[uniformlyrandom]

What if I'd like to build a linux router out of modern hardware?

I would like to stop upgrading routers every two years (maybe just upgrade the wifi cards in it), and have full control over router's UI (command line is fine).

Is this a stupid idea?

[zekica]

You should really look into Intel Pentium N6005 based mini PCs with up to 5 ethernet inferaces - they are very versatile and you can choose from different Router systems: OpenWRT, pfSense, opnSense and others. They consume less than 10 watts idle (most of the time) and about 25W max. Regular consumer routers consume 3-5W idle and about 15W max, so not much of a difference. You can even use a hypervisor and use VT-d to pass through the ethernet cards to the router VM. The only downside is that there are a small number of PCIe cards that work good as an wireless AP - mostly Mediatek based ones (some Qualcomm/Atheros cards work fine too).

[dtaht]

I kind of gave up on using the central box as a wifi router, and just put bridged APs closer to wherever they are needed. Simpler, and you can do more stuff on your firewall that way (like use it as a NAS)

[GuB-42]

Not stupid, but you also have to understand the downsides.

I once did that, essentially just a linux PC with extra network cards. It doubled as a NAS too. One issue is simply that when you are playing with it (updates and all that), you won't have a router and you will lose internet access for all your connected devices. You also have to consider power outages (UPS highly recommended) and electricity costs. It gives you a lot of flexibility, but it also gives you a hobby. In the end I backed off and got an off-the-shelf router like everyone else, the server is still there, but it doesn't do routing anymore. Sure, I lose a bit of control, but it works, and solving problems is usually just "turn it off and on again", and I don't want to play hotline when my roommate loses internet access.

A compromise is take an off-the-shelf router and flash an alternative firmware like OpenWrt.

Also, why do you need upgrading routers every two years? Things don't move that fast, and widespread adoption of new standards even less so. If WiFi is the reason you change so much, you can buy access points and connect them to your router with wires.

[simoncion]

> One issue is simply that when you are playing with it (updates and all that), you won't have a router and you will lose internet access for all your connected devices.

For my system, the only update I need to reboot for is a kernel upgrade. For everything else I can restart individual services, which leaves routing and firewalling completely untouched. And when I _need_ to reboot the thing, it takes right around 30 seconds from the time it stops passing traffic until the time traffic starts flowing again.

> You also have to consider power outages (UPS highly recommended) and electricity costs.

Power outages aren't a concern, as the rest of my networking gear isn't on a UPS. But boy, howdy are you right about the power costs. I've gone from drawing 12W _max_ (read as "_never_") to more like 20W _idle_, and way, way more if I'm performing updates.

> If WiFi is the reason you change so much, you can buy access points and connect them to your router with wires.

Yeah, I strongly recommend this. Separating your APs from your router is a smart move.

[rendaw]

I've always been interested in this, but I was worried about the efficiency/performance loss. I don't really know how off the shelf routers work, but I'd assume most of the routing logic happens near the hardware... is this not the case? Or is linux able to move routing logic into the hardware so there's no significant performance difference?

My own reasons are

1. It's an extra piece of hardware, when I already have an underutilized server

2. The consumer router web ui is terrible, updates are painful, diagnostics are lacking, etc

3. More power with linux, and a consistent interface for it

[dtaht]

please try openwrt.

[olau]

> A compromise is take an off-the-shelf router and flash an alternative firmware like OpenWrt.

Linksys (and others) even make some where this is supported out of the box.

[seized]

While not Linux, look at OPNSense. It's a fork of pfSense without the bad behavior of Netgate. Will run on all sorts of hardware and has been utterly reliable for me.

[fork-while-fork]

I've been running a PC Engines APU2 (https://www.pcengines.ch/apu2.htm) for many years now. It has enough power to route over my gigabit fiber connection. It has mini-PCIE slots for wifi cards. If you want 2.4GHz and 5GHz bands, you'll need two cards and run two instances of hostapd.

The software stack is pretty basic:

- IPtables for routing and firewall

- DNSMasq for DNS cache and DHCP

- Hostapd for wireless

[dtaht]

running SQM?

[throwanem]

Not at all, although PFSense is based on BSD rather than Linux. It's incredibly full-featured (with even a complete and polished web UI) and pretty easy to configure and operate, and definitely where I'd suggest starting.

