When a favorite piece of hardware dies, it’s fairly common to experience a bit of dread. The thought that now you’ll have to go through the process of getting a replacement for the device can be very troubling, and is fraught with difficult questions. Is the hardware still available? Has it been made obsolete by something else in the time you’ve had it? But while it can be a hassle, there’s no question you can come out the other side better than you went in. Sometimes it takes the passing of an old piece of gear for you to really embrace what’s possible with the latest and greatest.
That’s exactly what happened to [Tyler Langlois]. When his trusty home router finally gave up the ghost, he was left with a couple of options. He could get another consumer router, upgrade to a enterprise-level model, or take the road less traveled and build his own router to his exacting specifications. Since you’re reading about it on Hackday, we’ll give you one guess as to which door he went through.
The blog post [Tyler] has written up about the saga of building his own router is an incredible resource for anyone who might be thinking of taking the plunge into DIY networking. From selecting the proper hardware to the nuances of getting all of the software packages installed, this is an absolute treasure trove. At the beginning of the post he mentions that the post shouldn’t be considered a comprehensive guide, but considering we’ve seen commercial hardware that wasn’t documented this well, we’d have to respectfully disagree on that point.
Some elements of his homespun may come as something of a surprise. For one, [Tyler] bucked the hive mentality and determined the Raspberry Pi simply wasn’t up to the task due (at least in part) to the single 100 Mbps network interface. He ended up going with an ESPRESSObin, a relatively niche Linux SBC that features an onboard gigabit switch in addition to a fairly hefty spec sheet. He also decided to forgo WiFi entirely, and leave the intricacies of wireless networking to a standalone access point from Ubiquity.
A router is often overlooked as just another piece of consumer kit sitting around the house, but it’s actually an excellent place to flex your creative and technical muscle. From adding a remote display to converting it into a mobile battle tank, there’s a lot more you can do with your router than stare at the blinkenlights.
“A router is often overlooked as just another piece of consumer kit sitting around the house, but it’s actually an excellent place to flex your creative and technical muscle. From adding a remote display to converting it into a mobile battle tank, there’s a lot more you can do with your router than stare at the blinkenlights.” — I just like to run additional/custom software on mine, like e.g. I’ve been running my Mumble-server on my routers for years now. I did, however, take my Buffalo WBMR-HP-G300H ADSL-modem apart after I retired it, removed the LEDs and redefined them in the device-tree file as regular GPIO-pins instead so I could use some SPI-devices and drive a relay with them instead. Never ended up actually using it for anything, though, just played with it for a bit and lost interest.
Using LED pins as GPIO…
That’s a hack!
Replacing led with ir-led’s and using it as a web-based lirc ir-blaster. That’s a lovely hack
First and most important reason why you should never just overlook your router is security. When your ISP gives you router, be sure it’s the cheap underpowered hardware with poorly maintaned firmware and prone to security breaches, sometimes even havin backdoors for “remote assistance”. My solution is to always switch ISP’s router to bridge mode (disabling any routing and home network access, leaving only VDSL modem role) and add another decent quality router behind it to do NAT, DHCP, firewalling and other stuff router should do. I think anyone who’s security policy is not “I don’t care” should do the same.
That’s what I’m doing. Except that my router is actually a Mini-ITX board, running virtualized pfSense and OpenMediaVault, besides some other things.
How many ethernet ports on that mini-itx? I’m hoping for at least 4xGigE, but 5 would be nice.
Two. A third one could be added via PCI-e.
Why do you need that many?
I use one for WAN and one for LAN. The LAN one goes to the 24-port switch that supplies my house.
The rest is internal virtual bridges and VLANs.
As both the firewall and the servers are virtualized via Proxmox, I don’t need an extra port for the DMZ.
“Daddy has a router problem.”
Or you get lucky and your connection from the ISP is ethernet. But yes, I threw out the stock all-in-one router which was the perfect example of an underspecced ISP-provided device. For my gigabit connection they provided a device with 802.11g wifi meaning I could use maybe 2% of my internet connection’s bandwidth over wifi. That got chucked in favour of pfsense and a WRT1900ACS which can give me more like 70% of my connection’s bandwidth over wifi.
Indeed.
I got this Fritz!Box cable-modem from my ISP, which was pretty locked down, with a lot of the functionality the OS allows for removed. Even though I’m very much not a security-researcher or anything, I still managed to break into the box with relative ease and all through software-means and no admin-rights needed. With no option to replace the modem, I configured one of the Ethernet-ports into bridge-mode and chucked in a proper router with OpenWRT/LEDE on it.
I just supplied my own router and modem. Aside from not having the ISP’s fingers in my pie, both units are from reliable companies that actually update their firmware more than once a year. A final benefit is that you don’t have to pay a rental fee to the ISP which saves a decent chunk of change on the bill. Some ISPs are more forgiving/supportive of this so ymmv.
Modems and there build in firewalls are as trustworthy as the ISP or anyone who can ask the ISP for access to the device. At that point the firewall is mood and it’s just a device directly on your LAN, or even between your own devices when the modem is also uses as a switch. Using your own ADSL modem or your own firewall after the ISP modem sounds like a sensible idea.
Anyone have a link for buying in the uk?
I seems there is no way to buy in the UK without being stung on VAT and excessive handling fees. I’m surprised one of the many Pi outlets don’t stock it. A nice Pi alternative for anything networky.
open source processor (for example RISC V or Parallela)
open source motherboard and communication hardware (ethernet, wifi)
open source system
small power off offgrid (solar panels)
= perfect router
Need open-source “1”‘s and “0”‘s or you all are wasting time.
