Tyler of tjll.net writes in his blog:
After my Asus N66U kicked the bucket, I considered a few options: another all-in-one router, upgrade to something like an EdgeRouter, or brew something custom. When I read the Ars Technica article espousing the virtues of building your own router, that pretty much settled it: DIY it is.
I've got somewhat of a psychological complex when it comes to rolling my own over-engineered solutions, but I did set some general goals: the end result should be cheap, low-power, well-supported by Linux, and extensible. Incidentally, ARM boards fit many of these requirements, and some like the Raspberry Pi have stirred up so much community activity that there's great support for the ARM platform, even though it may feel foreign from x86.
I've managed to cobble together a device that is not only dirt cheap for what it does, but is extremely capable in its own right. If you have any interest in building your own home router, I'll demonstrate here that doing so is not only feasible, but relatively easy to do and offers a huge amount of utility - from traffic shaping, to netflow monitoring, to dynamic DNS.
I built it using the espressobin, Arch Linux Arm, and Shorewall.
Submitted via IRC for TheMightyBuzzard
(Score: 0) by Anonymous Coward on Friday April 13 2018, @01:14PM (7 children)
The submitter forgot to mention the other alternative, which is to simply get another one of the routers that he had before. If it's out of production (very likely), you can just get one on Ebay.
(Score: 2) by Fnord666 on Friday April 13 2018, @01:24PM (6 children)
(Score: 4, Interesting) by Revek on Friday April 13 2018, @01:30PM (1 child)
I've already decided when my router dies again that I'm going to buy a unifi ap and use pfsense on a small fanless pc. You can't beat Ubiquiti for the price.
This page was generated by a Swarm of Roaming Elephants
(Score: 2) by aclarke on Friday April 13 2018, @07:29PM
I'm new to the brand, having just replaced a dead (but aged) Airport Extreme with a hEX router and cAP AC wifi access point. Total cost: CAD206.27 all in. I started my search, expecting to buy Ubiquiti but ended up with Mikrotik. It's not as user-friendly, but seems a lot more powerful, and costs a lot less.
(Score: 2) by takyon on Friday April 13 2018, @01:34PM (2 children)
△ SpyFi △
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by insanumingenium on Friday April 13 2018, @03:23PM (1 child)
Got anything behind that or are you just calling names?
(Score: 3, Funny) by insanumingenium on Friday April 13 2018, @03:24PM
Oops, I forgot how threading works, I had thought he was calling unifi spyfi and was curious if that platform had issues, I am aware of wifis issues in general.
(Score: 2) by looorg on Friday April 13 2018, @03:53PM
... and? It's not like that is a bad thing. Different strokes and all that. It was one of the first things I disabled when I got my current router. Don't need it, don't want it and if people around here want to get on the net they can "borrow" wifi from someone else.
(Score: 2) by JoeMerchant on Friday April 13 2018, @01:36PM (8 children)
I've never had a problem with my ethernet based applications on RPi, but then I've never tried to run a router.
The Ethernet-over-USB solution on RPi is widely maligned in the blogosphere, their latest spin is supposed to significantly improve throughput - but still not "fix" it the way a "proper" ethernet interface would.
Is anybody currently playing with an open router, built with modern WiFi and multiple Ethernet ports that's available on the market today using the old-school open router firmware like dd-WRT, etc.?
I am currently using a box-stock Netgear router from about 5 years ago, I thought about flashing it with the open software but... as delivered from the factory it's serving my needs, and I have enough other hobbies already.
🌻🌻 [google.com]
(Score: 2) by nobu_the_bard on Friday April 13 2018, @01:50PM (1 child)
I am using a purpose-built pfSense device that cost me about $200, but you could go far cheaper than that. It's really a firewall but it has routing functions. Really you can get by with the older versions of it that'll run on just about anything, turn any old computer into a router, its just a matter of getting enough ethernet ports.
https://www.pfsense.org/ [pfsense.org]
(Score: 3, Interesting) by nekomata on Friday April 13 2018, @03:35PM
pfSense is horrible. The interface is atrocious and the company is quite hostile to the open source idea. I suggest OPNSense instead: https://opnsense.org/ [opnsense.org] (same idea, better execution)
(Score: 3, Interesting) by MadTinfoilHatter on Friday April 13 2018, @02:05PM (2 children)
I did use a RPi as a router/firewall/light server for a couple of years, and it kinda, sorta worked until the SD card died. It's not something I'd really recommend, though. Everything was fine when just using the web, but the internal net was painfully slow. It would also crash on average once every two months or so for no apparent reason. What would I recommend? Well, I'd recommend what I'm using now: A PC-Engines box [pcengines.ch] with an AMD Jaguar processor, 3 Intel network cards (so you get WAN, LAN and DMZ). Runs pfsense lika a champ (or Linux if you prefer) and it's far more stable than the RPi. In fact the only time it went down without me shutting it off was when we had a blackout. It will set you back more than $50, though. If you want the full case + WiFi + storage package, you should be prepared to fork over about $200. Totally worth it in my opinion.