[cassianoleal]

OpenWRT [0] OTOH is actually Linux. Also very full featured, including a GUI (LuCI) that even though some times lags a little behind the command-line and config file stuff, is still pretty good.

As another FreeBSD-based alternative, there's the PFSense fork OPNSense [1], which started out as a fork of PfSense after the Netgate takeover and complaints about their openness and support for the community.

[0] https://openwrt.org/

[1] https://opnsense.com/

[throwanem]

Oh, I didn't know about the fork - I guess that shows how long it's been since I last ran PFSense. Good to know, thanks!

[irfwashere]

Yes there's a lot of good content now with guidance on setting up one of these pf or opnsense routers. Really cool stuff. And use any old router you have in AP mode and you're set!

[M95D]

It's not a stupid ideea, just not very practical:

1) Modern routers actually use modern hardware. Nobody builds routers today with 2010's network interfaces or CPUs.

2) Modern hardware is only modern now. You can replace the wifi once or twice, but at some point new adapters won't fit the old slot on the MB. Then you need to change everything: CPU, memory, etc.

3) It will cost a lot more initially, then only a little less than a router when you replace the wifi card and then a lot more when you have to upgrade everythig (see #2).

4) Wifi cards have big issues with linux kernel/drivers. Many have no linux support at all, many are proprietary binary blob driver only, so you can't upgrade the kernel version, many are unmaintained and don't support new protocols such as WPA3, and many only support client mode, so you can't create access points with them.

5) Routers usually have proprietary acceleration for NAT and other network operations. Until ~recently, linux had no acceleration at all and even today, most routers are a lot faster with their official firmware than with OpenWrt or DD-WRT. With any open source linux you only get more flexibility, not speed.

6) It will eat your time permanently. There will always be updates to be done, incompatibilities to debug, bugs to fix, stuff to adjust, performance graphics to waste time looking at, logs to monitor... If this is what you want, go for it. Creating a linux router is very educational, but be warned that anything linux-related is VERY time consuming.

7) If you want to use anything else other than a SBC, or use a separate ethernet switch, it will consume more power than a router. Then you need a bigger UPS, which consumes even more power. Power costs over 2 years might be more the price of the router you replaced.

[M95D]

You don't need to upgrade every two years. This is why:

1) There are only a few standards that changed. You didn't need to upgrade unless you bought a low-end device first and then upgraded to a high end for more speed on the same standard.

2) You need to also upgrade the clients to support the new standard. If you didn't upgrade the clients, the new router was a waste.

3) Speed differences are significat on paper, but not so much in real life.

- 802.11b = you can have SD video streaming with this link

- 802.11g = you can have 1080p video streaming.

- 802.11n = enough for UHD videos.

Between b and n, speed increase is ~10 times, but the ethernet was always at least 10 times faster than any wifi and with a *reliable* connection. So if you are using wifi for heavy data transfers other than live video on a *mobile device*, then you're doing it wrong.

[dtaht]

I have been working on openwrt since the mid 2000s. (the work we did on that wifi project turned into a job for me at the embedded linux maker, montavista - greg stayed on the server side and made a pile, I didn´t) These days I don´t really feel the need to upgrade my wifi all that much, as newer products have less range, and I still have just a picostation and ubnt AGW (running modern openwrt on less than a watt) that suit most of my needs. Firewallwise, I tend to reflash an old laptop or a nuc to run openwrt also, so I can run at a gbit plus. Most home routers still cannot forward a gbit in both direction at the same time, so it has become best to go with a good box to the isp, and wifi near your principal work/play locations.

For all home routers today - strongly recommend the SQM smart queue management) system that is actually a derivative of what we developed at that house, circa 2002, on everything - fq_codel and cake can help modern wired and wireless tech a lot.

[mindslight]

I switched to generic amd64 machines for my main router and 2 access points and haven't looked back. Each machine has a Mikrotik R11e-2HnD for 2.4GHz (AR958x), and a Compex card (WLE900VX?) for 5Ghz (QCA986x/988x, surplus). I think the 2.4GHz cards are fine with libre software out of the box, but the 5GHz cards want a firmware blob (which I consider the same freedom/security concerns as if the blob were loaded from flash, like the 2.4GHz cards).

