Nov 03

Build your own router

My company is expanding into a warehouse, and so for the first time, I have to setup a WAN. That's a Wide Area Network, which basically means joining together two or more LANs so everyone can see each other, even if you are across the country.

Back in the olden days (you know, the 1990's), this would mean ordering at least two expensive leased lines from the phone company and hardware that required special network kung fu skills. But it is not the olden days anymore. Now we can borrow the internet to accomplish the same thing. All you need is internet access at both locations, and a VPN router on each end.

VPN stands for Virtual Private Network. It is a way to hook up two local networks over the internet, and make it seem like only one local network. The data travels between locations, over the internet, in an encrypted tunnel. Yet computers at location A can see the computers an location B and vice versa. You could even print from one building to a printer across town. The best part is, once you setup the tunnel on the routers, there is nothing to configure. Everything just works. And because our phone system runs on our local network also, even the phones work in both buildings. Dial a 3-digit extension, and ring a phone at the other building. No phone company involved.

Now this is cheaper than dedicated leased lines, but even good VPN hardware used to be expensive. No longer. At my company, I have our local internet router running pfSense on a traditional PC with two network cards. It works just like your home linksys or netgear router. It's just faster and can handle a lot more traffic. It is also extremely stable. I never have to reboot the thing. You configure it just like your home router: through a web interface:

Our warehouse will be a simple affair. I didn't want yet another big box over there just to be a router, but I also didn't want to risk using some Netgear or Linksys crap. Let us just say that my experience with pretty much every commercially available product (by that I mean stuff you can buy at Newegg or Amazon) has not been good. I can pretty much count on the hardware failing within a year or so and requiring constant reboots.

So I found this little gem (click through for larger images):

That's an Alix 2D13, made by PC Engines, in a case supplied by Netgate. This is a sweet little package. It runs an x86 compatible processor: an AMD Geode LX800, at 500Mhz. It has 256MB of RAM, USB x 2, 3 Ethernet ports, and a mini-PCI slot. For storage you can plug in a Compact Flash card, or if you have a larger case, mount in a 2.5" IDE laptop hard drive. Notice: no cooling fans or heat syncs. They aren't needed. Nothing gets that hot.

256MB of RAM doesn't sound like much, but it is positively roomy when your operating system isn't some heavy piece of bloatware loaded with memory leaks. It is enough to run pfSense or most Linux router distributions quite well. The typical home router only has 8 or 16MB.

The processor isn't fast enough to keep up with a lot of VPN encrypted traffic, but that is where the Soekris vpn1411 card comes in. It fits nicely in the mini PCI slot on the Alix board, and takes over all of the heavy math involved in realtime data encryption. The whole package: Alix board, case, Soekris card, 4GB Compact Flash card, and an AC power adapter, came in just under $300. (The 8GB card in the picture was just temporary).

Setting up VPN tunnels can be challenging if you are trying to get different brands of commercial hardware working together. Sometimes, it just doesn't work at all. But when you have a Linux or Free/Net/Open/NanoBSD-based OS running on both ends, it becomes trivial.

pfSense has been the best router software I have ever used. It is as capable as anything put out by Cisco or HP, and it is open source. For the cost of the bare hardware, you can have a world-class router that supports many other services such as local DNS resolution, content filtering, bandwidth monitoring, Quality of Service controlls, the list goes on, and you can even have it in an little fanless package.


I'm a Lutheran pastor, a CTO, a father, amateur photographer, programmer, Irish music fan, and all around geek, but I only have one blog. So, you will find here a mix of theology, photography, geek speak, family news, and whatever else strikes my fancy. If you get confused, there are now categories…




Recent Posts