My TP-Link TL-WDR4300 died on me recently so it’s time to upgrade. I want to try building a router from a mini PC this time, mostly because of better reusability when I upgrade in the future. A low price is also nice.
I’m looking for recommendations and possible compatibility issues.
My requirements:
minimum 3 Ethernet 1 Gbps ports (2 always in use and 1 spare)
WiFi at least AC for WWAN (I’m not able to route wires to ISP’s box at current apartment, but I want to use the most of 300/100 Mbps fiber it has)
ability to saturate Ethernet connections
small size
not too loud when idle
enough power for reliable operation of AdGuard, Wireguard, CrowdSec and some other infrastructure services (user services run on a separate box)
So far I have an eye on the following based on local availability and prices:
HP T730 thin client
HP 332T 2-port 1 Gbps Ethernet card
Intel AX200NGW AX wireless card
pfSense for OS
Some alternatives I’m considering:
ready router box from China - more expensive, long shipping time, less flexible
ASRock N3150-ITX - I have one collecting dust, maybe I could find a small case and use a pico PSU, but it’s only PCIe 2.0 x1
a cheap used SFF office PC - more power, but most likely louder and a bit too big for my current setup
Maybe one of those Protectli boxes, with OPNSense or PfSense, would fit your need. Routers like those can be had cheaper from Aliexpress, from manufacturers like Topton, but those companies usually don’t offer firmware updates, so I can not really recommend them. With such a Protectli router, you could do anything really.
Other than that the idea to use this ASRock N3150-ITX looks good as well. It is not very powerful, but should be enough to handle 1GBit ports. There are certainly PCIe x1 network cards with 2 LAN ports, so it would be enough for a pure router setup, the motherboard has one as well, so you would have a total of 3 available.
If you want ready made, easier solutions with fancier graphs then:
Protectli VP2410 or VP2420.
Either running OPNsense with Zen Armor installed (free for 50 devices), or Untangle/Arista NG firewall ($150/yr)
or Firewalla Gold SE, but this wont be out for another couple months.
Or if you want to install all the AdGuard, Wireguard, CrowdSec, Unbound yourself and tinker with it then still go with the Protectli VP2410 or VP2420 boxes. Still recommend OPNsense
How much do you care about security? If you do most old CPUs are out of the equation, whitebox “routers” are also out such as Protecli and pretty much anything you find on Aliexpress (lack of BIOS updates etc).
While Intel wireless cards works fine as clients AP mode is usually not available at all. You’re much better off looking at a separate box based on the Mediatek Filogic platform. You can grab one pretty cheap and run OpenWrt on it as a “Dumb AP”.
You don’t state your connection speed but I guess not very fast given the TL-WDR4300, the RockPro64 + Intel NIC might be an option and you can run a stock OS on it which makes it very easy to maintain and add services.
This is the kind of information I’ve been missing. In current setup WiFi is my WAN connection going to the ISP’s box, but I would like to have an option to use it in AP mode. Is there a decent M.2 WiFi card that can also do AP mode?
Ethernet ports will already be used for my PC, home server and a spare for laptop and other devices as needed, so no additional boxes.
Either a protectli if you want coreboot, or otherwise an odroid h3 with the networking case, with a usb AC or AX adapter and the m.2 4x 1gbps ethernet card (the base board has 2x 2.5 gpbs ports, giving you up to 6 ports). Plenty fast for a router and small time hypervisor. You can install the OS on emmc.
Well you should still be using a switch, dont software bridge the ports on the router. And if you are having a switch then just get a poe+ one and then it can power your access point too.
To go the DIY router route you really should be thinking about $200-400 for the router hardware + $100-200 for the switch + $80-200 for the wifi access point. That is a complete system. You can re-use your old router sometimes as an AP and many people start off this way when doing this upgrade.
Software bridge for the network ports may be attractive to save money, but it has far lower performance than a real switch. The typical “all in one” consumer “router” most people know and have before they get into these DIY routers actually consists of a CPU or main processor chipset that does the routing, that is then connected to a single ethernet port for WAN interface, and it also connects over to a switch chip via a bus out of the CPU (think like adding a graphics card into a PC). That switch chip has usually 4 ethernet ports on it and it handles all the switching needs for LAN connections. Then either the main CPU or the switch chip also connects over to wifi chip to provide the wifi connection. Sometimes these are 3 separate chips inside a “router” and sometimes they are all in a single chipset, or a chipset and an extra switch chip. There are a lot of configurations that are possible depending on the hardware, but the important part is when you are coming from this type of hardware and you think of the term router, it is actually something far different than you think. The consumer devices are just called that but really integrate 3 functions in 1 device. The “DIY router” running pfsense or another OS is just the router portion (and firewall), and you have to add in the other parts like network switch ports and wifi to your system.
You can get some mt76-based WiFi cards but I don’t see why as they’ll perform much worse than a cheap standalone router/AP and probably be more expensive in the end as you’ll need cables, brackets and antennas too.
Seems like the move if you want to DIY a pf sense router
I was thinking of picking one up, but I’m debating on using my 5820k as either a pfsense box or as a nas/homelab.
While looking that up this was a pretty good guide
Imo @McMonster I’d use your itx board with a cpu and a nic to try out pfsense and if you want a dedicated appliance, you buy the dedicated protectli box.
Also based on this comment and the protectli pf sense video, if you are replacing a wifi router, you’ll want to get dedicated access points or convert the router to AP mode
Once you finalize your router selection, I’d recommend looking at this guide
It’s also worth mentioning that a decent aarch64-based SoC can do Gbit fine which is what many mini PC targets anyway and if you have no intentions you can get away with OpenWrt and nftables.
I’d like to introduce you to the router. I wanted to share my results when it’s “done”, but such concept has no application in this realm.
I based it on HP T730 Thin Client. First version had HP 332T in bridged LAN configuration, MediaTek MT7921K for WiFi and running OPNSense. Using OPNSense was the worst decision. It didn’t recognize the wireless card and I currently have to connect to ISP’s router over WiFi. I resorted to using TL-WR902AC for that. It also has limited support for hosting custom services and the webUI is just horrible.
In the past two weeks I’ve replaced OPNSense with OpenWRT x86_64. After some struggles with missing packages required for WiFi and configuration I now have a functioning router. I’ve also replaced NIC with HP 331T for more ports.
It is already running AdGuard Home, CrowdSec, WireGuard and Headscale. Headscale in particular was tricky to set up correctly, but I got full connectivity and bidirectional DNS resolution with my local network. I will add an I2P router to the list soon and I want to build a proper Headscale .ipk package, it’s manual install now. Everything works as expected and I have plenty of headroom for hosting more things.
On the mechanical side of things, I have two excessively long antenna wires exiting through serial port to a big external antenna base with no good place to mount it, but I’ve already ordered an alternative, hopefully smaller and with shorter wires.
