So my edgerouter finally toasted itself. Wanting to replace with something open source and tinker with suricata, pihole, ntop etc. so im looking for suggestions. The connection I have coming in is gigabit fiber. I’d like to go the single board route, or at the very least avoid intel but my budget is under $300. Are there any single board systems out there powerful enough to handle that without murdering my bandwidth?
Utilizing your gigabit fiber is going to be a problem with your budget on a SBC, I think. Everything I’ve found with the requisite 1Gb+ speeds is in the $400-500 range, or requires you to break the SBC form factor.
I think the PC Engines APU platform is just about the best, open source-y platform you can build a router on right now, but the lack of at least one >1Gb port is a real problem.
It’s spiritual successor would be exactly what you want, but I’m not sure it’s hit the market just yet.
Am I locked in to PFsense on that netgate? Because I actually already have one of those somewhere… think I loaned it to a buddy but hey if I can put like ALARM or something on it instead of Pf that could potentially be a no additional cost to me type deal lol
Has anyone here tested/experimented-with CZNIC’s Turris hardware? https://www.turris.cz/
If I remember correctly, there were initial complaints that their fork of OpenWRT was not upstreaming rapidly enough or something similar, but I think they have improved since then.
I am no expert in network hardware, but to me it looks like the Omnia & Mox should be able to handle 1 Gb WAN.
I really like the business pfsense routers that don’t run Intel and don’t have their issues baked in. I know you’re looking to build yourself, but maybe you’d be interested in something like this.
Look into AMD AM1 systems. I am running a 5350 myself at my moms place and it is stupid overkill for the 50Mbit I’m getting there. Just throw in a quad NIC from Intel and you’re set.
Intel’s backdoor into everything… the ME that let’s outsiders control your Intel stuff. I’ve heard folks say that this is CPU specific (everything post 2008), but I would think this would be present in all things Intel, though I’ve never got confirmation from anyone about it. I have a 4 Port Intel Nic, myself, but it’s not usable right now.
Never thought about that. But I think for that kind of stuff they would have a dedicated chip on every NIC, right? It is that way on CPUs as far as I know.
I have no idea, I’ve never researched the chip-sets that come on these cards. I bought mine before I knew Intel chips were compromised at all, because they were the highest rated for quality and performance of all the available NICs at the time.
I’m sure the durability is there… but since they wrecked a key aspect of the value they purport to deliver by rendering their CPU’s incapable of acting in our agency ( I mean the agency of their owners ), I can totally see them keeping this up on these NICs. The NICs, themselves, have to allow a path to the AMT controller in the CPU’s for those AMT functions to be available for manipulation by outsiders. In laptops, that path is accessible through wireless communication protocols (for those laptop’s without LAN cards). In lieu of that, I would expect that path to be present on these Intel cards too, but I’d be curious to know if anyone has confirmed that.