home made router

i never knew there was such a thing, but I saw yesterday that there is a OS called Opnsense and others that can be installed onto a small PC or even a larger one if you want to and will act as a router.
this is the router only, so still need another box like a modem or even another router acting as a modem only.

I wonder if this will be more reliable than a normal router. Need a mini Pc or something like that.

There are a number of people on the forums who post about their OpnSense configurations. For example this one yesterday. Do a search for OpnSense on TBB forums and you will get an idea of other people talking about it. PfSense also seems popular.

Edited by ian72 (Tue 23-Aug-22 14:09:23)

I doubt it will be "more reliable" but it will typically have more features. I would go with OPNsense over pfSense although I'm currently running OpenWrt which boots very quickly off a USB stick and has lots of packages/features you can install(I'm running it on a Dell/Wyse £30 thin client I bought off eBay).

How could it possibly me more reliable than a dedicated router when there it's much to go wrong, even a mini PC?
Back in early days of ADSL when a USB modem was the only way to connect and a simple ADSL router cost over £200, some used a PC as a router to connect to their 10Mbps home network, or if they were really cutting edge a 100Mbps LAN.

Edited by witchunt (Tue 23-Aug-22 14:53:14)

I've been using pfSense for over 6 years, and never had an issue, more than can be said for random crashes on consumer routers that you could fry an egg on I've had before. You can get more dedicated hardware to run pfSense on, rather than old style PC, I'm using a Kettop i7 fanless box and that consumes around 5 watts of power and never waivers.

A dedicator router is what you choose it to be. Whilst it is a PC for pfSense/Opnsense, it isn't running anything complicated like Windows. Routers themselves are basically just computers running Linux, and support often disappears once the next model is released. I've had pfSense running with an up-time of well over 100 days, only needing a reboot because of an update resetting the counter.

If you want to learn about networking, want the features and customisation of something more professional, you can't beat it. It isn't for everyone, but many of us are using them, and using more advanced features, without any issues whatsoever.

In reply to a post by Spud2003:

I doubt it will be "more reliable" but it will typically have more features. I would go with OPNsense over pfSense although I'm currently running OpenWrt which boots very quickly off a USB stick and has lots of packages/features you can install(I'm running it on a Dell/Wyse £30 thin client I bought off eBay).

Depends on the router, there's several out there which are just terrible, often with buggy/insecure/incomplete firmware or far too little CPU/Memory for what they're being asked to do.

In reply to a post by dragon2611:

Depends on the router, there's several out there which are just terrible, often with buggy/insecure/incomplete firmware or far too little CPU/Memory for what they're being asked to do.

And there are those that have 8 x WiFi antenna, with 3 WiFi 6 radios, and dedicated Broadcom CPU with hardware acceleration for PPPoE and can run rings around the wrong spec OpnSense box as bandwidths increase.

Its a case of using the right tool for the job!

LOL, wow, I have certainly open something on here.

It was just an idea, fed up with the naff routers I have here, well one is not naff it is pretty good to be honest but the Wi-fi is out of date.

Not sure if I would want to pay the price of the Kettop, was looking more into the Celeron or I3. I did not want to go for intel, but I have read that the Opnsense and other work better with Intel Ethernet.

I never realised it have been going for 6 years, if I did, I would have gone for one long ago.

only a thought.

In reply to a post by zyborg47:

I wonder if this will be more reliable than a normal router.

Nope.

pfSense has been around longer than 6 years, I've just been using it for 6 or 7 years now.

I can't remember one time I've had any issues or crashes, it just always works. On second box now to run it, had a slower box before which was fine for 5 years until I upgraded to FTTP, where it couldn't quite keep up. Still have that box ready to go as a backup just in case.

Overall I've spent less on kit than I would have done in previous years going from one router to another and have better kit with better Wi-Fi on a dedicated access point and 16 port switch.

pfSense has also been invaluable for troubleshooting with logs and packet capture options.

In reply to a post by zyborg47:

It was just an idea, fed up with the naff routers I have here, well one is not naff it is pretty good to be honest but the Wi-fi is out of date.

If you’re using a free router from an ISP they’re made to a (low) price and dumbed down to make their helpdesk job easier.

On any replacement look at power consumption. You can buy routers without integrated WiFi, and with 1x 10GigE port, connect this to a 10GigE switch and buy Access Points that can serve WiFi 6 with 1.2 Gbps over the air or potentially faster.

Just depends what you want to pay.

