Router/network gurus... I decided to DIY a router because I wanted an open source system that runs on hardware I can repair and upgrade as technology changes. In addition there is a lot of inexpensive hardware out there that is no longer powerful enough for a medium to enterprise business, but is still overkill for my needs. I was able to cobble together a nice rack mount system based on tried and true parts used for both of the sense distros and pretty much anything else that doesn't require proprietary hardware. Also plenty of power and capacity for plug ins like Intrusion Detection and Prevention that would be too much for my Ubiquiti Edge Router. Speaking of which my particular model was discontinued a few years back and updates are becoming few and far between. Time to sell it while I can still get money for it to offset the new one. My objectives driving this are: Hardware I can easily source and modify/upgrade as technology changes, like the ability to support >1GB network speeds as that becomes more common, even from ISP's. In addition the ability to support other media like a fiber demark or who knows what is next. Hardware powerful enough to effectively run add-ons like ID/P systems and the ability to monitor for unexpected traffic. Rack mounted for physical and electrical security through proper case grounding.I don't want a minor earthquake scattering equipment damaging both equipment and cabling. Open source software that is industry respected. The great thing about open source is that once vulnerabilities are detected they are quickly fixed and also that nothing is hidden. The ability to perform virtually all configurations via GUI. EdgeOS had a very steep learning curve for setting up VPN (inbound as well as outbound) and it's easy to make a mistake changing settings, especially because I want to periodically change the VPN endpoint. While I'm fairly tech savvy I need relative ease. Extensive well written documentation and popular enough that there are decent on line videos Which brings me back to the subject of this thread: Do any of you use and have a preference for pfSense or the fork product OPNsense? I've heard some pro's and cons of each and am currently leaning pfSense. On the other hand OPNsense updates seem to be happening more frequently. Or, is there another router distro you prefer and why?
I've never heard of "upgradable", routers. While yes, they are Linux computers, I don't believe you will be switching out transceivers willy-nilly. I don't cut my phone in half and go from GSM to CDMA on command. It seems to me you want something that allows you to install a custom DNS server so that you can snoop-a-loop on what people are doing. I'm not judging, but my recommendations are to rinse off the silly sauce and just purchase a newer router with open-wrt preinstalled.
pfSense and OPNsense run on any computer hardware that is supported by freeBSD, one of the eariest open source versions of Unix. The motherboard I'm using is a well known embedded system used by a wide variety of applications from NAS, to media servers, to firewalls. Here are the basics: Supermicro A1SRI-2758F w/32 GB RAM mITX motherboard Supermicro sc505 iU rack mount case with front facing IO and card Genuine Intel X520-DA2 dual SFP+ NIC (supports 10 GB network) This picture is almost identical to what I'm putting together when the bits and pieces show up. Even the motherboard and riser are thesame. The only difference will be the SFP+ card that will lay horizontally to the right of the motherboard, which pluf into the 90 degree PCIe adapter known as a riser. You can really take virtually any computer including used older ones from Craigslist or an electronics recycler and turn it into a router for a real budget system. openSense and OPNsense are both as free as Linux. Both products are widely used commercially including by banks, so they are secure and well regarded. Keep in mind that there is no inherent wireless or multi-port network switch. This router will be connected to a managed switch with far more ports than I can use, and initially old Asus routers will be connected as access points. One of them will connect directly to the router for insecure IoT (Internet of Things or junk WiFi devices) traffic that will ONLY be allowed access to the outside. There are many, many devices like Light bulbs that change to the color you want, various novelty devices that want a WiFi connection or even appliances. These devices NOT secure and frankly network promiscuous. Ring doorbells for example that communicate directly to Ring, which then communicated to your smart phone via an app. Who knows what the fabricators in Ch1na or elsewhere to to them to tunnel into your personal LAN? And, yes, they do and get caught every year or so by companies that validate the products. Supermicro is one of many companies that has moved ALL electronic fabrication from China to Indonesia as a result. Edit: I wanted to add that Netgate has many affordable routers that run pfSense. Their profits are used to fund pfSense development, so if you are thinking about a simpler and more affordable, though not as powerful router these are pretty attractive.
I do know that Ham amateurs have an Operating System that is pretty darn good and will run on the ham amateur Wi-Fi bands that the commercial products can't use. The beauty of it is that you can increase power much more than on the commercial routers on these bands, and, of course, they are not as crowded as the standard 2.4 Ghz and 5 Ghz commercial bands. There is a 900 Mhz one that I thought would be interesting to play with... apparently the phone companies would like to get their hands on it for obvious reasons and have asked the FCC to consider it. Anyway, I just thought I would make sure you are aware of them. Apparently, there are two versions out. I recently got a presentation at my Radio Club by a guy that has used them extensively. I never heard of them until then... I can get more details if you need, even the entire brief. Apparently, it will run on most all the commercial routers so no reason it won't run on yours.
I think that you have a pretty cool setup here and it is smart to have this level of independence. I also love and appreciate the spirit of open source software and how they update and resolve issues and bugs pretty quickly. It reminds me of when I ran my own servers for awhile, but they were super loud. Do you have a system for noise control?
My setup is overkill, and I certainly could have made some compromises to save money, though it's still a bargain compared to equivalent routers. Down the road I can always upgrade if needed as today's new nother boards become obsolete and start to become available cheap on eBay and elsewhere, but only if the plug ins become more CPU intensive or network adapters need something faster than PCIe 8. Likely will never need to upgrade. The motherboard is powered by the low voltage Intel Atom CPU, so very little heat generated for it's computing power. I'm going to run one or two Noctua PCM 40x40x20 fans for cooling. I've replaced the stock fans in all my network geat which currently lives in my home office. I hardly hear it while I work. The only time I really hear any of the network equipment is when my PoE switch occasionally maxes out it's fans for a few seconds. I have a massive Noctua CPU fan along with a pair of case fans in my beefy i7 gen 10 Blue Iris server. You can't even tell it's on. Noctua rocks. One of your comments showing surprise about using a computer to make a router reminded me of an experience where I had the same reaction. Several years back I had the privilege of spending a week at Cisco's facility in Research Triangle Park. The team I was with got a tour of their data center where TAC will lab up customer environments to troubleshoot the stickier issues. They pointed out one of the original switches in one of the racks, and it was a typical server from when Cisco started out.
Noctua PCM's. Running their 40mm's in other equipment and they never get really loud. The Atom MB is very efficient and doesn't generate a lot of heat. I'm also aware of the Atom bug, but the board is new and under warranty, and if it shows up I make a quick jump in a DIP header with a 220 Ohm resistor until the RMA arrives. Shouldn't experience it in a recent mobo, but... It's all compromises - I wanted a 1U solution in a case that would fit in a 600mm rack and have front facing I/o. It's moving outta my office when I get the CAT 6 runs done. All that will be left in the office will be my work computer, the printer, and in a small rack a UPS, the Blue Iris server, and a small managed switch.
