When I was on a quest to set up my home network, I spent countless hours researching all the possible solutions and hardware combinations. Here’s everything I wish I had known in the beginning.
Man, why would you even build a DIY router in the first place?
I haven’t been satisfied with three of my previous routers. The first one was issued by the internet service provider — a white square box without a name or firmware updates. Its weak processor couldn’t handle more than a few devices, leading to latency, lag, and high ping values.
I bought a WiFi 6 router as a replacement and was happy for a while. That is, until cyber pros started roasting me for choosing TP-Link.
While the cybersecurity community’s warnings regarding TP-Link were dramatic, they were not the reason I decided to switch. A nation-state will not waste precious zero-day exploits on me, a random home user.
However, I wanted fast network-wide ad-blocking (DNS filtering) and fast VPN. I also want to separate my IoT devices and computers into separate subnets and have more controls, which off-the-shelf home routers often lack. Oh, and security, too. For all that, you need an advanced router and firewall, such as pfSense.
Without much consideration, I snatched a third router – a used Netgate 2100 – from the classifieds. I assumed that a device that costs almost $400 when new (even more in Europe) would definitely fill all my needs, as it even has an SFP port. Boy, was I wrong.
It was even slower than my first router. The CPU with only two ARM cores couldn’t saturate my 1 Gbps connection, only delivering around 600-700 Mbps without any advanced features and packages I wished to have.
That's when I challenged myself to build a fast 2.5 Gbps router for less than $200. I wanted it to tick all the boxes: be compact and efficient, have reliable hardware, and include all the advanced bells and whistles a modern firewall has.
1-liter PC is the charm
For me, the final assembly and installation took only 5% of the time. Most of it, I spent researching all available options for equipment, analyzing specifications lists, tracking prices on Amazon and elsewhere.
I wouldn’t want to repeat the journey through this rabbit hole ever again and would rather buy a more expensive pre-made solution.
As a first-time router builder, you will consider these options:
- Cheap mini PCs (NUC clones) from China with dual Ethernet ports. The cheapest ones often come with an Intel N100 processor, which is energy efficient and plenty powerful, or older Celerons. The downside is that the Ethernet ports are often Realtek, which do not play nicely with pfSense and other FreeBSD systems. These devices also have questionable quality: plastic cases, noisy fans, and still bad thermals, next to no support or BIOS updates, etc. And this is not a cheap option. Usually, these machines start at around $200.
- Not-so-cheap firewall appliances from China. I would’ve wanted Protectli, which seems to have excellent support, but the cheapest options were well north of $300. You just add some RAM and SSD, install and configure the software, and call it a day. There are other cheaper Chinese boxes from TopTon, Glowary, and others. While many users seemed happy with them, many also complained about devices dying after a while for no reason.
- Actual desktop PC. You can use any computer with a Network Interface Card (NIC) or with at least two Ethernet ports. But this is a bulky solution, and I already had a separate PC to hate.
- Single-board computers.ZimaBoard 2 seemed quite perfect for the job: up to 16GB of RAM, a capable processor, and dual 2.5 Gbps Intel Ethernet ports. However, it was still available. The original ZimaBoard seemed too expensive for the low specs it offered. Other single-board computers often add additional layers of complexity, requiring to find a case, cooling solution, or even some soldering.
- An old router supported by the open-source community. Some routers can be flashed with open-source software such as OpenWRT, but not mine, sadly. I didn’t explore this option too much, as off-the-shelf routers often have low performance.
- That’s where 1-liter ultra compact PCs come in. There is a huge refurbished device market, offering renewed devices very cheaply. There are plenty of options from HP, Dell, or Lenovo, which are reliable brands with business-class hardware and support, and plenty of spare part availability if anything goes wrong. I found that some Lenovo Tiny computer options were clearly superior.
Why Lenovo, and not Dell or HP?
The short explanation is that some Lenovo Tiny computers have a PCIe slot, accessible via an optional PCIe riser. This makes building a router very easy—just buy a preferred network interface card, and you’re good to go hardware-wise. To my knowledge, no other tiny or microcomputer has this.
