and you don’t mind managing a Docker-based router OS under the hood.
→ GitHub Repo: spr-networks/super ⭐ 670 · JavaScript