08:58 - I'll be working on another router build soon, this time with a Waveshare board. But yeah, availability of CM4 has been the downfall this year. Still wish some company would integrate an Intel I340 or something like that directly into a CM4 board design so the network packets could route through the NIC and not through the Pi's SoC.
Unfortunatly Intel nics might have huge NDAs thats is why realtek chips are more common. Users should also expect to have more latency since the eths will be running via SW bridge instead of an HW switch IC. I was looking to this problem too... you might also want to use PCIe for WIFI too. I'm really looking forward for new RPIs with hi bandwidth MUXes and more PHYs. So I can for example disable HDMI2 and I have another x1 pcie. Like the RK3568 does. But for a router i'm looking forward to the new MTK Filogic chips. I have fiber via SFP ONT at home (GPON, but moving toward XGSPON), so having a single GBE port is not enought.
I live in The Netherlands. The government passed a law a couple years ago that went into effect last year that requires ISPs to allow you to connect you own equipment without using their equipment at all. They are also required to provide the necessary information for doing that. This means that I could disconnect not just my ISPs router, but also the ONT required for converting the fiber signal to copper network cable.
I'm not sure if we have laws for that in Germany, but you can also use any 3rd party modem you want. The problem is that you'll either have DSL or Coax at home - which means that you will need to use an off-the-shelf router/DSL box alongside your DIY one anyway. In case of DSL, there are PCIe cards from companies like DrayTek that can theoretically replace a standalone DSL router, but from what I've heard, they're not as reliable. With Coax, a standalone box is unavoidable, since DOCSIS is a proprietary standard
You should take a look at a Fujitsu S920 thin client. Low power AMD quad core, passive cooling, two DDR3 SO-DIMM slots and a low profile PCIe x4 slot. Works very well as a router, up to gigabit speeds. I was able to get ~1.6Gbit of bidirectional traffic with OpenWRT. Also, they can be found for under 30 to 40 eur.
I have this exact system. Actually multiple ones, I stocked them up in case of future builds. Interestingly you can also add a sata ssd and take a power from a pin header. So this system is really versatile.
Great Video! I'm running a J3455 board with pfSense for over 5 years now. Never had any issues, and the included monitoring graphs helped me to "prove" to Vodafone, that the connectivity issues are on their side. Waiting for the J4125 appliance with 2.5G to arrive for the next big upgrade!
Lucky you. I heard that baytrail CPUs have a silicon problem and they get older quickly and stops booting etc. You can read about it all over the net. Cisco even went that far to replace devices based on this family CPUs.
One of the nice bonuses of a DIY router is having it run double duty on tasks that are well suited to your gateway node, especially if you run a cluster at home. Things like a load balancer, ingress controller, kubernetes master node, bastion host, DNS (remember this is what pihole is), etc. Yeah a lot of people rush to build a pfsense box when they definitely don’t need it but if you do any kind of homelab stuff a more capable router is a godsend. I’d say go with the efficient x86 options out there if you’re at all interested in even a small homelab. If you’re just doing one server or NAS at home then it’s not worth it
I rushed out and built a pfsense box, however it cannot replicate what by ISP's router offers, so it ended up being a double NAT'ed toy. about the only real use for it is as an 'isolator' for unknown PC's that come my way for repair, that need a network connection, but I don't want them to see my NAS's etc. (as in they are potentially full of exploits etc) I am leaning more and more to the retro side of computing, if there were plugins for pfsense that did slip type connections out the serial ports, or I could connect serial terminals etc etc. for some ancient type fun then it would really have my attention. Otherwise its just another watt sucker that I don't want on 24/7
I was listening while cooking something and so a bit of processing delay on what I was hearing. Pretty sure I understood "I have poor impulse control....so I built a router." This image strikes me so hilarious that it keeps coming back making me laugh. I'm picturing every time stifling some impulse dumps open a suitcase of parts and starts assembling a router. Thank you for this!
AES-NI support was also the thing that made having encrypted storage relatively painless as well. Probably the most useful instruction addition to have, even before native virtualization support.
In general, I have to say that you've put together a well researched video. However, I have to make some additions. First, in theory, everyone can use a self-built router, regardless of the ISP. However, with some ISPs that may mean you'd have to put up with double NAT (connecting the router as a client to the ISP provided one). Second, and much more important: With great power comes great responsibility. Most of the router operating systems that are freely available will give you total freedom, meaning you can totally disable all firewalling by accident, or nuke your configuration with a click. However, that is - at least in my opinion - offset by the fact that it lets you do what you want with it. Third, I agree that wifi is tough. Without a separate access point, or being fine with running 2.4 GHz only on a PCIe addin card, there's not much left. Looking forward to the next parts.
For Wifi you could, in theory, just use one M.2 Slot and get yourself an Intel AX210, which costs around 15 Euros and brings Wifi6E capabilities with it. Antennas for the 5Ghz Spectrum, which also work with 6GHz Wifi6E, are plenty cheap as well. Questions is; Does it work with PFSense, as BSD is well known for shit Wifi Support?
@@xxcr4ckzzxx840 You have to watch out with Intel cards on Linux platforms, as I know many don't support AP mode which is, well... required for hosting an AP. The BSDs are notorious for having near nonexistent wifi support, but there's tables with supported hardware you can refer to in the official Netgate docs. I'm running a PCI wifi card from TP-Link with an ath9k compatible chipset. On Linux, almost get the full 100 Mbps of my internet connection while on *BSD, I'm lucky if I get 35/35 on a good day.
I did this as a challenge to myself, last year. I've built a box running ClearLinux as a virtualization host and deployed a virtual firewall and several docker containers for WiFi, IoT and PBX. Apart from the horrendously outdated and misleading documents on VLAN management on Linux, once you learn how to do it properly you might as well build your own switch at this point too... Which is exactly what I did. Every component is modular and can be replaced or upgraded in due time. And it all fits in an ITX case using 10W TDP at most, making it extremely quiet for the amount of functionality and performance. Damn, I love this project...
I have been using a NanoPi R4S as my home router for over a year. it's running Openwrt, with Adguard, and K3S master on it, and has an uptime of months (if not almost a year). I'll never want to go back to an ISP router again.
Great video 👍 Thank you, Wolfgang. 12:40 -- Fyi . . . NYC residential rates are around US$0.15-0.18/kWh for the variable fees (December 2023). (Notably, there are sundry, non-variable fees, which, based on usage, increase the total cost by, for example, +100% (lower usage) or +50% (higher).) My approximate rule of thumb for 24/7 homelab servers at such rates: for each incremental 100W (as metered, and not identical to at-the-wall) costs roughly US$150.00 more per year, or US$12.50 per month, or US$750.00 over a 5-year life (no inflation scenario). Divide by 10 if mini-PC is sipping only an incremental 10W. Kindest regards, neighbours and friends.
I tried, I really did. And I fully agree with your opening statement. I have no professional background in networking. When I set up opnsense as router and firewall I gave up after 2 years because I never really understood what I was doing. Its a fun thing to do but if you care about security and dont know what you are doing stick to your ISPs hardware for the basics.
I wish this video went over higher end business class options you can buy for similar money (especially used) and covered performance (latency and speed). Anyway, I enjoyed the video, thanks for making it.
You're actually saying "I think anyone watching this is interested in networking". Which is obvious and since nobody is stating the opppsite, why the need of a double negative sentence?
