New here and this is my first post. I apologize in advance if it is not in the right spot. I have built a couple of computers before so I am comfortable doing that. I was wondering if it would be better/easier, in the long run, to buy or build a pc as a router.
I would buy a Kingdel NC1037U 8GB ram 128 GB SSD.
If I built it would be all of these, might get some fans as well for airflow.
CPU/Motherboard ASRock J5040-ITX
Crucial Ram 8GB 2400 MHz
Kingspec 64GB SSD
TP-Link 10/100/1000 PCI Express network Card
FSP 350W Mini ITX 80 plus bronze
I want to be under $350 ish. I want it small but doesn’t have to be tiny like the kingdel.
Related to this I also want to do wifi. I have the google mesh wifi. Would I be able to use those as wireless access points? I have a switch and would be able to connect them all directly to the router. Would I be better buying a wifi card for my router? I know I might have to change some of my options if I go that way.
I will use either pfsense or opnsense I think. If you would recommend something else please let me know.
I know I have a lot of information here so I apologize. Let me know if I am missing something or if you have any questions. Thank you!
It will absolutely destroy your throughput. I have 600 symmetric from comcast. It went down to about 349 sym. The faster the CPU the less this occurs. The faster the ram the less this happens. Does that make sense?
AES-NI is a must
So if you are building and have budget room save on the motherboard as much as possible. Just get a gold power supply (you dont need much) save on the SSD as much as you can… and Toss the best RAM and CPU you can afford in
@Buffy feel free to link any section of the blog. I like to branch it out like this to help direct people on the forum to existing information
The format to do so is simple ["Title"](http://URL)
Thank you for clarifying. I kinda understand what you are saying. I was going to go with an embedded cpu/mobo cause of the tiny case I found. Now I might just do separate board and cpu. In your tiny one it’s DDR3, so going to DDR4 should make a big difference there right?
Any knowledge or input on the google mesh wifi pucks? Would I be better off trying to use those or get a wifi adaptor that goes into the pcie?
Goals are to have a better internet system. Not sure past that since I don’t know what’s possible still. Kinda why I want to build one so I can upgrade if necessary. I have a network switch so have a couple of rooms that are hard wired. The goal with the google wifi pucks are 1. I already have them so less money I have to spend. 2. I’ve noticed a better connection and speeds with the wifi pucks. I also have home security stuff so it is hard to have them all connected to one regular router. Does that answer your question?
You want to place an OPNsense ahead of the puck 1 between it and the internet. I order to help you buy I need to know because to my knowledge… the OPNSense ahead of the puck will cause a double NAT which is a no no
The issue with your pucks is they would need to operate in dumb AP/switch or a bridged mode and to my knowledge there is no way. Maybe @Kat or @Novasty has an AP suggestion here.
If you are going to build or buy a system. We need to make sure we can actually do what you want with the hardware and the google wifi system to my knowledge doesnt act as a bridge which throws a monkey wrench in your operation Im all for building this but you may have to give up the pucks.
Cable from ISP —> google mesh main puck. That’s the only wire. I’m not using the switch right now to make thing simple. The other pucks aren’t hard wired in.
New system would be (theoretically)
Cable from ISP —> built router/firewall/vpn (not sure if what I build can do all that so still some work there) —> switch —> puck 1,2,3 each individually wired.
I’ve been trying to figure out if I can make them an access point by hard wiring all of them and still have the mesh capabilities. That is my question.
Let’s say I can’t do that though. What should my next option be? The reason for the mesh was to get a good signal in all parts of the house and outside for ring doorbell and security cameras. I had a Netgear AC-1750 before and it wouldn’t work. Tried the outlet plugin extender things and wasn’t a fan. So what would might option be here?
The rig will probably be a new AMD or Intel (is it better for single or multi core performance?) with 8gb of DDR4. That shouldn’t be the bottleneck right?
