Posted by yabones 8 hours ago
The first two versions of 225 have packet drop issues and it’s unclear to me whether v3 third time lucky fixed it. And getting the stepping info out of aliexpress supplier is hard so 226 is safer
Would you have a picture of the ExpressCard laptop connector?
Before Thunderbolt was common, people attempted to use external GPUs with this sort of expander, but it worked really poorly.
Ran openbsd for a few years like that, the base OS included everything needed. I recall it used 24MB of ram and closer to 30MB if ssh'd in. It was very handy to have a local login when playing with firewall rules.
As an added bonus, you get atomic updates of all chains for free.
Granted, for simple usecases, ufw or firewalld may be simpler though.
I have an Orbi AX system which works reliably, but now I want to upgrade the radio to WiFi 7 and that means I need to upgrade all the hardware.
Hoping to move to using off the shelf parts so in the future I can just change the radio (ideally bunch of USB sticks).
I understand this is not strictly just the router. I can (and used to have) a router as separate device, but any mesh WiFi right now that I can find need a pricy router that acts as the coordinator, essentially negates the economic benefits.
Then there's the roaming issue. This is largely what the commercial "mesh" systems try to solve: deciding / helping inform when clients should switch APs. There are many solutions and none of them are without issues, including the commercial ones. Here's a starting point: https://openwrt.org/docs/guide-user/network/wifi/roaming
- Soekris net4501 (x86, 486-class CPU) (discontinued)
- PCEngines alix2d3 (x86, AMD Geode LX800) (discontinued)
- PCEngines APU (x86, AMD T40E) (my current router/firewall) (discontinued)
I'm also currently using an APU2 as one of my wireless access points (with hostapd).
All of these have been solid machines that have given me zero problems.
The next system I plan to use is going to be a Banana Pi R4 (ARM Cortex A73), it's a solid choice for a simple router/firewall/DNS/DHCP box. It has a built-in 4-port gigabit switch where each interface can be used as normal Linux interfaces, as well as 2 SFP+ ports that are capable of supporting up to 10 gig ethernet.
It's also one of the few systems that offers true hardware offloading for connection tracking, so things like netfilter flowtables don't have to use any main CPU processing.
I'm currently experimenting with a Banana Pi R4 as a Wifi7 access point (running Debian with hostapd), however the current state of the wifi7 module for it (BPI-R4-NIC-BE14) and Linux driver (mt7996e) is still pretty young and a bit buggy (i.e., limiting transmit power to 6 dBm without patching the driver to override it, and there's apparently a lack of RF shielding which can contribute to low SNR on the receiving end). With the proper patches in place it makes a decent Wifi 6 access point. I'm hoping these issues get ironed out in the future and I can use it as a true Wifi7 AP. frank-w is doing outstanding work to help support the open source community with this new hardware.
A year or two back, I was able to get a brand-new fanless Intel N150 with 4x2.5G ports with 16 GB memory for about $150 from AliExpress. I run Proxmox on it, with OpnSense and a couple other things in virtual machines. These days, due to tariffs and the memory shortage, that is more like $440 now, unfortunately. I am kicking myself for not buying two, not so much because of the price increase, but because it would have come in handy multiple times to have a second one on-hand for random experiments.
Given that CPU performance does _not_ tend to be critical for firewall/NAS use cases, if I had to replace it tomorrow, I would go onto eBay and get the highest-spec'd used Dell or HP mini workstation I could find for $120 and plug in a USB3 1gig ethernet dongle for the WAN side.
If you want maximum speed a Lenovo Thinkcentre m720q has a desktop Intel CPU and a PCIe slot. You can add a 2x SFP+ NIC and PCIe riser to get 10G.
if you could show all the wiring and label it (according to the table below) i think it would add a lot of value for someone less familiar with these kinds of setups (like me)
* WAN connection comes in by coax, into my cheapo cable modem (off screen), and then by Ethernet into the franken-NIC sitting on top of the laptop.
* The NIC on top is a normal PCIe card, but with the bracket missing. The ExpressCard riser [1] is connected by a mini-HDMI cable, the flat black cable, which curves up, around, and back in from the left side into the laptop
* Then, the blue cable on the side of the laptop is a VLAN trunk going into the Cisco switch on port 23/24, outside the picture.
* From there, another port on the switch is setup as an access/untagged port going into one of the LAN ports on the D-Link acting as the access switch
I don't think it was set up here, but at one point I also had a dock under the ThinkPad, with the serial adapter wired up to the switch's console port so I could manage everything by ssh'ing into the router.
[1] https://www.ebay.com/itm/115721630079
Also note that all the cables were hand-crimped because I was too cheap to buy new patch cables at the time.
I was in college, and truly had more time than money back then. it's the kind of doohickey made by only somebody very young, very crazy, or a bit of both. ;)
I recommend the free home version of Sophos for the least painful way to do it. Buy a Palo Alto with a full subscription if you are really serious.