@@Mr_ToR haha such a passion for grammar you have. But this is a rare case where the double negative actually serves a valid purpose here. The OP was actually referring to the negative statement in the intro “if you’re not interested in networking” and makes a negative remark about it. Removing both negatives makes this reference much less clear. That’s the problem with hate, it blinds you from seeing nuances and defers you into a binary view of whatever you decide to hate.
What’s nice of having extra ram is running a RAM disk and have everything running in memory so much faster. I have it set up with pfsense and have it backup the ram four times a day
I'll definitely build my own router. I first start off with ISP router, everyone knows how that 'd get you. Then I switch to Asus top end model, but kind of limited by the firmware, I want to have my custom RA message, custom mdns, etc. After watching this, I just realized that I could get rid of all those limitations, if I just built my own. I can even put 4x 10GbE RJ45 port NIC in them for good measure.
I bought one of those J4125 appliances with 4xI225 nics. It works great with OPNSense and PFSense with gb fiber internet using Suricata as IPS. Cost me around 230 usd with 8gb ram/128gb ssd and shipping from aliexpress. The brand name I bought is Topton in case anyone is interested, they took around 13 days ship but once handed to DHL in Hong Kong it took like 3 days to arrive, which I find pretty darn good.
@WolfgangsChannel I've just picked up an oem i7 7700, 16gb ram with a 1060 6gb for 100£ in the uk. Its going to be my first home made router... interested to hear your thoughts on the potential power consumption...
I'm behind CG-NAT so I jump the gap by serving wireguard on a VPS and connect some local systems to that VPS. this way i get a well defined and secure network without port forwarding when I'm out and about
Don't miss the power of ATX router. You can use a hot swap device for easy and fast backups over local network. Also is up to you how it will be connected (RJ45, WiFi, USB tethering via smart phone) trough internet. Linux, nftables, BIND9, squid, isc-dhcp-server, wireguard, nginx. My personal choice is: MSI B450 Gaming Plus Max, Athlon 3000G, SATA SSD 128GD, 5x two port gigabit NICs and hot swap device for both - 2.5 & 3.5" HDD's, because I have a lot.
Take a look at the Proxmox VE type 1 Hypervisor, not only can you virtualise pfSence, but also Virtual Machines/ Linux Containers and Docker instances - a brilliant piece of software for these tiny PC's.
Hi @1:10 I think where you are show web UI I am wondering how did you set that up as I would interested in doing the same any information /direction you can share would be welcome Thanks !!!
Everything depends on the country you are living in and your provider. I got wifi6 fiber-ready router with 2.5Gb ethernet slots for free to my plan. For additional ~4€/month got wifi6 extender. I can set VPN stright on the router and in years never had any problems with it.
05:50 Pros and cons of using a cheap consumer router *Cons* (points from Wolfgang with some comments of my own): 1) might not be able to run just any OS other than OpenWRT: sure, eg. if you want to run pfSense, this is out of the question today, but might also change in the future 2) small storage space: simple to add enough storage space to install everything you need using a USB disk with extroot config 3) CPU performance might not be up to the task: No question these CPUs are quite limited. What applications would specifically make a typical consumer router start to falter on a typical home network? Any reference to back this up? *Pros* (my own points here): 1) comes with wifi5/6 and 4 ethernet ports that's mostly enough for home use: as you and others also pointed out, it's tough to do this cost effectively in a custom build 2) price: around 130 USD for a decent model with wifi5 and around 170 USD with wifi6 3) power consumption: about 8W for routing, switching and AP functionality Using a separate AP for wireless connectivity and a separate ethernet switch to get enough ethernet ports will: - add about 10W of power consumption (5W each) that will almost double the 12-14W power consumption of the DIY router on its own - cost 129 USD extra that's 70% more to spend on top of the cost of the 184 USD DIY router *Living in an apartment or in a house can make a difference too* If you live in an apartment (as opposed to living in a house) and conscious about power consumption, using a separate AP for wireless is probably not what you want because of the additional power consumption and probably without much benefit. On the other hand, using a separate AP makes more sense if you live in a bigger house, because you might need more than one AP to have good coverage in all rooms and your router might need to be placed where its wifi antenna wouldn't be able to give you good coverage anyways.
I'm not sure if power consumption is really that big of a concern. At least with my Unifi APs, they consume 4 watts each. Even if you pay 40c/kW, that's $2.33 per month. Consumer routers, especially those with beefy WiFI and the kind of processing power to be comparable to a custom one, can pull as much as 25-30W, so you're gonna have to spend "watts" on WiFi either way. Plus, renting an apartment also means that you most likely won't be able to place your wireless AP/router wherever you want - you'll have to put it where your DSL/coax plug is. Which means that depending on the size of the place, you might need to get more APs or repeaters to cover your entire apartment.
@@WolfgangsChannel ... or you make a smart choice and switch off the WIFI modul if you don't use it. Those AVM boxes are really nifty with regular updates. Are you sure you need a low power X86 CPU? The only reasoning that actually makes sense is software choice, since those AVM Fritzboxes run mostly on 32bit MIPS SOCS which are "weak sauce" compared to the ARM64 choices.
@Red Phoenix Afaik AVM boxes can't do VLANs, which is a must for me. For most people they'll probably be more than adequate You can definitely set a timer for WiFi APs and turn them off at night... And save about 50 cents a month. Sure, if you live by the motto "one cent here, one cent there", that's a thing you can do, but the savings are pretty negligible.
@@WolfgangsChannel My old TP-LINK TL-WR1043ND 300Mbps wireless router running OpenWRT also draws 5W with its AP on and under heavy load. It's processing power is not comparable of course, but I doubt even a current top-shelf consumer wifi router draws more than 10W (unless sporting a x86 processor), but unfortunately I don't have one to test it. Maybe someone will chime in with an actual measurement, but I think 25-30W definitely only goes for x86 chipsets. My point here: 1) Maybe drawing a 5-10W extra doesn't seem to add much to your energy bill (this might also change for the worse now at least in Europe depending on the changing German energy politics), but it proportionally means doubling the power consumption and that is not negligible. 2) Drawing an extra 10W 24/7 means 10x24x365=87.6kWh over a year that's almost exactly half of the 173kWh yearly power consumption of my A+++ washing machine, if you think about it like that. 3) And this extra power consumption goes into running an x86 processor, 4GB RAM, integrated graphics etc. that are probably a huge overkill in every sense for what a home router needs to do. I'd stay away from x86 in a router, especially now that even laptops are moving away from x86 and for good reason. You are right that you won't be able to put your router just anywhere you want in an apartment either, and while some apartments might be closer to 100 sqm in size that might also demand for multiple APs, most flats are smaller than that and much smaller than a typical house hence an all-in-one wifi router just cuts it.
Thats what I have done - bridged the modem and run an Aliexpress mini pc with 4 ethernet ports to my switch. It all virtualised on Proxmox, so I have the router running on one vm with two nics passed through, and another ubuntu vm running in another vm with its own nic. The fourth nic is the management interface for proxmox.
Yes. Yes you should. I just build a pfSense security appliance and network router running Squid and Snort on a 64bit celeron motherboard, using DDR4 and I can confirm that pfSense can run on an M2 SSD in SATA mode. The 64 bit bus combined with the modern PCIe interface gives me very fast throughput which I have not yet measured. Mind the bus speeds!