Switching to a full PC hardware to run a router is ideal if you are interested in customising the packets, writing complex firewall rules, or just getting involved in networking.

Years ago I ran an elderly Pentium 133 with a Linux (Slackware distro) router and firewall. I swapped the HDD for an early SSD and quieted the fans, but eventually the power consumption and pain of keeping it patched and working was just more than I wanted (at home, as I do it for a job) and so I switched to an ASUS router.

The dedicated hardware and Broadcom ARM based CPUs are fast, and low power consumption. (E.g. 24watts, instead of 90+ watts, running constantly).

Completely up to you, but if you’re not interested in the Unix/Linux/BSD command line and understanding TCP packets, probably not the best direction for you.

In reply to a post by jchamier:

If you’re using a free router from an ISP they’re made to a (low) price and dumbed down to make their helpdesk job easier.

On any replacement look at power consumption. You can buy routers without integrated WiFi, and with 1x 10GigE port, connect this to a 10GigE switch and buy Access Points that can serve WiFi 6 with 1.2 Gbps over the air or potentially faster.

Just depends what you want to pay.

Switching to a full PC hardware to run a router is ideal if you are interested in customising the packets, writing complex firewall rules, or just getting involved in networking.

Years ago I ran an elderly Pentium 133 with a Linux (Slackware distro) router and firewall. I swapped the HDD for an early SSD and quieted the fans, but eventually the power consumption and pain of keeping it patched and working was just more than I wanted (at home, as I do it for a job) and so I switched to an ASUS router.

The dedicated hardware and Broadcom ARM based CPUs are fast, and low power consumption. (E.g. 24watts, instead of 90+ watts, running constantly).

Completely up to you, but if you’re not interested in the Unix/Linux/BSD command line and understanding TCP packets, probably not the best direction for you.

I realise they are made to a price, Plusnet gave me a Zyxel which is supposed to be a good one, but that went pop and had problems with the Wi-fi before it went pop.
As I said it was just an idea thinking maybe it would do a better job than pre-built routers.
I have looked at Asus routers, it makes me laugh when they stick gaming in the name, I think that is a gimmick oh yeah and this windows 11 ready LOL.

The RT-AX53U looks ok, it is just a router, no modem, I have a old openreach modem that works fine, so i could connect it to that and then if I do move to FTTP, it will be ok for that.

In reply to a post by zyborg47:

I have looked at Asus routers, it makes me laugh when they stick gaming in the name, I think that is a gimmick oh yeah and this windows 11 ready LOL.

What else from the company that owns the ROG brand, they do have some additional gaming related modules which may help some people. I avoid the ROG (GT-xxx) ones.

The RT-AX53U looks ok, it is just a router, no modem, I have a old openreach modem that works fine, so i could connect it to that and then if I do move to FTTP, it will be ok for that.

Same with cable, I use an RT-AX88U with my Virgin Cable connection. The 53U is a 2x2 with 80MHz max, and the 88U is a 4x4 with upto 160MHz max. My work laptop supports the 160 MHz mode (all this on 5GHz). At some point I should try some speed tests, in theory its Gigabit over WiFi.

It was a shame Openreach stopped doing the ‘active NTE’ with VDSL/FTTC, as it would have got everyone ready for FTTP or cable.

Edited by jchamier (Tue 23-Aug-22 20:18:01)

You might be surprised how low power the mini PCs you can use for pfSense/Opnsense are.

I use a slightly older version of this PC https://www.mini-itx.com/~JBC430

It idles at under 5 watts.

Edited by andynormancx (Tue 23-Aug-22 20:30:49)

+1 for pfsense

I've been using pfSense since 2015, running on an ASRock, Intel cpu onboard, motherboard. Got fed up with "cheap" consumer modem routers (wouldn't say the ones I was using were cheap as I tended to purchase different ones than the ISP shipped) slowing down and needing to be reset every other day. The final straw was when one of those cheap modem routers completely stopped for 30 minutes after transferring 50GB across my network during a backup. I think it had a mini-meltdown

Moving to pfSense was a revelation. No more needing to reboot the device every other day, the ability to have fine grained control of firewall rules, vlans, vpns and multiple wan connections. I'd never go back to off the shelf* consumer routers.



* I've also got a few Ubiquiti devices but wouldn't replace my pfSense box with their Dream Machine because of the stability of pfSense. Knowing my luck Ubiquiti would discontinue updates on the DM if I bought one!

In reply to a post by jchamier:

What else from the company that owns the ROG brand, they do have some additional gaming related modules which may help some people. I avoid the ROG (GT-xxx) ones.

