DIY Router Build & Network Setup

[Zoot]

This year I got it into my head to DIY a router, and it's been quite fun to put together and configure. The main advantage of DIY'ing a router is that the average AMD/Intel CPU is orders of magnitude better than what's in a router, so you can do so much more than a standard off the shelf router like active scanning of traffic for viruses, run a web proxy, Intrusion Prevention etc.

Here's what I came up with:

CPU: AMD Athlon 200GE
Motherboard: Asus A320I-K
Memory: 8GB Corsair DDR4-2666MHz
Power: PicoPSU & External 12V DC-to-DC Converter
Storage: WD Green 128GB M.2 SATA SSD
Network Card: 4-Port Intel i350
Case: OnLogic MC600
OS: IPFire

Ideally I would have liked to have gone with an ITX motherboard with multiple NICs & IPMI, but they're just too expensive or high power to suit.

There are a number of options for the OS, I kind of narrowed it down to Pfsense or IPFire. In the end, I went with IPFire given it's Linux based rather than BSD based since I've way more experience with Linux in general. Some stuff requires SSH (VLANs being the main thing), but most stuff is easy to configure with the WebUI.

Power usage is about 20-30W which isn't too much higher than a really high-end off the shelf router. The CPU usage is typically below 20%.

The limited PCIe slots mean I have to offload the Wi-Fi to a seperate router configured as a Wi-Fi hotspot. Not a bad solution given the WiFi will generally be better in an off the shelf router.

Here are some pictures and what the home network setup looks like. It works a dream with a 1Gbps Fibre-to-the-Home internet connection aswell.

 

[NeverBackDown]

I've also been looking into a DIY router as well for the past year!

This is a pretty neat setup and I never thought of using a wifi router to act as the hotspot while everything else is ran off the computer. Pretty clever. I was looking into PFSense because it seems the most popular and therefore support.

I haven't jumped into it because even the lowest power hardware gets expensive fast. Other issue is running AES-NI lowers bandwidth but increases security but the issue is for me my ISP bandwidth is just low as it is. So it's not worth it for me yet

 

[Zoot]

I've also been looking into a DIY router as well for the past year!

This is a pretty neat setup and I never thought of using a wifi router to act as the hotspot while everything else is ran off the computer. Pretty clever. I was looking into PFSense because it seems the most popular and therefore support.

I haven't jumped into it because even the lowest power hardware gets expensive fast. Other issue is running AES-NI lowers bandwidth but increases security but the issue is for me my ISP bandwidth is just low as it is. So it's not worth it for me yet

Pretty much any off the shelf router can act as a WiFi hotspot. Many of the higher end ones like the Tp-Link Archer C7 or Asus RT-AC66U I'm using have a special WiFi Hotspot mode which does all the config for you.

However even if that's not present in the Router's WebUI, you can just disable the DHCP server so it doesn't conflict with your main router, give it a static IP in the same LAN Subnet, and then just connect one of the LAN ports direct to your main router or through a switch.

Talking of security, I have IPFire's Intrusion Prevention system running, and you would be amazed at the amount of things this picks up. In the last hour there have been random IPs trying the SSH, HTTP & Telnet ports for instance.

 

[NeverBackDown]

Oh I wasn't aware of routers having that and the funny part is I've both of those routers lol
I know they have the standard mode for routing but they also have the bridged or in the Asus case a node set-up for mesh wifi. I'm guessing that's similar to the hotspot?

Either way thank you for the advice. I'm sure I would have eventually figured it out but it's nice to just know ahead of time I'll look into this for sure. I was planning on installing AsusWRT-Merlin custom firmware anyway on my AC66u B1 so I mine as well snoop around again before trying

Yeah the security feature from Trend micro even on the stock Asus firmware gives me crazy results. People say you don't need AV anymore but if only they knew how complex the internet gets.. my brother a few years back was getting into Torrents and trying to be sneaky and in that month the Asus router reported nearly 8k total hits to the network it stopped and I'm positive it didn't catch all of it.

That's why encryption is so key! Alongside other intrusion protection methods of course