I run pfSense on a Qotom mini PC, from AliExpress, with i5 CPU (with AES-NI), 4 GB RAM, 64 GB SSD and 4 Intel 1 Gb Ethernet ports. I also have a Cisco 8 port managed Gb switch and Unifi AC-Lite access point. I've been running this config for about 1.5 years and am quite happy with it. BTW, my Internet connection is a cable modem that is easily put into bridge mode. My ISP also has a community forum, where I am quoted for pfSense IPv6 configuration.
I been running a dell wyse 5070 for a couple years now for 80 dollars brand new old stock on ebay and a quad intel nic. Ran both opnsene and pfsense. Mini PCs and SSF pcs arw amazing for homelabs.
I took my old i7-6700k computer with 16gb of ram and added another ethernet port via a card on amazon, got a net gear access point and installed ipfire to the system. I can fully saturate my gig speed even over wifi so even though it isn't the most power efficient solution out there, it works just fine for me and it was only 90 usd with the parts I already had for years before I decided to do this. My only bottleneck at this point is the apartment's cat 5e or older wall infrastructure, but that won't be the biggest issue once I move out in a year or so.
A problem you didn't mention with building your own router as a permanent fixture is that it'll inevitably be labour of love, a permanently unfinished project, and it'll require continuous maintenance. Of course, if you want to make one as a project to learn stuff, go float your boat, but I'd be wary of approaching this as a permanent installation. Bearing in mind our dependence on internet connectivity as a near essential utility nowadays, I'd generally recommend a decent SMB level router such as Draytek Vigor, a make I've used for over 15 years, but other makes are available I find them solid as a rock, they're very reliable. This is as opposed to consumer level routers that can usually be identified by their pleasing aesthetics, hiding how little has been spent making them reliable. Mine's 10W at the wall, has 5 LAN +1 WAN eth ports, xDSL WAN port, Wifi 6, mesh, WoL application, VLAN, hardware NAT & VPN acceleration: I run it with gig fiber + xDSL auto failover (4G optional), and DDNS for both remote access and site-to-site VPN. It's horse for courses, if you like tinkering, and don't get frustrated when you wake up in the morning to find you have to drop all your plans to get your router working again, then yes, build your own router. 😉 The tinkering I leave to a 2.5W at the wall Cherry Trail Atom based fanless NAS/Home Assistant mini PC.
hi, primary problem is that you need the modem function so you need a standalone modem for DSL Fiber etc. i use a Intel Nuc with Sophos UTM Home its perfect and can handle all what i need.
The Intel Atoms only draw 4w if you get the laptop ones. The desktop ones draw over 25w, which crazy enough is the old north bridge, not the CPU. It was a most unusual pairing.
My big question, since the idea of a diy router popped into my head, what to do about telephony - maybe Asterix. But how to do DECT without using a Fritzbox as DECT base station in the end?
I saw you're using a digital power outlet measure 3:55. Which equipment and monitoring system do you use to measure the power consumption of your computers?
hang on a minute... the aliexpress thingy is really nice considering all of the hardware headaches you avoid yourself but... it does not have PoE for a Ubiquiti access point!
You don't technically require 2 NICs. I'm running a Pi 4 in VLAN trunk mode and have one VLAN id for pppoe for my ISP and other networks using different VLANs. It's not ideal because in/out shares one NIC, but it's good enough for my bandwidth. I tried a non Pi SoC with 2 Gigabit LAN ports, but it didn't work with Ubuntu server out of the box, which is my OS of choice atm. Again, not the typical router OS, but it's much easier to build other stuff on.
I literally am unable to update my router to the newest firmware because even though it's our router we bought the firmware is controlled by our ISP. (It's a router modem combo) I removed it as the DNS and DHCP server with a pihole at least but I hate that thing. At least I could turn of DHCP and it does support port forwarding
The stuff the ISPs sell you is usually the lowest spec overheating crash prown excuse of a cobbled together accesspoint with a modem added as an after thought. Looking at you Vodafone Station that can't handle more than 4 simultaneous wireless connections without shutting down.
IMHO OpenWRT is the best Router around simply for its ease of use and flexibility while being extremely powerful at the same time. I tried untangle, pfsense, opnsense, MikroTik's RouterOS* and Ubiquiti's security gateways but nothing matches OpenWRT. Setting up load balancing across 2 WANs is stupidly easy with the mwan3 package and configuring firewall rules and zones was also a smooth ride. All this while being lightweight enough to run off of a VM in my server with 128MB of memory For switching I use a MikroTik CRS328 and for the APs I use UniFI APs. MikroTik's switches are unmatched for their price to feature/performance ratio while UniFi provides a really nice centralized plane for easy setup and management for my wireless clients. It really feels like OpenWRT is not used professionally because of branding(?) because it can doing everything that enterprise routers can while taking less resources. Build and shape your own image and you'll have an amazing router suited exactly to your needs. I run mine off of a single i7 6700 thread and the CPU goes to about 30% at gigabit with a few firewall rules and NAT * Setting up QoS and multi WAN with RouterOS was extremely tacky and finnicky + it took a lot of time to get it right and even then I wasn't happy with the results. In the end I decided to ditch it and go for OpenWRT
Then there is UDM Pro which is somewhat in the middle between OOB experience and some customizability, mainly aimed for those who don't want to spend a lot of time tinkering but offers more options than consumer router and more power than OpenWRT. It's main appeal is unified dashboard and integrates nicely with Unifi APs and can also act as NVR. It runs threat management capable handling of 1GB/s. The downside is size, its more suited for someone who has a space for network rack. For advanced network users may lack desired features and for basic/casual the price price too high and set of features overkill.
Here in France I have an FTTH with static ip address wich is quite good, my ISP router allow me to put it in bridge mode so i have my public ip onto my firewall Wan port.
I have one of those aliexpress fanless x86 computer and with windows 10 pro pre loaded on it. When windows wanted to update it was very slow maybe it was hdd iops? But it’s been running pfsense with no issues. Mine did not come with the sata power cable so I’m waiting one my cable parts from Amazon.
I still use my old Apple router which has Ac wifi and gigabit Ethernet, which is faster than my internet speed but is locked down in true Apple style. However I now run a little web server and wonder if I should increase my security, as I do get more instances of probing from the internet. That can at times effect my internet detrimentally until my web server blocks the IPs automatically. Very useful videos, thank you.
I ordered a similar Chinese router from the second option, back in February. It’s good for everyone, it’s a pity that he doesn’t have SFP only, but he supports 2.5 Gbps on 5 ports. I have not yet decided which OS to install on it. openwrt or opensense. OpenWrt from the pros has support for Chinese proxy protocols in the form of v2ray.
I have a lot of devices connected to my BT home hub via wifi - majority work fine - however recently my wifes phone will not stay connected to it, and I have a desktop pc that I have tried 3 different usb wifi adapters with and all refuse to stay connected despite being in the same room. I am thinking I may just be over loading the BT Hub? Dont really wanna build my own as its probably over kill but not sure what to try.
I don't get why Espressobin isn't more heavily considered? The Base price was $70 with 2.5G in a 3x1G configuration, screaming home router. It also has mPCIE and SATA ports. You do need a 12v PSU and I'd pair it with a Pi-ZeroW for a wireless serial console(the board has a USB serial adapter, so needing USB converter to share and a Pi fills that need.)
Am looking to change my router/modem firmware it doesn't have options to change speed per user all I got is QoS , a friend of mine used to have the exact same model as me and changed its firmware and was able to control it(speed per user) but he replaced his router a long time ago with one that have these features and doesn't have one that firmware anymore any recommendations?