(Score: 2) by KilroySmith on Friday April 13 2018, @05:00PM
Thanks for that link to PCEngines. I needed a small, low-power board and they look perfect - and reasonably priced.
(Score: 0) by Anonymous Coward on Friday April 13 2018, @07:00PM
On raspi, it is critical not to write frequently to the sd card. Hack a bit to make a read only operating environment.
(Score: 2) by Kilo110 on Friday April 13 2018, @02:09PM
Like the other reply, I'm using a mini x86 pc with pfsense. It's purpose designed to be a router. It only has a serial port, couple of usb, vga out, 3 intel gb ports, and in fanless industrial design case. It's a lot pricier at around 200, but it works great and took me all of 30 minutes to get running.
(Score: 0) by Anonymous Coward on Friday April 13 2018, @04:03PM
RPi or RPi0. IPFire works great and does not crash. I use as backup got my main firewall. It can also use iPhone as the red interface. So you backup your main connection. One downside is DNS does not allow dual host files do not as easy to 17000 tracking dites
Home is currently behind a 20yr PC withnIPCop. Been using IPCop for 17 yrs. it is shutting down thought PFsense or OPENsence more likely will be next.
(Score: 0) by Anonymous Coward on Friday April 13 2018, @09:37PM
The Guruplug is an ARM-based device has 2 Gigabit Ethernet ports (not USB attached). It uses U-Boot as a bootloader and Linux can live on the embedded flash or external SD, USB, or externally powered SATA.
It's hardware platform is called "Kirkwood" and Debian supported it the last time I checked.
(Score: 2, Informative) by Anonymous Coward on Friday April 13 2018, @01:50PM (1 child)
Mikrotik boxes I think beat anything else very easily. Low power ARM devices and with fetures and capabilities that you only get in industry grade routers, for the price and size of home consumer gadges.
(Score: 2) by Geotti on Friday April 13 2018, @08:18PM
I adore my MAPLite. Perfect rogue APs!
(Score: 4, Interesting) by DannyB on Friday April 13 2018, @04:32PM (4 children)
Building your own router, and for under $50 must be fun. Yes, really. I could not have hit that price.
I used to dink around with this. In 1999, my Linux box *was* the router. Two ethernet cards. Reading up on IPCHAINS. (Predating IPTABLES.) At that time, as far as I know, there was no such thing as an inexpensive home router with NAT so you could have other PCs all sharing your cable internet connection. (We were one of the first places in the country to have cable internet service. Must have been in 1996. We moved in 1997. In that new house I got Linux in 1999. We had cable internet in the old house before the move.)
In later years I would get an off the shelf router and change out the firmware. The first was the famous WRT54GT. When that bit the dust, another plastic router reflashed.
With the advent of smart phones, newer and faster WiFi, laptops, tablets, TiVos, RoKus,SmartTVs, etc all hungry for WiFi. Two adults and one high-schooler all with lots of high tech, our gadgets. Our 3rd router wasn't handling it anymore. Lots of dropped connection problems.
This time, I decided to go strictly off the shelf. Got a nice under $300 router. Not skimping this time. Bristling with antennas. Two separate 5G transcievers. Beam forming. All the buzzwords at the time. It was very configurable with stock firmware. Easy to set up for my static IP and a few port forwards. No reason to mess with it. The experience was easy, even with the static IP and fake MAC address on the cable modem side. Had that router for 2.5 years now and it still works great. Plop a 2T pocket drive on it, and instant file server and media server for the RoKus in the house.
Despite the fun of 20 years ago, and a couple re-flashed plastic routers since that, I realized in late 2015 that my time and energy is worth something and have not regretted just buying a good off the shelf router to save myself a lot of time and energy.
I'm also in the process of switching from a home static IP to a virtual private server (VPS) in the cloud.
The lower I set my standards the more accomplishments I have.
(Score: 5, Insightful) by bobthecimmerian on Friday April 13 2018, @06:22PM (1 child)
Despite the fun of 20 years ago, and a couple re-flashed plastic routers since that, I realized in late 2015 that my time and energy is worth something and have not regretted just buying a good off the shelf router to save myself a lot of time and energy.
