Using my desktop as my router?

Networking Networking Software
1

Hey,

I’m considering building a new computer right now. I’m also wanting to replace the router that my ISP provided with my (DSL) modem & internet connection.

One of the reasons I want to replace my router is to start more intelligently routing (shaping?) my network traffic. I want to add something like a “pi hole” that tries to blacklist trackers and ads, and I want to send different types of traffic through different VPNs.

I’m outside of the US, but I need some of my traffic to go through a VPN server in the US. Most of the rest can go through my nearest VPN server. And I’d like for one gaming service to just bypass the VPN–ideally just the game and not the game’s launcher (Garena).

The cost and scale of adding devices to my network doesn’t really seem worth it–I get charged a pretty high rate for electricity. So, I’m wondering if it is doable and practical to set up these functions on my desktop, and then use my desktop’s wireless adapter to be my “wireless router” for the rest of my devices. (Normally a smartphone, sometimes a few phones and laptops. Maybe gaming consoles in the future.)

I want to build a new system on AMD’s Ryzen platform, AM4 socket. I’m currently thinking about buying a quality X570 motherboard and the cheapest 8+ core CPU I can find, along with a cheaper video card and trying to swap the CPU and GPU when one more generation comes out. I’m using a laptop with an i7-6700HQ and a GTX 1060, and even a R5 1600 would double my cores, the newer generations of Ryzen get close to doubling the single-core performance according to Geekbench, too. I imagine it’ll feel like a really good upgrade.

Dedicating a threads or cores to VMs running the appropriate software for routing or ‘being a pi hole’ doesn’t seem like too huge of a penalty.

So, here’s a few questions:

  1. Is this doable?
  2. Is this more ‘dangerous’ or ‘vulnerable’ than using the stock router given to me by my ISP? It seems like I could only go up from there.
  3. Is one ethernet port on my motherboard sufficient?
  4. Can my computer use an onboard wireless adapter to behave like a wireless router?
  5. Can the “Host” of this system run Windows 10? Or do I need to nest my daily Windows 10 machine in guest to utilize the router (which I am assuming would be inside of a VM)?

Thanks!

2

i mean, you could run pfsense in a vm and do pci e passthrough of a wifi card or just usb for the wifi. its possible and safe, but idk about practical. i would just run a dedicated router be it a home made or store bought

1 Like
3

Can pfsense also tackle the function of a pi hole?

And, would the pfsense vm also be able to manage my desktop’s network (that is, its host’s network) traffic, or just the wireless network it is hosting?

I’m sure at least one AM4 board with integrated wifi can pass its adapter through to a VM.

4

To answer your questions:

  1. Yes
  2. If you are running pfsense its already better than what your ISP gave you because you probably cant upgrade the firmware on those things.
  3. Ideally no, but people who knows better than me might suggest you can do VLANs for that. If you want to learn how to do VLANs (particularly if you are in the IT field,) this could be a good learning opportunity.
  4. No this requires special hardware not likely present in your motherboard but present in wireless routers.
  5. Yes, ideally it should be bare metal. I am uncertain if VMs can support the hardware encryption that can make the router perform faster.

All in all, a cheaper device like a protectli router can act as your pfSense box. Its more power efficient and will cost you less in terms of operating cost.

pfSense has this pfBlockerNG that can do what pi-hole does. You can install it via pfSense’s package manager. I have yet to study how it works but surely you can watch a youtube guide somewhere.

2 Likes
5

The biggest problem you will immediately come across with such a solution is your knowledge on how to configure it all.

  1. Yes.
  2. No. Yes. It depends. It is not in itself. But poorly configured, it can be.
  3. Theoretically yes. But there will be a mockery with virtual interfaces.
  4. Yes. The matter is how you configure it.
  5. It can be W10 if you have such preferences.

In times where you can buy energy-efficient equipment based on x86 or ARM it is more art for the sake of art …

1 Like
6

Would recommend IPFire for this. If you don’t need specific features from PFSense then IPFire will probably do what you want - using less resources and easier to configure.