Have you looked at Zimaboard? x86 board with Intel Celeron N3350/N3450. Looks like they started shipping out orders to kickstarter backers last month. I was planning on getting one. But my ISP decided 6 months ago to enforce their own routers, and charge for public ipv4 and port forwarding...
My problem is I want to do this but my Eero 6 router security and speed is great and for 6w it's unbeatable for 1gbps just wish I had more features, any higher prices get stupid in my area. Other than openwrt being an upgrade or pfsense/opnsense
I also just discovered the Noname Aliexpress Computers, that would make for great routers (heck, they even have 2.5G ethernet!). I am really tempted to get one as an upgrade from my current setup with a USB LAN Dongle and an OPNsense in a Proxmox VM.
do you still need a switch or just use the 4 ports if u go with the aliexpress router? also im assuming just gota use 1 of the port for access point to enable wifi?
nice video. But i have only one question. you said o bought a ubiquiti instead using a wifi 6 card on ur custom router. But the client will use cpu and ram from ubiquiti and not from the router so, its better just have the ubiquiti in this case.
Can you recommend a Low Power Modem as well or is the Fritzbox in only "Modem use" Power efficient. I was also looking into a small pcie Card for the newer AliExpress boxes to have WiFi Ap behind Firewall but those Intel cards dont Support AP Mode any recommendation for wifi6?
If you're okay with the feature set and WiFi range of the FritzBox, I would just stick with that. If you need more WiFi coverage (e.g. big house), TP-Link makes some pretty good Omada APs that don't require controller software. UniFi is a more high end option and they have a pretty robust admin interface
hey there , nice video , would you still recommend these links shared in the video description and also what about the type of mini pc such : DELL 3060 I5 - MICRO OPTIPLEX or HP ELITEDESK i5 - 800 G4 DM or Lenovo ThinkCentre i5 - M720q Tiny i am a so confused and a bit lost in choosing a powerful firewall for my network setup , i already have a powerful router ( ASUS AX86U PRO ) but i do need a business entry level so to speak as FIREWALL so i am looking for something like OPnsense to install but still havent found the right device , the three devices that i have mentioned above ; i can not seem to find a way or a model of the piece i need to add in order to have dual ethernet ports , any suggestions , ideas will be highly appreciated thanks in advance
you didnt count the power consumption of the wifi ap? i got an openwrt router that takes 5w with wifi on, with 2 cores, 250nand and 500mb ram, and id say for a home use its plenty enough, wireguard, adguard, network shares, ddns, vlans, mwan3, 4g modem connected to usb, you name it (i actually run out of ideas, what else to run on it, that i could make use of it), and im still using less than half of the resources, wifi coverage is very good, even tho i have lots of other networks around me, it was 60bucks on ali a year ago, and while building ur own router pc sounds cool, from the economical point of view, it just doesnt make sense for anyone other than the hardest power users...
how about comparing the DIY router with mikrotik rb750gr3 ? the price only $70 on Amazon and it got 5 port ethernet and fully customized router, also it run on 12 volt DC power supply
Good option, but it's based on MMIPS, and not x86. Which means that you can't run something like Proxmox, OPNSense or pfSense. The DIY router featured in the video also runs on 12V DC.
Not having AES-NI is a huge downside, as pretty much anything encryption these days uses some form of AES for symmetric encryption. Having ChaCha20 as an option would be nice for these devices, as it's about five times more efficient given how friendly add-rotate-XOR encryption algorithms are to branch predictors. Sadly anything but WireGuard uses ChaCha20, so it's the only VPN software I can recommend for systems without AES-NI support.
Can you look into OPNsense? I’m running it and love it. It’s similar to and alternative to pfSense with better compatibility/support for some NICs (e.g. *Intel* i-226V)
08:58 - I'll be working on another router build soon, this time with a Waveshare board. But yeah, availability of CM4 has been the downfall this year. Still wish some company would integrate an Intel I340 or something like that directly into a CM4 board design so the network packets could route through the NIC and not through the Pi's SoC.
OpenWRT supports Raspberry Pi!
Dude, really? You are *everywhere*
Unfortunatly Intel nics might have huge NDAs thats is why realtek chips are more common. Users should also expect to have more latency since the eths will be running via SW bridge instead of an HW switch IC. I was looking to this problem too... you might also want to use PCIe for WIFI too.
I'm really looking forward for new RPIs with hi bandwidth MUXes and more PHYs. So I can for example disable HDMI2 and I have another x1 pcie.
Like the RK3568 does.
But for a router i'm looking forward to the new MTK Filogic chips. I have fiber via SFP ONT at home (GPON, but moving toward XGSPON), so having a single GBE port is not enought.
Hi
I live in The Netherlands. The government passed a law a couple years ago that went into effect last year that requires ISPs to allow you to connect you own equipment without using their equipment at all. They are also required to provide the necessary information for doing that.
This means that I could disconnect not just my ISPs router, but also the ONT required for converting the fiber signal to copper network cable.
I'm not sure if we have laws for that in Germany, but you can also use any 3rd party modem you want. The problem is that you'll either have DSL or Coax at home - which means that you will need to use an off-the-shelf router/DSL box alongside your DIY one anyway.
In case of DSL, there are PCIe cards from companies like DrayTek that can theoretically replace a standalone DSL router, but from what I've heard, they're not as reliable.
With Coax, a standalone box is unavoidable, since DOCSIS is a proprietary standard
You should take a look at a Fujitsu S920 thin client. Low power AMD quad core, passive cooling, two DDR3 SO-DIMM slots and a low profile PCIe x4 slot.
Works very well as a router, up to gigabit speeds. I was able to get ~1.6Gbit of bidirectional traffic with OpenWRT.
Also, they can be found for under 30 to 40 eur.
Welp, I guess my next video will be "DON'T BUILD YOUR OWN ROUTER" 😁
Thanks for the tip!
You will need a left facing, right angle, 1U, PCIe riser, as the thin clients don't usually have them.
Generic risers from ebay should work fine.
I have this exact system. Actually multiple ones, I stocked them up in case of future builds. Interestingly you can also add a sata ssd and take a power from a pin header. So this system is really versatile.
HP t610, t620, and t630 Plus thin clients (it has low-profile PCIe x4 slot) are also good options.
@@delboyg01 Unfortunately my thin client does not have iommu passthrough.
I really enjoy how positive the Homelab community is, mostly. Loved the Jeff Geerling shot out
Great Video! I'm running a J3455 board with pfSense for over 5 years now. Never had any issues, and the included monitoring graphs helped me to "prove" to Vodafone, that the connectivity issues are on their side. Waiting for the J4125 appliance with 2.5G to arrive for the next big upgrade!
Lucky you. I heard that baytrail CPUs have a silicon problem and they get older quickly and stops booting etc. You can read about it all over the net. Cisco even went that far to replace devices based on this family CPUs.
One of the nice bonuses of a DIY router is having it run double duty on tasks that are well suited to your gateway node, especially if you run a cluster at home. Things like a load balancer, ingress controller, kubernetes master node, bastion host, DNS (remember this is what pihole is), etc. Yeah a lot of people rush to build a pfsense box when they definitely don’t need it but if you do any kind of homelab stuff a more capable router is a godsend. I’d say go with the efficient x86 options out there if you’re at all interested in even a small homelab. If you’re just doing one server or NAS at home then it’s not worth it
I rushed out and built a pfsense box, however it cannot replicate what by ISP's router offers, so it ended up being a double NAT'ed toy. about the only real use for it is as an 'isolator' for unknown PC's that come my way for repair, that need a network connection, but I don't want them to see my NAS's etc. (as in they are potentially full of exploits etc)
I am leaning more and more to the retro side of computing, if there were plugins for pfsense that did slip type connections out the serial ports, or I could connect serial terminals etc etc. for some ancient type fun then it would really have my attention. Otherwise its just another watt sucker that I don't want on 24/7
@@paulstubbs7678 Why can't you disable NAT on your ISP router?