I’m about ready to beta release my Open Source “1” (Version 0.002)
I have worked extensively on an Open Source “0”, but so far, I’ve got nothing…
That’s strange, it is a string, so it’s 1!
Let me apologize on behalf of all fellow Indians that we didn’t open source the original “0”. Perhaps if we still hold the patent, we can yet release it under GPL v3.
Considering the options this is a much better option for network oriented projects compared to the Pi Yet HAD push it so hard
HAD don’t push the Pi, they just report on what people are doing, if lots of people are using Pis and you see a lot of that on HAD it means they’re doing their job perfectly well.
Waiting for someone to build this.
https://shader.kaist.edu/packetshader/
interesting! thx for the link.
Someone will just buy up the market to mine Crypto
look for ‘mcdebian’ on linksys routers. its a FULL debian, with apt-get and all that goodness. boot is flashed to router; rootfs runs from usb stick on router. works great and is not a single image like the lede stuff is.
Perhaps try Armbian, which is pure Debian, for Espressobin. It has far the best support out of the box. Better (kernel) than any dedicated routerOS -> https://twitter.com/armbian/status/991205578813968385 plus you can easily build your custom Debian or Stallman-ised Ubuntu with a kernel from sources and/or use some Debian-top based firewall software or even better – containerized OpenWRT or similar.
Too bad about the malfunctioning PCIe slot. This board looks great otherwise.
Hello! PCIe bus for Armada 3720 hardware, including Espressobin should be fixed in mainline Linux kernel version 5.8. In this version were introduced patches for PCI aardvark driver, to make PCIe on Espressobin stable.
Amazing :O
How would this router behave to server-like connections?
I’m squinting sideways at the MicroSD storage. It’s doable, but I’d want to make sure I have an up-to-date backup strategy, OR make certain I’ve optimized for minimal writes. My experience with OS installs on read-write SD and thumb drives is that they’re fine almost all the time, but when your usage extends to years, you’ll get weird things, like a file goes missing, or contains an unexpected block of zeros – or the device just stops working entirely for some reason. Unfortunately, my “fleet” isn’t big enough to get a sense of whether this correlates with whoever’s brand is on the device, but I doubt that matters if you’re ordering off Amazon (you’ll probably get a counterfeit anyhow).
[I’m using a PCEngines APU2, which has mSATA onboard.]
Wow, it’s been ages since I looked at PCEngines from Switzerland; but it seems they’re still alive and well. I remember the ALIX series where (if memory-serves) were based on the x86 AMD Geode series. The PCEngines boards are worth MUCH consideration because they are x86 compatible out of the box (no ARM Nightmares), Open-Source (mostly), and quite affordable (<$140 various models). I recommend (from past experience) the following: Develop in FreeBSD, then deploy in OpenBSD. You will need to (at-least) know BSD's PF and ALTQ to manage your firewall/traffic-management (no, xBSD is NOT Linux – optimally). Or at-least that's the way it used to be.
It's been awhile. Today I see some of the newer PCEngines boards have a decent amount of RAM. So as a Home or SOHO user it may be possible to virtualize/jail/bastion your exposed framework and apply robust kill-switch rules. But remember, when it comes to kill-switches – speed (or lack of it) can kill you!
how would this stack up to the banana pi: http://www.banana-pi.org/r2.html?
seems like a good alternative.
Stay away. This is just one of many flaws: https://forum.armbian.com/topic/6948-a-suitable-board/?do=findComment&comment=52820 How is support?
I actually REALLY like the idea of having a seperate router to act as the “brains” and a seperate wireless AP. Does anyone know of a router (with switch or simple internet in / internet out will do) that runs DDWRT and is powerful enough to do bandwidth monitoring for like 20 users? Something to do just the brain bits.
“security”.. you mean like SELinux, grsecurity, and client-isolation? Yeah most “hardened” appliances and IoT don’t even have that..
I’ve been using DIY Linux routers for decades, and UniFi APs for years. It’s a great combination. One thing that you notice with more experience is that not all Ethernet cards are created equal. For example if you care about the most accurate possible time clocks, you want an Ethernet card that supports hardware timestamping, which ntp can use. That’s why I prefer at least something with a proper expansion slot, so that you can choose components. There are many smaller Intel boxes that come with far less than full size footprints and power draws but still have an expansion slot.
I use a Atom 2758 4gb ecc and ipfire. I love it
no grsecurity and isolation policies might as well not be there. Attackers are going to be using encoded shellcode in buffer overflow attacks.
Despite my history with computers, networking is just too weird for me to understand properly. That said, Mikrotik may not have FOSS but the hardware is solid for the price, <$100 for 5 port gigabit, and the software is enterprise class.
Hardware is solid but unless you do a lot of reading up on that enterprise software and trying different config you are going to have a hard time configuring your device to do what you expect :)
EspressoBin looks cool, but I’m somewhat suspicious about the routing performance. As far as I can see there’s only one network chip handling all 3 NICs. The WAN seems to be Ethernet (100Mbit/s) while LAN NICs are GigE?
Seems like a cool board, but I would not use it myself for a router.
APU2D4 is a bit more powerful alternative https://teklager.se/en/products/router-components/pc-engines-apu2d4 (that’s what I’m using). And also gives you access to the source code of the BIOS, so it’s really secure.
Can anyone that reads this point me to the best hardware for building a custom router.
Something that has better specs than current home/gaming routers.
There have been alot of new board releases since this article was posted but nobody seems to be talking about this.
I would like to build a router that can be upgraded whenever new WiFi standards change.
When you start having more than 50 devices on home routers all kinds of issues start popping up with lower end hardware.