DIY Linux Router Part 1: Hardware

The following is the first part of a multipart series describing how I build (software not hardware) my own Linux router from scratch, based on Debian 11.

• Part 2: Interfaces, DHCP and VLAN
• Part 3: PPPOE and Routing
• Part 4: Firewall and Port Forwards
• Part 5: DNS with Unbound
• Part 6: WireGuard VPN
• Part 7: WiFi
• Part 8: NetFlow / IPFIX

For the past few years, I have been using a FRITZ!Box 7590 as my router:

FRITZ!Box 7590 | AVM International

Intelligent high-end Wi-Fi for top speeds and significantly greater range. Experience the Internet, telephony and multimedia on any type of connection: IP-based, ISDN or analog.

AVM International

It's it an amazing piece of hardware for the prize and offers anything you need for a consumer home network. It even got DNS over TLS support last year.

But for some time now I wanted to upgrade to a different router that allows for some more advanced features like:

• VPN connections (Wireguard, OpenVPN)
• Unbound DNS server
• Detailed traffic statistics

Router

My first idea was to buy a router board and install an open source firewall distribution. After some research I wanted to give OPNsense a try. Then I looked for recommended hardware and stumbled upon https://protectli.com/ and their Vault series. I decided on a Protectli Vault FW4B:

FW4B - 4 Port Intel® J3160 - Protectli

Intel Celeron® J3160 Quad Core at 1.6 GHz (Burst to 2.24 GHz) 4 Intel® Gigabit Ethernet NIC ports AES-NI support 25% smaller than the original Vault at only 4.5″ x 4.3″ x 1.5″ Fanless and Silent Included Universal Power Supply, VESA mount kit, Serial Console Cable, Quick Start Guide

ProtectliHome

I equipped it with 8 GB of RAM, 120 GB mSATA SSD Storage and OPNsense preinstalled. 8 GB of RAM is much more than I currently need, but this gives me room for more resource hungry software in the future.

When it arrived, I toyed around with OPNsense for about an hour until my curiosity took over and I wanted to build / configure my own router based on Debian 11.

But the vault only gives me routing capability; to replace my current FRITZ!Box I also need a DSL Modem, a Wi-Fi Access Point, and a Switch.

Modem

I live in Germany and have a VDSL 250mbit/s down, 45 mbit/s up connection. For this I need a modem capable of VDSL Profile 35b (Supervectoring). I could turn my FRITZ!Box into a modem in bridge mode, but I wanted to keep it as a backup. I went with a Draytek Vigor 165, with lots of positive reviews online.

Vigor165 - DrayTek

Hier finden Sie die Produktbeschreibung des Vigor165.

DrayTek

Wi-Fi

When it comes to Wi-Fi equipment I heard good things about the UniFi gear. So, I ordered a basic AC capable access point from Amazon:

Ubiquiti - UniFi® AP AC LITE

The UniFi AC Lite AP features the latest Wi-Fi 802.11ac technology in a refined industrial design and is ideal for cost-effective deployment of high‑performance wireless networks.

Ubiquiti

Switch

I thought about getting a managed switch, capable of VLAN, but then realized, that I would be the only one using wired connections, so I went with a cheap unmanaged one from TP-Link. This can be easily upgraded in the future if I have the need for it.

TL-SG108 | 8-Port 10/100/1000Mbit/s Desktop Switch | TP-Link Deutschland

8-Port 10/100/1000Mbit/s Desktop Switch

Weitere Informationen

Costs

In total this was around 600 euros total. More than twice as much as a FRITZ!Box 7590. Two third for the vault alone (import tax) and one third for the other three items combined. A quite expensive setup for a home router, but also a lot of fun hardware to play with.

Up next: Interfaces, DHCP and VLAN