I use the 2.4GHz extensively for phones/tablets/NoT devices and haven't noticed any problems with it. I don't actually use the 5GHz too much it but it seems to work. As far as newer technologies, I've never felt the need to squeeze as much bandwidth as possible out of wireless.

The main router has extensive firewall rules (nftables) and VPN links that would be an unmaintainable low-performance mess on a born-to-be-ewaste consumer router. The distro used to be Debian but I've moved them all to NixOS for easier admin.

[dtaht]

I hope you use sqm-scripts also. It works on any linux.

I have worked hard to make the ath10k work well on everything.

mt76 is pretty good now, the mt79, coming along. The wifi stack we developed for openwrt is now the default in linux for all these cards. https://www.cs.kau.se/tohojo/airtime-fairness/

[mindslight]

Ath10k does seem to work well out of the box with no fussing. Thank you for making it work so well I can take it for granted! Otherwise I wouldn't really want to be in the business of tinkering with my own access points - one of the main goals of my setup is to get away from tinkering.

I haven't found a need for traffic shaping, with a symmetric Gbit fibre uplink. And if I had wireless contention, the first thing I would do is put a third card in each machine to use an additional channel.

Do you have any pointers to pcie (m.2/mini) cards that use chips supported by m76/m79?

The main thing I'm missing is clients being steered to the best AP. From what I understand this feature is really only found on enterprise gear (with patched hostapd and the like) and isn't readily available in the libre world.

[dtaht]

I am better at email.

Oh, the ath10k used to suck! :/ https://forum.openwrt.org/t/aql-and-the-ath10k-is-lovely/590...

A sore point for me, is that yes you do need FQ+AQM on your fiber link, and if you are running linux - you probably already are running the no-fuss-no-muss BQL + fq_codel combination on that uplink at that line rate. No knobs, it just works. These days you might want to try cake with no bandwidth setting as a default instead, there. No explicit shaping required, just the native backpressure from BQL.

It is unfortunately highly likely that your ISP is using something like a policer or tail drop on your downlink instead of preseem or libreqos, so believe it or not, shaping the downlink can help a bit more, in some cases. I am a big believer in actual measurements using the flent tool: https://blog.cerowrt.org

I find it weird that mt76/mt79 pcie or m2 cards are so rare. I would like it if they penetrated the laptop market where intel presently dominates with that.

Cynically the "best" AP may often not be the actual one you want. Too many best algorithms depend just on RSSI rather than (for example) sporadic interference on the same channel, causing jitter. A narrower channel width with less folk on it is sometimes better than a wide one duking it out with everyone else.

[throwaway892238]

Depends what you want. Modern routers can have faster speeds than the base specs, and can switch easily between different modes (ap/bridge/mesh/etc). But yours would be more secure and less likely to crap out from cheap hardware. Use a mini/embedded PC platform (fanless + low energy), a network chip with good Linux support, and don't use moving disks, or write logs to flash, so the storage won't die. Should last you 10-20 years. *edit* just found this site, haven't looked for parts in a decade: https://pcpartpicker.com

[tiagod]

>and less likely to crap out from cheap hardware

For what it's worth, I put up an already old, extremely cheap TP-Link AP inside an old greenhouse some 5 years ago, and it's still working. Stopped working twice from being full of rain water (coming from holes in the roof), and it started working again after I drained the water and dried it for a few days.

[raggi]

This is a border router, not a wireless router, but this was my build https://res.rag.pub/2020-11-1-an-home-router.html

I've been running this configuration for 3 years. There's no fancy UI, but there's also no awful vendor code involved. I don't think about my router anymore, and internet issues no longer occur inside my house, at all. It achieves line rate in both directions while also consistently maintaining less than 10ms of bufferbloat.

[dtaht]

+10! Cake?

I have been working on making cake work for ISPs of late: https://libreqos.io/

[toast0]

Build a nice x86 based router between your uplink(s) and your LAN (it can also be your home server), then get cheap wireless routers and run them in access point mode. You can shop for wireless routers than run OpenWRT if you want to customize a bit more.

If you're feeling really fancy, you can built redundant routers and figure out failover; pfsync is available on OpenBSD and FreeBSD which allows for nearly seamless transition of NATed connections. Much easier to manage if you don't have to deal with the scourge that is PPPoE though.