This is why I always recommend building it in a hypervisor so that you can use the machine for other server stuff.
I was listening while cooking something and so a bit of processing delay on what I was hearing. Pretty sure I understood "I have poor impulse control....so I built a router." This image strikes me so hilarious that it keeps coming back making me laugh. I'm picturing every time stifling some impulse dumps open a suitcase of parts and starts assembling a router. Thank you for this!
The Jeff Geerling introduction made me laugh out loud... I was not expecting this. Very nice video!
AES-NI support was also the thing that made having encrypted storage relatively painless as well. Probably the most useful instruction addition to have, even before native virtualization support.
I spent around $330 for making my Intel C2000 pfsense router with ECC. Never regretted it and it has lasted me the last 7 years without any issues.
What parts did u use?
In general, I have to say that you've put together a well researched video. However, I have to make some additions. First, in theory, everyone can use a self-built router, regardless of the ISP. However, with some ISPs that may mean you'd have to put up with double NAT (connecting the router as a client to the ISP provided one).
Second, and much more important: With great power comes great responsibility. Most of the router operating systems that are freely available will give you total freedom, meaning you can totally disable all firewalling by accident, or nuke your configuration with a click. However, that is - at least in my opinion - offset by the fact that it lets you do what you want with it.
Third, I agree that wifi is tough. Without a separate access point, or being fine with running 2.4 GHz only on a PCIe addin card, there's not much left.
Looking forward to the next parts.
For Wifi you could, in theory, just use one M.2 Slot and get yourself an Intel AX210, which costs around 15 Euros and brings Wifi6E capabilities with it. Antennas for the 5Ghz Spectrum, which also work with 6GHz Wifi6E, are plenty cheap as well. Questions is; Does it work with PFSense, as BSD is well known for shit Wifi Support?
@@xxcr4ckzzxx840 You have to watch out with Intel cards on Linux platforms, as I know many don't support AP mode which is, well... required for hosting an AP.
The BSDs are notorious for having near nonexistent wifi support, but there's tables with supported hardware you can refer to in the official Netgate docs.
I'm running a PCI wifi card from TP-Link with an ath9k compatible chipset. On Linux, almost get the full 100 Mbps of my internet connection while on *BSD, I'm lucky if I get 35/35 on a good day.
Correct! Most ISPs use CGNAT to enable multiple subscribers.
@@xxcr4ckzzxx840 BSD has 802.11ax support, however, pfSense and OPNSense don't have it yet.
@@markarca6360 This has nothing to do with CGNAT. In case of CGNAT you'd even have triple-NAT!
I did this as a challenge to myself, last year. I've built a box running ClearLinux as a virtualization host and deployed a virtual firewall and several docker containers for WiFi, IoT and PBX.
Apart from the horrendously outdated and misleading documents on VLAN management on Linux, once you learn how to do it properly you might as well build your own switch at this point too... Which is exactly what I did.
Every component is modular and can be replaced or upgraded in due time. And it all fits in an ITX case using 10W TDP at most, making it extremely quiet for the amount of functionality and performance.
Damn, I love this project...
If you ever make a video on the project, let us know!
I have been using a NanoPi R4S as my home router for over a year.
it's running Openwrt, with Adguard, and K3S master on it, and has an uptime of months (if not almost a year).
I'll never want to go back to an ISP router again.
It's something I'm considering as well. How did you got the OpenWRT into it? I can't find it as a compatible device on the list.
5:55 Draytek in my opinion is one of the best routers. Very stable and very good UI.
Great video 👍 Thank you, Wolfgang.
12:40 -- Fyi . . . NYC residential rates are around US$0.15-0.18/kWh for the variable fees (December 2023). (Notably, there are sundry, non-variable fees, which, based on usage, increase the total cost by, for example, +100% (lower usage) or +50% (higher).)
My approximate rule of thumb for 24/7 homelab servers at such rates: for each incremental 100W (as metered, and not identical to at-the-wall) costs roughly US$150.00 more per year, or US$12.50 per month, or US$750.00 over a 5-year life (no inflation scenario). Divide by 10 if mini-PC is sipping only an incremental 10W.
Kindest regards, neighbours and friends.
I tried, I really did. And I fully agree with your opening statement. I have no professional background in networking. When I set up opnsense as router and firewall I gave up after 2 years because I never really understood what I was doing. Its a fun thing to do but if you care about security and dont know what you are doing stick to your ISPs hardware for the basics.
I wish this video went over higher end business class options you can buy for similar money (especially used) and covered performance (latency and speed). Anyway, I enjoyed the video, thanks for making it.
I don't think anybody who's watching this video isn't interested in networking
I hate double negative sentences...
@@Mr_ToRwhere’d you see double negative in the sentence
@@romzeek "don't" ... "isn't"
You're actually saying "I think anyone watching this is interested in networking". Which is obvious and since nobody is stating the opppsite, why the need of a double negative sentence?
@@Mr_ToR haha such a passion for grammar you have.
But this is a rare case where the double negative actually serves a valid purpose here. The OP was actually referring to the negative statement in the intro “if you’re not interested in networking” and makes a negative remark about it. Removing both negatives makes this reference much less clear.
That’s the problem with hate, it blinds you from seeing nuances and defers you into a binary view of whatever you decide to hate.
What’s nice of having extra ram is running a RAM disk and have everything running in memory so much faster. I have it set up with pfsense and have it backup the ram four times a day
I always enjoy the quality of your content. No BS. Straight on point.
I'll definitely build my own router.
I first start off with ISP router, everyone knows how that 'd get you.
Then I switch to Asus top end model, but kind of limited by the firmware, I want to have my custom RA message, custom mdns, etc.
After watching this, I just realized that I could get rid of all those limitations, if I just built my own.
I can even put 4x 10GbE RJ45 port NIC in them for good measure.
I've happily run chelsio and intel 10gb NICs for ~5 years in pfsense and opnsense. Intel was better due to heat and compatibility.
@@MichaelSmith-fg8xh I would say you're a gigachad, but more like a 10 gigabit chad 😂
I bought one of those J4125 appliances with 4xI225 nics. It works great with OPNSense and PFSense with gb fiber internet using Suricata as IPS. Cost me around 230 usd with 8gb ram/128gb ssd and shipping from aliexpress. The brand name I bought is Topton in case anyone is interested, they took around 13 days ship but once handed to DHL in Hong Kong it took like 3 days to arrive, which I find pretty darn good.
Ur knowledge on networking is terrific. Do u mind sharing what resources u have used over the years to build up this vast reservoir of knowledge?
I would love to know this too
I don't know that much! But for this video, my Patreon Discord (and Fabian in particular) has been very helpful. That and some googling
@WolfgangsChannel I've just picked up an oem i7 7700, 16gb ram with a 1060 6gb for 100£ in the uk. Its going to be my first home made router... interested to hear your thoughts on the potential power consumption...