I have nopt had anything from Asus for years.


Same with cable, I use an RT-AX88U with my Virgin Cable connection. The 53U is a 2x2 with 80MHz max, and the 88U is a 4x4 with upto 160MHz max. My work laptop supports the 160 MHz mode (all this on 5GHz). At some point I should try some speed tests, in theory its Gigabit over WiFi.

It was a shame Openreach stopped doing the ‘active NTE’ with VDSL/FTTC, as it would have got everyone ready for FTTP or cable.



Active NTE?

i like Tp link routers and Argos have the TP-Link Archer AX55 for £85, plus I can get a 10% discount, 15% if i wait until Saturday.

In reply to a post by andynormancx:

You might be surprised how low power the mini PCs you can use for pfSense/Opnsense are.

I use a slightly older version of this PC https://www.mini-itx.com/~JBC430

It idles at under 5 watts.

a bit out of my price range to be honest, if I was younger, maybe.
It was just an idea to muck around with. I have an old I5 bits here, would muck around with that, but the board just beeps when turned on, it is memory, but I don't know why, changed it around and all that. If I can find some more memory here, I will have another go. Just a muck around. I bound to have some DDR3 somewhere.

The pfSense box I built to use at my office idles at 20W and peaked under a theoretical test load of 50W and handles 1Gbps from Openreach FTTP with ease.
It has the following specs:
AMD Athlon 200GE
8GB RAM
256GB NVMe SSD

Thanks
Dan

pfSense is great! Haven't used OPNSense yet, and probably won't as I don't have a reason to.

Before the prolonged power cut I have 2 days ago I had around 200days uptime, and another 200+days uptime before the update to 2.6. So stability-wise it's been rock solid for me.

Setup:
Modem - HG612 (yes this is still going c.2013)
Router - Dell Wyse 5070 Extended w/ Intel I350-T4 (6W idle:14W Fully Loaded)
Pentium J5005 2.8GHz
8GB DDR4
128GB m.2 Sata SSD
WiFi - UniFi AC Lite (Upgrading soon to U6 Lite)

It was just a thought, wi-fi is not a big thing for me, most of what I have on Wi-fi runs on 2.4ghz, it is only my phone that uses 5Ghz. that is why i was happy to use my old Tp link router. Someone on here I think said that I should be using it due to the Wi-fi standards.
The Hub one that Plusnet provided is awful, don't even get the Wi-fi signal outside the back. They provide a Zyxel as i was having problems with the broadband, so they thought the Zyxel would do a better job than the hub one. That went pop not so long ago, a mate fixed it, but it still have problems and to be honest the Wi-fi on it was not great.

So at the moment I am using the old hub one, i have a Huawei HG612 modem, I replaced it when my old ECI stopped connecting, which was what started all the problem I had broadband wise.

i was thinking of a second hand P.C, something like a Lenovo,,, but it will have to have space in to put at least a second network adaptor in.
I will have a peak around and make up my mind.
I do know i need to get rid of the hub one.

In reply to a post by danielhyde:

The pfSense box I built to use at my office idles at 20W and peaked under a theoretical test load of 50W and handles 1Gbps from Openreach FTTP with ease.
It has the following specs:
AMD Athlon 200GE
8GB RAM
256GB NVMe SSD

Thanks
Dan

I thought PF and Opnsense did not like AMD or is it just the Ethernet they have problems with if it not intel?

I found a Kettop on Amazon. It looked like a rebrand of my Qotom which I bought from AliExpress. My box has an i7 proceesor with AES NI, 4 ethernet ports but no WiFi. I run either Pfsense or Opnsense.

I believe it is Broadcom NICs that they have problems with.
I use a 4 port Intel PCIe card in mine and don't have any issues.

Thanks
Dan

In reply to a post by zyborg47:

In reply to a post by danielhyde:

The pfSense box I built to use at my office idles at 20W and peaked under a theoretical test load of 50W and handles 1Gbps from Openreach FTTP with ease.
It has the following specs:
AMD Athlon 200GE
8GB RAM
256GB NVMe SSD

Thanks
Dan

I thought PF and Opnsense did not like AMD or is it just the Ethernet they have problems with if it not intel?