[refracture]

I’m using an old Haswell i5 hp envy to run pfsense. Wifi is done by a dedicated ubiquity access point.

I can’t see why I should need to upgrade anything hardware related for some time.

[zokier]

There are plenty of options, especially if you want pure router and can do wireless APs separately. One recent example https://news.ycombinator.com/item?id=31454929 although it is opnsense the hw should run linux also nicely

[hamandcheese]

Firewalla, Pretectli, and plenty of Amazon/AliExpress vendors sell little mini PCs with a bunch of ethernet ports. I use one running NixOS as my home router.

Re: wifi cards, I've not seen any wifi cards that seem like a suitable replacement to a dedicated AP. I just use a consumer Asus router in bridge mode instead of router mode.

[kcb]

One thing if you go with one of those random Amazon/Aliexpress pcs is ditch the power brick they come with. Those generic things are stupid under built and inefficient. Get a proper matching one from a brand name like Mean Well, Delta, FSP, CWT, Adaptertech, Lite-on. Really important if you’re running it 24/7.

[giuliomagnifico]

Not a stupid idea, lots of people apre are doing it with custom machine using OpenWrt.

[rektide]

It's a great idea.

It's a bit of a pain the ass from a hardware sense. OpenWRT is available & easy but there's quite limited hardware (newely no wifi6), but honestly, at this point, I'd much rather use a real computer and some add-in cards.

Alas availability of hardware- specifically AP grade cards & things to plug them into is forsakenly awful. One has to scrounge around for increasingly absurdly priced botique adapters with awful availability. Thankfully we're starting to see m.2 form-factor show up, but it used to all be mini-pcie or just mini-pci, which wifi and only wifi uses & is hard to find. Oh and for real AP grade cards, they have good sized heatsinks and sometimes require auxiliary DC power, which is just like two test point stubs you have to freeform find power for.

For a while Compex was making cards eith equivalent-ish performance (same chipset) to a popular longrunning openwrt router, the Netgear x4s, for significantly under $100. But modern AP chips are super hard to find last I checked, had huge-ish boards, and were over $200.

Its a long hope but AP over USB is something I did for a long time & was never quite right & I eventually gave up, after trying dozens of chipsets, but folk like MediaTek seem to be far lower bullshit than the past shady ass sorrid sad history of wifi, and it feels like it may come about again. The ideal world is that like a $100 wifi usb card would just work. And then we could potentially seed these cheaper things all around; not as powerful or capable maybe, but more than made up for by having much smaller cell size: the actual cure-all of wifi!

Im excited for a world where we get beyond openwrt. It's been great but it's a tight narrow specific fix, on a troubled set of platforms, with a lot of constraints. A small PC-based revolution would be great to see. Just run Debian or Arch, what you know. Have standard & upgradeable componentry for cards. It'd be nice for wifi to not be so very very special & bundled.

[dtaht]

I too wish that we could easily use everything as an AP. My vision back then was that we would go meshy for everything. For many years I had full adhoc support (babel and batman protocols) and could go from device to device, from ethernet to wifi and back again, without losing a nailed up connection. I couldn't figure out why APs were so popular... the wifi protocol scaled then to 13 miles, now it barely goes behind the couch.

USB is a terrible idea for latency. CARDBUS was so much better. I hate usb audio interfaces with a passion, also.

OpenWrt has a place in that itty bitty boxes needed custom compilers and close attention paid to very small amounts of d and i-cache, which those running ubuntu + systemd have kind of missed, as well as tight integration with all the core tools like dns and dhcp and a zillion ip protocol encapsulations desktop OSes lack.

I see a lot of ubuntu and debian entering the embedded space now that cpus have got cache and memory to burn, and I do hope that one day we see more wifi pci cards that can actually function as APs, and antennas that work.

Presently that is hard to do - the iwl wifi6 cards kind of suck, and it is hard to find mt79 chips, and the ath10k was a huge step backwards from the ath9k in many respects.

[zekica]

I run OpenWRT on ASUS RT-AX53U (WiFi 6 - MT915E) and it works fine - as an AP only, it can manage 800Mbps and routing with no SQM 500Mpbs (using Software Flow Offloading).

[rektide]

Openwrt works fine but it's all so special. Special software running on special hardware. Just having a PC with a good card in it has soundsd greatly appealing for so long.