So the deal here is your OPNSense Protectli would become your networks router. It doesnt defeat the purpose of it. It disables the functionality no longer used and needed that would conflict with the protectli
Ehh yes and no depends on what you want. Do you want open firmware and a system that is entirely open (ive done this its a challenge but after its setup your golden
I mean it depends. Are you going to upgrade your internet speed? Is it symmetric. Will you be running a lot of services outside your home. These are the questions and “goals” @Novasty and I want to know before recommending a purchase
Depends what you want / need. If you just need a router for networking and nothing else, or maybe at most a VPN, buying a router is always easier (and cheaper) and maybe flash OpenWRT / dd-wrt / Asuswrt-Merlin on it. If you have a hardon for pfSense / OPNSense (as the tags would suggest), then it depends on what your needs are. As I see you mentioned, you don’t necessarily want an USFF router, so building is the way to go if you go with a full-fat appliance OS.
As for what CPU to go for, I always suggest ASRock motherboards with soldered Celeron / Pentiums with Atom cores. I skimmed through the comments and I saw one where virtualization is mentioned. I’m against virtualized routers, at least for small scales, because you are definitely going to reboot the hypervisor from time to time, while the router will stay up. You really don’t want to have your whole network go down just because of a reboot (and even worse, your hypervisor going berserk and taking your router with it).
If you just want to learn pfSense / OPNSense, then virtualizing it is not a bad choice, but it is understandable that not having it run on a hardware is not so attractive.
I got an ASRock J3455M, 4 gb of RAM and a quad 1 gbps HP (Intel) NIC. I’m doing some firewall blocking (nothing fancy) and run OpenVPN on it (got AES-NI enabled). Got separate LANs (LAN, WLAN and untrusted), each going to either my managed switch (separate VLANs) or to my wireless AP (an old router in bridge mode). And it’s completely overkill, I’d probably get away with 1 gb of RAM and a dual-core (as long as it has AES-NI for OpenVPN). If I didn’t need the firewall part, I would probably get away with one of my dd-wrt flashed TP-Links. From my testing, Wireguard is better than OpenVPN anyway (running on a Pi 4 2gb, a windows laptop, a linux pc and a linux off-site backup VM).
The OPNSense would conflict with the protectli? My thought was instead of putting the Google wifi into AP mode or something i would bridge to OPN Sens Protectli to the Google wifi. From what I read the google wifi can bridge.
Speed won’t get above 1Gig. I apologize I cannot answer more of your question. I am still learning what is possible. I won’t be running a server or trying to access stuff from outside of my house if that helps. Still learning what I can do inside. From what I’ve read (sorry if this sounds ignorant) there are add-ons with pfSense. Not sure what would be beneficial. Maybe this is a better way to ask. You know what I won’t be using it for. So inside the house what would you guys recommend it be used for or what is possible?
I don’t have a hardon for pfSense/OPNSense just the first thing I found about having your own router and improving your home internet. As you mention later if you didn’t need the firewall you would do a flashed router. I would like a firewall. I am thinking Protectli (is that a USFF?) for ease of use and the fact that it will still be overkill maybe.
Let’s say I did build. You said that you have AES-NI enabled. Sorry to sound dumb, but where/what program are you using to enable it or is it in the hardware itself?
Protectli and Mintbox Mini 2 / Mintbox Mini 2 Pro (with 2 NICs), I would consider USFF (ultra-small form factor).
No worries. AES-NI is disabled by default in pfSense (not sure about OPNSense). You have to enable it manually in system -> advanced -> misc -> Cryptographic Hardware. Pretty much all Intel CPUs >=BayTrail have AES-NI. I think pretty much all AMD CPUs have AES-NI. AES-NI is an instruction to use hardware acceleration for cryptography. You only need AES-NI for OpenVPN and for pfSense 2.5 onwards it will be mandatory (not sure about OPNSense).
If you want a network wide firewall, then yes, go for pfSense / OPNSense.