I was until recently using an APU2 and only stopped as I thought I would be on Swish FTTP by now.
It is really low power and should be OK for around 400mbit on PPPoE or 900mbit without.
I also bought an HP T620+ (AMD SoC based) before the prices went up as a backup and now have a Topton J4125 based mini PC.
Even at 10w max these little boxes are powerful enough to run OPNSense or pfSense virtually using free Proxmox so you can also run pihole, Unifi or anything else as a container or VM.

This STH article covers it pretty well.

https://www.servethehome.com/topton-intel-j4125-4x-i...

Edited by smouty (Thu 25-Aug-22 10:30:04)

That is an interesting combination.

How much memory does your mini PC use to run Opnsense and Pi-hole together?

In reply to a post by Spud2003:

I doubt it will be "more reliable" but it will typically have more features. I would go with OPNsense over pfSense although I'm currently running OpenWrt which boots very quickly off a USB stick and has lots of packages/features you can install(I'm running it on a Dell/Wyse £30 thin client I bought off eBay).

What model of Wyse box are you using? Where I work they have thousands of these things sitting doing nothing. Be interesting to know if I could utilise one as a router.

Pihole has 512Mb allocated and is still only using 7% of that
I have 4Gb allocated to OPNSense which is way overkill as it is using <10% of that but I have 16Gb in the box which isn't really used for anything else.

If you start adding services like Suricata then it can use more.

In reply to a post by gary333:

In reply to a post by Spud2003:

I doubt it will be "more reliable" but it will typically have more features. I would go with OPNsense over pfSense although I'm currently running OpenWrt which boots very quickly off a USB stick and has lots of packages/features you can install(I'm running it on a Dell/Wyse £30 thin client I bought off eBay).

What model of Wyse box are you using? Where I work they have thousands of these things sitting doing nothing. Be interesting to know if I could utilise one as a router.

Very few have dual NICs or space to add one which is why the T620+ was popular and I'm not an fan of using USB NICs in a router.
There are some options to add NICs to mini-PCIE connections but I think you'll end up paying more than you would for a box custom designed for this sort of use case.

For me its not the cost but how difficult it is to get it safely working without leaving a massive hole that anyone on the internet can easily walk through.

pfSense and OPNsense are no different in this regard to a [censored] ISP supplied router.

They'll both default to a safe setup, with NAT and no open ports.

You have to go out of your way to make them insecure.

In reply to a post by andynormancx:

They'll both default to a safe setup, with NAT and no open ports.

I wasn't aware that was the case, thats good news. Thank you

Yes, default is typically 1 WAN (empty ruleset - default deny apart from stateful replies) and 1 LAN (outbound allowed)
If you add more LAN interfaces they don't have any allowed rules even outbound until you explicitly add it.

Oh and the IPv6 / dual stack support from the FreeBSD base and pfSense GUI has been more mature than many ISP issued routers until recent years because if the ISP wasn't even offering dual stack it sometimes did not bother including that in the customised GUI or pre-configured

Fritzbox on Zen was the first ISP router I had with a reasonably complete implementation including the option for additional private fdxx:: addressing and the ability to customise internal DNS, and that is still far from perfect.
But it is usable as a single box option until I have more room to have a cabinet.

If I ever move from VDSL to fibre I will likely move to dedicated router and separate Wi-Fi functions at that time,
either pfSense or EdgeRouter.

Edited by prlzx (Fri 26-Aug-22 20:46:05)

Thanks. My Qotom just has 4GB which was enough for the Pfsense that it came with. From your figures maybe I could use Proxmox to run both Opnsense and Pi-hole.

In reply to a post by dect:

For me its not the cost but how difficult it is to get it safely working without leaving a massive hole that anyone on the internet can easily walk through.

I thought that, but then I saw some videos and as other above have said, it is just the same as another other router at default.

Thanks to all the peeps that have replied, it is interesting, I am going to think about it for a while as long as this Hub one I have keeps going.
it was just an idea that interested me, but as others have said unless i want to learn about networking and that sort of thing, maybe best to keep with an out of the box router.

I will have a think.

>Dell Wyse 5020 Thin Client (Dx0Q) 32GB SATA Flash 4GB DDR3

Upgrading the flash storage is easy, just open up the case of a 2.5" SATA SSD, pull out the small circuit board and put it in the internal Dell flash slot.

Only slight downside is they have one ethernet port and some USB 3 ports, so you'll need a USB 3 1Gb network dongle. I used Openwrt which meant installing Openwrt and adding three kernel packages to drive my USB 3 chipset(taken from the same snapshot version - they must be installed in the correct order to work, in fact they won't install unless you install in the correct order). No problems with USB 3 dongle stability.