And the QOS traffic shaper in IPFire is better that the traffic shaping in PFSense. You can run pi-hole on your pc or a separate pc and just point you DHCP to that IP.

If you have a dedicated pc for all this you can run a hypervisor like Proxmox on it and have all this running pretty quickly.

2 Likes
7

I don’t think it’s practical, in my opinion. A desktop computer can have the occasional crash or need to be rebooted for an update, and when it happens your whole network is down.
You might be better off with a dedicated machine to be your PfSense machine. And I don’t think you’ll need a shit ton of power either. A used 35W i3 (maybe even a Pentium or a Ryzen if it’s cheap enough), 4GB of RAM, a cheap SSD and network cards should be around 200$ realistically. You could even get a WiFi 6 card in it in the future.

But you could try to get familiar with PfSense on your desktop and see if you like it so much to buy a whole machine for it.

P.S. a cheap used prebuilt not too old would work great too in my opinion.

1 Like
8

1r8iv0.jpg500×617 85.8 KB

Look here for reasonably low power X86 devices and run whatever on there.

https://www.pcengines.ch/

Or use some old hardware for it. Since load is minimal, power draw should be as well.

4 Likes
9
  1. Yes
  2. For your computer, maybe. More vulnerable overall, no.
  3. Probably, need 2 for PFSense though (input & out to external switch).
  4. Probably
  5. When you are fine with not having internet every now and then, yes.

ASRock J4105M and similar boards exist.

Another option are these:
https://sylbek.eu/pfsense-hardware/

Or if you are not set on PFSense (aka: not need all the features it has), MikroTik has a very competent OS on their Routers. Can tell you how those things perform under high load after the 26th November.
MikroTik RB2011UiAS-2HnD-IN (has 2.4GHz Wifi):

1 Like
10

This is what i use now… in retrospect, i should have gotten the 4 port+wifi… dumb dumb me just took the 2 port and plugged it between me and the modem router…

11

Thanks for all the help and feedback!

So, this is the feedback for my questions:

  1. Is this doable?
    • Yes!
  2. Is this more ‘dangerous’ or ‘vulnerable’? (etc…)
    • Not really, no. The network is counting on one machine and it’s up to me to configure things well, though.
  3. Is one ethernet port sufficient?
    • Ideally, no. VLAN exists and it would be a learning opportnity.
  4. Can my computer use an onboard wireless adapter to behave like a wireless router?
    • No, it takes special hardware.
    • Yes, it just needs to be configured correctly.
    • Probably.
  5. Can I let my bare metal Windows 10 host the router VM and still internet on my host?
    • Yes, but there may be quirks that make it less than ideal.

Could you folks help me understand why the room was so split on question 4?

And, a new question: Are any android mini-PCs or TV Boxes able to be turned into this kind of machine? I never looked too closely at any of them, but if I remember correctly, the ones I have seen were extremely cheap.

@regulareel
Thanks for pointing me to Protectli! Seems like a cool company. And their products are a pretty ideal solution.

Unfortunately, I tried calculating shipping and the cheapest option is over $60 USD for me. So, I’d be spending over $200 USD for even their cheapest 2-port router without any configuration. I think a DIY solution on a budget can do better but I’m not exactly sure.

@TimHolus
That’s fair, I’ve “heard about” this stuff and read about it a little bit, but I have zero practical experience and I’m not especially handy in Linux-based systems.

@StrY
Thanks for suggesting IPFire, I’ll try looking into it. I don’t think I know enough about pfsense to know what I’d be giving up, so a simpler solution may be better for me.

@MetalizeYourBrain
There are a few good shops to look for old prebuilts. I never bothered pricing them since I was looking for a lot more CPU power than any of them could offer last time I was shopping around. Next time I’ll see if there are any deals.

@noenken
I’ve checked out pcengines before, it doesn’t look like they ship to my country. I do think their stuff is really cool, though. I’ll give old hardware more serious consideration, I think I might also be able to grab something like an older intel NUC. I can’t remember if any of those have two ethernet ports.