During the PogoPlug/SheevaPlug phase I had some nice repurposed hardware that ran upstream Debian, had good ram, and some capable atheros wifi. It was so nice having a less special purpose system, having just a regular computer that happened to have good wifi ap gear plugged in.

Openwrt "works fine" but it feels like a fallback position, something I have merely resorted to, for having failed to do what should be obvious & easy with everyday add-ins.

[simoncion]

> Openwrt works fine but it's all so special. Special software running on special hardware.

Doesn't OpenWRT work on x86 hardware just fine? <https://firmware-selector.openwrt.org/?version=22.03.3&targe...>

(You can select 32-bit x86 or two other flavors if you don't want to run on x86/64.)

[rektide]

OpenWRT is itself ultra special. It has a very narrow mission statement. If you learn openwrt, and then want to runa desktop, you'll have to learn a new thing.

The special purpose nature of openwrt makes it surpemely disinteresting to me. Actually setting up a home network with masquerading, dhcp, some dns is shockingly easy with systemd. Add hostapd and some extras, maybe miniupnpd, traffic shappers, optionally some firewall and you're set.

There's a comfort & perceived desire to "make things simple for oneself" by using "tools meant for the job". But it's a shitty suboptimization. Openwrt isnt really that special or good, it's chiefly just the most aggressively well maintained way to run linux on a lot of little router systems. If that roadblock went away & we could use whatever, there would be a shitload more people trying new stuff atop much more general linux oses.

I've been using openwrt for over q decade. It's fine. It does the job. But it's an evolutionary dead end, will ne what it is forever, and it's a bit special. It has a bunch of NIH'ed smaller sized alternative tools that no one else in the linux multiverse uses. Their own package manager, their own dbus replacement, their own config systems. It's all generally fine but it's made practically no dent in the broader Linux world, it requires a lot of onboarding & learning to get actually decent at, it has a lot of constraints/narrow options, and it'd be lovely if we had any choice at all to run something else, something more normal & regular, but we've beem trapped running openwrt on these weird ass strange devices for almost two decades. It sucks being tied to openwrt, openwrt is the specia system, and having more generic Linux computing we could be doing here has such huge appeal.

I'd love do know how many people use x86 openwrt, for laughs. Dozens? A hundred? How many actually log in & use that machine with any regularity? Openwrt indeed can run on regular hardware, but in practice there's no reason to, no advantage to, no cause here, because if we have real computing hardware that isnt batshit insane & troublesome we immediately reach for mainstream regular Linux distros, not the very special opemwrt thing that exists only really for weird hardware.

[simoncion]

> I'd love do know how many people use x86 openwrt...

I mean, if I didn't _explicitly_ want to use Gentoo Linux on my x86-64 router, I'd be using OpenWRT. OpenWRT is far more than sufficient for the typical home network, and generally quite good enough for a power-user's home network.

Regardless, I brought up OpenWRT on x86 to mention that OpenWRT runs and runs _just fine_ on non-special hardware.

> But it's an evolutionary dead end, will ne what it is forever, and it's a bit special. It has a bunch of NIH'ed smaller sized alternative tools that no one else in the linux multiverse uses.

This... isn't a problem? Like, not even a little bit.

OpenWRT, Vyatta, Juniper's Junos OS, Cisco's iOS, Mikrotik's RouterOS, Ubiquiti's Vyatta fork all use different tooling and have different UIs. Of the set, I prefer Junos (for its transactional configuration application and automated rollback), Mikrotik (for its weird little interactive shell), and OpenWRT (because it's more or less an ordinary Linux with largely-Linux-standard software, and the bulk of the rest of it is shell scripts that you can pretty easily understand and modify if needed).

[dtaht]

I still use it on x86 a lot. The apu series runs forever on 5 watts. The openwrt gui is better than systemd. It is easy to setup vlans and tunnels on openwrt. That said, I do wish strongly that the wifi market would have a decent card for your laptop that would let it do ap mode well.

[hexagonwin]

It's still possible and although it isn't linux we have things like pfsense too. However, unless you're trying to do something special in the router a cheap router with openwrt on it would do the job.

[voltagex_]

Having done this for a few years, I can say that you should get a separate access point and leave OpenWRT for routing / switching only. I also have Mikrotik gear handling >1GBe duties.