So my edgerouter finally toasted itself. Wanting to replace with something open source and tinker with suricata, pihole, ntop etc. so im looking for suggestions. The connection I have coming in is gigabit fiber. I’d like to go the single board route, or at the very least avoid intel but my budget is under $300. Are there any single board systems out there powerful enough to handle that without murdering my bandwidth?
Thanks!
Utilizing your gigabit fiber is going to be a problem with your budget on a SBC, I think. Everything I’ve found with the requisite 1Gb+ speeds is in the $400-500 range, or requires you to break the SBC form factor.
If you can bump to $400 - Netgate SG-3100
I think the PC Engines APU platform is just about the best, open source-y platform you can build a router on right now, but the lack of at least one >1Gb port is a real problem.
It’s spiritual successor would be exactly what you want, but I’m not sure it’s hit the market just yet.
Am I locked in to PFsense on that netgate? Because I actually already have one of those somewhere… think I loaned it to a buddy but hey if I can put like ALARM or something on it instead of Pf that could potentially be a no additional cost to me type deal lol
I have no experience with the Netgate devices outside of pfSense. Running pfSense is the only reason I would buy that box, personally.
Ah im looking for something I can just install a normal linux distro on. Might just look at old pcs
Grr. If I HAVE to spend more money I can.
This looks pretty good… might pair it with my quad intel nic and call it a day
https://www.asrockrack.com/general/productdetail.asp?Model=EPYC3101D4I-2T#Specifications
Has anyone here tested/experimented-with CZNIC’s Turris hardware?
https://www.turris.cz/
If I remember correctly, there were initial complaints that their fork of OpenWRT was not upstreaming rapidly enough or something similar, but I think they have improved since then.
I am no expert in network hardware, but to me it looks like the Omnia & Mox should be able to handle 1 Gb WAN.
I really like the business pfsense routers that don’t run Intel and don’t have their issues baked in. I know you’re looking to build yourself, but maybe you’d be interested in something like this.
Look into AMD AM1 systems. I am running a 5350 myself at my moms place and it is stupid overkill for the 50Mbit I’m getting there. Just throw in a quad NIC from Intel and you’re set.
Are those quad port NIC’s vulnerable to Intel “spooky” ports? (https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fmanageabilityports.htm)
What is that? Never heard of it.
Wait, AMT? That would only be possible on an Intel platform, I think.
Intel’s backdoor into everything… the ME that let’s outsiders control your Intel stuff. I’ve heard folks say that this is CPU specific (everything post 2008), but I would think this would be present in all things Intel, though I’ve never got confirmation from anyone about it. I have a 4 Port Intel Nic, myself, but it’s not usable right now.
Never thought about that. But I think for that kind of stuff they would have a dedicated chip on every NIC, right? It is that way on CPUs as far as I know.
I have no idea, I’ve never researched the chip-sets that come on these cards. I bought mine before I knew Intel chips were compromised at all, because they were the highest rated for quality and performance of all the available NICs at the time.
I’m sure the durability is there… but since they wrecked a key aspect of the value they purport to deliver by rendering their CPU’s incapable of acting in our agency ( I mean the agency of their owners ), I can totally see them keeping this up on these NICs. The NICs, themselves, have to allow a path to the AMT controller in the CPU’s for those AMT functions to be available for manipulation by outsiders. In laptops, that path is accessible through wireless communication protocols (for those laptop’s without LAN cards). In lieu of that, I would expect that path to be present on these Intel cards too, but I’d be curious to know if anyone has confirmed that.
OK, but (to get back to topic) that doesn’t do shit when stuffed into an AMD box, right? So my 5350 is probably still fine?
I don’t know. I know that AMD has a backdoor issue of the same nature but they’ve been much more successful at hiding it.
I have to check around some more, but I will get back to you.
How’s life in Germany? German food is my favorite… I’m in the process of translating my video’s into German for subtitles. 
Maybe do so in a new thread.
Oh crap, I suck at creating new threads. I get yelled at for putting things in the wrong thread, lol. Okay, I’ll try.