@@IOTWVUVWTOIwhy not not think about what your thoughts are? You know the costs of power, you probably know the power use. Why not ask yourself 😅
@JoseMariArceta because if I was the smartest person in "the room" I would definitely be in the wrong room.
I'm behind CG-NAT so I jump the gap by serving wireguard on a VPS and connect some local systems to that VPS. this way i get a well defined and secure network without port forwarding when I'm out and about
Don't miss the power of ATX router. You can use a hot swap device for easy and fast backups over local network. Also is up to you how it will be connected (RJ45, WiFi, USB tethering via smart phone) trough internet. Linux, nftables, BIND9, squid, isc-dhcp-server, wireguard, nginx. My personal choice is:
MSI B450 Gaming Plus Max, Athlon 3000G, SATA SSD 128GD, 5x two port gigabit NICs and hot swap device for both - 2.5 & 3.5" HDD's, because I have a lot.
Take a look at the Proxmox VE type 1 Hypervisor, not only can you virtualise pfSence, but also Virtual Machines/ Linux Containers and Docker instances - a brilliant piece of software for these tiny PC's.
@@delboyg01 why pfsense when you have nftables?
@@ChrisWijtmans- You assume that the average user even knows what nftables, BIND9 or Squid actually are??
@@delboyg01 OP talked about nftables and you bringing up pfsense amkes no sense whatsoever.
Hi @1:10 I think where you are show web UI I am wondering how did you set that up as I would interested in doing the same any information /direction you can share would be welcome Thanks !!!
Everything depends on the country you are living in and your provider. I got wifi6 fiber-ready router with 2.5Gb ethernet slots for free to my plan. For additional ~4€/month got wifi6 extender. I can set VPN stright on the router and in years never had any problems with it.
I live in Argentina and can confirm you can use your own router. Provided you ISP's device is in bridge mode.
05:50 Pros and cons of using a cheap consumer router
*Cons* (points from Wolfgang with some comments of my own):
1) might not be able to run just any OS other than OpenWRT: sure, eg. if you want to run pfSense, this is out of the question today, but might also change in the future
2) small storage space: simple to add enough storage space to install everything you need using a USB disk with extroot config
3) CPU performance might not be up to the task: No question these CPUs are quite limited. What applications would specifically make a typical consumer router start to falter on a typical home network? Any reference to back this up?
*Pros* (my own points here):
1) comes with wifi5/6 and 4 ethernet ports that's mostly enough for home use: as you and others also pointed out, it's tough to do this cost effectively in a custom build
2) price: around 130 USD for a decent model with wifi5 and around 170 USD with wifi6
3) power consumption: about 8W for routing, switching and AP functionality
Using a separate AP for wireless connectivity and a separate ethernet switch to get enough ethernet ports will:
- add about 10W of power consumption (5W each) that will almost double the 12-14W power consumption of the DIY router on its own
- cost 129 USD extra that's 70% more to spend on top of the cost of the 184 USD DIY router
*Living in an apartment or in a house can make a difference too*
If you live in an apartment (as opposed to living in a house) and conscious about power consumption, using a separate AP for wireless is probably not what you want
because of the additional power consumption and probably without much benefit. On the other hand, using a separate AP makes more sense if you live in a bigger house,
because you might need more than one AP to have good coverage in all rooms and your router might need to be placed where its wifi antenna wouldn't be able to give you good coverage anyways.
I'm not sure if power consumption is really that big of a concern. At least with my Unifi APs, they consume 4 watts each. Even if you pay 40c/kW, that's $2.33 per month.
Consumer routers, especially those with beefy WiFI and the kind of processing power to be comparable to a custom one, can pull as much as 25-30W, so you're gonna have to spend "watts" on WiFi either way.
Plus, renting an apartment also means that you most likely won't be able to place your wireless AP/router wherever you want - you'll have to put it where your DSL/coax plug is. Which means that depending on the size of the place, you might need to get more APs or repeaters to cover your entire apartment.
@@WolfgangsChannel ... or you make a smart choice and switch off the WIFI modul if you don't use it. Those AVM boxes are really nifty with regular updates. Are you sure you need a low power X86 CPU? The only reasoning that actually makes sense is software choice, since those AVM Fritzboxes run mostly on 32bit MIPS SOCS which are "weak sauce" compared to the ARM64 choices.
@Red Phoenix Afaik AVM boxes can't do VLANs, which is a must for me. For most people they'll probably be more than adequate
You can definitely set a timer for WiFi APs and turn them off at night... And save about 50 cents a month. Sure, if you live by the motto "one cent here, one cent there", that's a thing you can do, but the savings are pretty negligible.
@@WolfgangsChannel My old TP-LINK TL-WR1043ND 300Mbps wireless router running OpenWRT also draws 5W with its AP on and under heavy load. It's processing power is not comparable of course, but I doubt even a current top-shelf consumer wifi router draws more than 10W (unless sporting a x86 processor), but unfortunately I don't have one to test it. Maybe someone will chime in with an actual measurement, but I think 25-30W definitely only goes for x86 chipsets.
My point here:
1) Maybe drawing a 5-10W extra doesn't seem to add much to your energy bill (this might also change for the worse now at least in Europe depending on the changing German energy politics), but it proportionally means doubling the power consumption and that is not negligible.
2) Drawing an extra 10W 24/7 means 10x24x365=87.6kWh over a year that's almost exactly half of the 173kWh yearly power consumption of my A+++ washing machine, if you think about it like that.
3) And this extra power consumption goes into running an x86 processor, 4GB RAM, integrated graphics etc. that are probably a huge overkill in every sense for what a home router needs to do. I'd stay away from x86 in a router, especially now that even laptops are moving away from x86 and for good reason.
You are right that you won't be able to put your router just anywhere you want in an apartment either, and while some apartments might be closer to 100 sqm in size that might also demand for multiple APs, most flats are smaller than that and much smaller than a typical house hence an all-in-one wifi router just cuts it.
Definitely some good points, I haven't thought about the power consumption in terms of washing machines :D
Thats what I have done - bridged the modem and run an Aliexpress mini pc with 4 ethernet ports to my switch. It all virtualised on Proxmox, so I have the router running on one vm with two nics passed through, and another ubuntu vm running in another vm with its own nic. The fourth nic is the management interface for proxmox.
Yes. Yes you should. I just build a pfSense security appliance and network router running Squid and Snort on a 64bit celeron motherboard, using DDR4 and I can confirm that pfSense can run on an M2 SSD in SATA mode. The 64 bit bus combined with the modern PCIe interface gives me very fast throughput which I have not yet measured. Mind the bus speeds!
I'd say learning more about networking is the absolute no. 1 reason to do this
I run pfSense on a Qotom mini PC, from AliExpress, with i5 CPU (with AES-NI), 4 GB RAM, 64 GB SSD and 4 Intel 1 Gb Ethernet ports. I also have a Cisco 8 port managed Gb switch and Unifi AC-Lite access point. I've been running this config for about 1.5 years and am quite happy with it.
BTW, my Internet connection is a cable modem that is easily put into bridge mode. My ISP also has a community forum, where I am quoted for pfSense IPv6 configuration.
I been running a dell wyse 5070 for a couple years now for 80 dollars brand new old stock on ebay and a quad intel nic. Ran both opnsene and pfsense. Mini PCs and SSF pcs arw amazing for homelabs.
I see the thumbnail and channel, and I know I'm in for a treat.
Great content! What about Mikrotik routers? Thank you.