These Lenovo ThinkCentre or ThinkStation Tiny models are S-tier: M720q, M920q, M920x, and P330. There are more expensive, newer models, and the Servethehome forum was a great resource for researching this.
I was also considering a 1-liter HP EliteDesk 800 G3-G5 and similar models, such as the Dell Optiplex 7040 or 7050. Like Lenovo, HPs offer one Intel 1 Gbps Ethernet port, and you could add some M.2 to PCIe risers, like this, for a network card. There are even NICs that directly plug into the M.2 ports for SSDs or WiFi cards.
While this would also work, another problem lies in the back panel design. Lenovo ThinkCentres have a removable plate, making network card installation easy. Other mini PCs often come with fixed back panels, requiring creative-destructive modifications. Still, it can be done.
The purchases
After some price-gauging, I quickly ruled out a cheap NUC knockoff or more expensive firewall appliances.
On eBay, there were plenty of Lenovo Tiny PCs for less than $200.
On one of the classified websites, I found a Lenovo ThinkCentre M720 Tiny for $145. It has an Intel I5-8400T processor, which is overkill for a router, and a low thermal design power (TDP) of 35 watts. You don’t want power-hungry processors for a router—it will run 24/7. It also has 16GB RAM, which is more than plenty for the task.
I grabbed the PCIe riser for around $15 on Amazon.
You want to consider what NIC to choose. Experts recommend Intel-only NICs for pfSense or OPNsense. I considered 10 Gbps dual-jack models. There were quite cheap NICs with older X540 controllers, but they don’t support 5 or 2.5 Gbps data rate (only 10 or 1 Gbps). The X550 controllers support all these data rates, but also cost over $100.
I ended up going with an older, dual-jack 2.5 Gbps i225-V controller that I found for around $45 (my PC also has 2.5 Gbps Ethernet). If you want to go even cheaper, there are plenty of 1 Gbps Intel options.
When I received the NIC, it honestly looked nothing like an Intel product and probably was some sort of clone shipped from China. Yet, it worked as it should and even included a small-form-factor bracket.
Here’s how every part looked before the assembly.
The installation is easy
I was surprised to receive a used Lenovo computer that looked new – it even had stickers on the logos. The SSD seemed to be original, and its SMART health information revealed that it only had 219 power cycles.
The assembly is as straightforward as one might expect.
First, I unscrewed one screw and slid the top cover of the mini PC.
Then, I removed the SSD bracket and cable to free space for a network card. After some consideration of whether I needed to keep the bracket on the Network Interface Card, I replaced the original one with a small-factor bracket.
Then, I inserted the PCIe riser into the slot on the motherboard, the network card into the riser, and the assembly was basically done.
However, I noticed that the network card didn’t perfectly match the slot and was a bit wobbly.There was no way to screw in the bracket so I had to resort to some creative engineering to keep the network card in place.
I closed the lid, tightened the screw holding it, and everything came alive.
I’ve chosen to stick to pfSense after using the original Netgate device for a while. However, other builders might also consider OPNsense, Sophos Free Firewall Home Edition, or other solutions.
This is a very advanced firewall offering many security features that I will probably never use.
I won’t go into details on how to install pfSense on a device—there are plenty of tutorials on YouTube and very detailed official documentation. After setting the Netgate account to “buy” free installation media and creating a bootable USB, I had to disable Secure Boot in the BIOS and boot from it. Everything else was quite straightforward.
After initial setup, which was simple even for an inexperienced user like me, I was amazed at how excessive this setup really was.
My previous Netgate 2100 was constantly running at 100% CPU utilization and struggled to keep up.
Now, for $200, I have 2.5 Gbps connectivity, and even at maximum download speed, the CPU barely reaches 5% utilization. Its temperature sits at around 27 degrees Celsius (81 degrees Fahrenheit). I can’t push this thing hard enough. Finally, I am ready to add a VPN, pfBlocker-NG for ad-blocking, etc.
Will it prove to be a long-term solution? Time will tell. In the worst case, I’ll find many other uses for a small mini PC. I’ll keep you updated with other experiments.
Comments
Your email address will not be published. Required fields are markedmarked