What hardware have you used to build your own router?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

fitzpattywagon

New Member
Feb 15, 2019
25
3
3
As the title state I'm trying to get a feel for what people are using I've looked into Protectli and Netgate for minimally doing gigabit but I'm curious if I'm missing something platforms to try a few distros on. Thanks!
 

Callan05

New Member
Nov 8, 2018
18
7
3
I use a apu2c4 from pcengines for home and 2 other sites i manage. They have all been rock solid for a few years now. Cheap, silent, new, Intel NICs - ticks all my boxes
 

PigLover

Moderator
Jan 26, 2011
3,184
1,545
113
I use a apu2c4 from pcengines for home and 2 other sites i manage. They have all been rock solid for a few years now. Cheap, silent, new, Intel NICs - ticks all my boxes
+1 for the apu2c4. Rock solid and good for 250gig+ isp feed with pfsense. Completely passive so dead silent. Not quite enough for running IDS like Suricata or Snort without dropping packets but otherwise a workhorse.
 
  • Like
Reactions: Callan05

IamSpartacus

Well-Known Member
Mar 14, 2016
2,515
650
113
Have two Intel c2758 pfsense builds. Good enough to push 700Mbps IPsec and handles 1Gbps unencrypted without breaking a sweat.
 

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
1,050
437
83
Have two Intel c2758 pfsense builds. Good enough to push 700Mbps IPsec and handles 1Gbps unencrypted without breaking a sweat.
Thanks for providing these numbers. Would you able to share which encryption algorithm you are getting 700mbps with?
I'd also like to point that HP T730 Plus could be found on eBay for not much $ more and is faster than T620 and C2758.
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,515
650
113
Thanks for providing these numbers. Would you able to share which encryption algorithm you are getting 700mbps with?
I'd also like to point that HP T730 Plus could be found on eBay for not much $ more and is faster than T620 and C2758.


What kind of expansion card goes in the T730 so that one can easily add more NICs? I would need at least 4.
 
  • Like
Reactions: BoredSysadmin

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
1,050
437
83


What kind of expansion card goes in the T730 so that one can easily add more NICs? I would need at least 4.
https://forums.servethehome.com/ind...730-thin-client-the-little-box-that-could.41/
• Intel i340-T4 Quadport GigE cards
• Intel i350-T4 Quadport GigE cards
• SolarFlare SFN5122F 10GbE card
• SolarFlare Flareon SFN7322F 10GbE/PTP stamper cards (make sure you get fans for them or they will crash your machine
• Mellanox ConnectX2 VPI 40GbE/Infiniband adapter
https://forums.servethehome.com/ind...ient-as-an-hp-microserver-gen7-upgrade.20454/
 
  • Like
Reactions: newabc

IamSpartacus

Well-Known Member
Mar 14, 2016
2,515
650
113
https://forums.servethehome.com/ind...730-thin-client-the-little-box-that-could.41/
• Intel i340-T4 Quadport GigE cards
• Intel i350-T4 Quadport GigE cards
• SolarFlare SFN5122F 10GbE card
• SolarFlare Flareon SFN7322F 10GbE/PTP stamper cards (make sure you get fans for them or they will crash your machine
• Mellanox ConnectX2 VPI 40GbE/Infiniband adapter
https://forums.servethehome.com/ind...ient-as-an-hp-microserver-gen7-upgrade.20454/
Nice. If it was guaranteed I'd be able to saturate my 1Gbps pipe over IPSec I'd upgrade to one but without that guarantee it's just not worth it.
 

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
1,050
437
83
No guarantees in life :) , but the Passmark score is 1k points higher and AMD chip should support AES as well.
I am thinking of picking it up, but then again I don't have 1gig internet at home yet :(
Best I could get is 400 down, 35 up and for now with pricing levels, 200mbps down is generally sufficient.
 

kapone

Well-Known Member
May 23, 2015
1,095
642
113
Cisco SG350XG-24F (though I may be selling it shortly). It's layer 3. Why?
If you have a Layer 3 switch (and I'm assuming you're using VLANs...why wouldn't you...) you can setup your firewall with a single port on it and it'll work just fine. You don't need multiple ports, which sometimes opens up the hardware selection better because you don't need a pci-e slot.

You even terminate your WAN on the switch itself.
 

kapone

Well-Known Member
May 23, 2015
1,095
642
113
How exactly does this work and wouldn't that make it very hard to do firewall rules?
- You create a VLAN on your switch with just one port (for the WAN), do not give it a virtual interface/router-interface.
- You create a VLAN interface in pfSense with the same VLAN id.
- Point your 'WAN" interface in pfSense to this VLAN interface.
.
.

Couple more steps to set up a transit interface, default routes etc. See - https://forums.servethehome.com/ind...gbe-40gbe-switching.21107/page-73#post-221255
.
.

- Done. :)

The rules are no different than what you were doing before.
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,515
650
113
- You create a VLAN on your switch with just one port (for the WAN), do not give it a virtual interface/router-interface.
- You create a VLAN interface in pfSense with the same VLAN id.
- Point your 'WAN" interface in pfSense to this VLAN interface.
.
.

Couple more steps to set up a transit interface, default routes etc. See - https://forums.servethehome.com/ind...gbe-40gbe-switching.21107/page-73#post-221255
.
.

- Done. :)

The rules are no different than what you were doing before.
Nice. Never thought to do something like this before. Of course this is pretty much all going to be moot when I sell my SG350XG-24F soon. But still, good to know.
 

Evan

Well-Known Member
Jan 6, 2016
3,346
598
113
Dropping your wan/internet connection on your switch is standard practice really, once it’s on the switch fabric you can then have your redundant router access the connection, for example when your spread across 2 data center rooms.