I took my old i7-6700k computer with 16gb of ram and added another ethernet port via a card on amazon, got a net gear access point and installed ipfire to the system. I can fully saturate my gig speed even over wifi so even though it isn't the most power efficient solution out there, it works just fine for me and it was only 90 usd with the parts I already had for years before I decided to do this. My only bottleneck at this point is the apartment's cat 5e or older wall infrastructure, but that won't be the biggest issue once I move out in a year or so.
What WiFi card did you buy?
A problem you didn't mention with building your own router as a permanent fixture is that it'll inevitably be labour of love, a permanently unfinished project, and it'll require continuous maintenance.
Of course, if you want to make one as a project to learn stuff, go float your boat, but I'd be wary of approaching this as a permanent installation.
Bearing in mind our dependence on internet connectivity as a near essential utility nowadays, I'd generally recommend a decent SMB level router such as Draytek Vigor, a make I've used for over 15 years, but other makes are available I find them solid as a rock, they're very reliable. This is as opposed to consumer level routers that can usually be identified by their pleasing aesthetics, hiding how little has been spent making them reliable. Mine's 10W at the wall, has 5 LAN +1 WAN eth ports, xDSL WAN port, Wifi 6, mesh, WoL application, VLAN, hardware NAT & VPN acceleration: I run it with gig fiber + xDSL auto failover (4G optional), and DDNS for both remote access and site-to-site VPN.
It's horse for courses, if you like tinkering, and don't get frustrated when you wake up in the morning to find you have to drop all your plans to get your router working again, then yes, build your own router. 😉
The tinkering I leave to a 2.5W at the wall Cherry Trail Atom based fanless NAS/Home Assistant mini PC.
Dude what’s your parts list? I can’t figure out the WiFi card portion.
hi,
primary problem is that you need the modem function so you need a standalone modem for DSL Fiber etc.
i use a Intel Nuc with Sophos UTM Home its perfect and can handle all what i need.
Realtek Nic support has gotten way better in the last few years.
Installing the "kmod" package and adding a few lines in the loader and your done.
Which M.2 WiFi NIC would you recommend then?
Nice video, great content.
Can you please tell me where I can learn more to build a UI like in 1:40min? Or is any application for that?
The Intel Atoms only draw 4w if you get the laptop ones. The desktop ones draw over 25w, which crazy enough is the old north bridge, not the CPU. It was a most unusual pairing.
My big question, since the idea of a diy router popped into my head, what to do about telephony - maybe Asterix. But how to do DECT without using a Fritzbox as DECT base station in the end?
You would propably need a seperate Basestation like the Gigaset GoBox 100 which can either directly connect to a voip Provider or to to your pbx.
I saw you're using a digital power outlet measure 3:55. Which equipment and monitoring system do you use to measure the power consumption of your computers?
Shelly Plug S
So no aes-ni in the ga-imb1900tn? Otherwise, nice set of ports, especially dual intel nic...
hang on a minute... the aliexpress thingy is really nice considering all of the hardware headaches you avoid yourself but... it does not have PoE for a Ubiquiti access point!
You don't technically require 2 NICs. I'm running a Pi 4 in VLAN trunk mode and have one VLAN id for pppoe for my ISP and other networks using different VLANs.
It's not ideal because in/out shares one NIC, but it's good enough for my bandwidth.
I tried a non Pi SoC with 2 Gigabit LAN ports, but it didn't work with Ubuntu server out of the box, which is my OS of choice atm.
Again, not the typical router OS, but it's much easier to build other stuff on.
not secure.
I literally am unable to update my router to the newest firmware because even though it's our router we bought the firmware is controlled by our ISP. (It's a router modem combo)
I removed it as the DNS and DHCP server with a pihole at least but I hate that thing. At least I could turn of DHCP and it does support port forwarding
The stuff the ISPs sell you is usually the lowest spec overheating crash prown excuse of a cobbled together accesspoint with a modem added as an after thought. Looking at you Vodafone Station that can't handle more than 4 simultaneous wireless connections without shutting down.
IMHO OpenWRT is the best Router around simply for its ease of use and flexibility while being extremely powerful at the same time. I tried untangle, pfsense, opnsense, MikroTik's RouterOS* and Ubiquiti's security gateways but nothing matches OpenWRT. Setting up load balancing across 2 WANs is stupidly easy with the mwan3 package and configuring firewall rules and zones was also a smooth ride. All this while being lightweight enough to run off of a VM in my server with 128MB of memory
For switching I use a MikroTik CRS328 and for the APs I use UniFI APs. MikroTik's switches are unmatched for their price to feature/performance ratio while UniFi provides a really nice centralized plane for easy setup and management for my wireless clients.
It really feels like OpenWRT is not used professionally because of branding(?) because it can doing everything that enterprise routers can while taking less resources. Build and shape your own image and you'll have an amazing router suited exactly to your needs. I run mine off of a single i7 6700 thread and the CPU goes to about 30% at gigabit with a few firewall rules and NAT
* Setting up QoS and multi WAN with RouterOS was extremely tacky and finnicky + it took a lot of time to get it right and even then I wasn't happy with the results. In the end I decided to ditch it and go for OpenWRT
Then there is UDM Pro which is somewhat in the middle between OOB experience and some customizability, mainly aimed for those who don't want to spend a lot of time tinkering but offers more options than consumer router and more power than OpenWRT. It's main appeal is unified dashboard and integrates nicely with Unifi APs and can also act as NVR. It runs threat management capable handling of 1GB/s. The downside is size, its more suited for someone who has a space for network rack. For advanced network users may lack desired features and for basic/casual the price price too high and set of features overkill.
I'm really looking forward to UDM-Pro-SE being available
loved the quick TLDR at the beginning of the video
There is a good middle ground, get an Openwrt compatible Mikrotik router and flash it on it instead of their (for most people too complicated) OS.
One Ethernet Port is already fine if you already have a managed Switch. So an even cheaper/smaller device can be used.
One middle ground solution is to get off-the-shelf router and install custom firmware such as dd-wrt.
Would this be capable of routing faster than my current EoL Netgate SG-3100?
Love the opening. Not everyone needs to built there own.
Here in France I have an FTTH with static ip address wich is quite good, my ISP router allow me to put it in bridge mode so i have my public ip onto my firewall Wan port.
I have one of those aliexpress fanless x86 computer and with windows 10 pro pre loaded on it. When windows wanted to update it was very slow maybe it was hdd iops? But it’s been running pfsense with no issues. Mine did not come with the sata power cable so I’m waiting one my cable parts from Amazon.
I still use my old Apple router which has Ac wifi and gigabit Ethernet, which is faster than my internet speed but is locked down in true Apple style. However I now run a little web server and wonder if I should increase my security, as I do get more instances of probing from the internet. That can at times effect my internet detrimentally until my web server blocks the IPs automatically.
Very useful videos, thank you.
how to run ubiquiti sw if your homebuilt router is runing pfsense and only a Unifi access point is connected?
mt7921 exists for wifi 6e now and driver support exists for linux kernel 5.12+. Doesn't have the intel AP bug
Just a question, what if I need more bandwidth ? for instance 10 GBe Nics ?
You might want to look into Mikrotik routers, e.g. CRS326
You can also get a Mellanox SFP+ NIC if you have at least one full-sized PCIe slot
I wonder what is your opinion on sort of a prebuild solutions like mikrotik's 'router boards'?
that was an excellent way to start the video, thank you for your honesty, I will not watch it but I upvoted for fairness
Didn't they say you could install open source on Fritzbox since 2 weeks?