I work in tech, and would bet that you do too. My experience is similar - I play with technology these days, but not as much as I did in 2000 or even 2010. However, all that time I spent trying different things with networking, Linux installations, hosting my own services, and so forth paid off many times over in my career. I have a lot of colleagues that are bright, friendly, professional, and highly skilled at their primary role but have no idea how to proceed when DNS goes down, or they need to securely move files around a network, or they have to setup a virtual machine, and so forth. We work at a similar pace on our primary jobs but for all sorts of ancillary tasks I'm ten times faster because I was such a tinkerer.
(Score: 2) by DannyB on Saturday April 14 2018, @02:38PM
I totally relate to that. In my career, wherever I have been, I have been the, or one of the 'go to' guys for answers to the questions nobody else can answer. Why? Just because I always study. Read. Keep up with what is going on in the industry. Experiment. And tinker.
Buying an off the shelf router does not mean that I don't still tinker. But I already paid my dues tinkering together a router and NAT a long time ago. Back when you couldn't buy it (affordably, for consumers) off the shelf.
One of my former bosses called it 'being a lifelong learner'. Even now in a big organization, I have the attention of bosses up to a senior VP. Back in 2014, my boss's boss's boss was visiting my office location. He came in to my office, handed me a boxed Raspberry Pi 1, and said "do something cool with this and let me know what you do". My jaw just about hit the floor.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Friday April 13 2018, @11:20PM (1 child)
Many years here too. Learned a lot doing it all. I am currently the guy that backs up all the other guys... from micros to main frames, along with any software. It is hard to get to management to understand that "in case of fire", I am the one that all call.
First firewall was a Smoothwall and wireless networking was very young. Had ISDN in my home. It was nice having a caching firewall prevented a lot of fetches, so speed was fast! Main server was Linux with VMware v1 beta and Windows server NT/3.5.1. Dual Pentium Pro with 128MB of RAM.
Second Firewall was IPCop V1 on a 486sx25 with 12MB (yes, 12) and 273MB hard drive. w/ dual intel 10baseT ISA cards. Lasted from DSL and CABLE modems. Wireless still a twinkle in the eye.
Third was IPCop V2 on K6-2 400 128MB 1GB drive. All 3 PCI bus cards network cards 10/100 speed. WRT54L mesh (3 of them) ran my house. moving video between Replay DVRs - had ethernet ports and JAVA based emulator of server to handle be 4 virtual replays on my main server to pull shows from two physical boxes.
Fourth was IPCop V2 on Pentium III 1GB 10GB drive. K6-2 drive died and finding a PATA is tough, my backup stock is out. All 4 PCI bus cards network cards 10/100/1000 . Still is current. Wireless Routers are 6... Netgear R7900 main backbone, Netgear R7000 as bridge, AmplFi running as bridge (called mesh in their configuration), ASUS Lyra (3 in "mesh" - really 1 router and 2 bridges) to extend network to all corners. I am broadcasting 6 SSID networks over all this equipment.
Backup Raspberry 1B with 3 USB-ethernet adapters, so 4 channels as backup with IPFire. IPFire will not work on RPi 2B or 3B, since there is large binary blob to get Broadcom chips to fire up and is not "free as beer". Been able to push this setup to 60Mbps. Was faster than my internet connection, so no issues... now I am 100Mbps so will slow me down. Hence backup.
In the end though... All are now running off the self hardware and/or firmware (OS). I use to "roll" my own, but all now are fully configurable with stock firmware, though you may have play a game or two to get all functions from wireless routers. R7900 is connected to the internet via its internet port (via locked nic on firewall), but DHCP is turned off and the firewall is DHCP with gateway pointing to it. This way the network mapping features work.
My next firewall I am looking at ARM... but most likely go PFsense or OPNsense with a NUC or other micro fanless 4 nic box.
(Score: 2) by DannyB on Saturday April 14 2018, @02:41PM
If you are the guy that everyone calls in case of fire, and your bosses don't recognize that, it is really sad. Must be extremely frustrating.
If one of the production server's power supply has caught fire, best practice is to schedule a meeting to determine whether DevOps should fix this, or the software team should issue a software patch to correct the problem in order that we can close this ticket as quickly as possible.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Friday April 13 2018, @08:13PM
if submitter is reading this and maybe has time, a speed-test in one port and out the other would be nice :]
(Score: 2) by Entropy on Friday April 13 2018, @09:11PM
Combined with a low cost box like a HP DC7800. The onboard nic works at 1Gb/s throughput(nearly), if you want the added NICs to do the same stick with Intel. I've measured the wattage on the boxes before and it was low, but I forget how much power is dissipates.
(Score: 2) by Dr Spin on Friday April 13 2018, @09:18PM
Why not buy a BT Home Hub 5 from Ebay and put LEDE on it?
Very cheap, very powerful, and should be secure.
And about 1 hour to find out how to do it, and another to actually do it.
Warning: Opening your mouth may invalidate your brain!