@MazeFrame
I’m not sure where to shop for something like that, but knowing this area there probably is one or two stores that exclusively carries that kind of board. I’ll keep my eyes peeled.

It doesn’t look like MikroTik ships to me. I didn’t look too thoroughly through their options since the price point seemed a little high.

12

Where in the world are you? Greenland? Antarctica?
Iceland only has one seller, I guess.

Just like RPi’s and similar, those may not have enough CPU power to push packets and do firewall stuff at the same time.
Single core x86 anything (except Atom) will do though.

13

Another option for cheap is AMD AM1. Maybe take a look for one of those on ebay.

3 Likes
14

For your point number 4, since we are getting into somewhat the specifics of it…

You can use your onboard wireless adapter as an access point (AP), not as a router. Since going the route of PFSense and everything, you start getting into the territory where you are actually splitting wireless router into wireless + router. The thing is, PFSense doesn’t particularly handle being a wireless router well, but it is fantastic as just being a router with tons of features. The wireless part is just a wireless radio that can transmit and receive packets wirelessly. So it doesn’t take any special hardware to create a wireless AP, but it does require some decent software to create a wireless router. Most consumer WiFI routers are just a tiny PC with a wifi card in it and some special software to do all of the data management for you.

You are likely better off in one of these scenarios:

  1. You get an old box, slap a few NIC cards into it, install ESXi or some other hypervisor of choice, create a PFSense VM, slap an elcheapo dual band wireless AP, and boom bob’s yer uncle.

  2. You slap a multiport nic into the old box, dedicate it as a PFSense box, slap a dual band wireless AP on it, and maybe get a switch if you feel like having more ports.

  3. Get a dedicated PFSense box (Any mini PC will do, @noenken has dropped a few suggestions), get a cheap gigabit switch for multiporting, and slap a wireless AP on it.

2 Likes
15

To be honest, option 2 and 3 are the most sensible one from a hardware requirement standpoint.

The problem is, at that point, buying a good router from HPE, Dell, Cisco, etc. and a cheap-ish access point will be cheaper.

16

You can find super cheap mini PCs with 4 network ports on aliexpress which are usually some cheap celeron or old U series i3/i5, as long as it supports AES-NI, you’re good. Get some cheap ASUS wifi-extender as your AP and done, you have a PFSense box + Wireless AP.

1 Like
17

I’m in Taiwan, I didn’t see it in their list of destinations. It looked like they mostly only shipped throughout Europe. Keep in mind, if I did order something internationally I’d have to pay an import fee which would further inflate the cost. Never done it before here, but in other countries it’s been a hassle to even receive the package from customs.

@Novasty
I really should explore Aliexpress more, but they (and other common online vendors here) usually have unclear english-language descriptions. My Chinese isn’t nearly good enough to understand the descriptions in that, but I wouldn’t be surprised if they’re equally unclear. I was shopping for TVs a while back and I wanted to try a less popular, local (TW or China) brand, but basically the only affordable TV I could find the input latency for was a Samsung and even then, it had a different model number here.

Maybe I’ll try figuring out if any of my buddies have decent tech know-how and we can try making sense of some descriptions on the web.

1 Like
18

Choose the i3 4005u, ram is purely up to you, ssd can sit at 32GB which should be plenty.

Netgate even recommends against wireless functionality being done in the same PFSense box.
https://docs.netgate.com/pfsense/en/latest/book/wireless/pfsense-as-an-access-point.html

I have a variant of the Qotom box at home.

1 Like
19

THIS :fist:t2: I live in my turbodiesel express van with my custom PC and this is how I shape my internet and save on energy for my battery bank. Running pfsense in a VM on fedora and using my OnePlus One as the internet source

20

If I were in your shoes, I would simply buy a cheap tplink wifi router and possibly an additional box for pfsense / opnsense / ipfire as the main firewall / ids and for a more advanced router …

Packing everything on one PC is a big imho inconvenience.

If you have $180-200 then you can also think of netgate SG-1100 + some cheap tplink for wifi.

2 Likes