There is Freetz - freetz.github.io/wiki/index.en.html
Haven't tried it though
The AVM routers are pretty good, the Vodafone issues arris routers however...
I'll stick to my 6490 for now as I've yet to encounter an issue with it
I ordered a similar Chinese router from the second option, back in February. It’s good for everyone, it’s a pity that he doesn’t have SFP only, but he supports 2.5 Gbps on 5 ports. I have not yet decided which OS to install on it. openwrt or opensense.
OpenWrt from the pros has support for Chinese proxy protocols in the form of v2ray.
I have a lot of devices connected to my BT home hub via wifi - majority work fine - however recently my wifes phone will not stay connected to it, and I have a desktop pc that I have tried 3 different usb wifi adapters with and all refuse to stay connected despite being in the same room. I am thinking I may just be over loading the BT Hub? Dont really wanna build my own as its probably over kill but not sure what to try.
I don't get why Espressobin isn't more heavily considered? The Base price was $70 with 2.5G in a 3x1G configuration, screaming home router. It also has mPCIE and SATA ports. You do need a 12v PSU and I'd pair it with a Pi-ZeroW for a wireless serial console(the board has a USB serial adapter, so needing USB converter to share and a Pi fills that need.)
I wish all tech videos were like this one.
Can I ask where you got the mini-ITX case? I can see it on their official site, but not really available for purchase.
I'm getting a fibre connection. So I still need a proprietary modem? Or are there solutions on Alibaba?
Am looking to change my router/modem firmware it doesn't have options to change speed per user all I got is QoS , a friend of mine used to have the exact same model as me and changed its firmware and was able to control it(speed per user) but he replaced his router a long time ago with one that have these features and doesn't have one that firmware anymore any recommendations?
Have you looked at Zimaboard? x86 board with Intel Celeron N3350/N3450. Looks like they started shipping out orders to kickstarter backers last month.
I was planning on getting one. But my ISP decided 6 months ago to enforce their own routers, and charge for public ipv4 and port forwarding...
Curious to get your thoughts on an "off the shelf" option such as GLiNET Flint
My little $35 Mikrotik router is Linux but has first party support and Just Werks(tm).
My problem is I want to do this but my Eero 6 router security and speed is great and for 6w it's unbeatable for 1gbps just wish I had more features, any higher prices get stupid in my area. Other than openwrt being an upgrade or pfsense/opnsense
I also just discovered the Noname Aliexpress Computers, that would make for great routers (heck, they even have 2.5G ethernet!).
I am really tempted to get one as an upgrade from my current setup with a USB LAN Dongle and an OPNsense in a Proxmox VM.
I have had a Qotom box for about 2-3 years and it's be sold. Runs OpenWRT on top of proxmox.
I missed your videos.. Still trying to implement your ansible playbook and failing miserably
do you still need a switch or just use the 4 ports if u go with the aliexpress router? also im assuming just gota use 1 of the port for access point to enable wifi?
just curious, what is the power drained from the Fritzbox?
nice video. But i have only one question. you said o bought a ubiquiti instead using a wifi 6 card on ur custom router. But the client will use cpu and ram from ubiquiti and not from the router so, its better just have the ubiquiti in this case.
Can you recommend a Low Power Modem as well or is the Fritzbox in only "Modem use" Power efficient. I was also looking into a small pcie Card for the newer AliExpress boxes to have WiFi Ap behind Firewall but those Intel cards dont Support AP Mode any recommendation for wifi6?
Yes, I think most FritzBoxes are pretty power efficient
So switching to just a Modem wouldn't save Energy compared to the fritz.
For WiFi behind Firewall, what do you recommend?
If you're okay with the feature set and WiFi range of the FritzBox, I would just stick with that.
If you need more WiFi coverage (e.g. big house), TP-Link makes some pretty good Omada APs that don't require controller software.
UniFi is a more high end option and they have a pretty robust admin interface
OK but the WiFi wouldn't be behind firewall and a dedicated ap would probably consume more Power than pcie card
What is that alison? thanks
Not having aes-ni is a nogo for me. VPNs are one of my core use cases for pfsense.
Is it possible to build server on Intel® Desktop Board D945GCLF ?
I live in Germany as well and use a Turris Omnia which is OpenSource and OpenHardware. It even have a SFP port …
Can you provide a link?
@@sirdewd2197 sure: secure.nic.cz/files/Turris-web/Omnia/221010_Omnia_wifi6_datasheet_EN.pdf
When I saw the cover pic of you with the beard and the hair I wondered if you were giving up tech and starting an Abba Cover band.
mamma mia!
all parts hard to find T_T
i'm interested with custom but imma buy omada instead
hey there , nice video , would you still recommend these links shared in the video description and also what about the type of mini pc such :
DELL 3060 I5 - MICRO OPTIPLEX or
HP ELITEDESK i5 - 800 G4 DM or
Lenovo ThinkCentre i5 - M720q Tiny
i am a so confused and a bit lost in choosing a powerful firewall for my network setup , i already have a powerful router ( ASUS AX86U PRO ) but i do need a business entry level so to speak as FIREWALL so i am looking for something like OPnsense to install but still havent found the right device , the three devices that i have mentioned above ; i can not seem to find a way or a model of the piece i need to add in order to have dual ethernet ports , any suggestions , ideas will be highly appreciated thanks in advance
you didnt count the power consumption of the wifi ap?
i got an openwrt router that takes 5w with wifi on, with 2 cores, 250nand and 500mb ram, and id say for a home use its plenty enough, wireguard, adguard, network shares, ddns, vlans, mwan3, 4g modem connected to usb, you name it (i actually run out of ideas, what else to run on it, that i could make use of it), and im still using less than half of the resources, wifi coverage is very good, even tho i have lots of other networks around me, it was 60bucks on ali a year ago, and while building ur own router pc sounds cool, from the economical point of view, it just doesnt make sense for anyone other than the hardest power users...
Could you please teach us how to install RADIUS wifi? Thanks!
how about comparing the DIY router with mikrotik rb750gr3 ? the price only $70 on Amazon and it got 5 port ethernet and fully customized router, also it run on 12 volt DC power supply
Good option, but it's based on MMIPS, and not x86. Which means that you can't run something like Proxmox, OPNSense or pfSense.
The DIY router featured in the video also runs on 12V DC.
Not having AES-NI is a huge downside, as pretty much anything encryption these days uses some form of AES for symmetric encryption. Having ChaCha20 as an option would be nice for these devices, as it's about five times more efficient given how friendly add-rotate-XOR encryption algorithms are to branch predictors. Sadly anything but WireGuard uses ChaCha20, so it's the only VPN software I can recommend for systems without AES-NI support.
Personally, I've been using IPSec (one client) to VPN into my home network, and haven't noticed any performance issues so far.
Can you look into OPNsense? I’m running it and love it. It’s similar to and alternative to pfSense with better compatibility/support for some NICs (e.g. *Intel* i-226V)
Pls share the website that tracks cm4 availability across different stores.
2:20 as a romanian, you can find pretty good deals if you know where to look, i found my home server for just 5 dollars
How much power would you save if you disabled the ethernet port LEDs?
close to 0
@@WolfgangsChannel " *close* to 0"
Disconnecting the LEDs _right now_
LMAO at the Geerling call out! Great video Wolfgang :)