[3np]

PCEngines APUs are great router devices to put whatever you want on, including OpenWRT. Proper Intel NICs (Realtek is not great for routers) for cheap.

https://pcengines.ch/apu2.htm

I'd also strongly suggest to have router and access points as separate physical devices.

A great step up for someone with an AIO consumer router/WiFi AP would be to get something like that as a router, flash OpenWRT on the old router and transform it into a "dumb" access point.

[c0l0]

I bought an x86 box from China with 6x Intel i210 GbE NICs onboard a few weeks back and reviewed it here: https://johannes.truschnigg.info/reviews/2021-01_fwbox/

It's my favorite OpenWrt router so far, and I've owned quite a few since I started using it on a WRT54G :)

[mirchiseth]

Thanks for the great writeup. I got to know about a lot of ls** commands that would be useful in future. I built similar with OPNSense using QOTOM Q515G6[1] which looks eerily similar to what you got from AliExpress. So in a way reading your article was more like knowing my own router better. Thanks. [1] https://www.amazon.com/gp/product/B07DLYGZG4/

[3np]

Thanks for writing about it - I was actually close to pulling the trigger on another of their boxes a few moons back, great to hear it's good in practice as well :)

(...Personally I avoid Intel CPUs best I can, though. AMD's ME equivalent on the APU can actually be disabled, which happens to be something I care about for something like router)

[circularfoyers]

Has there actually been any research into the disabling of AMD PSP like there has been surrounding me_cleaner?

All I remember regarding AMD PSP was that one motherboard manufacturer showed the option after an update and the other you had to flash a modified BIOS to expose it.

But besides this discovery by a user, there hadn't been any research or verification that this software option does what it claims.

[Legogris]

I am also an owner of these devices. I am not knowledgeable if this is as trivial for AMD CPUs in general, but I know that specifically for the SoC in the APU, since i build my own image anyway, it's a simple configuration flag there:

https://github.com/pcengines/coreboot/issues/439

[circularfoyers]

That seems to be only for TPM, which isn't usually what people refer to when talking about Intel ME.

[wtallis]

Thanks for sharing that. It looks quite a bit more powerful than PCEngines APU boards, and cheaper than the Qotom boxes it's imitating. And it's nice to have a detailed review showing it works as expected.

[Haemm0r]

Can confirm that. I run an apu1c4 with pfsense on it behind the isp modem(in single user mode) for multiple years now. No issues so far :)